pillarjs · zachasme · Sep 5, 2019 · Sep 5, 2019 · Sep 5, 2019 · Sep 11, 2019
diff --git a/README.md b/README.md
@@ -57,6 +57,12 @@ If the signature cookie _does_ exist, the provided [Keygrip](https://www.npmjs.c
 * If the signature cookie hash matches any other key, the original cookie value is returned AND an outbound header is set to update the signature cookie's value to the hash of the first key. This enables automatic freshening of signature cookies that have become stale due to key rotation.
 * If the signature cookie hash does not match any key, nothing is returned, and an outbound header with an expired date is used to delete the cookie.
 
+### cookies.getAll( name, [ options ] )
+
+There are cases where a browser will send multiple cookies of the same name. This works exactly like [`cookies.get`](#cookiesget-name--options--) (above), but returns an array of matching cookies (or empty array when none match).
+
+Options identical to [`cookies.get`](#cookiesget-name--options--).
+
 ### cookies.set( name, [ value ], [ options ] )
 
 This sets the given cookie in the response and returns the current context to allow chaining.

diff --git a/index.js b/index.js
@@ -52,33 +52,55 @@ function Cookies(request, response, options) {
 }
 
 Cookies.prototype.get = function(name, opts) {
+  var all = this.getAll(name, opts)
+  if (all.length < 1) return
+  return all[0]
+}
+
+Cookies.prototype.getAll = function(name, opts) {
   var sigName = name + ".sig"
-    , header, match, value, remote, data, index
+    , header, remotes, matches, pattern, match, value, index, data
     , signed = opts && opts.signed !== undefined ? opts.signed : !!this.keys
+    , values = []
 
   header = this.request.headers["cookie"]
-  if (!header) return
+  if (!header) return []
 
-  match = header.match(getPattern(name))
-  if (!match) return
+  if (opts && signed) {
+    if (!this.keys) throw new Error('.keys required for signed cookies');
+    remotes = this.getAll(sigName)
+    if (remotes.length === 0) return [];
+  }
 
-  value = match[1]
-  if (!opts || !signed) return value
+  matches = header.match(getPattern(name, { global: true }));
+  if(!matches) return []
 
-  remote = this.get(sigName)
-  if (!remote) return
+  pattern = getPattern(name)
+  for (var i = 0; i < matches.length; i++) {
+    match = matches[i].match(pattern)
+    value = match[1]
 
-  data = name + "=" + value
-  if (!this.keys) throw new Error('.keys required for signed cookies');
-  index = this.keys.index(data, remote)
+    if (!opts || !signed) {
+      values.push(value)
+      continue
+    }
 
-  if (index < 0) {
-    this.set(sigName, null, {path: "/", signed: false })
-  } else {
-    index && this.set(sigName, this.keys.sign(data), { signed: false })
-    return value
+    index = -1
+    data = name + "=" + value
+    for (var j = 0; index < 0 && j < remotes.length; j++) {
+      index = this.keys.index(data, remotes[j])
+    }
+
+    if (index < 0) {
+      this.set(sigName, null, {path: "/", signed: false })
+    } else {
+      index && this.set(sigName, this.keys.sign(data), { signed: false })
+      values.push(match[1])
+    }
   }
-};
+
+  return values
+}
 
 Cookies.prototype.set = function(name, value, opts) {
   var res = this.response
@@ -183,13 +205,15 @@ Object.defineProperty(Cookie.prototype, 'maxage', {
 });
 deprecate.property(Cookie.prototype, 'maxage', '"maxage"; use "maxAge" instead')
 
-function getPattern(name) {
-  if (cache[name]) return cache[name]
+function getPattern(name, opts) {
+  var flags = opts && opts.global === true ? 'g' : '';
+  if (!cache[flags]) cache[flags] = {};
+  if (cache[flags][name]) return cache[flags][name]
 
-  return cache[name] = new RegExp(
+  return cache[flags][name] = new RegExp(
     "(?:^|;) *" +
     name.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&") +
-    "=([^;]*)"
+    "=([^;]*)", flags
   )
 }
 

diff --git a/test/test.js b/test/test.js
@@ -188,6 +188,85 @@ describe('new Cookies(req, res, [options])', function () {
     })
   })
 
+  describe('.getAll(name, [options])', function() {
+    it('should return values of cookies', function (done) {
+      request(createServer(function (req, res, cookies) {
+        res.end(String(cookies.getAll('foo')))
+      }))
+      .get('/')
+      .set('Cookie', 'foo=baz; foo=bar')
+      .expect(200, 'baz,bar', done)
+    })
+
+    it('should return empty array without cookie', function (done) {
+      request(createServer(function (req, res, cookies) {
+        res.end(String(cookies.getAll('fizz').length))
+      }))
+      .get('/')
+      .set('Cookie', 'foo=bar')
+      .expect(200, '0', done)
+    })
+
+    it('should return empty array without header', function (done) {
+      request(createServer(function (req, res, cookies) {
+        res.end(String(cookies.getAll('foo').length))
+      }))
+      .get('/')
+      .expect(200, '0', done)
+    })
+
+    describe('"signed" option', function () {
+      describe('when true', function () {
+        it('should return empty array without signatures', function (done) {
+          var opts = { keys: ['keyboard cat'] }
+          request(createServer(opts, function (req, res, cookies) {
+            res.end(String(cookies.getAll('foo', { signed: true }).length))
+          }))
+          .get('/')
+          .set('Cookie', 'foo=bar')
+          .expect(200, '0', done)
+        })
+
+        it('should return signed cookie values', function (done) {
+          var opts = { keys: ['keyboard cat'] }
+          request(createServer(opts, function (req, res, cookies) {
+            res.end(String(cookies.getAll('foo', { signed: true })))
+          }))
+          .get('/')
+          .set('Cookie', 'foo=bar; foo=baz; foo.sig=iW2fuCIzk9Cg_rqLT1CAqrtdWs8; foo.sig=ptOkbbiPiGfLWRzz1yXP3XqaW4E')
+          .expect(200, 'bar,baz', done)
+        })
+
+        describe('when one signature is invalid', function () {
+          it('should return valid value only', function (done) {
+            var opts = { keys: ['keyboard cat'] }
+            request(createServer(opts, function (req, res, cookies) {
+              res.end(String(cookies.getAll('foo', { signed: true })))
+            }))
+            .get('/')
+            .set('Cookie', 'foo=bar; foo=baz; foo.sig=v5f380JakwVgx2H9B9nA6kJaZNg; foo.sig=ptOkbbiPiGfLWRzz1yXP3XqaW4E')
+            .expect(200, 'baz', done)
+          })
+
+
+          it('should delete signature cookie', function (done) {
+            var opts = { keys: ['keyboard cat'] }
+            request(createServer(opts, function (req, res, cookies) {
+              res.end(String(cookies.get('foo', { signed: true })))
+            }))
+            .get('/')
+            .set('Cookie', 'foo=bar; foo=baz; foo.sig=v5f380JakwVgx2H9B9nA6kJaZNg; foo.sig=ptOkbbiPiGfLWRzz1yXP3XqaW4E')
+            .expect(200)
+            .expect('baz')
+            .expect(shouldSetCookieCount(1))
+            .expect(shouldSetCookieWithAttributeAndValue('foo.sig', 'expires', 'Thu, 01 Jan 1970 00:00:00 GMT'))
+            .end(done)
+          })
+        })
+      })
+    })
+  })
+
   describe('.set(name, value, [options])', function () {
     it('should set cookie', function (done) {
       request(createServer(function (req, res, cookies) {