iron-graveyard / cookie Goto Github PK
View Code? Open in Web Editor NEWCookie setting/parsing middleware for the Iron framework.
License: MIT License
cookie's People
Contributors
Stargazers
Watchers
Forkers
zzmp theptrk chertov veeti reem yifanmai golddranks trotter frewsxcv xmppwocky puppykevin kardeiz sorenhoyer jupp0r ayourtchcookie's Issues
Get cookie compiling on Nightly
I've started working on getting this crate compiling on the current nightly version.
You can see this work here: https://github.com/andrewbrinker/cookie/tree/refactor/compile-on-nightly
Fix this to conform to newest Iron
Alloy moved to Request::alloy
Request::url is now a Url struct from https://github.com/servo/rust-url
Moved entirely to Cargo, other PR should pass at some point.
Fails on linking with Open SSL
Use constant time comparison for checking HMACs
Not compiled...
Travis does not pass: rust-crypto does not pass `cargo doc`
No way to distinguish unsigned/signed cookie
Although cookie signing is supported, I don't see a way to figure out if a cookie value is actually trusted and authenticated. For example, the count example has signing enabled, and it works as expected when a bad signature is detected:
# Bad signature on cookie.
[veeti@veeti-pc examples]$ http localhost:3000 'Cookie: count=s:9999.asd'
Hit Counter: 1
But what happens when you don't include a signature at all?
[veeti@veeti-pc examples]$ http localhost:3000 'Cookie: count=9999'
Hit Counter: 10000
Most frameworks and libraries seem to provide separate collections for regular and signed/secure cookies. Perhaps the same should be done here.
Sign key and expiration time of cookie
It would be a good idea to sign the key of the cookie (so that you can't use a value signed for key A with key B), and possibly the max age/expiration of the cookie (and then validate that it hasn't passed).
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.