diff options
Diffstat (limited to 'node_modules/cookie-signature')
-rw-r--r-- | node_modules/cookie-signature/.npmignore | 4 | ||||
-rw-r--r-- | node_modules/cookie-signature/History.md | 38 | ||||
-rw-r--r-- | node_modules/cookie-signature/Readme.md | 42 | ||||
-rw-r--r-- | node_modules/cookie-signature/index.js | 51 | ||||
-rw-r--r-- | node_modules/cookie-signature/package.json | 92 |
5 files changed, 227 insertions, 0 deletions
diff --git a/node_modules/cookie-signature/.npmignore b/node_modules/cookie-signature/.npmignore new file mode 100644 index 0000000..f1250e5 --- /dev/null +++ b/node_modules/cookie-signature/.npmignore @@ -0,0 +1,4 @@ +support +test +examples +*.sock diff --git a/node_modules/cookie-signature/History.md b/node_modules/cookie-signature/History.md new file mode 100644 index 0000000..78513cc --- /dev/null +++ b/node_modules/cookie-signature/History.md @@ -0,0 +1,38 @@ +1.0.6 / 2015-02-03 +================== + +* use `npm test` instead of `make test` to run tests +* clearer assertion messages when checking input + + +1.0.5 / 2014-09-05 +================== + +* add license to package.json + +1.0.4 / 2014-06-25 +================== + + * corrected avoidance of timing attacks (thanks @tenbits!) + +1.0.3 / 2014-01-28 +================== + + * [incorrect] fix for timing attacks + +1.0.2 / 2014-01-28 +================== + + * fix missing repository warning + * fix typo in test + +1.0.1 / 2013-04-15 +================== + + * Revert "Changed underlying HMAC algo. to sha512." + * Revert "Fix for timing attacks on MAC verification." + +0.0.1 / 2010-01-03 +================== + + * Initial release diff --git a/node_modules/cookie-signature/Readme.md b/node_modules/cookie-signature/Readme.md new file mode 100644 index 0000000..2559e84 --- /dev/null +++ b/node_modules/cookie-signature/Readme.md @@ -0,0 +1,42 @@ + +# cookie-signature + + Sign and unsign cookies. + +## Example + +```js +var cookie = require('cookie-signature'); + +var val = cookie.sign('hello', 'tobiiscool'); +val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI'); + +var val = cookie.sign('hello', 'tobiiscool'); +cookie.unsign(val, 'tobiiscool').should.equal('hello'); +cookie.unsign(val, 'luna').should.be.false; +``` + +## License + +(The MIT License) + +Copyright (c) 2012 LearnBoost <tj@learnboost.com> + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file diff --git a/node_modules/cookie-signature/index.js b/node_modules/cookie-signature/index.js new file mode 100644 index 0000000..b8c9463 --- /dev/null +++ b/node_modules/cookie-signature/index.js @@ -0,0 +1,51 @@ +/** + * Module dependencies. + */ + +var crypto = require('crypto'); + +/** + * Sign the given `val` with `secret`. + * + * @param {String} val + * @param {String} secret + * @return {String} + * @api private + */ + +exports.sign = function(val, secret){ + if ('string' != typeof val) throw new TypeError("Cookie value must be provided as a string."); + if ('string' != typeof secret) throw new TypeError("Secret string must be provided."); + return val + '.' + crypto + .createHmac('sha256', secret) + .update(val) + .digest('base64') + .replace(/\=+$/, ''); +}; + +/** + * Unsign and decode the given `val` with `secret`, + * returning `false` if the signature is invalid. + * + * @param {String} val + * @param {String} secret + * @return {String|Boolean} + * @api private + */ + +exports.unsign = function(val, secret){ + if ('string' != typeof val) throw new TypeError("Signed cookie string must be provided."); + if ('string' != typeof secret) throw new TypeError("Secret string must be provided."); + var str = val.slice(0, val.lastIndexOf('.')) + , mac = exports.sign(str, secret); + + return sha1(mac) == sha1(val) ? str : false; +}; + +/** + * Private + */ + +function sha1(str){ + return crypto.createHash('sha1').update(str).digest('hex'); +} diff --git a/node_modules/cookie-signature/package.json b/node_modules/cookie-signature/package.json new file mode 100644 index 0000000..711e6a7 --- /dev/null +++ b/node_modules/cookie-signature/package.json @@ -0,0 +1,92 @@ +{ + "_args": [ + [ + { + "raw": "cookie-signature@1.0.6", + "scope": null, + "escapedName": "cookie-signature", + "name": "cookie-signature", + "rawSpec": "1.0.6", + "spec": "1.0.6", + "type": "version" + }, + "/mnt/e/Yaroslav/Documents/Webs/nodejs/checkers/node_modules/express" + ] + ], + "_from": "cookie-signature@1.0.6", + "_id": "cookie-signature@1.0.6", + "_inCache": true, + "_location": "/cookie-signature", + "_nodeVersion": "0.10.36", + "_npmUser": { + "name": "natevw", + "email": "natevw@yahoo.com" + }, + "_npmVersion": "2.3.0", + "_phantomChildren": {}, + "_requested": { + "raw": "cookie-signature@1.0.6", + "scope": null, + "escapedName": "cookie-signature", + "name": "cookie-signature", + "rawSpec": "1.0.6", + "spec": "1.0.6", + "type": "version" + }, + "_requiredBy": [ + "/express" + ], + "_resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "_shasum": "e303a882b342cc3ee8ca513a79999734dab3ae2c", + "_shrinkwrap": null, + "_spec": "cookie-signature@1.0.6", + "_where": "/mnt/e/Yaroslav/Documents/Webs/nodejs/checkers/node_modules/express", + "author": { + "name": "TJ Holowaychuk", + "email": "tj@learnboost.com" + }, + "bugs": { + "url": "https://github.com/visionmedia/node-cookie-signature/issues" + }, + "dependencies": {}, + "description": "Sign and unsign cookies", + "devDependencies": { + "mocha": "*", + "should": "*" + }, + "directories": {}, + "dist": { + "shasum": "e303a882b342cc3ee8ca513a79999734dab3ae2c", + "tarball": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz" + }, + "gitHead": "391b56cf44d88c493491b7e3fc53208cfb976d2a", + "homepage": "https://github.com/visionmedia/node-cookie-signature", + "keywords": [ + "cookie", + "sign", + "unsign" + ], + "license": "MIT", + "main": "index", + "maintainers": [ + { + "name": "tjholowaychuk", + "email": "tj@vision-media.ca" + }, + { + "name": "natevw", + "email": "natevw@yahoo.com" + } + ], + "name": "cookie-signature", + "optionalDependencies": {}, + "readme": "ERROR: No README data found!", + "repository": { + "type": "git", + "url": "git+https://github.com/visionmedia/node-cookie-signature.git" + }, + "scripts": { + "test": "mocha --require should --reporter spec" + }, + "version": "1.0.6" +} |