From e63f181ee71e1463fd8e948df9d226dd0ea40456 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne <damien.arrachequesne@gmail.com> Date: Thu, 21 Nov 2024 08:02:44 +0100 Subject: [PATCH 1/3] refactor(eio): import types from @types/cookie --- package-lock.json | 12 +--- packages/engine.io/lib/server.ts | 2 +- packages/engine.io/lib/types/cookie.d.ts | 82 ++++++++++++++++++++++++ packages/engine.io/package.json | 1 - 4 files changed, 86 insertions(+), 11 deletions(-) create mode 100644 packages/engine.io/lib/types/cookie.d.ts diff --git a/package-lock.json b/package-lock.json index f0b8ca918d..e148842805 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2823,11 +2823,6 @@ "@types/responselike": "^1.0.0" } }, - "node_modules/@types/cookie": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz", - "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==" - }, "node_modules/@types/cors": { "version": "2.8.17", "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz", @@ -15514,7 +15509,6 @@ "version": "6.6.2", "license": "MIT", "dependencies": { - "@types/cookie": "^0.4.1", "@types/cors": "^2.8.12", "@types/node": ">=10.0.0", "accepts": "~1.3.4", @@ -15530,7 +15524,7 @@ } }, "packages/engine.io-client": { - "version": "6.6.1", + "version": "6.6.2", "license": "MIT", "dependencies": { "@socket.io/component-emitter": "~3.1.0", @@ -15572,7 +15566,7 @@ } }, "packages/socket.io": { - "version": "4.8.0", + "version": "4.8.1", "license": "MIT", "dependencies": { "accepts": "~1.3.4", @@ -15596,7 +15590,7 @@ } }, "packages/socket.io-client": { - "version": "4.8.0", + "version": "4.8.1", "license": "MIT", "dependencies": { "@socket.io/component-emitter": "~3.1.0", diff --git a/packages/engine.io/lib/server.ts b/packages/engine.io/lib/server.ts index 0e3ae063ef..fa9147dfb5 100644 --- a/packages/engine.io/lib/server.ts +++ b/packages/engine.io/lib/server.ts @@ -12,7 +12,7 @@ import type { Server as HttpServer, ServerResponse, } from "http"; -import type { CookieSerializeOptions } from "cookie"; +import type { CookieSerializeOptions } from "./types/cookie"; import type { CorsOptions, CorsOptionsDelegate } from "cors"; import type { Duplex } from "stream"; import { WebTransport } from "./transports/webtransport"; diff --git a/packages/engine.io/lib/types/cookie.d.ts b/packages/engine.io/lib/types/cookie.d.ts new file mode 100644 index 0000000000..e5aa5b9754 --- /dev/null +++ b/packages/engine.io/lib/types/cookie.d.ts @@ -0,0 +1,82 @@ +// imported from `cookie@1.0.2` (https://www.npmjs.com/package/cookie/v/1.0.2) + +/** + * Serialize options. + */ +export interface CookieSerializeOptions { + /** + * Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1). + * Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode + * a value into a string suited for a cookie's value, and should mirror `decode` when parsing. + * + * @default encodeURIComponent + */ + encode?: (str: string) => string; + /** + * Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2). + * + * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and + * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, + * so if both are set, they should point to the same date and time. + */ + maxAge?: number; + /** + * Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1). + * When no expiration is set clients consider this a "non-persistent cookie" and delete it the current session is over. + * + * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and + * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, + * so if both are set, they should point to the same date and time. + */ + expires?: Date; + /** + * Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3). + * When no domain is set clients consider the cookie to apply to the current domain only. + */ + domain?: string; + /** + * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4). + * When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4). + */ + path?: string; + /** + * Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6). + * When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`. + */ + httpOnly?: boolean; + /** + * Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5). + * When enabled, clients will only send the cookie back if the browser has a HTTPS connection. + */ + secure?: boolean; + /** + * Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/). + * When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches. + * + * This is an attribute that has not yet been fully standardized, and may change in the future. + * This also means clients may ignore this attribute until they understand it. More information + * about can be found in [the proposal](https://github.com/privacycg/CHIPS). + */ + partitioned?: boolean; + /** + * Specifies the value for the [`Priority` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1). + * + * - `'low'` will set the `Priority` attribute to `Low`. + * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set. + * - `'high'` will set the `Priority` attribute to `High`. + * + * More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1). + */ + priority?: "low" | "medium" | "high"; + /** + * Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). + * + * - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. + * - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. + * - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. + * - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. + * + * More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). + */ + sameSite?: boolean | "lax" | "strict" | "none"; +} diff --git a/packages/engine.io/package.json b/packages/engine.io/package.json index 6c126c6b71..58824dce5e 100644 --- a/packages/engine.io/package.json +++ b/packages/engine.io/package.json @@ -31,7 +31,6 @@ ], "license": "MIT", "dependencies": { - "@types/cookie": "^0.4.1", "@types/cors": "^2.8.12", "@types/node": ">=10.0.0", "accepts": "~1.3.4", From 48b94da1df3ebcbcf5e998c7b2061486485c234d Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne <damien.arrachequesne@gmail.com> Date: Thu, 21 Nov 2024 08:16:43 +0100 Subject: [PATCH 2/3] fix --- packages/engine.io/lib/types/{cookie.d.ts => cookie.ts} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename packages/engine.io/lib/types/{cookie.d.ts => cookie.ts} (100%) diff --git a/packages/engine.io/lib/types/cookie.d.ts b/packages/engine.io/lib/types/cookie.ts similarity index 100% rename from packages/engine.io/lib/types/cookie.d.ts rename to packages/engine.io/lib/types/cookie.ts From 1f627638b8125891c5aaa5eae16ebbbcc00042d0 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne <damien.arrachequesne@gmail.com> Date: Thu, 21 Nov 2024 08:41:37 +0100 Subject: [PATCH 3/3] upgrade to cookie@1 --- package-lock.json | 10 ++-- packages/engine.io/lib/server.ts | 4 +- packages/engine.io/lib/types/cookie.ts | 82 -------------------------- packages/engine.io/package.json | 2 +- 4 files changed, 8 insertions(+), 90 deletions(-) delete mode 100644 packages/engine.io/lib/types/cookie.ts diff --git a/package-lock.json b/package-lock.json index e148842805..c46fc4801b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5756,11 +5756,11 @@ "dev": true }, "node_modules/cookie": { - "version": "0.7.2", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", - "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.2.tgz", + "integrity": "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==", "engines": { - "node": ">= 0.6" + "node": ">=18" } }, "node_modules/cookie-signature": { @@ -15513,7 +15513,7 @@ "@types/node": ">=10.0.0", "accepts": "~1.3.4", "base64id": "2.0.0", - "cookie": "~0.7.2", + "cookie": "~1.0.2", "cors": "~2.8.5", "debug": "~4.3.1", "engine.io-parser": "~5.2.1", diff --git a/packages/engine.io/lib/server.ts b/packages/engine.io/lib/server.ts index fa9147dfb5..b3c708eed2 100644 --- a/packages/engine.io/lib/server.ts +++ b/packages/engine.io/lib/server.ts @@ -6,13 +6,13 @@ import { EventEmitter } from "events"; import { Socket } from "./socket"; import debugModule from "debug"; import { serialize } from "cookie"; +import type { SerializeOptions } from "cookie"; import { Server as DEFAULT_WS_ENGINE } from "ws"; import type { IncomingMessage, Server as HttpServer, ServerResponse, } from "http"; -import type { CookieSerializeOptions } from "./types/cookie"; import type { CorsOptions, CorsOptionsDelegate } from "cors"; import type { Duplex } from "stream"; import { WebTransport } from "./transports/webtransport"; @@ -123,7 +123,7 @@ export interface ServerOptions { * might be used for sticky-session. Defaults to not sending any cookie. * @default false */ - cookie?: (CookieSerializeOptions & { name: string }) | boolean; + cookie?: (SerializeOptions & { name: string }) | boolean; /** * the options that will be forwarded to the cors module */ diff --git a/packages/engine.io/lib/types/cookie.ts b/packages/engine.io/lib/types/cookie.ts deleted file mode 100644 index e5aa5b9754..0000000000 --- a/packages/engine.io/lib/types/cookie.ts +++ /dev/null @@ -1,82 +0,0 @@ -// imported from `cookie@1.0.2` (https://www.npmjs.com/package/cookie/v/1.0.2) - -/** - * Serialize options. - */ -export interface CookieSerializeOptions { - /** - * Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1). - * Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode - * a value into a string suited for a cookie's value, and should mirror `decode` when parsing. - * - * @default encodeURIComponent - */ - encode?: (str: string) => string; - /** - * Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2). - * - * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and - * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, - * so if both are set, they should point to the same date and time. - */ - maxAge?: number; - /** - * Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1). - * When no expiration is set clients consider this a "non-persistent cookie" and delete it the current session is over. - * - * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and - * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, - * so if both are set, they should point to the same date and time. - */ - expires?: Date; - /** - * Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3). - * When no domain is set clients consider the cookie to apply to the current domain only. - */ - domain?: string; - /** - * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4). - * When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4). - */ - path?: string; - /** - * Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6). - * When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`. - */ - httpOnly?: boolean; - /** - * Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5). - * When enabled, clients will only send the cookie back if the browser has a HTTPS connection. - */ - secure?: boolean; - /** - * Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/). - * When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches. - * - * This is an attribute that has not yet been fully standardized, and may change in the future. - * This also means clients may ignore this attribute until they understand it. More information - * about can be found in [the proposal](https://github.com/privacycg/CHIPS). - */ - partitioned?: boolean; - /** - * Specifies the value for the [`Priority` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1). - * - * - `'low'` will set the `Priority` attribute to `Low`. - * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set. - * - `'high'` will set the `Priority` attribute to `High`. - * - * More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1). - */ - priority?: "low" | "medium" | "high"; - /** - * Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). - * - * - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. - * - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. - * - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. - * - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. - * - * More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). - */ - sameSite?: boolean | "lax" | "strict" | "none"; -} diff --git a/packages/engine.io/package.json b/packages/engine.io/package.json index 58824dce5e..c7b3bb154f 100644 --- a/packages/engine.io/package.json +++ b/packages/engine.io/package.json @@ -35,7 +35,7 @@ "@types/node": ">=10.0.0", "accepts": "~1.3.4", "base64id": "2.0.0", - "cookie": "~0.7.2", + "cookie": "~1.0.2", "cors": "~2.8.5", "debug": "~4.3.1", "engine.io-parser": "~5.2.1",