🐛 Bug Report

Not a bug per se, but the plugin.d.ts file is missing the unsignCookie type signature for the FastifyInstance type

To Reproduce

Call the unsignCookie function on a FastifyInstance object in TS, it won't type check.

import fastify from "fastify"
import fastifyCookie from "fastify-cookie"

// ...

const app = fastify()

await app.register(fastifyCookie, {
  // ...,
})

// ...

app.unsignCookie(aSignedCookie)

Leads to the error "The property unsignCookie doesn't exist on type FastifyInstance<...>"

Expected behavior

Should type check.

Your Environment

• node version: 15
• fastify version: >=3.15.0
• os: Mac

Hi,

Could you give an example please how to remove a cookie using fastify reply? Unfortunately, cannot find any methods for this action, while it is quite needed, especially for "httpOnly" cookies.

Thank you in advance!

Inspiration : https://sailsjs.com/documentation/reference/response-res/res-clear-cookie

After update to fastify 2.0 i've got an error from this plugin. Is there a way to fix this?

How do I set the cookie expiration to be a session?

💥 Regression Report

Prior to the 4.2.0 release, reply.unsignCookie(...) would return a string. After the PR, it now returns an object. It looks like previously you were using cookie-signature's logic directly, but with the custom signer, you started wrapping and returning your own object.

Breaking commit: v4.2.0...master#diff-da0818d1007a8f324a63ef085c6b9bbd765b262a841385b2e7b0f28f230ce349R29

Last working version

Worked up to version: 4.1.1

Stopped working in version: 4.2.0

To Reproduce

Try unsigning a cookie.

reply.unsignCookie(req.cookies.mycoolcookie);
// returns string in 4.1.1
// returns object in 4.2.0

Expected behavior

It's unclear whether this was an intentional breaking change or if there was a misunderstanding of the existing signature. Ultimately, with 4.2.0 you need to grab the value property of the unsigned cookie object to restore similar/old behavior, but I wanted to confirm if this was correct/expected behavior.

I created this issue more so to clarify, as I was confused when bumping versions and had things start breaking.

Your Environment

• node version: 14.15.4
• fastify version: >=3.11.0
• os: Linux

🚀 Feature Proposal

cookie.parse has a second argument options. Though it only support a decode property that defines a decoder function right now, it can be useful in some cases.

I think we could add a plugin-level option, which would be passed to cookie.parse.

BTW, I think we could use a if statement here, because fastifyReq.cookies is already set to an empty object in L48.

Example

fastify.register(require('fastify-cookie'), {
  secret: "my-secret",
  parseOptions: {
    decode: decoder
  }
})

Installed fastify-cookie with npm install fastify-cookie.
Using VSCode.
fastify v.2.0.1
fastify-cookie v.3.0.2
error:

{
	"code": "2339",
	"message": "Property 'setCookie' does not exist on type 'FastifyReply<ServerResponse>'.",
	"source": "ts",
}

Code:

const fastifyCookie = require("fastify-cookie");
export const renderMiddleware = (fastify: FastifyInstance) => {
    fastify.register(fastifyCookie);
    fastify.post("/create-session-cookie", async (req, res) => {
       
        try {
            const sessionCookie = await thriftClient.createSession(
                "blabla",
                tokenExpDate,
                lastIp,
                tokenData,
                null
            );

            res.setCookie("sessionId", sessionCookie.sessionId, {}) < Throws error
                .status(200)
                .send(sessionCookie);
        } catch (e) {
            req.log.info(JSON.stringify(e));
            res.status(500).send(e);
            return;
        }
    });
}

🐛 Bug Report

FastifyCookieOptions type is empty, while docs mention a few options, like secret, and parseOptions.

To Reproduce

See link above.

Expected behavior

To have options defined.

🐛 Bug Report

Upgraded Fastify from 3.8.0 to 3.9.0, and the following warning shows up:

[FSTDEP006] FastifyDeprecation: You are decorating Request/Reply with a reference type. This reference is shared amongst all requests. Use onRequest hook instead. Property: cookies

I have tracked the issue to plugin.js#L56

To Reproduce

Use fastify-cookie per documented example

Expected behavior

No warnings

Your Environment

• node version: v14.15.0
• fastify version: 3.9.0
• os: Mac

🐛 Bug Report

In case my user clears all of his cookies, this condition will not execute:

    const cookieHeader = fastifyReq.req.headers.cookie
    if (cookieHeader) {
      fastifyReq.cookies = cookie.parse(cookieHeader, options)
    }

and fastifyReq.cookies is gonna remain the same as it was in the previous request.

To Reproduce

Set a cookie and make a request, then clear all of your browser cookies and examine req.cookies on the next request.

Expected behavior

Cookies decorator should reset on each request.

    const cookieHeader = fastifyReq.req.headers.cookie
    fastifyReq.cookies = cookieHeader ? cookie.parse(cookieHeader, options) : {}

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

The current dependency "cookie" is widely used. There are some PRs open, which aim to improve the performance, but they arent merged, despite being there for 3-4 years.

I propose we integrate the code from "cookie" and improve the performance in our codebase.

benchmark with current implementation:

cookie.parse

6 tests completed.

simple      x 1,886,402 ops/sec ±3.40% (171 runs sampled)
decode      x 2,333,643 ops/sec ±0.18% (194 runs sampled)
unquote     x 2,505,649 ops/sec ±0.26% (189 runs sampled)
duplicates  x   997,104 ops/sec ±0.16% (194 runs sampled)
10 cookies  x   303,594 ops/sec ±0.13% (192 runs sampled)
100 cookies x    28,964 ops/sec ±0.20% (193 runs sampled)

optimized parse:

function parse(str, options) {
  if (typeof str !== 'string') {
    throw new TypeError('argument str must be a string');
  }

  var result = {}
  var dec = options && options.decode || decode;

  var pos = 0;
  var terminatorPos = 0;
  var eq_idx = 0;

  while (true) {
    if (terminatorPos === str.length) {
      break;
    }
    terminatorPos = str.indexOf(";", pos);
    terminatorPos = (terminatorPos === -1) ? str.length : terminatorPos;
    eq_idx = str.indexOf('=', pos);

    // skip things that don't look like key=value
    if (eq_idx === -1 || eq_idx > terminatorPos) {
      pos = terminatorPos + 1;
      continue;
    }

    var key = str.substring(pos, eq_idx++).trim()
    
    // only assign once
    if (undefined == result[key]) {
      var val = (str.charCodeAt(eq_idx) === 0x22)
        ? str.substring(eq_idx + 1, terminatorPos - 1).trim()
        : str.substring(eq_idx, terminatorPos).trim();
  
      result[key] = (dec !== decode || -1 !== val.indexOf('%'))
        ? tryDecode(val, dec)
        : val;
    }
    pos = terminatorPos + 1;
  }
  return result;
}

benchmark with optimized version

cookie.parse

6 tests completed.

simple      x 4,148,129 ops/sec ±1.96% (172 runs sampled)
decode      x 2,879,839 ops/sec ±0.19% (193 runs sampled)
unquote     x 6,790,136 ops/sec ±0.50% (190 runs sampled)
duplicates  x 1,922,513 ops/sec ±0.42% (192 runs sampled)
10 cookies  x   598,713 ops/sec ±0.25% (192 runs sampled)
100 cookies x    47,375 ops/sec ±0.27% (189 runs sampled)

We could gain about 100% better performance.

Motivation

More Power.

Example

No response

🚀 Feature Proposal

Adds ability to unsign cookies via request.

Motivation

• In this case, the request becomes self-sufficient and there is no need to pass reply as an argument to other methods.
• NestJS allows to inject only request object to the constructor of Request scoped services. This is logical because services should not compose a reply. It should be done in other layers (controllers, interceptors)

Example

fastify.get('/', (req, reply) => {
  const mySecretCookie = req.unsignCookie(req.cookies.mySecretCookie);
  reply
    .setCookie('mySecretCookie', 'value', {
      path: '/',
      signed: true
    })
    .send({ hello: 'world' })
})

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.2.1

Plugin version

8.1.0

Node.js version

16.17.0

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

20.04

Description

I'm not sure if it is a bug or a feature request -> I decided to use the bug template because I spend some time for debugging it.

From my point of view, the clearCookie method should respect parseOptions passed during the plugin initialization, similarly to setCookie. It is especially useful to remove cookies on a specific domain.

Steps to Reproduce

  const fastify = Fastify()
  fastify.register(plugin, {
    parseOptions: {
      path: '/test',
      domain: 'example.com'
    }
  })

  fastify.get('/test1', (req, reply) => {
    reply
      .clearCookie('foo')
      .send({ hello: 'world' })
  })

The cleared cookie has not set a path and a domain.

{
  name: 'foo',
  value: '',
  expires: 1970-01-01T00:00:00.000Z
}

Expected Behavior

The cleared cookie includes options obtained from parseOptions e.g. includes the path and the domain.

{
  name: 'foo',
  value: '',
  domain: 'example.com',
  path: '/test',
  expires: 1970-01-01T00:00:00.000Z
}

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

It seems that the cookie package got updates. It should be checked if it is faster than our modified code, and if we can supply improvements and maybe switch back to the original cookie package in fastify cookie.

@dougwilson
Are you accepting PRs or did you move on again and I missed a "project focus"-window?

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.29.0

Plugin version

6.0.0

Node.js version

16.15.1

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

Windows 11 Pro Build 22000.739

Description

Right now when using the package any cookie is always typed as a string when it could be undefined.

Pretty simple fix, just changing the type from cookies: { [cookieName: string]: string }; to cookies: { [cookieName: string]: string | undefined };

(if you wanted to make it more TypeScript-y you could do cookies: Record<string, string | undefined>;

Steps to Reproduce

fastify.get('/', async (reqeust, reply) => {
  const { someCookieThatDoesNotExist } = request.cookies; // someCookieThatDoesNotExist: string
  console.log(someCookieThatDoesNotExist); // undefined
  console.log(typeof someCookieThatDoesNotExist); // undefined
  
  return { hello: 'world' }
});

Expected Behavior

No response

It is necessary to generate the signed cookie content for the tests

How can I get it as a string in tests to insert into the invocation of the inject method?

Maybe the plugin should explicitly export the sign and unsign functions?

Hi, thank you for the module!
I think here you can use the decorateReply api, you will get way better performances! :)

https://github.com/fastify/fastify/blob/master/docs/Plugins-Guide.md#decorators

Edit:
Obviously the decorateReply should be used outside the hook handler ;)

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.22.1

Plugin version

5.3.1

Node.js version

16.11.1

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

10

Description

The parseCookie is not include in the .d.ts file.
This causes that when using the method through the fastify instance, a typing error is generated even though the method does exist in the instances.

Steps to Reproduce

import fastifyCookie from 'fastify-cookie'
import fp from 'fastify-plugin'
import fastifySession from 'fastify-session'

export default fp<any>(async (fastify, opts) => {
  fastify.register(fastifyCookie)
  fastify.register(fastifySession, {
    secret: String(process.env.APP_KEY),
    saveUninitialized: false,
    cookie: {
      httpOnly: true,
      secure: process.env.NODE_ENV !== 'production'
    }
  })

  // TS Error: Property 'parseCookie' does not exist on type 'FastifyInstance<Server, IncomingMessage, ServerResponse, FastifyLoggerInstance>'.ts(2339)
  fastify.parseCookie('cookie')
})

Expected Behavior

I did a little fix, creating the typing in the creation of a plugin, for example.
But I think it is something that should be included in the .dt.s

import fastifyCookie from 'fastify-cookie'
import fp from 'fastify-plugin'
import fastifySession from 'fastify-session'

export default fp<any>(async (fastify, opts) => {
  fastify.register(fastifyCookie)
  fastify.register(fastifySession, {
    secret: String(process.env.APP_KEY),
    saveUninitialized: false,
    cookie: {
      httpOnly: true,
      secure: process.env.NODE_ENV !== 'production'
    }
  })

  fastify.parseCookie('cookie')
})

// here is my simple fix
declare module 'fastify' {
  export interface FastifyInstance {
    parseCookie(cookieHeader: string): Record<string, any>
  }
}

This repo should only test against supported LTS versions.

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure it has not already been reported

Fastify version

3.18.1

Plugin version

5.3.1

Node.js version

12

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

20.10

Description

The most basic functionality as shown in the intro docs is not working even after spending some 2 hours trying to figure things out. Please make documentation more elaborate if possible.

Steps to Reproduce

No specific case. The steps in the docs itself don't work. The cookie is not set.

index.js

fastify.register(require('fastify-cookie'), {
   secret: 'xyz',
   parseOptions: {}
})

in my route handler

reply
   .code(200)
   .cookie('foo', 'bar')
   .send({message: 'Hello world'})

Expected Behavior

The desired cookie should be set.

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.27.1

Plugin version

5.5.0

Node.js version

16.13.1

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

11 (21H2)

Description

When using a schema for my route, I get payload typing. But when I use setCookie on my reply, the payload get the type unknown.

Steps to Reproduce

type TSchemaResponse = {
    message: string
};

// ...
fastifyInstance.post<Response: TSchemaResponse>(
    "/hello",
    (request, reply) => {
        reply.send({message: 123}); // typescript error as message should be a string
    }
);
// ...

type TSchemaResponse = {
    message: string
};

// ...
fastifyInstance.post<Response: TSchemaResponse>(
    "/hello",
    (request, reply) => {
        reply
            .setCookie("hello", "there")
            .send({message: 123}); // no error (there should be an error)
    }
);
// ...

Expected Behavior

The payload should still be typed after calling setCookie (as setCookie should return "this" type)

🐛 Bug Report

I tried setting and unsetting a cookie by storing all the options in an object:

const SESSION_COOKIE_OPTIONS: CookieSerializeOptions = {
    sameSite: 'lax',
    signed: true,
    secure: false,
    maxAge: 24*60*60*30,
    httpOnly: true,
    path: '/',
}

This works fine for setting:

reply.setCookie(SESSION_COOKIE_NAME, sessionKeyStr, SESSION_COOKIE_OPTIONS)

But throws an error when unsetting:

reply.clearCookie(SESSION_COOKIE_NAME, SESSION_COOKIE_OPTIONS)

TypeError: Secret string must be provided.

If you just rip the signed option out in the fastifyCookieClearCookie, then it should work fine.

You should remove maxAge too.

To Reproduce

Above.

Expected behavior

No error.

Your Environment

❯ yarn list --depth=0 | grep fastify
├─ [email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]
├─ [email protected]

I started to see error in console from fastify-cookies.
Everything seems works fine.
I don't know where to look problem because error looks strange.
Maybe now it should be used without callback with error:
fastify.register(require('fastify-cookie'))

Last versions of everything.

const fastify = require('fastify')({ logger: true })

fastify.register(require('fastify-cookie'), err => {
    if (err) console.log(err)
})

// Declare a route
fastify.get('/', async (request, reply) => {
  return { hello: 'world' }
})

// Run the server!
const start = async () => {
  try {
    await fastify.listen(3000)
    fastify.log.info(`server listening on ${fastify.server.address().port}`)
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

Error object:

{ getSchemas: [Function: bound ],
  [Symbol(fastify.children)]:
   [ { getSchemas: [Function: bound ],
       [Symbol(fastify.children)]: [Array],
       [Symbol(fastify.Reply)]: [Function: _Reply],
       [Symbol(fastify.Request)]: [Function: _Request],
       [Symbol(fastify.contentTypeParser)]: [ContentTypeParser],
       [Symbol(fastify.hooks)]: [Hooks],
       [Symbol(fastify.routePrefix)]: '',
       [Symbol(fastify.logLevel)]: '',
       [Symbol(fastify.middlewares)]: [],
       [Symbol(fastify.schemas)]: [Schemas],
       [Symbol(registered-plugin)]: Array {} } ],
  [Symbol(fastify.Reply)]: [Function: _Reply],
  [Symbol(fastify.Request)]: [Function: _Request],
  [Symbol(fastify.contentTypeParser)]:
   ContentTypeParser {
     customParsers: { 'application/json': [Parser], 'text/plain': [Parser] },
     parserList: [ 'application/json', 'text/plain' ],
     cache:
      LRU { first: null, items: {}, last: null, max: 100, size: 0, ttl: 0 },
     [Symbol(fastify.defaultJSONParse)]: [Function: defaultJsonParser] },
  [Symbol(fastify.hooks)]:
   Hooks {
     onRequest: [ [Function: bound onRateLimit] ],
     preParsing: [],
     preValidation: [],
     preSerialization: [],
     preHandler: [],
     onResponse: [],
     onSend: [],
     onError: [] },
  [Symbol(fastify.routePrefix)]: '',
  [Symbol(fastify.logLevel)]: '',
  [Symbol(fastify.middlewares)]: [],
  [Symbol(fastify.schemas)]: Schemas { store: {} },
  [Symbol(registered-plugin)]: Array { '1': 'fastify-cookie', length: 2 } }

The cookie object doesn't seem to exist in the preHandler hook inside my routes, see my code below;

// routes/auth.js
// inside routes function
  fastify.register(require('fastify-cookie'), (err) => {
    if (err) throw err
  });

  fastify.addHook('preHandler', (request, reply, done) => {
    if(request.cookie) { // always fails
      done();
      return;
    }
    reply.code(403).send({
      error: 'Unauthorized',
      message: 'No cookie',
      statusCode: 404
    });
  });

  fastify.post('/register', async (request, reply) => {
    // Cookie exists here
    const user = await User.create(request.body);
    return { data: user };
  });

I'm certain the cookie actually exists.
I know the middleware utilizes the preHandler to set the cookie object, is that the reason it can't be accessed inside any other preHandler?

Hi, please give an example to sign a cookie thanks

The plugin type exported here expects only HTTP underlying types while Fastify itself supports both HTTP and HTTP2 types.

This package seemingly works with either and can safely expect either one.

If you like the idea I'll have a PR ready in no time :)

🚀 Feature Proposal

Allow passing "secret" as part of the setCookie and getCookie decorators, not just at the plugin's initialization.

Motivation

Allow the usage of multiple secrets according to application's logic.

One example is using a different secret per logged in user.

Example

Usage example:

fastify.get('/', (req, reply) => {
  const aCookieValue = req.cookies.cookieName
  const bCookieValue = reply.unsignCookie(req.cookies.cookieSigned, 'my-secret');
  reply
    setCookie('bar', 'bar', {
      path: '/',
      signed: true,
      secret: 'my-secret'
    })
    .send({hello: 'world'})
})

Changes to code:

value = cookieSignature.sign(value, opts.secret || secret)  // line: 14

// lines: 59-61
fastify.decorateReply('unsignCookie', function unsignCookieWrapper (value, secretOverride) {
  return cookieSignature.unsign(value, secretOverride || secret)
})

🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.5.3

Plugin version

8.1.0

Node.js version

16,17.0

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

Ubuntu 20.04.4 LTS

Description

Currently a Typescript error is thrown when one sets the options.secure flag to "auto" according to the docs

Steps to Reproduce

Simply set secure = "auto" and you'll get the error as the secure option is typed as boolean as seen below on line 10:

Expected Behavior

No type error?

Could you please publish a version with this commit?
0b37bc2

Regards

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

Currently when you send a too large cookie it just gets ignored by the browser without warnings - this makes figuring out why it's not set really cumbersome (took me almost an hour to realise this)

So maybe instead of the browser giving you the warning, fastify-cookie can give one instead of the go over this safe limit?

See: http://browsercookielimits.iain.guru/

Motivation

Painful to debug why a cookie is not being set as no warnings are emitted anywhere and it's hard to guess that you reached this size

Example

Just a warning messing using FastifyInstance.log.warn that you exceeded the safe limit (with an option to turn it off maybe)

I would like to see a cookie signing feature like the https://github.com/expressjs/cookie-session has.

Is that something that would be implemented in the near feature?

This repo should switch to using GitHub Actions instead of Travis.

The devDependency @types/node was updated from 12.7.0 to 12.7.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@types/node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

Currently, parseOptions is not defined under FastifyCookieOptions. I was hoping to change the FastifyCookieOptions interface to the following:

// plugin.d.ts

export interface FastifyCookieOptions {
  secret?: string | string[];
  parseOptions?: CookieSerializeOptions;
}

And add the following test:

// test/plugin.d.ts

const appWithParserOptions = fastify();

const parseOptions: fastifyCookieStar.CookieSerializeOptions = {
  domain: "example.com",
  encode: (value: string) => value,
  expires: new Date(),
  httpOnly: true,
  maxAge: 3600,
  path: "/",
  sameSite: "lax",
  secure: true,
  signed: true,
};
expectType<fastifyCookieStar.CookieSerializeOptions>(parseOptions);

appWithParserOptions.register(cookie, {
  secret: "testsecret",
  parseOptions,
});
appWithParserOptions.after(() => {
  server.get("/", (request, reply) => {
    const { valid, renew, value } = reply.unsignCookie(request.cookies.test);

    expectType<boolean>(valid);
    expectType<boolean>(renew);
    expectType<string | null>(value);
  });
});

Motivation

No response

Example

No response

🐛 Bug Report

Error ts2392 occurs in the TypeScript environment due to the wrong return type of unsignCookie

To Reproduce

const result = reply.unsignCookie(request.cookies[key])
if (result.valid) { ... }

Error ts2392 occurred with result.valid.

Expected behavior

needs to update plugin.d.ts

Your Environment

• node version: 14
• fastify version: >=3.9.2
• os: Linux
• fastify-cookie: "5.0.0"
• typescript: "4.1.3"

Hello! I'm using fastify-cookie for my project to work with cookies and I have a question about the route validation. Is it possible to express in a schema to specific what exact cookie should be in the cookie header?

What I want: we have the header 'cookie' that must exist, where the cookie name 'id' must exist and be typof number.

As of now, I can only specify that the header 'cookie' must exist, but sadly I don't know if it's possible to check for certain keys in such header and I was wondering if this is possible or not.

Thank you!

The devDependency standard was updated from 14.3.0 to 14.3.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

standard is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Basically after an auth, I setting a cookie, but apparently after page refresh on the cookie that was set by cloudflare is saved And the cookie that I transmitted with set-cookie is not used in after set-cookie requests

# Response headers
HTTP/2.0 200 OK
date: Thu, 18 Jul 2019 10:03:25 GMT
content-type: application/json; charset=utf-8
content-length: 29
set-cookie: __cfduid=d578c7a5e4378dc1b1946964a08ebc4ec1563444205; expires=Fri, 17-Jul-20 10:03:25 GMT; path=/; domain=.doc.io; HttpOnly; Secure
set-cookie: __doc=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlIjoiNzQ2NTczNzQ0MDY2NjE3Mzc0NmQ2MTY5NmMyZTZkNzgiLCJwIjoiNTUzMjQ2NzM2NDQ3NTY2YjU4MzEzODMzNTU0NjUwNTU2ZjRiMzkzMTY3NDUzNDY5NDc3MzM3MzgzOTU5MzczMDUxNjk0ZjQxNjQ0OTM5Nzg0YjZiNzU1Njc3Nzk0NDc0NjE3NDMxNTE0NzcwMzE0YjQxNmY1MjU5MzM3YTZhNDU2NDJiNmU0ZTc0NGE3NTMyNTQ1ODc2NjI1YTczNDc1MTQ1Njc0MjVhNGQ0MTNkM2QiLCJkIjoiMzEzNTM2MzMzNDM0MzQzMjMwMzUzNTM2MzMiLCJpYXQiOjE1NjM0NDQyMDV9.go1jDpc2rBe5FjK2sKX4ybW4PhCPFq1xT1WIX-mSI84; Domain=.doc.io; Path=/; Expires=Thu, 18 Jul 2019 16:03:25 GMT; HttpOnly; Secure
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4f83a02a3dc36455-FRA
X-Firefox-Spdy: h2

reply
.code(200)
.header('Access-Control-Allow-Origin', '*')
.header('Content-Type', 'application/json; charset=utf-8')
.setCookie('__doc', token, {
domain: '.doc.io',
path: '/',
secure: true,
httpOnly: true,
expires: new Date(new Date().setHours(new Date().getHours() + 6))})
.send({ 'success': 'Sign In success' })

All my websites are https

First I do POST request for an auth on /auth, and you could see response in response headers above and after I do GET on (trying to load page) from /page and get cookies, but with reply.log.info(request.cookies) I see only cookies from cloudflare. Surely I tried to refresh and go to address in different table, there just no any cookies, but from cloudflare.

# Request headers
Host: test.doc.io
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cfduid=d578c7a5e4378dc1b1946964a08ebc4ec1563444205
Upgrade-Insecure-Requests: 1
TE: Trailers

P.S.: I removed httpOnly: true as it seems shouldn't work for json request types, however that changes nothing

Any idea?

🐛 Bug Report

The CookieSerializeOptions at https://github.com/fastify/fastify-cookie/blob/master/plugin.d.ts don't allow to set the sameSite parameter to "none"

Expected behavior

Allow sameSite to be "none", as specified in https://www.npmjs.com/package/cookie#options-1

Your Environment

• node version: 10.8.0
• fastify version: 2.10.0
• fastify-cookie version: 3.4.1
• os: Linux

When i am using this app, this error appears and doesn't goes next.

FastifyError [FST_ERR_CTP_INVALID_CONTENT_LENGTH]: FST_ERR_CTP_INVALID_CONTENT_LENGTH: Request body size did not match Content-Length
       at IncomingMessage.onEnd (/Users/dalisoft/Desktop/Projects/uxcandy-test/node_modules/fastify/lib/contentTypeParser.js:177:18)
       at IncomingMessage.emit (events.js:198:15)
       at endReadableNT (_stream_readable.js:1142:12)
       at processTicksAndRejections (internal/process/task_queues.js:81:17)
     name: 'FastifyError [FST_ERR_CTP_INVALID_CONTENT_LENGTH]',
     code: 'FST_ERR_CTP_INVALID_CONTENT_LENGTH',
     message:
      'FST_ERR_CTP_INVALID_CONTENT_LENGTH: Request body size did not match Content-Length',
     statusCode: 400 }

How my code looks

// src/server.js
const fastify = require('fastify');
const app = fastify({
  // logger: true,
});

if (process.env.NODE_ENV === 'development') {
  require('dotenv-safe').config();
}

require('./middlewares/developer-verify')(app)
    .register(require('fastify-cookie'))
    .register(require('fastify-multipart'))
    .register(require('./register-routes'));

// Run the server!
const start = async () => {
  try {
    await app.listen(process.env.PORT || 8080, '0.0.0.0');
    console.log(`Server listening on ${app.server.address().port}`);
  } catch (err) {
    console.error(`Server listening error`, err);
    process.exit(1);
  }
};
start();

// middlewares/developer-verify.js
const {devName} = require('../config');

module.exports = (app) => {
  app.addHook('onRequest', async (req, res, next) => {
    const method = req.raw.connection.parser.incoming.method;
    if (method !== 'GET') {
      return next();
    }
    if (!req.query.developer || req.query.developer !== devName) {
      res.status(403);
      return res.send({
        'status': 'error',
        'message': 'Не передано имя разработчика',
      });
    }
    next();
  });
  return app;
};

// register-routes.js
module.exports = (app, options, next) => {
  // Error handling for more information
  app.setErrorHandler(async (error, request, res) => {
    console.log('Error was happened', {
      error,
      request,
    });

    return {
      status: 'error',
      message: 'The error was happened',
    };
  });

  // Root route
  app.get('/', (req, res) => {

});
next();

The devDependency tap was updated from 12.5.0 to 12.5.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

tap is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.27.2

Plugin version

5.6.0

Node.js version

16

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

20.04

Description

It should be pointing to the latest version 5.6.0, no?

Steps to Reproduce

$ npm info fastify-cookie

-- removed for brevity --

dist-tags:
latest: 5.5.0  next: 5.6.0    

Expected Behavior

$ npm info fastify-cookie

-- removed for brevity --

dist-tags:
latest: 5.6.0

The request library has been deprecated and (essentially) abandoned for a long time. We should rely on another library like got for testing (or simply use fastify.inject if possible).

🚀 Feature Proposal

Add fastify.unsignCookie

Motivation

#75 added fastify.parseCookie to mitigate fastify/fastify-websocket#70 and it works, but there is no easy way to verify a signed cookie, so its usefulness is limited.

The workaround now is to create a custom signer that dupes the default. But that's less than ideal.

Example

// fastify-websocket handler
const signedSessionId = fastify.parseCookie(req.headers['cookie']);
const sessionId = fastify.unsignCookie(signedSessionId);
ok(sessionId.valid);
console.log('session id:', sessionId.value);

Example:

1. res.setCookie('language', 'en', { path:'/foo' });
2. res.setCookie('language', 'en', { path:'/' });

Expected outcome:

1. Name language value en path /foo
2. Name language value en path /

Actual outcome:

1. No cookie is getting set at all.
2. Default path is taken

Tested in Chrome Version 67.0.3396.99
Node version v11.0.0
Fastify-Cookie Version 2.1.1

My simplified code is:

import fastify from './git/fastify'
import fastifyCookie from './git/fastify-cookie'
const server = fastify();
server.register(fastifyCookie).after( () => {
	server.get("/ping", async (request, reply) => {
		const cookies = request.cookies; // Property 'cookies' does not exist on type 'FastifyRequest<Server, IncomingMessage, RequestGenericInterface>'
		reply.clearCookie('foo'); // Property 'clearCookie' does not exist on type 'FastifyReply<Server, ServerResponse, unknown>'
	});
});

Where I have two errors:

• Property 'cookies' does not exist on type 'FastifyRequest<Server, IncomingMessage, RequestGenericInterface>'
• Property 'clearCookie' does not exist on type 'FastifyReply<Server, ServerResponse, unknown>'

I just followed by: https://github.com/fastify/fastify-cookie
Why it doesn't work?

• node version: 13
• fastify version: 3.0
• fasify-cookie version: 3.6.0
• os: Linux

Dear fastify-cookie maintainers,
Thank you for your contribution to the open-source community.

This issue was automatically created to inform you a new version (5.7.0) of fastify-cookie was published without a matching tag in this repo.

As part of our efforts to fight software supply chain attacks, we would like to verify this release is known and intended, and not a result of an unauthorized activity.

If you find this behavior legitimate, kindly close and ignore this issue. Read more