Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

More cookie options 

Fixes #2085.
This commit is contained in:
Alan Plum 2017-02-14 18:57:56 +01:00
parent 511e907c58
commit 5a02a8983f
No known key found for this signature in database
GPG Key ID: 8ED72A9A323B6EFD
4 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Documentation/Books/Manual/Foxx/Router/Response.mdpp
View File

@ -59,35 +59,35 @@ Sets a cookie with the given name.
An object with any of the following properties:
* **ttl**: `number` (optional)
Time to live of the cookie in seconds.
* **algorithm**: `string` (Default: `"sha256"`)
Algorithm that will be used to sign the cookie.
* **secret**: `string` (optional)
Secret that will be used to sign the cookie.
If a secret is specified, the cookie's signature will be stored in a second cookie with the same options, the same name and the suffix `.sig`. Otherwise no signature will be added.
* **algorithm**: `string` (Default: `"sha256"`)
* **path**: `string` (optional)
Algorithm that will be used to sign the cookie.
Path for which the cookie should be issued.
* **ttl**: `number` (optional)
* **domain**: `string` (optional)
Time to live of the cookie.
Domain for which the cookie should be issued.
* **path**: `number` (optional)
Path of the cookie.
* **domain**: `number` (optional)
Domain of the cookie.
* **secure**: `number` (Default: `false`)
* **secure**: `boolean` (Default: `false`)
Whether the cookie should be marked as secure (i.e. HTTPS/SSL-only).
* **httpOnly**: `boolean` (Default: `false`)
Whether the cookie should be marked as HTTP-only.
Whether the cookie should be marked as HTTP-only (rather than also exposing it to client-side code).
If a string is passed instead of an options object it will be interpreted as the *secret* option.

16
Documentation/Books/Manual/Foxx/Sessions/Transports/Cookie.mdpp
View File

@ -51,4 +51,20 @@ Creates a [Transport](README.md) that can be used in the sessions middleware.
Secret to use for the signed cookie. Will be ignored if no algorithm is provided.
* **path**: `string` (optional)
Path for which the cookie should be issued.
* **domain**: `string` (optional)
Domain for which the cookie should be issued.
* **secure**: `boolean` (Default: `false`)
Whether the cookie should be marked as secure (i.e. HTTPS/SSL-only).
* **httpOnly**: `boolean` (Default: `false`)
Whether the cookie should be marked as HTTP-only (rather than also exposing it to client-side code).
If a string is passed instead of an options object, it will be interpreted as the *name* option.

1
Documentation/Books/Manual/ReleaseNotes/NewFeatures32.mdpp
View File

@ -57,3 +57,4 @@ Authentication
Foxx
----
The [cookie session transport](../Foxx/Sessions/Transports/Cookie.md) now supports all options supported by the [cookie method of the response object](../Foxx/Router/Response.md#cookie).

21
js/server/modules/@arangodb/foxx/sessions/transports/cookie.js
View File

@ -34,10 +34,23 @@ module.exports = function cookieTransport (cfg) {
assert(!cfg.algorithm || cfg.secret, 'Must specify a secret when specifying an algorithm');
const name = cfg.name || 'sid';
const ttl = cfg.ttl || undefined;
const opts = cfg.secret ? {
secret: cfg.secret,
algorithm: cfg.algorithm
} : undefined;
const opts = {};
if (cfg.secret) {
opts.secret = cfg.secret;
opts.algorithm = cfg.algorithm;
}
if (cfg.path) {
opts.path = cfg.path;
}
if (cfg.domain) {
opts.domain = cfg.domain;
}
if (cfg.secure) {
opts.secure = cfg.secure;
}
if (cfg.httpOnly) {
opts.httpOnly = cfg.httpOnly;
}
return {
get(req) {
return req.cookie(name, opts);