Different cookie secret based on requestΒ #289
Description
Prerequisites
- I have written a descriptive issue title
- I have searched existing issues to ensure the feature has not already been requested
π Feature Proposal
We have a multi-tenant site where the tenant name is in the url like tenant1.site.com, tenant2.site.com etc.
I would like each tenant to have a different session secret in fastify session which seems to boil down to the cookie secret. Today it is possible to implement a custom signer, however it does not receive the request as a parameter so it is not possible to use different secrets for sign/unsign per tenant.
I think if the custom signer could receive request as a parameter this could be solved.
sign: (value, req) => { ... }
However, maybe there is a better already solution to my particular scenario?
Motivation
Support for multi tenancy.
Example
fastify.register(require('@fastify/cookie'), {
secret: {
sign: (value, req) => {
// get tenant from req and fetch corresponding secret
// sign cookie with the tenant's secret
return signedValue
},
unsign: (value, req) => {
// get tenant from req and fetch corresponding secret
// unsign cookie with the tenant's secret
return {
valid: true, // the cookie has been unsigned successfully
renew: false, // the cookie has been unsigned with an old secret
value: 'unsignedValue'
}
}
}
})