public/owltide
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions
owltide/server/utils/signed-cookie.ts

43 lines
1.3 KiB
TypeScript
Raw Normal View History

Implement signed cookie helpers Provide a convenient wrapper for setting SHA-256 HMAC signed cookies and retreiving them with the signature validated. The secret key is configured in the NUXT_COOKIE_SECRET_KEY environment variable.
2025-03-06 22:07:51 +01:00
import type { H3Event } from "h3";
let cachedCookieSecret: CryptoKey;
export async function useCookieSecret(event: H3Event) {
if (cachedCookieSecret)
return cachedCookieSecret;
const runtimeConfig = useRuntimeConfig(event);
return cachedCookieSecret = await crypto.subtle.importKey(
"raw",
Buffer.from(runtimeConfig.cookieSecretKey, "base64url"),
{ name: "HMAC", hash: "SHA-256" },
false,
["sign", "verify"],
);
}
Make session cookie permament Set a max age for the session cookie to prevent it from expiring when the browser is closed. To prevent the age limit from being being reached the session cookie is refreshed every time the session is loaded. This should fix login being lost when the browser is stopped.
2025-03-11 16:30:51 +01:00
export async function setSignedCookie(event: H3Event, name: string, value: string, maxAge?: number) {
Implement signed cookie helpers Provide a convenient wrapper for setting SHA-256 HMAC signed cookies and retreiving them with the signature validated. The secret key is configured in the NUXT_COOKIE_SECRET_KEY environment variable.
2025-03-06 22:07:51 +01:00
const secret = await useCookieSecret(event);
const signature = await crypto.subtle.sign("HMAC", secret, Buffer.from(value));
const cookie = `${value}.${Buffer.from(signature).toString("base64url")}`
Make session cookie permament Set a max age for the session cookie to prevent it from expiring when the browser is closed. To prevent the age limit from being being reached the session cookie is refreshed every time the session is loaded. This should fix login being lost when the browser is stopped.
2025-03-11 16:30:51 +01:00
setCookie(event, name, cookie, { httpOnly: true, secure: true, sameSite: true, maxAge });
Implement signed cookie helpers Provide a convenient wrapper for setting SHA-256 HMAC signed cookies and retreiving them with the signature validated. The secret key is configured in the NUXT_COOKIE_SECRET_KEY environment variable.
2025-03-06 22:07:51 +01:00
}
export async function getSignedCookie(event: H3Event, name: string) {
const cookie = getCookie(event, name);
if (!cookie)
return;
const rightDot = cookie.lastIndexOf(".");
if (rightDot === -1)
return;
const value = cookie.slice(0, rightDot);
const secret = await useCookieSecret(event);
const signature = Buffer.from(cookie.slice(rightDot + 1), "base64url");
const valid = await crypto.subtle.verify("HMAC", secret, signature, Buffer.from(value));
if (!valid)
return
return value;
}
Reference in a new issue Copy permalink