├── README.md
├── .gitignore
├── test
    ├── cookieMiddleware.js
    ├── server.js
    └── deleteItem.js
├── lib
    └── deleteItem.js
├── index.js
├── package.json
└── LICENSE


/README.md:
--------------------------------------------------------------------------------
1 | express-cookie-blacklist
2 | ========================
3 | 
4 | Blacklist data from entering cookies via the session.
5 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | lib-cov
 2 | *.seed
 3 | *.log
 4 | *.csv
 5 | *.dat
 6 | *.out
 7 | *.pid
 8 | *.gz
 9 | 
10 | pids
11 | logs
12 | results
13 | 
14 | npm-debug.log
15 | node_modules
16 | 


--------------------------------------------------------------------------------
/test/cookieMiddleware.js:
--------------------------------------------------------------------------------
 1 | module.exports = {
 2 |   'should not send back cookie data that\'s in the blacklist': function(test){
 3 |     test.open('localhost:8462')
 4 | //      .assert.cookie('test', 'okay=youcanseeme')
 5 |       .open('localhost:8462/close')
 6 |       .done();
 7 |   }
 8 | };
 9 | 
10 | 


--------------------------------------------------------------------------------
/lib/deleteItem.js:
--------------------------------------------------------------------------------
 1 | module.exports = function (object, key) {
 2 |   object = object || {};
 3 |   var keys = key.split('.');
 4 |   var last = keys.length - 1;
 5 |   keys.reduce(function(obj, key, i){
 6 |     if (i === last && obj[key] !== undefined) {
 7 |       delete obj[key];
 8 |     } 
 9 |     return obj[key] || {};
10 |   }, object);
11 |   return object;
12 | };
13 | 


--------------------------------------------------------------------------------
/test/server.js:
--------------------------------------------------------------------------------
 1 | var cookieBlacklistSession = require('../index');
 2 | var express = require('express');
 3 | 
 4 | var app = express();
 5 | 
 6 | app.use(express.cookieParser());
 7 | app.use(cookieBlacklistSession({
 8 |   secret: 'secretwithbase',
 9 |   blacklist: [
10 |     'safety'
11 |   ],
12 |   key: 'test'
13 | }));
14 | 
15 | app.get('/', function (req, res, next) {
16 |   req.session.safety = 'you should never see me';
17 |   req.session.okay = 'you can see me';
18 |   res.send(200);
19 | });
20 | 
21 | app.get('/close', function () {
22 |   server.close();
23 | });
24 | 
25 | var server = app.listen(8462);
26 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | var onHeaders = require('on-headers');
 2 | var deleteItem = require('./lib/deleteItem');
 3 | var clone = require('clone');
 4 | 
 5 | module.exports = function (blacklist) {
 6 |   'use strict';
 7 |   if (blacklist && !Array.isArray(blacklist)) {
 8 |     blacklist = [blacklist];
 9 |   }
10 |   return function (req, res, next) {
11 |     onHeaders(res, function () {
12 |       req._sessionBeforeBlacklist = clone(req.session);
13 |       if (blacklist) {
14 |         blacklist.forEach(function(key) {
15 |           deleteItem(req.session, key);
16 |         });
17 |       }
18 |     });
19 |     next();
20 |   };
21 | };
22 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "express-cookie-blacklist",
 3 |   "version": "2.0.0",
 4 |   "description": "Blacklist data from entering cookies.",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "mocha -R spec"
 8 |   },
 9 |   "repository": {
10 |     "type": "git",
11 |     "url": "git://github.com/allouis/express-cookie-blacklist.git"
12 |   },
13 |   "keywords": [
14 |     "cookie",
15 |     "blacklist",
16 |     "express"
17 |   ],
18 |   "author": "Fabien O'Carroll",
19 |   "license": "MIT",
20 |   "bugs": {
21 |     "url": "https://github.com/allouis/express-cookie-blacklist/issues"
22 |   },
23 |   "homepage": "https://github.com/allouis/express-cookie-blacklist",
24 |   "devDependencies": {
25 |     "mocha": "~1.18.2",
26 |     "should": "~3.2.0-beta1"
27 |   },
28 |   "dependencies": {
29 |     "clone": "~0.1.11",
30 |     "on-headers": "^1.0.1"
31 |   }
32 | }
33 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 Fabien O'Carroll
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/test/deleteItem.js:
--------------------------------------------------------------------------------
 1 | var should = require('should');
 2 | var deleteItem = require('../lib/deleteItem');
 3 | 
 4 | describe('deleteItem', function () {
 5 | 
 6 |   it('should return the same object it is passed', function () {
 7 |     var initialObject = { 
 8 |       type: 'object',
 9 |       other: {
10 |         name: 'initialObject',
11 |         base: true
12 |       }
13 |     };
14 |     var afterObject = deleteItem(initialObject, 'other.base');
15 |     afterObject.should.equal(initialObject, 'they\'re the same object');
16 |   });
17 | 
18 |   it('should modify the object it is passed', function () {
19 |     var initialObject = { 
20 |       type: 'object',
21 |       other: {
22 |         name: 'initialObject',
23 |         base: true
24 |       }
25 |     };
26 |     var afterObject = deleteItem(initialObject, 'other.base');
27 |     initialObject.other.should.not.have.property('base');
28 |   });
29 | 
30 |   it('should work with single depth strings', function () {
31 |     var object = {
32 |       name: 'fabien',
33 |       age: 20,
34 |       password: 'base'
35 |     };
36 |     deleteItem(object, 'password');
37 |     object.should.not.have.property('password');
38 |   });
39 | 
40 |   it('should work with multi depth strings', function () {
41 |     var depth = Math.ceil(Math.random() * 100);
42 |     var string = '';
43 |     var object = {};
44 |     var depthObj = object;
45 |     for (var i = 0; i < depth; i++) {
46 |       depthObj.newDepth = {};
47 |       depthObj = depthObj.newDepth; 
48 |       string += '.newDepth';
49 |     }
50 |     string = string.substring(1);
51 |     deleteItem(object, string);
52 |     depthObj.should.not.exist;
53 |   });
54 | 
55 | });
56 | 


--------------------------------------------------------------------------------