Update dependencies to support sameSite.

CHANGELOG.md

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file starting fro
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 -----
+
+## [3.3.0] - 2020-03-24
+
+### Changed
+
+- Update dependencies to support sameSite.
+
 ## [3.2.3] - 2018-12-25
 
 ### Changed

bench/node.js

@@ -4,7 +4,7 @@
 
 const http = require('http')
 const app = http.createServer(function (req, res) {
-  let body = 'Hello World!'
+  const body = 'Hello World!'
   res.setHeader('Content-Type', 'text/plain; charset=utf-8')
   res.setHeader('Content-Length', Buffer.byteLength(body))
   res.statusCode = 200

doc/api/application.md

@@ -94,7 +94,8 @@ app.config 默认值：
   proxy: false, // 决定了哪些 `proxy header` 参数会被加到信任列表中
   env: process.env.NODE_ENV || 'development', // node 执行环境
   subdomainOffset: 2,
-  poweredBy: 'Toa'
+  poweredBy: 'Toa',
+  secureCookie: null
 }
 ```
 

doc/guide.md

@@ -94,7 +94,8 @@ app.config 默认值：
   proxy: false, // 决定了哪些 `proxy header` 参数会被加到信任列表中
   env: process.env.NODE_ENV || 'development', // node 执行环境
   subdomainOffset: 2,
-  poweredBy: 'Toa'
+  poweredBy: 'Toa',
+  secureCookie: null
 }
 ```
 

lib/application.js

@@ -71,7 +71,7 @@ function Toa (server, options) {
     },
     closed: {
       enumerable: true,
-      get: function () { return this._finished === false }
+      get: function () { return this._closed === true }
     }
   })
 
@@ -105,31 +105,33 @@ function Toa (server, options) {
     this.accept = this.request.accept
     this.originalUrl = this.request.originalUrl
     this.config = Object.create(app.config)
+
     this.cookies = new Cookies(req, res, {
       keys: app.keys,
-      secure: this.request.secure
+      secure: app.config.secureCookie == null ? this.request.secure : app.config.secureCookie
     })
     this.state = {}
     this.thunk = null
     this.seq = null
     this.respond = true
     this._ended = false // false | true
-    this._finished = null // null | false | true
+    this._finished = false // false | true
+    this._closed = false // false | true
     this._afterHooks = []
 
     this.on('error', this.onerror)
     // socket error should be handled by server's 'clientError' listener then destroy
     res.on('finish', () => {
-      if (this._finished == null) {
+      if (!this._finished) {
         this._finished = true // context finished successfully
         this.emit('finish')
       }
     })
     // Maybe no 'close' event on res, we should listen req.
     req.on('close', () => {
-      if (this._finished == null) {
+      if (!this._closed) {
         this.thunk.cancel() // cancel async process
-        this._finished = false // context finished unexpectedly
+        this._closed = true // context finished unexpectedly
         this.emit('close')
       }
     })
@@ -141,6 +143,7 @@ function Toa (server, options) {
   const config = {
     proxy: false,
     poweredBy: '',
+    secureCookie: null,
     subdomainOffset: 2,
     env: process.env.NODE_ENV || 'development'
   }
@@ -149,7 +152,7 @@ function Toa (server, options) {
     enumerable: true,
     get: () => config,
     set: (obj) => {
-      for (let key of Object.keys(obj)) config[key] = obj[key]
+      for (const key of Object.keys(obj)) config[key] = obj[key]
     }
   })
 }
@@ -216,14 +219,15 @@ Toa.prototype.toListener = function () {
       super()
       this.ctx = ctx
     }
+
     onstop (sig) {
       if (this.ctx.body == null && sig != null) this.ctx.body = sig
       consumeHooks.call(this.ctx)(fanal)
     }
   }
 
   return function requestListener (req, res) {
-    let ctx = new Context(req, res)
+    const ctx = new Context(req, res)
     // Misdirected request, http://tools.ietf.org/html/rfc7540#section-9.1.2
     // The request was directed at a server that is not able to produce a response.
     res.statusCode = 421
@@ -243,20 +247,20 @@ Toa.prototype.onerror = function (err) {
   // ignore null and response error
   if (err.expose || (err.status && err.status < 500)) return
   if (!isError(err)) err = new Error('non-error thrown: ' + util.inspect(err))
-  let msg = err.stack || err.toString()
+  const msg = err.stack || err.toString()
   console.error(msg.replace(/^/gm, '  '))
 }
 
 /**
  * Response middleware.
  */
 function respond () {
-  let res = this.res
+  const res = this.res
   let body = this.body
-  let code = this.status
+  const code = this.status
 
   if (this.respond === false) return endContext(this)
-  if (res.headersSent || this._finished != null) return
+  if (res.headersSent || this.finished) return
 
   this.set('server', 'Toa/' + Toa.VERSION)
   if (this.config.poweredBy) this.set('x-powered-by', this.config.poweredBy)
@@ -301,22 +305,22 @@ function onResError (ctx, err) {
   // nothing we can do here other
   // than delegate to the app-level
   // handler and log.
-  if (ctx.headerSent || ctx._finished != null) {
+  if (ctx.headerSent || ctx.finished) {
     err.headerSent = ctx.headerSent
     err.context = ctx.toJSON()
     return err
   }
 
   // unset headers
   if (isFn(ctx.res.getHeaderNames)) {
-    for (let name of ctx.res.getHeaderNames()) {
+    for (const name of ctx.res.getHeaderNames()) {
       if (!ON_ERROR_HEADER_REG.test(name)) ctx.res.removeHeader(name)
     }
   } else { // Node < 7.7
-    let _headers = ctx.res._headers
+    const _headers = ctx.res._headers
     if (_headers) {
       // retain headers on error
-      for (let name of Object.keys(_headers)) {
+      for (const name of Object.keys(_headers)) {
         if (!ON_ERROR_HEADER_REG.test(name)) delete _headers[name]
       }
     }
@@ -346,17 +350,14 @@ function endContext (ctx) {
 
 function consumeHooks (err) {
   if (err != null) throw err
-  let hooks = this._afterHooks || []
+  const hooks = this._afterHooks || []
   this._afterHooks = null
-  hooks.push(nextTick) // this will improve concurrency performance
   hooks.reverse() // execute hooks in LIFO order
   return this.seq(hooks)
 }
 
 function noOp () {}
 
-function nextTick (done) { setImmediate(done) }
-
 function isFn (fn) { return typeof fn === 'function' }
 
 function isError (err) { return err instanceof Error }

lib/context.js

@@ -91,7 +91,7 @@ proto.end = function (message) {
 proto.catchStream = function (stream) {
   if (stream[CLEAN_HANDLER]) throw new Error('"catchStream" has been applied on the stream')
 
-  let streamCleanHandler = (err) => {
+  const streamCleanHandler = (err) => {
     stream.removeListener('error', streamCleanHandler)
     this.removeListener('finish', streamCleanHandler)
     this.removeListener('close', streamCleanHandler)
@@ -103,7 +103,7 @@ proto.catchStream = function (stream) {
     if (err != null) this.onerror(err)
     else if (this.finished) {
       // finished normally
-      let shouldKeepAlive = stream instanceof IncomingMessage && stream.req.shouldKeepAlive
+      const shouldKeepAlive = stream instanceof IncomingMessage && stream.req.shouldKeepAlive
       // If incomingMessage stream is ended and agent is keepalived
       // the socket should be disbanded, in order not to be destroy.
       if (shouldKeepAlive && stream._readableState.ended === true) {

lib/request.js

@@ -114,7 +114,7 @@ module.exports = {
    * @api public
    */
   set path (path) {
-    let url = parse(this.req)
+    const url = parse(this.req)
     if (url.pathname === path) return
     url.path = null
     url.pathname = path
@@ -128,8 +128,8 @@ module.exports = {
    * @api public
    */
   get query () {
-    let str = this.querystring
-    let c = this._querycache = this._querycache || {}
+    const str = this.querystring
+    const c = this._querycache = this._querycache || {}
     return c[str] || (c[str] = qs.parse(str))
   },
 
@@ -160,7 +160,7 @@ module.exports = {
    * @api public
    */
   set querystring (str) {
-    let url = parse(this.req)
+    const url = parse(this.req)
     if (url.search === '?' + str) return
     url.path = null
     url.search = str
@@ -199,7 +199,7 @@ module.exports = {
    * @api public
    */
   get host () {
-    let proxy = this.ctx.config.proxy
+    const proxy = this.ctx.config.proxy
     let host = proxy && this.get('x-forwarded-host')
     host = host || this.get('host')
     if (!host) return ''
@@ -215,7 +215,7 @@ module.exports = {
    * @api public
    */
   get hostname () {
-    let host = this.host
+    const host = this.host
     if (!host) return ''
     return host.split(':')[0]
   },
@@ -229,8 +229,8 @@ module.exports = {
    * @api public
    */
   get fresh () {
-    let method = this.method
-    let s = this.ctx.status
+    const method = this.method
+    const s = this.ctx.status
     // GET or HEAD for weak freshness validation only
     if (method !== 'GET' && method !== 'HEAD') return false
     // 2xx or 304 as per rfc2616 14.26
@@ -259,7 +259,7 @@ module.exports = {
    * @api public
    */
   get idempotent () {
-    let methods = ['GET', 'HEAD', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
+    const methods = ['GET', 'HEAD', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
     return !!~methods.indexOf(this.method)
   },
 
@@ -280,7 +280,7 @@ module.exports = {
    * @api public
    */
   get charset () {
-    let type = this.get('content-type')
+    const type = this.get('content-type')
     if (!type) return ''
     try {
       return contentType.parse(type).parameters.charset || ''
@@ -296,7 +296,7 @@ module.exports = {
    * @api public
    */
   get length () {
-    let len = this.get('content-length')
+    const len = this.get('content-length')
     if (len === '') return
     return ~~len
   },
@@ -313,10 +313,10 @@ module.exports = {
    * @api public
    */
   get protocol () {
-    let proxy = this.ctx.config.proxy
+    const proxy = this.ctx.config.proxy
     if (this.socket.encrypted) return 'https'
     if (!proxy) return 'http'
-    let proto = this.get('x-forwarded-proto') || 'http'
+    const proto = this.get('x-forwarded-proto') || 'http'
     return proto.split(/\s*,\s*/)[0]
   },
 
@@ -356,8 +356,8 @@ module.exports = {
    * @api public
    */
   get ips () {
-    let proxy = this.ctx.config.proxy
-    let val = this.get('x-forwarded-for')
+    const proxy = this.ctx.config.proxy
+    const val = this.get('x-forwarded-for')
     return proxy && val ? val.split(/\s*,\s*/) : []
   },
 
@@ -376,8 +376,8 @@ module.exports = {
    * @api public
    */
   get subdomains () {
-    let offset = this.ctx.config.subdomainOffset
-    let hostname = this.hostname
+    const offset = this.ctx.config.subdomainOffset
+    const hostname = this.hostname
     if (net.isIP(hostname)) return []
     return hostname
       .split('.')
@@ -516,7 +516,7 @@ module.exports = {
    * @api public
    */
   get type () {
-    let type = this.get('content-type')
+    const type = this.get('content-type')
     if (!type) return ''
     return type.split(';')[0]
   },
@@ -543,7 +543,7 @@ module.exports = {
    * @api public
    */
   get: function (field) {
-    let req = this.req
+    const req = this.req
     field = field.toLowerCase()
     switch (field) {
       case 'referer':