homelab/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-06-23 04:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): replace cookie and cookie-signature with fastify-cookie

Browse Source 
We already used fastify-cookie in other places. Technically, fastify-cookie
uses the same cookie library under the hood as well. However,
we should stick to the framework defaults in order to avoid
future breaking.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson
2026-03-24 23:59:05 +01:00
parent 8f4c1ae17f
commit 7ade60aab7
3 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/package.json
-2
View File
@@ -51,8 +51,6 @@
"class-transformer": "0.5.1",
"class-validator": "0.14.3",
"cli-color": "2.0.4",
"cookie": "1.1.1",
"cookie-signature": "1.2.2",
"diff": "8.0.3",
"file-type": "16.5.4",
"htmlparser2": "9.1.0",
backend/src/sessions/session.service.spec.ts
+9 -6
View File
@@ -7,8 +7,7 @@ import { Provider } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import { Test, TestingModule } from '@nestjs/testing';
import { FieldNameSession, TableSession } from '@hedgedoc/database';
import { serialize } from 'cookie';
import { sign } from 'cookie-signature';
import { fastifyCookie } from '@fastify/cookie';
import type { Tracker } from 'knex-mock-client';
import { IncomingMessage } from 'node:http';
import { Socket } from 'node:net';
@@ -101,18 +100,22 @@ describe('SessionService', () => {
});
it('returns empty Optional if cookie is malformed', async () => {
const testRequest = new IncomingMessage(mockSocket);
testRequest.headers.cookie = serialize(HEDGEDOC_SESSION, 'foo', {});
testRequest.headers.cookie = fastifyCookie.serialize(HEDGEDOC_SESSION, 'foo', {});
expect(() => service.extractSessionIdFromRequest(testRequest)).toThrow(Error);
});
it('returns empty Optional if cookie has invalid signature', async () => {
const testRequest = new IncomingMessage(mockSocket);
testRequest.headers.cookie = serialize(HEDGEDOC_SESSION, `s:${sessionId}:fakeSignature`, {});
testRequest.headers.cookie = fastifyCookie.serialize(
HEDGEDOC_SESSION,
`s:${sessionId}:fakeSignature`,
{},
);
expect(() => service.extractSessionIdFromRequest(testRequest)).toThrow(Error);
});
it('returns the correct id for session id', () => {
const signature = sign(sessionId, authConfig.session.secret);
const signature = fastifyCookie.sign(sessionId, authConfig.session.secret);
const testRequest = new IncomingMessage(mockSocket);
testRequest.headers.cookie = serialize(HEDGEDOC_SESSION, `s:${signature}`, {});
testRequest.headers.cookie = fastifyCookie.serialize(HEDGEDOC_SESSION, `s:${signature}`, {});
expect(service.extractSessionIdFromRequest(testRequest)).toEqual(sessionId);
});
});
yarn.lock
+1 -10
View File
@@ -2898,8 +2898,6 @@ __metadata:
class-transformer: "npm:0.5.1"
class-validator: "npm:0.14.3"
cli-color: "npm:2.0.4"
cookie: "npm:1.1.1"
cookie-signature: "npm:1.2.2"
diff: "npm:8.0.3"
file-type: "npm:16.5.4"
htmlparser2: "npm:9.1.0"
@@ -8095,13 +8093,6 @@ __metadata:
languageName: node
linkType: hard
"cookie-signature@npm:1.2.2":
version: 1.2.2
resolution: "cookie-signature@npm:1.2.2"
checksum: 10c0/54e05df1a293b3ce81589b27dddc445f462f6fa6812147c033350cd3561a42bc14481674e05ed14c7bd0ce1e8bb3dc0e40851bad75415733711294ddce0b7bc6
languageName: node
linkType: hard
"cookie@npm:*":
version: 1.0.1
resolution: "cookie@npm:1.0.1"
@@ -8109,7 +8100,7 @@ __metadata:
languageName: node
linkType: hard
"cookie@npm:1.1.1, cookie@npm:^1.0.0, cookie@npm:^1.0.1":
"cookie@npm:^1.0.0, cookie@npm:^1.0.1":
version: 1.1.1
resolution: "cookie@npm:1.1.1"
checksum: 10c0/79c4ddc0fcad9c4f045f826f42edf54bcc921a29586a4558b0898277fa89fb47be95bc384c2253f493af7b29500c830da28341274527328f18eba9f58afa112c