v10.0.0
Notable Changes
Express-Session Compatibility
It increase the compatibility of @fastify/session by allowing using input of cookiePrefix #113, preventing sessionId #129 and encryptedSessionId #134 to be stored in session store, etc.
Thanks to the great work of @rclmenezes and @Uzlopak
Performance
Performance of id generation #123 has been improved 25% - 30%. Thanks to @Uzlopak works.
Security
The verification of cookie path #169 is changed to match the RFC specification.
It stricter than before and avoid the wrong cookie slap in.
For exmaple, cookie path /docs with request path /docs-oh-no
Refactor on code
The structure of code-base has been reorganized and the files do not scattered on top-level folder anymore.
It greatly improve the readability of the modules.
What's Changed
- feat: Update benchmark. by @ShogunPanda in #91
- ci: migrate to fastify reusable workflow by @Fdawgs in #90
- build(deps-dev): bump fastify-cookie from 5.6.1 to 5.7.0 by @dependabot in #92
- docs(readme): remove snyk badge by @Fdawgs in #93
- chore(.gitignore): use updated skeleton template by @Fdawgs in #96
- build(deps-dev): bump @types/node from 17.0.45 to 18.0.0 by @dependabot in #97
- build(deps-dev): bump tsd from 0.20.0 to 0.21.0 by @dependabot in #98
- build(deps-dev): bump tsd from 0.21.0 to 0.22.0 by @dependabot in #102
- style(types/types.test-d.ts): explicitly declare semicolon by @Fdawgs in #103
- refactor: use optional chaining by @Fdawgs in #104
- build(deps): bump fastify-plugin from 3.0.1 to 4.0.0 by @dependabot in #105
- remove metadata.js by @Uzlopak in #107
- separate lint from npm test script, activate lint and license-check in ci pipeline by @Uzlopak in #108
- refactor unit tests, replace ava with tap, remove undici and typescript as devDependencies by @Uzlopak in #109
- move benchmark to corresponding folder, slim it down by @Uzlopak in #110
- tap should only run test.js files by @Uzlopak in #115
- Clean up tests by @rclmenezes in #117
- Add missing documentation for README.md by @rclmenezes in #116
- Simplify shouldSaveSession code a little bit by @rclmenezes in #119
- Move
expiresfrom session to session.cookies by @rclmenezes in #120 - refactor store to es6 class by @Uzlopak in #122
- simplify callback typing by @Uzlopak in #124
- Add cookiePrefix as an option to allow for compatibility with express-session by @rclmenezes in #113
- perf: improve idgenerator (about 25-30 % faster) by @Uzlopak in #123
- chore: remove addDataToSession by @Uzlopak in #127
- add autocannon example by @Uzlopak in #128
- feat: use @fastify/cookie-signer-logic for signing and unsigning by @Uzlopak in #129
- move signer require into ensureDefaults by @Uzlopak in #130
- fix unit test by @Uzlopak in #132
- fix lgtm alert by @Uzlopak in #133
- Remove session id round 4 by @rclmenezes in #134
- simplify getExpires, export getExpires from cookie by @Uzlopak in #135
- remove internal used session restore() function by @Uzlopak in #136
- Revert "refactor store to es6 class" by @Uzlopak in #138
- remove sinon as dev dependency by @Uzlopak in #139
- add redis example by @Uzlopak in #142
- add pre-commit by @Uzlopak in #145
- add unit test for maxAge by @Uzlopak in #144
- create a separate unit test file for memorystore by @Uzlopak in #150
- rename secret.test.js to fastifySession.checkOptions.test.js and refactor it by @Uzlopak in #151
- prevent encryptedSessionId from being stored in the sessionStore by @Uzlopak in #143
- use maxAge over expires by @Uzlopak in #152
- build(deps-dev): bump tsd from 0.22.0 to 0.23.0 by @dependabot in #153
- Resave session cookie if saveUninitialized is false and rolling is true by @rclmenezes in #149
- rename session to fastifySession by @Uzlopak in #160
- Make it possible to call save() in decryptSession by @Uzlopak in #161
- Implement originalMaxAge by @Uzlopak in #162
- Remove deprecation notice for fastify-Instance decryptSession by @shrihari-prakash in #164
- add typings for decryptSession by @Uzlopak in #165
- simplify cookie handling by @Uzlopak in #166
- minor cosmetic change by @Uzlopak in #167
- ensure that secure false is not overwritten by null by @Uzlopak in #168
- security: verify path of cookie/session by @Uzlopak in #169
New Contributors
- @ShogunPanda made their first contribution in #91
- @Uzlopak made their first contribution in #107
- @rclmenezes made their first contribution in #117
- @shrihari-prakash made their first contribution in #164
Full Changelog: v9.0.0...v10.0.0
Contributors
ShogunPanda, rclmenezes, and 4 other contributors