You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

119 lines
4.4 KiB

  1. # cookie-parser
  2. [![NPM Version][npm-version-image]][npm-url]
  3. [![NPM Downloads][npm-downloads-image]][npm-url]
  4. [![Build Status][ci-image]][ci-url]
  5. [![Test Coverage][coveralls-image]][coveralls-url]
  6. Parse `Cookie` header and populate `req.cookies` with an object keyed by the
  7. cookie names. Optionally you may enable signed cookie support by passing a
  8. `secret` string, which assigns `req.secret` so it may be used by other
  9. middleware.
  10. ## Installation
  11. ```sh
  12. $ npm install cookie-parser
  13. ```
  14. ## API
  15. ```js
  16. var cookieParser = require('cookie-parser')
  17. ```
  18. ### cookieParser(secret, options)
  19. Create a new cookie parser middleware function using the given `secret` and
  20. `options`.
  21. - `secret` a string or array used for signing cookies. This is optional and if
  22. not specified, will not parse signed cookies. If a string is provided, this
  23. is used as the secret. If an array is provided, an attempt will be made to
  24. unsign the cookie with each secret in order.
  25. - `options` an object that is passed to `cookie.parse` as the second option. See
  26. [cookie](https://www.npmjs.org/package/cookie) for more information.
  27. - `decode` a function to decode the value of the cookie
  28. The middleware will parse the `Cookie` header on the request and expose the
  29. cookie data as the property `req.cookies` and, if a `secret` was provided, as
  30. the property `req.signedCookies`. These properties are name value pairs of the
  31. cookie name to cookie value.
  32. When `secret` is provided, this module will unsign and validate any signed cookie
  33. values and move those name value pairs from `req.cookies` into `req.signedCookies`.
  34. A signed cookie is a cookie that has a value prefixed with `s:`. Signed cookies
  35. that fail signature validation will have the value `false` instead of the tampered
  36. value.
  37. In addition, this module supports special "JSON cookies". These are cookie where
  38. the value is prefixed with `j:`. When these values are encountered, the value will
  39. be exposed as the result of `JSON.parse`. If parsing fails, the original value will
  40. remain.
  41. ### cookieParser.JSONCookie(str)
  42. Parse a cookie value as a JSON cookie. This will return the parsed JSON value
  43. if it was a JSON cookie, otherwise, it will return the passed value.
  44. ### cookieParser.JSONCookies(cookies)
  45. Given an object, this will iterate over the keys and call `JSONCookie` on each
  46. value, replacing the original value with the parsed value. This returns the
  47. same object that was passed in.
  48. ### cookieParser.signedCookie(str, secret)
  49. Parse a cookie value as a signed cookie. This will return the parsed unsigned
  50. value if it was a signed cookie and the signature was valid. If the value was
  51. not signed, the original value is returned. If the value was signed but the
  52. signature could not be validated, `false` is returned.
  53. The `secret` argument can be an array or string. If a string is provided, this
  54. is used as the secret. If an array is provided, an attempt will be made to
  55. unsign the cookie with each secret in order.
  56. ### cookieParser.signedCookies(cookies, secret)
  57. Given an object, this will iterate over the keys and check if any value is a
  58. signed cookie. If it is a signed cookie and the signature is valid, the key
  59. will be deleted from the object and added to the new object that is returned.
  60. The `secret` argument can be an array or string. If a string is provided, this
  61. is used as the secret. If an array is provided, an attempt will be made to
  62. unsign the cookie with each secret in order.
  63. ## Example
  64. ```js
  65. var express = require('express')
  66. var cookieParser = require('cookie-parser')
  67. var app = express()
  68. app.use(cookieParser())
  69. app.get('/', function (req, res) {
  70. // Cookies that have not been signed
  71. console.log('Cookies: ', req.cookies)
  72. // Cookies that have been signed
  73. console.log('Signed Cookies: ', req.signedCookies)
  74. })
  75. app.listen(8080)
  76. // curl command that sends an HTTP request with two cookies
  77. // curl http://127.0.0.1:8080 --cookie "Cho=Kim;Greet=Hello"
  78. ```
  79. ## License
  80. [MIT](LICENSE)
  81. [ci-image]: https://badgen.net/github/checks/expressjs/cookie-parser/master?label=ci
  82. [ci-url]: https://github.com/expressjs/cookie-parser/actions?query=workflow%3Aci
  83. [coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/cookie-parser/master
  84. [coveralls-url]: https://coveralls.io/r/expressjs/cookie-parser?branch=master
  85. [npm-downloads-image]: https://badgen.net/npm/dm/cookie-parser
  86. [npm-url]: https://npmjs.org/package/cookie-parser
  87. [npm-version-image]: https://badgen.net/npm/v/cookie-parser