默认开启cookie签名机制

yafoo · Mar 7, 2024 · 9a686e5 · 9a686e5
1 parent 992892e
commit 9a686e5
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 5 deletions.
diff --git a/lib/app.js b/lib/app.js
@@ -1,6 +1,6 @@
 const path = require('path');
 const Koa = require('koa');
-const {app: cfg_app} = require('./config');
+const {app: cfg_app, cookie: cfg_cookie} = require('./config');
 const Logger = require('./logger');
 const Response = require('./response');
 const router = require('./router');
@@ -54,6 +54,9 @@ class App extends Koa
         // router
         this.use(router.routes()).use(router.allowedMethods());
 
+        // cookie
+        cfg_cookie.keys && (this.keys = cfg_app.app_debug ? ['jj.js'] : cfg_cookie.keys);
+
         // types
         if(cfg_app.app_debug) {
             const {isFileSync} = require('./utils/fs');

diff --git a/lib/config.js b/lib/config.js
@@ -49,6 +49,11 @@ const cache = {
     clear_time: undefined // (undefined: 清理一次, 0: 关闭自动清理, >0: 为自动清理周期)
 }
 
+const cookie = {
+    keys: [Math.random().toString(36).slice(-8)], // cookie密钥
+    signed: true // 默认开启签名
+}
+
 const page = {
     page_key    : 'page', // 默认分页标识
     key_origin    : 'query', // query 或 params
@@ -94,6 +99,6 @@ module.exports = {
     cache: {...cache, ...base_config.cache},
     page: {...page, ...base_config.page},
     routes: base_config.routes,
-    cookie: base_config.cookie,
+    cookie: {...cookie, ...base_config.cookie},
     tpl: {...tpl, ...base_config.tpl}
 };
diff --git a/lib/cookie.js b/lib/cookie.js
@@ -30,20 +30,21 @@ class Cookie extends Context
         if(key === undefined) {
             return this.all();
         }
-        return this.ctx.cookies.get(key, options);
+        return this.ctx.cookies.get(key, {signed: cfg_cookie.signed, ...options});
     }
 
     /**
      * 删除或清理cookie
      * @public
      * @param {*} [key] - 为空则清理所有cookie
+     * @param {import('cookies').GetOption} [options]
      * @returns {this}
      */
-    delete(key) {
+    delete(key, options) {
         if(key === undefined) {
             this.clear();
         } else {
-            this.ctx.cookies.set(key, '', {maxAge: 0});
+            this.ctx.cookies.set(key, '', {...cfg_cookie, ...options, maxAge: 0});
         }
         return this;
     }