fix(revert): "feat: improve cookie chunk handling via base64url+length encoding (#90)" (#100)

* This reverts commit 6deb687 introduced in #90

Author: kangmingtay

src/__snapshots__/createServerClient.spec.ts.snap

@@ -3,11 +3,7 @@ import { describe, expect, it, beforeEach, afterEach } from "vitest";
 import { isBrowser, DEFAULT_COOKIE_OPTIONS, MAX_CHUNK_SIZE } from "./utils";
 import { CookieOptions } from "./types";
 
-import {
- createStorageFromOptions,
- applyServerStorage,
- decodeCookie,
-} from "./cookies";
+import { createStorageFromOptions, applyServerStorage } from "./cookies";
 
 describe("createStorageFromOptions in browser without cookie methods", () => {
  beforeEach(() => {
@@ -1074,81 +1070,3 @@ describe("applyServerStorage", () => {
  ]);
  });
 });
-
-describe("decodeCookie", () => {
- let warnings: any[][] = [];
- let originalWarn: any;
-
- beforeEach(() => {
- warnings = [];
-
- originalWarn = console.warn;
- console.warn = (...args: any[]) => {
- warnings.push(structuredClone(args));
- };
- });
-
- afterEach(() => {
- console.warn = originalWarn;
- });
-
- it("should decode base64url+length encoded value", () => {
- const value = JSON.stringify({ a: "b" });
- const valueB64 = Buffer.from(value).toString("base64url");
-
- expect(
- decodeCookie(`base64l-${valueB64.length.toString(36)}-${valueB64}`),
- ).toEqual(value);
- expect(
- decodeCookie(
- `base64l-${valueB64.length.toString(36)}-${valueB64}padding_that_is_ignored`,
- ),
- ).toEqual(value);
- expect(
- decodeCookie(
- `base64l-${valueB64.length.toString(36)}-${valueB64.substring(0, valueB64.length - 1)}`,
- ),
- ).toBeNull();
- expect(decodeCookie(`base64l-0-${valueB64}`)).toBeNull();
- expect(decodeCookie(`base64l-${valueB64}`)).toBeNull();
- expect(warnings).toMatchInlineSnapshot(`
- [
- [
- "@supabase/ssr: Detected stale cookie data. Please check your integration with Supabase for bugs. This can cause your users to loose the session.",
- ],
- [
- "@supabase/ssr: Detected stale cookie data. Please check your integration with Supabase for bugs. This can cause your users to loose the session.",
- ],
- ]
- `);
- });
-
- it("should decode base64url encoded value", () => {
- const value = JSON.stringify({ a: "b" });
- const valueB64 = Buffer.from(value).toString("base64url");
-
- expect(decodeCookie(`base64-${valueB64}`)).toEqual(value);
- expect(warnings).toMatchInlineSnapshot(`[]`);
- });
-
- it("should not decode base64url encoded value with invalid UTF-8", () => {
- const valueB64 = Buffer.from([0xff, 0xff, 0xff, 0xff]).toString(
- "base64url",
- );
-
- expect(decodeCookie(`base64-${valueB64}`)).toBeNull();
- expect(
- decodeCookie(`base64l-${valueB64.length.toString(36)}-${valueB64}`),
- ).toBeNull();
- expect(warnings).toMatchInlineSnapshot(`
- [
- [
- "@supabase/ssr: Detected stale cookie data that does not decode to a UTF-8 string. Please check your integration with Supabase for bugs. This can cause your users to loose session access.",
- ],
- [
- "@supabase/ssr: Detected stale cookie data that does not decode to a UTF-8 string. Please check your integration with Supabase for bugs. This can cause your users to loose session access.",
- ],
- ]
- `);
- });
-});

src/cookies.spec.ts

@@ -22,55 +22,6 @@ import type {
 } from "./types";
 
 const BASE64_PREFIX = "base64-";
-const BASE64_LENGTH_PREFIX = "base64l-";
-const BASE64_LENGTH_PATTERN = /^base64l-([0-9a-z]+)-(.+)$/;
-
-export function decodeBase64Cookie(value: string) {
- try {
- return stringFromBase64URL(value);
- } catch (e: any) {
- // if an invalid UTF-8 sequence is encountered, it means that reconstructing the chunkedCookie failed and the cookies don't contain useful information
- console.warn(
- "@supabase/ssr: Detected stale cookie data that does not decode to a UTF-8 string. Please check your integration with Supabase for bugs. This can cause your users to loose session access.",
- );
- return null;
- }
-}
-
-export function decodeCookie(chunkedCookie: string) {
- let decoded = chunkedCookie;
-
- if (chunkedCookie.startsWith(BASE64_PREFIX)) {
- return decodeBase64Cookie(decoded.substring(BASE64_PREFIX.length));
- } else if (chunkedCookie.startsWith(BASE64_LENGTH_PREFIX)) {
- const match = chunkedCookie.match(BASE64_LENGTH_PATTERN);
-
- if (!match) {
- return null;
- }
-
- const expectedLength = parseInt(match[1], 36);
-
- if (expectedLength === 0) {
- return null;
- }
-
- if (match[2].length !== expectedLength) {
- console.warn(
- "@supabase/ssr: Detected stale cookie data. Please check your integration with Supabase for bugs. This can cause your users to loose the session.",
- );
- }
-
- if (expectedLength <= match[2].length) {
- return decodeBase64Cookie(match[2].substring(0, expectedLength));
- } else {
- // data is missing, cannot decode cookie
- return null;
- }
- }
-
- return decoded;
-}
 
 /**
  * Creates a storage client that handles cookies correctly for browser and
@@ -82,7 +33,7 @@ export function decodeCookie(chunkedCookie: string) {
  */
 export function createStorageFromOptions(
  options: {
- cookieEncoding: "raw" | "base64url" | "base64url+length";
+ cookieEncoding: "raw" | "base64url";
  cookies?:
  | CookieMethodsBrowser
  | CookieMethodsBrowserDeprecated
@@ -252,7 +203,15 @@ export function createStorageFromOptions(
  return null;
  }
 
- return decodeCookie(chunkedCookie);
+ let decoded = chunkedCookie;
+
+ if (chunkedCookie.startsWith(BASE64_PREFIX)) {
+ decoded = stringFromBase64URL(
+ chunkedCookie.substring(BASE64_PREFIX.length),
+ );
+ }
+
+ return decoded;
  },
  setItem: async (key: string, value: string) => {
  const allCookies = await getAll([key]);
@@ -266,13 +225,6 @@ export function createStorageFromOptions(
 
  if (cookieEncoding === "base64url") {
  encoded = BASE64_PREFIX + stringToBase64URL(value);
- } else if (cookieEncoding === "base64url+length") {
- encoded = [
- BASE64_LENGTH_PREFIX,
- value.length.toString(36),
- "-",
- value,
- ].join("");
  }
 
  const setCookies = createChunks(key, encoded);
@@ -390,7 +342,18 @@ export function createStorageFromOptions(
  return null;
  }
 
- return decodeCookie(chunkedCookie);
+ let decoded = chunkedCookie;
+
+ if (
+ typeof chunkedCookie === "string" &&
+ chunkedCookie.startsWith(BASE64_PREFIX)
+ ) {
+ decoded = stringFromBase64URL(
+ chunkedCookie.substring(BASE64_PREFIX.length),
+ );
+ }
+
+ return decoded;
  },
  setItem: async (key: string, value: string) => {
  // We don't have an `onAuthStateChange` event that can let us know that
@@ -448,7 +411,7 @@ export async function applyServerStorage(
  removedItems: { [name: string]: boolean };
  },
  options: {
- cookieEncoding: "raw" | "base64url" | "base64url+length";
+ cookieEncoding: "raw" | "base64url";
  cookieOptions?: CookieOptions | null;
  },
 ) {
@@ -476,13 +439,6 @@ export async function applyServerStorage(
 
  if (cookieEncoding === "base64url") {
  encoded = BASE64_PREFIX + stringToBase64URL(encoded);
- } else if (cookieEncoding === "base64url+length") {
- encoded = [
- BASE64_LENGTH_PREFIX,
- encoded.length.toString(36),
- "-",
- stringToBase64URL(encoded),
- ].join("");
  }
 
  const chunks = createChunks(itemName, encoded);

src/cookies.ts

@@ -4,7 +4,7 @@ import { MAX_CHUNK_SIZE, stringToBase64URL } from "./utils";
 import { CookieOptions } from "./types";
 import { createBrowserClient } from "./createBrowserClient";
 
-describe("createBrowserClient", () => {
+describe("createServerClient", () => {
  describe("validation", () => {
  it("should throw an error on empty URL and anon key", async () => {
  expect(() => {

src/createBrowserClient.spec.ts

@@ -48,7 +48,7 @@ export function createBrowserClient<
  options?: SupabaseClientOptions<SchemaName> & {
  cookies?: CookieMethodsBrowser;
  cookieOptions?: CookieOptionsWithName;
- cookieEncoding?: "raw" | "base64url" | "base64url+length";
+ cookieEncoding?: "raw" | "base64url";
  isSingleton?: boolean;
  },
 ): SupabaseClient<Database, SchemaName, Schema>;
@@ -72,7 +72,7 @@ export function createBrowserClient<
  options?: SupabaseClientOptions<SchemaName> & {
  cookies: CookieMethodsBrowserDeprecated;
  cookieOptions?: CookieOptionsWithName;
- cookieEncoding?: "raw" | "base64url" | "base64url+length";
+ cookieEncoding?: "raw" | "base64url";
  isSingleton?: boolean;
  },
 ): SupabaseClient<Database, SchemaName, Schema>;
@@ -91,7 +91,7 @@ export function createBrowserClient<
  options?: SupabaseClientOptions<SchemaName> & {
  cookies?: CookieMethodsBrowser | CookieMethodsBrowserDeprecated;
  cookieOptions?: CookieOptionsWithName;
- cookieEncoding?: "raw" | "base64url" | "base64url+length";
+ cookieEncoding?: "raw" | "base64url";
  isSingleton?: boolean;
  },
 ): SupabaseClient<Database, SchemaName, Schema> {
@@ -113,7 +113,7 @@ export function createBrowserClient<
  const { storage } = createStorageFromOptions(
  {
  ...options,
- cookieEncoding: options?.cookieEncoding ?? "base64url+length",
+ cookieEncoding: options?.cookieEncoding ?? "base64url",
  },
  false,
  );