1.0.4 • Published 5 years ago

crypto-parser-express v1.0.4

Weekly downloads
3
License
MIT
Repository
github
Last release
5 years ago

Build Status npm version node version

crypto-parser-express

Express >=v4.10.0 Response Cookie override to add crypto cookie support and cookie-parser middleware module replacement.

crypto-parser-express use node-laravel-encryptor to cipher/decipher cookies with signature verification support.

This module borrows parts of cookieParse and parse methods from cookie-parser module kudos to that dev.

Features

  • cipher/decipher cookies with
    • res.cookies
    • res.cookies_async
  • Laravel Cookie Compatible >=5.4 if serialize_mode php (default mode node-laravel-encryptor)
  • only parse allowed cookies.
  • only decipher encrypted cookie payload instead of every cookie params path, domain, expires, secure, etc.

  • option to allow all cookies, only allowed cookies will be deciphered.

Install

$> npm i crypto-parser-express

Prerequisites

  • NodeJs >=v8.10.0 (npm v5.6.0)
  • expressJS >=v4.10.0

Usage

const express = require('express');
const CryptoCookieParser = require('crypto-parser-express');
const cryptoCookieParser = new CryptoCookieParser(options);

//instead of const app = express();
const app = cryptoCookieParser.overrideCookie(express());

//use custom cookieParser middleware
app.use(cryptoCookieParser.cookieParser())

Options

const options = {
  encryptor: {key: 'app_key', serialize_mode: 'php|json'},
  cookie: {
      allow_all: false,
      allowed: ['session', 'superCookie'],
      options: {
          domain: 'localhost',
          expires: 0,
          maxAge: 60*60*1000,
          path: '/',
          sameSite: true,
          secure: false,
          httpOnly: false
      }
  }
}

Options

Encryptor options

node-laravel-encryptor

Cookie options

  • allow_all: <boolean> default false
  • allowed: <array> list allowed cookie name
  • options: npm cookie package options

Tests

> npm run test

  Class CryptoCookie
    ✓ should return express instance with res.cookie method overridden
    ✓ should return express instance with res.cookie_async new method

  Test Errors...
    ✓ should throw Error 'overrideCookie express argument not an express instance' when trying to override Cookie method on non express instance
    ✓ should Throw Error MAC signature failed (53ms)

  Express cookie override
    ✓ should client send cipher cookie and cookieParser should decipher it
    ✓ should server res.cookie not populate response Headers Set-Cookie when cookie name is not allowed 
    ✓ should server res.cookie populate response Headers Set-Cookie when cookie name is not allowed and allow_all = true
    ✓ should client send not allowed cookie and cookieParser should discard
    ✓ should client send not allowed cookie when allow_all option true and should not decipher but should be parsed in req.cookies

  Express response res.cookie method and res.cookie_async method
    ✓ should client get cipher cookie using res.cookie_async
    ✓ should client get cipher cookie using res.cookie method overridden

  11 passing (112ms)

Dependencies

Contributing

Pull requests are welcome.

License

MIT

laravelcryptonodejscookiecookie-parser
node-laravel-encryptor
@infinitebrahmanuniverse/nolb-crypt@everything-registry/sub-chunk-1416
1.0.4

5 years ago

1.0.3

5 years ago

1.0.2

5 years ago

1.0.1

5 years ago