Add cookie parser to echo the value of cookies in the response. Also works for signed cookies.

mendhak · mendhak · commit 335fb23a0f55 · 2026-03-19T23:12:17.000Z
To sign a cookie, generate a value using SIGNED_COOKIE=$(node -e "var crypto = require('crypto'); function sign(val, secret){ return val + '.' + crypto .createHmac('sha256', secret) .update(val) .digest('base64') .replace(/=+$/, ''); }; console.log(sign('my-value','mysecretkey123'));") Then send it in the header like so curl -s http://localhost:8080/ -H "Cookie: mysigned=s:${SIGNED_COOKIE}" Issue #93
diff --git a/index.js b/index.js
@@ -4,6 +4,7 @@ const http = require('http')
 const https = require('https')
 const morgan = require('morgan');
 const express = require('express')
+const cookieParser = require('cookie-parser');
 const concat = require('concat-stream');
 const { promisify } = require('util');
 const promBundle = require("express-prom-bundle");
@@ -39,6 +40,8 @@ if(PROMETHEUS_ENABLED === 'true') {
   app.use(metricsMiddleware);
 }
 
+app.use(cookieParser(process.env.COOKIE_SECRET || 'examplekey'));
+
 if(process.env.DISABLE_REQUEST_LOGS !== 'true'){
   app.use(morgan('combined'));
 }
@@ -76,6 +79,7 @@ app.all('*', (req, res) => {
     ips: req.ips,
     protocol: req.protocol,
     query: req.query,
+    signedCookies: req.signedCookies,
     subdomains: req.subdomains,
     xhr: req.xhr,
     os: {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -18,6 +18,7 @@
   },
   "dependencies": {
     "concat-stream": "^2.0.0",
+    "cookie-parser": "^1.4.6",
     "express": "^4.22.0",
     "express-prom-bundle": "^8.0.0",
     "jsonwebtoken": "^9.0.0",
diff --git a/tests.sh b/tests.sh
@@ -653,6 +653,60 @@ message " Stop containers "
 docker stop http-echo-tests
 sleep 5
 
+message " Start container with signed cookies support "
+# Set cookie secret for signing/verifying cookies
+docker run -d --rm -e COOKIE_SECRET=mysecretkey123 \
+    --name http-echo-tests -p 8080:8080 -p 8443:8443 -t mendhak/http-https-echo:testing
+sleep 5
+
+SIGNED_COOKIE=$(node -e "var crypto = require('crypto');
+
+function sign(val, secret){
+  return val + '.' + crypto
+    .createHmac('sha256', secret)
+    .update(val)
+    .digest('base64')
+    .replace(/=+$/, '');
+};
+
+console.log(sign('my-value','mysecretkey123'));")
+
+
+RESPONSE=$(curl -s http://localhost:8080/ -H "Cookie: mysigned=s:${SIGNED_COOKIE}")
+if [ $(echo $RESPONSE | jq -r '.signedCookies.mysigned') == 'my-value' ]
+then
+    passed "Signed cookie test passed."
+else
+    failed "Signed cookie test failed."
+    echo $RESPONSE | jq
+    exit 1
+fi
+
+message " Stop containers "
+docker stop http-echo-tests
+sleep 5
+
+
+message " Check that regular cookies are returned in response "
+docker run -d --rm --name http-echo-tests -p 8080:8080 -p 8443:8443 -t mendhak/http-https-echo:testing
+sleep 5
+
+
+RESPONSE=$(curl -s http://localhost:8080/ -H "Cookie: foo=bar; baz=qux")
+if [ $(echo $RESPONSE | jq -r '.cookies.foo') == 'bar' ] && \
+   [ $(echo $RESPONSE | jq -r '.cookies.baz') == 'qux' ]
+then
+    passed "Cookies returned in response test passed."
+else
+    failed "Cookies returned in response test failed."
+    echo $RESPONSE | jq
+    exit 1
+fi
+
+message " Stop containers "
+docker stop http-echo-tests
+sleep 5
+
 popd
 rm -rf testarea
 message "DONE"
