diff --git a/package-lock.json b/package-lock.json index 4865dfc258..9a6748112f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -106,6 +106,8 @@ "@playwright/test": "1.43.0", "@types/connect-datadog": "0.0.10", "@types/connect-timeout": "0.0.39", + "@types/cookie": "0.6.0", + "@types/cookie-parser": "1.4.7", "@types/express": "4.17.21", "@types/imurmurhash": "^0.1.4", "@types/js-cookie": "^3.0.6", @@ -3165,6 +3167,21 @@ "@types/express": "*" } }, + "node_modules/@types/cookie": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==", + "dev": true + }, + "node_modules/@types/cookie-parser": { + "version": "1.4.7", + "resolved": "https://registry.npmjs.org/@types/cookie-parser/-/cookie-parser-1.4.7.tgz", + "integrity": "sha512-Fvuyi354Z+uayxzIGCwYTayFKocfV7TuDYZClCdIP9ckhvAu/ixDtCB6qx2TT0FKjPLf1f3P/J1rgf6lPs64mw==", + "dev": true, + "dependencies": { + "@types/express": "*" + } + }, "node_modules/@types/debug": { "version": "4.1.8", "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.8.tgz", diff --git a/package.json b/package.json index 8350251e6f..daabef62ee 100644 --- a/package.json +++ b/package.json @@ -292,6 +292,8 @@ "@playwright/test": "1.43.0", "@types/connect-datadog": "0.0.10", "@types/connect-timeout": "0.0.39", + "@types/cookie": "0.6.0", + "@types/cookie-parser": "1.4.7", "@types/express": "4.17.21", "@types/imurmurhash": "^0.1.4", "@types/js-cookie": "^3.0.6", diff --git a/src/frame/lib/cookie-settings.js b/src/frame/lib/cookie-settings.ts similarity index 75% rename from src/frame/lib/cookie-settings.js rename to src/frame/lib/cookie-settings.ts index cde9c5a0e8..1bc95f59b2 100644 --- a/src/frame/lib/cookie-settings.js +++ b/src/frame/lib/cookie-settings.ts @@ -1,4 +1,6 @@ -export default { +import { type CookieSerializeOptions } from 'cookie' + +export const cookieSettings: CookieSerializeOptions = { httpOnly: true, // can't access these cookies through browser JavaScript secure: !['test', 'development'].includes(process.env.NODE_ENV), // requires https protocol diff --git a/src/frame/middleware/cookie-parser.js b/src/frame/middleware/cookie-parser.js deleted file mode 100644 index 23be9c0c5b..0000000000 --- a/src/frame/middleware/cookie-parser.js +++ /dev/null @@ -1,3 +0,0 @@ -import cookieParser from 'cookie-parser' -import cookieSettings from '#src/frame/lib/cookie-settings.js' -export default cookieParser(process.env.COOKIE_SECRET, cookieSettings) diff --git a/src/frame/middleware/cookie-parser.ts b/src/frame/middleware/cookie-parser.ts new file mode 100644 index 0000000000..1d17cf6786 --- /dev/null +++ b/src/frame/middleware/cookie-parser.ts @@ -0,0 +1,15 @@ +import cookieParser from 'cookie-parser' +import { type CookieParseOptions } from 'cookie-parser' + +import { cookieSettings } from '@/frame/lib/cookie-settings' + +export default cookieParser( + process.env.COOKIE_SECRET, + // This is because of a but in @types/cookie-parser + // The options are actually passed straight into `cookie.parse` + // from the cookie page. When creating a cookie setting object in + // our `cookie-settings.ts` we want to use the right type, + // which is `CookieSerializeOptions` (from the `cookie` package) + // but we have circumnavigate the option here. + cookieSettings as CookieParseOptions, +) diff --git a/src/frame/middleware/index.ts b/src/frame/middleware/index.ts index 959f9d118d..8659cd4278 100644 --- a/src/frame/middleware/index.ts +++ b/src/frame/middleware/index.ts @@ -10,7 +10,7 @@ import abort from './abort' import morgan from 'morgan' import datadog from '@/observability/middleware/connect-datadog' import helmet from './helmet' -import cookieParser from './cookie-parser.js' +import cookieParser from './cookie-parser' import { setDefaultFastlySurrogateKey, setLanguageFastlySurrogateKey,