public/owltide
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions
owltide/server/utils/signed-cookie.ts
Hornwitser e52972853d License under AGPL version 3 or later 
I firmly believe in free software.

The application I'm making here have capabilities that I've not seen in
any system.  It presents itself as an opportunity to collaborate on a
tool that serves the people rather than corporations.  Whose incentives
are to help people rather, not make the most money.  And whose terms
ensure that these freedoms and incentives cannot be taken back or
subverted.

I license this software under the AGPL.
2025-06-30 18:58:24 +02:00

48 lines
1.6 KiB
TypeScript
Raw Blame History

/*
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
SPDX-License-Identifier: AGPL-3.0-or-later
*/
import type { H3Event } from "h3";
import * as fs from "node:fs/promises";
let cachedCookieSecret: CryptoKey;
export async function useCookieSecret(event: H3Event) {
if (cachedCookieSecret)
return cachedCookieSecret;
const runtimeConfig = useRuntimeConfig(event);
if (!runtimeConfig.cookieSecretKeyFile) throw new Error("NUXT_COOKIE_SECRET_KEY_FILE not set.");
return cachedCookieSecret = await crypto.subtle.importKey(
"raw",
Buffer.from(await fs.readFile(runtimeConfig.cookieSecretKeyFile, "utf-8"), "base64url"),
{ name: "HMAC", hash: "SHA-256" },
false,
["sign", "verify"],
);
}
export async function setSignedCookie(event: H3Event, name: string, value: string, maxAge?: number) {
const secret = await useCookieSecret(event);
const signature = await crypto.subtle.sign("HMAC", secret, Buffer.from(`${name}=${value}`));
const cookie = `${value}.${Buffer.from(signature).toString("base64url")}`
setCookie(event, name, cookie, { httpOnly: true, secure: true, sameSite: true, maxAge });
}
export async function getSignedCookie(event: H3Event, name: string) {
const cookie = getCookie(event, name);
if (!cookie)
return;
const rightDot = cookie.lastIndexOf(".");
if (rightDot === -1)
return;
const value = cookie.slice(0, rightDot);
const secret = await useCookieSecret(event);
const signature = Buffer.from(cookie.slice(rightDot + 1), "base64url");
const valid = await crypto.subtle.verify("HMAC", secret, signature, Buffer.from(`${name}=${value}`));
if (!valid)
return
return value;
}
Reference in a new issue View git blame Copy permalink