UNPKG

litejs/app/cookie.js

Version:

2.12 kBJavaScriptView Raw

1
2var log = require("../lib/log")("app:cookie")
3, valueEsc = /[^!#-~]|[%,;\\]/g
4
5exports.get = getCookie
6exports.set = setCookie
7exports.escape = escapeCookie
8
9function getCookie(name, opts) {
if (typeof name === "object") {
opts = name
name = opts.name
} else {
opts = opts || {}
}
16
var req = this
, junks = ("; " + req.headers.cookie).split("; " + name + "=")
19
if (junks.length > 2) {
;(opts.path || "").split("/").map(function(val, key, arr) {
	var path = arr.slice(0, key+1).join("/")
	, domain = opts.domain
	req.res.cookie(name, "", {ttl: -1, path: path})
	if (domain) {
		req.res.cookie(name, "", {ttl: -1, path: path, domain: domain})
27
		if (domain !== (domain = domain.replace(/^[^.]+/, "*"))) {
			req.res.cookie(name, "", {ttl: -1, path: path, domain: domain})
		}
	}
})
log.warn("Cookie fixation detected: %s", req.headers.cookie)
return
}
36
try {
return decodeURIComponent((junks[1] || "").split(";")[0])
} catch(e) {
log.warn("Invalid cookie '%s' in: %s", name, req.headers.cookie)
}
42}
43
44function setCookie(name, value, opts) {
var res = this
, existing = (res._headers || setCookie)["set-cookie"]
, cookie = (
typeof name === "object" ? (opts = name).name : name
) + "=" + escapeCookie(value)
50
if (opts) {
cookie +=
// Max-Age=1 - Number of seconds until the cookie expires.
// ie8 do not support max-age.
// if both (Expires and Max-Age) are set, Max-Age will have precedence.
(opts.ttl      ? "; Expires=" + new Date(opts.ttl > 0 ? Date.now() + (opts.ttl*1000) : 0).toUTCString() : "") +
(opts.path     ? "; Path=" + opts.path : "") +
(opts.domain   ? "; Domain=" + opts.domain : "") +
(opts.secure   ? "; Secure" : "") +
(opts.httpOnly ? "; HttpOnly" : "") +
(opts.sameSite ? "; SameSite=" + opts.sameSite : "")
}
63
if (!Array.isArray(existing)) {
res.setHeader("Set-Cookie", (
	existing === void 0 ? cookie : [existing, cookie]
))
} else {
existing.push(cookie)
}
log.debug("Set-Cookie: %s", cookie)
72}
73
74function escapeCookie(value) {
return typeof value === "string" ? value.replace(valueEsc, encodeURIComponent) : ""
76}
77

1
2	`var log = require("../lib/log")("app:cookie")`
3	`, valueEsc = /[^!#-~]\|[%,;\\]/g`
4
5	`exports.get = getCookie`
6	`exports.set = setCookie`
7	`exports.escape = escapeCookie`
8
9	`function getCookie(name, opts) {`
10	`if (typeof name === "object") {`
11	`opts = name`
12	`name = opts.name`
13	`} else {`
14	`opts = opts \|\| {}`
15	`}`
16
17	`var req = this`
18	`, junks = ("; " + req.headers.cookie).split("; " + name + "=")`
19
20	`if (junks.length > 2) {`
21	`;(opts.path \|\| "").split("/").map(function(val, key, arr) {`
22	`var path = arr.slice(0, key+1).join("/")`
23	`, domain = opts.domain`
24	`req.res.cookie(name, "", {ttl: -1, path: path})`
25	`if (domain) {`
26	`req.res.cookie(name, "", {ttl: -1, path: path, domain: domain})`
27
28	`if (domain !== (domain = domain.replace(/^[^.]+/, "*"))) {`
29	`req.res.cookie(name, "", {ttl: -1, path: path, domain: domain})`
30	`}`
31	`}`
32	`})`
33	`log.warn("Cookie fixation detected: %s", req.headers.cookie)`
34	`return`
35	`}`
36
37	`try {`
38	`return decodeURIComponent((junks[1] \|\| "").split(";")[0])`
39	`} catch(e) {`
40	`log.warn("Invalid cookie '%s' in: %s", name, req.headers.cookie)`
41	`}`
42	`}`
43
44	`function setCookie(name, value, opts) {`
45	`var res = this`
46	`, existing = (res._headers \|\| setCookie)["set-cookie"]`
47	`, cookie = (`
48	`typeof name === "object" ? (opts = name).name : name`
49	`) + "=" + escapeCookie(value)`
50
51	`if (opts) {`
52	`cookie +=`
53	`// Max-Age=1 - Number of seconds until the cookie expires.`
54	`// ie8 do not support max-age.`
55	`// if both (Expires and Max-Age) are set, Max-Age will have precedence.`
56	`(opts.ttl ? "; Expires=" + new Date(opts.ttl > 0 ? Date.now() + (opts.ttl*1000) : 0).toUTCString() : "") +`
57	`(opts.path ? "; Path=" + opts.path : "") +`
58	`(opts.domain ? "; Domain=" + opts.domain : "") +`
59	`(opts.secure ? "; Secure" : "") +`
60	`(opts.httpOnly ? "; HttpOnly" : "") +`
61	`(opts.sameSite ? "; SameSite=" + opts.sameSite : "")`
62	`}`
63
64	`if (!Array.isArray(existing)) {`
65	`res.setHeader("Set-Cookie", (`
66	`existing === void 0 ? cookie : [existing, cookie]`
67	`))`
68	`} else {`
69	`existing.push(cookie)`
70	`}`
71	`log.debug("Set-Cookie: %s", cookie)`
72	`}`
73
74	`function escapeCookie(value) {`
75	`return typeof value === "string" ? value.replace(valueEsc, encodeURIComponent) : ""`
76	`}`
77