Merge pull request #12 from VeliovGroup/cordova-1

Cordova (v2.4.0) __Major Changes:__ - 👨‍💻 `handler` option now called even if `auto` option is set to `false` - 👷‍♂️ `Path=/` now is default `path` of all cookies - 👨‍🔬 Partly implemented suggested changes from #11 to provide support over Cordova platform, via `Access-Control-Allow-Credentials` and `Access-Control-Allow-Origin` headers and supplying XHR request with `withCredentials - true` option, thanks to @s-ol Other Changes: - 👨‍💻 Overall security and stability enhancements - 👷‍♂️ Add `onCookies` *Server* callback/hook triggered only when client invokes `.send()` method - 📦 Internal Meteor dependencies update
veliovgroup · Jul 8, 2019 · 417bda1 · 417bda1
2 parents 7945e8b + d2717c4
commit 417bda1
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 41 deletions.
diff --git a/.versions b/.versions
@@ -1,47 +1,50 @@
 [email protected]
-babel-compiler@7.1.1
-babel-runtime@1.2.2
+babel-compiler@7.3.4
+babel-runtime@1.3.0
 [email protected]
-[email protected].10
-boilerplate-generator@1.5.0
+[email protected].11
+boilerplate-generator@1.6.0
 [email protected]
 [email protected]
 [email protected]
-[email protected].2
+[email protected].3
 [email protected]
-ddp-server@2.2.0
-[email protected].0
-dynamic-import@0.4.1
-ecmascript@0.11.1
+ddp-server@2.3.0
+[email protected].1
+dynamic-import@0.5.1
+ecmascript@0.12.4
 [email protected]
-ecmascript-runtime-client@0.7.1
-[email protected].0
+ecmascript-runtime-client@0.8.0
+[email protected].1
 [email protected]
+[email protected]
 [email protected]
-[email protected].1
+[email protected].2
 [email protected]
-local-test:ostrio:[email protected]
+[email protected]
+local-test:ostrio:[email protected]
 [email protected]
-[email protected]
-[email protected]
-[email protected]
-[email protected]
-[email protected]
-[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
 [email protected]
 [email protected]
-npm-mongo@3.0.7
+npm-mongo@3.1.2
 [email protected]
-ostrio:cookies@2.3.0
-[email protected].1
+ostrio:cookies@2.4.0
+[email protected].2
 [email protected]
-reload@1.2.0
+reload@1.3.0
 [email protected]
-routepolicy@1.0.13
+routepolicy@1.1.0
 [email protected]
 [email protected]
 [email protected]
 [email protected]
 [email protected]
-webapp@1.6.0
+webapp@1.7.3
 [email protected]
diff --git a/README.md b/README.md
@@ -4,11 +4,12 @@
   <img src="https://c5.patreon.com/external/logo/[email protected]" width="160">
 </a>
 
-Isomorphic bulletproof cookie functions for *Client* and *Server*.
+Isomorphic and bulletproof 🍪 cookies for `meteor.js` applications with support of *Client*, *Server*, *Browser*, *Cordova*, and other *Meteor*-supported environments.
 
 - 👷 __100% Tests coverage__;
 - 📦 No external dependencies, no `underscore`, no `jQuery`, no `Blaze`;
-- 🖥 Works on both *Server* and *Client*;
+- 🖥 Full support with same API on both *Server* and *Client* environments;
+- 📱 Support for *Cordova*, *Browser* and other Meteor's *Client* environments;
 - ㊗️ With Unicode support for cookies' value;
 - 👨‍💻 With `String`, `Array`, `Object`, and `Boolean` support as cookies' value;
 - ♿ IE support, thanks to [@derwok](https://github.com/derwok);
@@ -37,7 +38,8 @@ __Server Usage Note:__ On a server Cookies implemented as a middleware. To get a
 Create new instance of Cookies
 
 - `opts.auto` {*Boolean*} - [*Server*] Auto-bind in middleware as `req.Cookies`, by default `true`
-- `opts.handler` {*Function*} - [*Server*] Middleware function with one argument `cookies` as `Cookies` instance. See "Alternate Usage" section
+- `opts.handler` {*Function*} - [*Server*] Middleware function (e.g. hook/callback called within middleware pipeline) with single argument `cookies` as `Cookies` instance. See "Alternate Usage" section
+- `opts.onCookies` {*Function*} - [*Server*] Callback/hook triggered after `.send()` method called on *Client* and received by *Server*, called with single argument `cookies` as `Cookies` instance. __Note:__ this hook available only if `auto` option is `true`
 - `opts.TTL` {*Number*} - Default cookies expiration time (max-age) in milliseconds, by default - `session` (*no TTL*)
 - `opts.runOnServer` {*Boolean*} - Set to `false` to avoid server usage (by default - `true`)
 
@@ -95,6 +97,7 @@ Send all current cookies to server
 
 ```js
 /* Both Client & Server */
+import { Meteor } from 'meteor/meteor';
 import { Cookies } from 'meteor/ostrio:cookies';
 const cookies = new Cookies();
 
@@ -124,6 +127,8 @@ if (Meteor.isClient) {
 
 /* Server */
 if (Meteor.isServer) {
+  const { WebApp } = require('meteor/webapp');
+
   WebApp.connectHandlers.use((req, res, next) => {
     cookies = req.Cookies;
 
@@ -157,6 +162,7 @@ if (Meteor.isServer) {
 
 ```js
 /* Both Client & Server */
+import { Meteor } from 'meteor/meteor';
 import { Cookies } from 'meteor/ostrio:cookies';
 
 /* Client */
@@ -170,8 +176,10 @@ if (Meteor.isClient) {
 
 /* Server */
 if (Meteor.isServer) {
+  const { WebApp } = require('meteor/webapp');
+
   const cookie = new Cookies({
-    auto: false, // Do not bind as a middleware by default
+    auto: false, // Do not bind as a middleware by default (recommended, but not required)
     handler(cookies) {
       cookies.set('gender', 'male'); //true
       cookies.get('gender'); //male

diff --git a/cookies-tests.js b/cookies-tests.js
@@ -212,7 +212,7 @@ if (Meteor.isClient) {
     if(EJSON.equals(one, two)){
       console.info(`[${testname}] PASSED`);
     }else{
-      console.warn(`[${testname}] Failed`, `Expected: ${JSON.stringify(two)}`, `Got: ${JSON.stringify(one)}`);
+      console.warn(`[${testname}] Failed!`, `Expected: ${JSON.stringify(two)}`, `Got: ${JSON.stringify(one)}`);
     }
   };
 

diff --git a/cookies.js b/cookies.js
@@ -11,6 +11,10 @@ if (Meteor.isServer) {
 
 const NoOp  = () => {};
 const urlRE = /\/___cookie___\/set/;
+const rootUrlRE = Meteor.isServer ? process.env.ROOT_URL : (window.__meteor_runtime_config__.ROOT_URL || window.__meteor_runtime_config__.meteorEnv.ROOT_URL || false);
+const mobileRootUrlRE = Meteor.isServer ? process.env.MOBILE_ROOT_URL : (window.__meteor_runtime_config__.MOBILE_ROOT_URL || window.__meteor_runtime_config__.meteorEnv.MOBILE_ROOT_URL || false);
+const originRE = new RegExp(`^https?:\/\/(localhost:12\\d\\d\\d${rootUrlRE ? ('|' + rootUrlRE) : ''}${mobileRootUrlRE ? ('|' + mobileRootUrlRE) : ''})$`);
+
 const helpers = {
   isUndefined(obj) {
     return obj === void 0;
@@ -23,7 +27,7 @@ const helpers = {
     return this.isArray(obj) ? obj.slice() : Object.assign({}, obj);
   }
 };
-const _helpers = ['Number', 'Object'];
+const _helpers = ['Number', 'Object', 'Function'];
 for (let i = 0; i < _helpers.length; i++) {
   helpers['is' + _helpers[i]] = function (obj) {
     return Object.prototype.toString.call(obj) === '[object ' + _helpers[i] + ']';
@@ -205,6 +209,8 @@ const serialize = (key, val, opt = {}) => {
       throw new Meteor.Error(404, 'option path is invalid');
     }
     pairs.push(`Path=${opt.path}`);
+  } else {
+    pairs.push('Path=/');
   }
 
   opt.expires = opt.expires || opt.expire || false;
@@ -420,7 +426,12 @@ class __cookies {
     }
 
     if (this.runOnServer) {
-      HTTP.get(`${window.__meteor_runtime_config__.ROOT_URL_PATH_PREFIX || ''}/___cookie___/set`, cb);
+      HTTP.get(`${window.__meteor_runtime_config__.ROOT_URL_PATH_PREFIX || window.__meteor_runtime_config__.meteorEnv.ROOT_URL_PATH_PREFIX || ''}/___cookie___/set`, {
+        beforeSend(xhr) {
+          xhr.withCredentials = true;
+          return true;
+        }
+      }, cb);
     } else {
       cb(new Meteor.Error(400, 'Can\'t send cookies on server when `runOnServer` is false.'));
     }
@@ -446,7 +457,6 @@ const __middlewareHandler = (req, res, self) => {
   throw new Meteor.Error(400, 'Can\'t use middleware when `runOnServer` is false.');
 };
 
-
 /*
  * @locus Anywhere
  * @class Cookies
@@ -467,7 +477,8 @@ class Cookies extends __cookies {
     } else {
       super({}, opts.TTL, opts.runOnServer);
       opts.auto        = opts.auto !== false ? true : false;
-      this.handler     = opts.handler || (() => {});
+      this.handler     = helpers.isFunction(opts.handler) ? opts.handler : false;
+      this.onCookies   = helpers.isFunction(opts.onCookies) ? opts.onCookies : false;
       this.runOnServer = opts.runOnServer;
 
       if (this.runOnServer) {
@@ -480,6 +491,11 @@ class Cookies extends __cookies {
                   const cookiesKeys   = Object.keys(cookiesObject);
                   const cookiesArray  = [];
 
+                  if (originRE.test(req.headers.origin)) {
+                    res.setHeader('Access-Control-Allow-Credentials', 'true');
+                    res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+                  }
+
                   for (let i = 0; i < cookiesKeys.length; i++) {
                     const { cookieString } = serialize(cookiesKeys[i], cookiesObject[cookiesKeys[i]]);
                     if (!cookiesArray.includes(cookieString)) {
@@ -490,10 +506,13 @@ class Cookies extends __cookies {
                   res.setHeader('Set-Cookie', cookiesArray);
                 }
 
+                helpers.isFunction(this.onCookies) && this.onCookies(__middlewareHandler(req, res, this));
+
                 res.writeHead(200);
                 res.end('');
               } else {
                 req.Cookies = __middlewareHandler(req, res, this);
+                helpers.isFunction(this.handler) && this.handler(req.Cookies);
                 next();
               }
             });
@@ -504,7 +523,6 @@ class Cookies extends __cookies {
     }
   }
 
-
   /*
    * @locus Server
    * @memberOf Cookies
@@ -518,7 +536,7 @@ class Cookies extends __cookies {
     }
 
     return (req, res, next) => {
-      this.handler && this.handler(__middlewareHandler(req, res, this));
+      helpers.isFunction(this.handler) && this.handler(__middlewareHandler(req, res, this));
       next();
     };
   }

diff --git a/package.js b/package.js
@@ -1,20 +1,20 @@
 Package.describe({
   name: 'ostrio:cookies',
-  version: '2.3.0',
-  summary: 'Isomorphic bulletproof Server and Client cookie functions',
+  version: '2.4.0',
+  summary: 'Isomorphic bulletproof Server, Client, Browser and Cordova cookies',
   git: 'https://github.com/VeliovGroup/Meteor-Cookies',
   documentation: 'README.md'
 });
 
-Package.onUse(function(api) {
+Package.onUse((api) => {
   api.versionsFrom('1.4');
-  api.use(['ecmascript'], ['client', 'server']);
+  api.use('ecmascript', ['client', 'server']);
   api.use('webapp', 'server');
   api.use('http', 'client');
   api.mainModule('cookies.js', ['client', 'server']);
 });
 
-Package.onTest(function(api) {
+Package.onTest((api) => {
   api.use('tinytest');
   api.use(['ecmascript', 'ostrio:cookies'], ['client', 'server']);
   api.use(['ejson', 'webapp'], 'server');