wai-secure-cookies: WAI middleware to automatically encrypt and sign cookies

Versions [RSS]	0.1.0.0, 0.1.0.1, 0.1.0.2, 0.1.0.3, 0.1.0.4, 0.1.0.5, 0.1.0.6, 0.1.0.7, 0.1.0.8
Dependencies	base (>=4.7 && <5), bytestring (>=0.10 && <0.12), crypton, cryptonite, http-types (>=0.12.1 && <0.13), memory (>=0.14 && <0.19), random (>=1.1 && <1.3), split (>=0.2 && <0.3), wai (>=3.2 && <4) [details]
License	MIT
Copyright	© حبيب الأمين ‪2023
Author	Habib Alamin
Maintainer	ha.alamin@gmail.com
Category	Web
Home page	https://github.com/habibalamin/wai-secure-cookies
Source repo	head: git clone https://github.com/habibalamin/wai-secure-cookies
Uploaded	by alaminium at 2023-09-07T01:34:11Z
Distributions
Reverse Dependencies	1 direct, 0 indirect [details]
Executables	waicookie-genkey
Downloads	2826 total (22 in the last 30 days)
Rating	(no votes yet) [estimated by Bayesian average]
Your Rating	λ λ λ
Status	Docs available [build log] Last success reported on 2023-09-07 [all 1 reports]

Readme for wai-secure-cookies-0.1.0.8

[back to package description]

wai-secure-cookies

I extracted a WAI middleware to automatically encrypt and sign cookies.

WARNING

I am not a cryptographer, and the crypto libraries in Haskell are not nearly as easy to use as what I'm used to in Ruby, so I wouldn't depend on this for a serious project until it's had some proper eyes on it.

Usage

Populate the following environment variables in your WAI application process:

WAI_COOKIE_VALIDATION_KEY # key to sign cookie names and values
WAI_COOKIE_ENCRYPTION_KEY # key to encrypt cookie names and values

You can generate random keys with waicookie-genkey:

waicookie-genkey <key type> ...
key types: encryption
           validation