Remove JSON encoding from cookies

Author: brophdawg11

packages/cookie/src/lib/cookie.test.ts

@@ -24,14 +24,6 @@ describe('cookies', () => {
     assert.equal(value, 'hello world')
   })
 
-  it('parses/serializes unsigned boolean values', async () => {
-    let cookie = new Cookie('my-cookie')
-    let setCookie = await cookie.serialize(true)
-    let value = await cookie.parse(getCookieFromSetCookie(setCookie))
-
-    assert.equal(value, true)
-  })
-
   it('parses/serializes signed string values', async () => {
     let cookie = new Cookie('my-cookie', {
       secrets: ['secret1'],
@@ -81,33 +73,20 @@ describe('cookies', () => {
     let cookie = new Cookie('my-cookie', {
       secrets: ['secret1'],
     })
-    let setCookie = await cookie.serialize({ hello: 'mjackson' })
-    let value = await cookie.parse(getCookieFromSetCookie(setCookie))
+    let setCookie = await cookie.serialize(JSON.stringify({ hello: 'mjackson' }))
+    let value = JSON.parse((await cookie.parse(getCookieFromSetCookie(setCookie)))!)
 
     assert.deepEqual(value, { hello: 'mjackson' })
   })
 
-  it('fails to parse signed object values with invalid signature', async () => {
-    let cookie = new Cookie('my-cookie', {
-      secrets: ['secret1'],
-    })
-    let setCookie = await cookie.serialize({ hello: 'mjackson' })
-    let cookie2 = new Cookie('my-cookie', {
-      secrets: ['secret2'],
-    })
-    let value = await cookie2.parse(getCookieFromSetCookie(setCookie))
-
-    assert.equal(value, null)
-  })
-
   it('supports secret rotation', async () => {
     let cookie = new Cookie('my-cookie', {
       secrets: ['secret1'],
     })
-    let setCookie = await cookie.serialize({ hello: 'mjackson' })
+    let setCookie = await cookie.serialize('mjackson')
     let value = await cookie.parse(getCookieFromSetCookie(setCookie))
 
-    assert.deepEqual(value, { hello: 'mjackson' })
+    assert.deepEqual(value, 'mjackson')
 
     // A new secret enters the rotation...
     cookie = new Cookie('my-cookie', {
@@ -121,6 +100,9 @@ describe('cookies', () => {
     // New Set-Cookie should be different, it uses a different secret.
     let setCookie2 = await cookie.serialize(value)
     assert.notEqual(setCookie, setCookie2)
+
+    let newValue = await cookie.parse(getCookieFromSetCookie(setCookie2))
+    assert.deepEqual(oldValue, newValue)
   })
 
   it('makes the default secrets to be an empty array', async () => {

packages/cookie/src/lib/cookie.ts

@@ -71,7 +71,7 @@ export class Cookie {
    * Parses a raw `Cookie` header and returns the value of this cookie or
    * `null` if it's not present.
    */
-  async parse(cookieHeader: string | null, parseOptions?: ParseOptions): Promise<unknown> {
+  async parse(cookieHeader: string | null, parseOptions?: ParseOptions): Promise<string | null> {
     if (!cookieHeader) return null
     let cookies = parse(cookieHeader, { ...this.#options, ...parseOptions })
     if (this.name in cookies) {
@@ -91,15 +91,15 @@ export class Cookie {
    * Serializes the given value to a string and returns the `Set-Cookie`
    * header.
    */
-  async serialize(value: unknown, serializeOptions?: SerializeOptions): Promise<string> {
+  async serialize(value: string, serializeOptions?: SerializeOptions): Promise<string> {
     return serialize(this.name, value === '' ? '' : await encodeCookieValue(value, this.#secrets), {
       ...this.#options,
       ...serializeOptions,
     })
   }
 }
 
-async function encodeCookieValue(value: unknown, secrets: string[]): Promise<string> {
+async function encodeCookieValue(value: string, secrets: string[]): Promise<string> {
   let encoded = encodeData(value)
 
   if (secrets.length > 0) {
@@ -109,7 +109,7 @@ async function encodeCookieValue(value: unknown, secrets: string[]): Promise<str
   return encoded
 }
 
-async function decodeCookieValue(value: string, secrets: string[]): Promise<unknown> {
+async function decodeCookieValue(value: string, secrets: string[]): Promise<string | null> {
   if (secrets.length > 0) {
     for (let secret of secrets) {
       let unsignedValue = await unsign(value, secret)
@@ -124,15 +124,15 @@ async function decodeCookieValue(value: string, secrets: string[]): Promise<unkn
   return decodeData(value)
 }
 
-function encodeData(value: unknown): string {
-  return btoa(myUnescape(encodeURIComponent(JSON.stringify(value))))
+function encodeData(value: string): string {
+  return btoa(myUnescape(encodeURIComponent(value)))
 }
 
-function decodeData(value: string): unknown {
+function decodeData(value: string): string | null {
   try {
-    return JSON.parse(decodeURIComponent(myEscape(atob(value))))
+    return decodeURIComponent(myEscape(atob(value)))
   } catch {
-    return {}
+    return null
   }
 }