updated cookies version to respect req.connection.proxySecure, added tests for this, updated structure tobe more node'ish.
This commit is contained in:
Ben Adida
Родитель
ceb2889541
Коммит
69a09abe2b
1
index.js
1
index.js
|
|
@ -1 +0,0 @@
|
|||
module.exports = require("./lib/node-client-sessions");
|
||||
|
|
@ -49,6 +49,11 @@ function Session(req, res, cookies, opts) {
|
|||
// no need to initialize it, loadFromCookie will do
|
||||
// via reset() or unbox()
|
||||
this.createdAt = null;
|
||||
|
||||
// here, we check that the security bits are set correctly
|
||||
var secure = res.socket.encrypted || req.connection.proxySecure;
|
||||
if (opts.cookie.secure && !secure)
|
||||
throw "you cannot have a secure cookie unless the socket is secure or you declare req.connection.proxySecure to be true.";
|
||||
}
|
||||
|
||||
Session.prototype = {
|
||||
|
|
@ -151,7 +156,13 @@ Session.prototype = {
|
|||
if (this.expires) {
|
||||
this.opts.cookie.expires = this.expires;
|
||||
}
|
||||
this.cookies.set(this.opts.cookieName, this.box(), this.opts.cookie);
|
||||
|
||||
try {
|
||||
this.cookies.set(this.opts.cookieName, this.box(), this.opts.cookie);
|
||||
} catch (x) {
|
||||
// this really shouldn't happen. Right now it happens if secure is set
|
||||
// but cookies can't determine that the connection is secure.
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
|
|
@ -254,7 +265,16 @@ var cookieSession = function(opts) {
|
|||
|
||||
return function(req, res, next) {
|
||||
var cookies = new Cookies(req, res);
|
||||
var raw_session = new Session(req, res, cookies, opts);
|
||||
var raw_session;
|
||||
try {
|
||||
raw_session = new Session(req, res, cookies, opts);
|
||||
} catch (x) {
|
||||
// this happens only if there's a big problem
|
||||
//
|
||||
process.nextTick(function() {next("error", x.toString());});
|
||||
return;
|
||||
}
|
||||
|
||||
req.session = raw_session.monitor();
|
||||
|
||||
// I wish we didn't have to do things this way, but
|
||||
|
|
@ -1,16 +1,16 @@
|
|||
{
|
||||
"name" : "node-client-sessions",
|
||||
"version" : "0.0.1",
|
||||
"name" : "client-sessions",
|
||||
"version" : "0.0.2",
|
||||
"private" : false,
|
||||
"description" : "secure sessions stored in cookies",
|
||||
"main" : "index",
|
||||
"main" : "lib/client-sessions",
|
||||
"repository" : {
|
||||
"type" : "git",
|
||||
"url" : "https://github.com/benadida/node-client-sessions"
|
||||
},
|
||||
"dependencies" : {
|
||||
"vows": "0.5.13",
|
||||
"cookies" : "https://github.com/jed/cookies/tarball/588822c",
|
||||
"cookies" : "https://github.com/benadida/cookies/tarball/d2f0f0b3",
|
||||
"express": "2.5.0",
|
||||
"tobi": "https://github.com/Cowboy-coder/tobi/tarball/fd733a3",
|
||||
"zombie": "0.12.9",
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
var vows = require("vows"),
|
||||
assert = require("assert"),
|
||||
cookieSessions = require("../index"),
|
||||
cookieSessions = require("../lib/client-sessions"),
|
||||
express = require("express"),
|
||||
tobi = require("tobi"),
|
||||
Browser = require("zombie");
|
||||
|
|
@ -382,4 +382,75 @@ suite.addBatch({
|
|||
}
|
||||
});
|
||||
|
||||
function create_app_with_secure(firstMiddleware) {
|
||||
// set up the session middleware
|
||||
var middleware = cookieSessions({
|
||||
cookieName: 'session',
|
||||
secret: 'yo',
|
||||
cookie: {
|
||||
maxAge: 5000,
|
||||
secure: true
|
||||
}
|
||||
});
|
||||
|
||||
var app = express.createServer();
|
||||
if (firstMiddleware)
|
||||
app.use(firstMiddleware);
|
||||
|
||||
app.use(middleware);
|
||||
|
||||
return app;
|
||||
}
|
||||
|
||||
suite.addBatch({
|
||||
"across two requests, without proxySecure, secure cookies" : {
|
||||
topic: function() {
|
||||
var self = this;
|
||||
|
||||
var app = create_app_with_secure();
|
||||
|
||||
app.get("/foo", function(req, res) {
|
||||
res.send("foo");
|
||||
});
|
||||
|
||||
var browser = tobi.createBrowser(app);
|
||||
browser.get("/foo", function(res, $) {
|
||||
self.callback(null, res);
|
||||
});
|
||||
|
||||
},
|
||||
"cannot be set": function(err, res) {
|
||||
assert.equal(res.statusCode, 500);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
suite.addBatch({
|
||||
"across two requests, with proxySecure, secure cookies" : {
|
||||
topic: function() {
|
||||
var self = this;
|
||||
|
||||
var app = create_app_with_secure(function(req, res, next) {
|
||||
// say it is proxySecure
|
||||
req.connection.proxySecure = true;
|
||||
next();
|
||||
});
|
||||
|
||||
app.get("/foo", function(req, res) {
|
||||
res.send("foo");
|
||||
});
|
||||
|
||||
var browser = tobi.createBrowser(app);
|
||||
browser.get("/foo", function(res, $) {
|
||||
self.callback(null, res);
|
||||
});
|
||||
|
||||
},
|
||||
"can be set": function(err, res) {
|
||||
assert.equal(res.statusCode, 200);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
suite.export(module);
|
||||
Загрузка…
Ссылка в новой задаче