├── .gitignore
├── package.json
├── LICENSE
├── index.js
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | *.log
3 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "rails-cookie-parser",
 3 |   "version": "0.0.5",
 4 |   "description": "Express middleware to parse Rails session cookies.",
 5 |   "main": "index.js",
 6 |   "keywords": [
 7 |     "Rails",
 8 |     "rails",
 9 |     "cookie",
10 |     "session"
11 |   ],
12 |   "author": "Clay Walker <clayzermk1@gmail.com>",
13 |   "license": "MIT",
14 |   "bugs": {
15 |     "url": "https://github.com/clayzermk1/rails-cookie-parser/issues"
16 |   },
17 |   "homepage": "https://github.com/clayzermk1/rails-cookie-parser",
18 |   "repository": {
19 |     "type": "git",
20 |     "url": "git://github.com/clayzermk1/rails-cookie-parser.git"
21 |   },
22 |   "dependencies": {
23 |     "marshal": "0.4.0"
24 |   }
25 | }
26 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2019 Clay Walker
 4 | Copyright (c) 2014-2019 Own Group Inc.
 5 | 
 6 | Permission is hereby granted, free of charge, to any person obtaining a copy
 7 | of this software and associated documentation files (the "Software"), to deal
 8 | in the Software without restriction, including without limitation the rights
 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 | copies of the Software, and to permit persons to whom the Software is
11 | furnished to do so, subject to the following conditions:
12 | 
13 | The above copyright notice and this permission notice shall be included in all
14 | copies or substantial portions of the Software.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 | SOFTWARE.
23 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | var crypto = require('crypto');
 2 | var Marshal = require('marshal');
 3 | 
 4 | function unpackRailsCookie (cookie, secret) {
 5 |   // Rails cookie sessions contain data and a digest joined by '--'
 6 |   var session = cookie.split('--');
 7 |   var data = session[0];
 8 |   var digest = session[1];
 9 | 
10 |   // crate an HMAC out of the secret Rails uses to sign the cookies (<rails root>/config/secret_token.yml, etc.)
11 |   var hmac = crypto.createHmac('sha1', secret);
12 |   hmac.update(data);
13 | 
14 |   // validate the cookie session data secret
15 |   if (secret && (digest == hmac.digest('hex'))) {
16 |     // the Marshaled session is base64 encoded
17 |     return new Buffer(data, 'base64');
18 |   }
19 | }
20 | 
21 | module.exports = function (name, secret) {
22 |   return function (req, res, next) {
23 |     // req.cookies should be available from cookie-parser
24 |     if (req.cookies && req.cookies[name]) {
25 |       var m = new Marshal(unpackRailsCookie(req.cookies[name], secret));
26 |       // replace req.cookies.<name> with the un-marshaled object
27 |       req.cookies[name] = m.parsed;
28 |       next();
29 |     }
30 |     else {
31 |       next();
32 |     }
33 |   };
34 | };
35 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # rails-cookie-parser
 2 | 
 3 | Express middleware to parse Rails session cookies. Uses [node-marshal](https://github.com/clayzermk1/node-marshal) to parse Marshal strings into JavaScript objects.
 4 | 
 5 | ## Installation
 6 | 
 7 | `npm install rails-cookie-parser`
 8 | 
 9 | ## Use
10 | 
11 | ### Basic use
12 | 
13 | Create an external file to hold your Rails cookie secret or pass it in through the environment. The following example assumes you are passing in `RAILS_COOKIE_SECRET` from the environment and that your Rails session cookie is called `_session`.
14 | 
15 | ```javascript
16 | var express = require('express');
17 | var app = express();
18 | 
19 | /// middleware
20 | // ...
21 | app.use(require('cookie-parser')());
22 | app.use(require('rails-cookie-parser')('_session', process.env.RAILS_COOKIE_SECRET));
23 | // ...
24 | 
25 | app.use('/', function (req, res, next) {
26 |   console.log(req.cookies['_session']); // Rails session cookie
27 | });
28 | ```
29 | 
30 | ## Features / Limitations
31 | 
32 | `rails-cookie-parser` is only able to parse `node-marshal`'s [supported Marshal types](https://github.com/clayzermk1/node-marshal#supported-types).
33 | 
34 | `rails-cookie-parser` is not able to originate or manage Rails sessions, it is only able to read / "piggy-back" off of them.
35 | 


--------------------------------------------------------------------------------