refactor cookie serialization

Author: charmingduchess

pages/new/index.tsx

@@ -15,7 +15,6 @@ import {
 } from "../../src/utils/csrfUtils";
 import * as cookie from "../../src/utils/CookieUtils";
 
-import { serialize } from "cookie";
 import { GetServerSideProps } from "next";
 import { useTranslation } from "next-i18next";
 import { serverSideTranslations } from "next-i18next/serverSideTranslations";
@@ -75,12 +74,13 @@ export const getServerSideProps: GetServerSideProps = async (context) => {
   if (!csrfToken) {
     csrfToken = generateNewToken();
     const newTokenCookieString = generateNewCookieTokenAndHash(csrfToken);
-    newTokenCookie = serialize(
+    newTokenCookie = cookie.buildCookieHeader(
       cookie.metadata().csrfToken.name,
       newTokenCookieString,
       cookie.metadata().csrfToken.options
     );
   }
+
   const headers = [
     // reset cookie that would otherwise bump users out of the flow
     // to succcess page

src/utils/CookieUtils.ts

@@ -5,14 +5,16 @@ import { serialize } from "cookie";
  * Function to set cookies on the server side based on with minor updates:
  * https://github.com/vercel/next.js/blob/master/examples/api-routes-middleware/utils/cookies.js
  */
-const set = (res, name, value, options) => {
+const set = (res, value) => {
+  const cookie = buildCookieHeader(value);
+  return res.setHeader("Set-Cookie", cookie);
+};
+
+const buildCookieHeader = (value) => {
+  const { name, options } = metadata().csrfToken;
   const stringValue =
     typeof value === "object" ? "j:" + JSON.stringify(value) : String(value);
-
-  return res.setHeader(
-    "Set-Cookie",
-    serialize(name, String(stringValue), options)
-  );
+  return serialize(name, String(stringValue), options);
 };
 
 // Use secure cookies if the site uses HTTPS
@@ -43,4 +45,4 @@ const metadata = () => {
   };
 };
 
-export { set, metadata };
+export { set, metadata, buildCookieHeader };

src/utils/csrfUtils.ts

@@ -72,12 +72,7 @@ const postRequestHashMatchesServerHash = (tokenFromRequestCookie) => {
 // Used as part of the strategy for mitigation for CSRF tokens.
 const setCsrfTokenCookie = (res, csrfToken) => {
   const newCsrfTokenCookie = generateNewCookieTokenAndHash(csrfToken);
-  cookie.set(
-    res,
-    cookie.metadata().csrfToken.name,
-    newCsrfTokenCookie,
-    cookie.metadata().csrfToken.options
-  );
+  cookie.set(res, newCsrfTokenCookie);
 };
 
 const generateNewToken = () => {