Ghost/ghost/members-api/cookies.js

const crypto = require('crypto');
const cookie = require('cookie');

const MAX_AGE = 60 * 60 * 24 * 184;

module.exports = function cookies(sessionSecret) {
    function encodeCookie(data) {
        const encodedData = encodeURIComponent(data);
        const hmac = crypto.createHmac('sha256', sessionSecret);
        hmac.update(encodedData);
        return `${hmac.digest('hex')}~${encodedData}`;
    }

    function decodeCookie(data) {
        const hmac = crypto.createHmac('sha256', sessionSecret);
        const [sentHmac, sentData] = data.split('~');
        if (hmac.update(sentData).digest('hex') !== sentHmac) {
            return null;
        }
        return decodeURIComponent(sentData);
    }

    function setCookie(member) {
        return cookie.serialize('signedin', member.id, {
            maxAge: MAX_AGE,
            path: '/ghost/api/v2/members',
            httpOnly: true,
            encode: encodeCookie
        });
    }

    function removeCookie() {
        return cookie.serialize('signedin', false, {
            maxAge: 0,
            path: '/ghost/api/v2/members',
            httpOnly: true
        });
    }

    function getCookie(req) {
        return cookie.parse(req.headers.cookie || '', {
            decode: decodeCookie
        });
    }

    return {
        setCookie,
        removeCookie,
        getCookie
    };
};
Added members lib module (#10260) * Added members library inc. gateway refs #10213 * Added the auth pages and build steps for them refs #10213 * Cleaned up logs * Updated gruntfile to run yarn for member auth * Design refinements on members popups * UI refinements * Updated backend call to trigger only if frontend validation passes * Design refinements for error messages * Added error message for email failure * Updated request-password-reset to not attempt to send headers twice * Updated preact publicPath to relative path * Build auth pages on init 2018-12-11 09:47:44 +03:00			`const crypto = require('crypto');`
			`const cookie = require('cookie');`

			`const MAX_AGE = 60 * 60 * 24 * 184;`

			`module.exports = function cookies(sessionSecret) {`
			`function encodeCookie(data) {`
			`const encodedData = encodeURIComponent(data);`
			`const hmac = crypto.createHmac('sha256', sessionSecret);`
			`hmac.update(encodedData);`
			return `${hmac.digest('hex')}~${encodedData}`;
			`}`

			`function decodeCookie(data) {`
			`const hmac = crypto.createHmac('sha256', sessionSecret);`
			`const [sentHmac, sentData] = data.split('~');`
			`if (hmac.update(sentData).digest('hex') !== sentHmac) {`
			`return null;`
			`}`
			`return decodeURIComponent(sentData);`
			`}`

			`function setCookie(member) {`
			`return cookie.serialize('signedin', member.id, {`
			`maxAge: MAX_AGE,`
Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker. 2019-02-07 12:41:39 +03:00			`path: '/ghost/api/v2/members',`
Added members lib module (#10260) * Added members library inc. gateway refs #10213 * Added the auth pages and build steps for them refs #10213 * Cleaned up logs * Updated gruntfile to run yarn for member auth * Design refinements on members popups * UI refinements * Updated backend call to trigger only if frontend validation passes * Design refinements for error messages * Added error message for email failure * Updated request-password-reset to not attempt to send headers twice * Updated preact publicPath to relative path * Build auth pages on init 2018-12-11 09:47:44 +03:00			`httpOnly: true,`
			`encode: encodeCookie`
			`});`
			`}`

			`function removeCookie() {`
			`return cookie.serialize('signedin', false, {`
			`maxAge: 0,`
Added initial subscription support with stripe to Members API (#10460) These changes introduce a new "service" to the members api, which handles getting and creating subscriptions. This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe. The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker. 2019-02-07 12:41:39 +03:00			`path: '/ghost/api/v2/members',`
Added members lib module (#10260) * Added members library inc. gateway refs #10213 * Added the auth pages and build steps for them refs #10213 * Cleaned up logs * Updated gruntfile to run yarn for member auth * Design refinements on members popups * UI refinements * Updated backend call to trigger only if frontend validation passes * Design refinements for error messages * Added error message for email failure * Updated request-password-reset to not attempt to send headers twice * Updated preact publicPath to relative path * Build auth pages on init 2018-12-11 09:47:44 +03:00			`httpOnly: true`
			`});`
			`}`

			`function getCookie(req) {`
			`return cookie.parse(req.headers.cookie \|\| '', {`
			`decode: decodeCookie`
			`});`
			`}`

			`return {`
			`setCookie,`
			`removeCookie,`
			`getCookie`
			`};`
			`};`