Merge pull request #479 from vtex/fix/session-cookie/3.x

valentino-amadeus · web-flow · commit 1a804ca4cafd · 2021-10-22T14:16:27.000-03:00
[3.x] Fix / Janus / Extract session cookie in a safe manner
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [3.77.3] - 2021-10-22
+### Fixed
+- Extract session cookie in a safe manner
+
+## [3.77.2] - 2021-08-26
+### Fixed
+- Extract session cookie in a safe manner
+
 ## [3.77.1] - 2021-02-05
 - Increase HTTP agents connection pools freeSockets and lifetime
 
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@vtex/api",
-  "version": "3.77.2",
+  "version": "3.77.3",
   "description": "VTEX I/O API client",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
diff --git a/src/clients/Segment.ts b/src/clients/Segment.ts
@@ -1,8 +1,8 @@
-import parseCookie from 'cookie'
 import { prop } from 'ramda'
 
 import { PRODUCT_HEADER } from '../constants'
 import { inflightUrlWithQuery, JanusClient } from '../HttpClient'
+import { extractSessionCookie } from './Session'
 
 export interface SegmentData {
   campaigns?: any
@@ -19,7 +19,6 @@ export interface SegmentData {
   [key: string]: any
 }
 
-const SEGMENT_COOKIE = 'vtex_segment'
 const SEGMENT_MAX_AGE_S = 60 * 60 // 60 minutes - segment is actually immutable
 const ALLOWED_QUERY_PREFIXES = ['utm', 'cultureInfo', 'supportedLocales']
 
@@ -71,15 +70,11 @@ export class Segment extends JanusClient {
   public getOrCreateSegment = async (query?: Record<string, string>, token?: string) => {
     const {
       data: segmentData,
-      headers: {
-        'set-cookie': [setCookies],
-      },
+      headers,
     } = await this.rawSegment(token, query)
-    const parsedCookie = parseCookie.parse(setCookies)
-    const segmentToken = prop(SEGMENT_COOKIE, parsedCookie)
     return {
       segmentData,
-      segmentToken,
+      segmentToken: extractSessionCookie(headers) || token,
     }
   }
 
diff --git a/src/clients/Session.ts b/src/clients/Session.ts
@@ -51,7 +51,7 @@ export class Session extends JanusClient {
   }
 }
 
-function extractSessionCookie(headers: Record<string, string>) {
+export function extractSessionCookie(headers: Record<string, string>) {
   for (const setCookie of headers['set-cookie'] || []) {
     const parsedCookie = parseCookie.parse(setCookie)
     const sessionCookie = parsedCookie[SESSION_COOKIE]

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@vtex/api",`
`3`		`- "version": "3.77.2",`
	`3`	`+ "version": "3.77.3",`
`4`	`4`	`"description": "VTEX I/O API client",`
`5`	`5`	`"main": "lib/index.js",`
`6`	`6`	`"typings": "lib/index.d.ts",`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ export class Session extends JanusClient {`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`
`54`		`-function extractSessionCookie(headers: Record<string, string>) {`
	`54`	`+export function extractSessionCookie(headers: Record<string, string>) {`
`55`	`55`	`for (const setCookie of headers['set-cookie'] \|\| []) {`
`56`	`56`	`const parsedCookie = parseCookie.parse(setCookie)`
`57`	`57`	`const sessionCookie = parsedCookie[SESSION_COOKIE]`