Different cookie secret based on request

[jonaskello]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

We have a multi-tenant site where the tenant name is in the url like tenant1.site.com, tenant2.site.com etc.

I would like each tenant to have a different session secret in fastify session which seems to boil down to the cookie secret. Today it is possible to implement a custom signer, however it does not receive the request as a parameter so it is not possible to use different secrets for sign/unsign per tenant.

I think if the custom signer could receive request as a parameter this could be solved.

    sign: (value, req) => { ... }

However, maybe there is a better already solution to my particular scenario?

Motivation

Support for multi tenancy.

Example

fastify.register(require('@fastify/cookie'), {
  secret: {
    sign: (value, req) => {
      // get tenant from req and fetch corresponding secret
      // sign cookie with the tenant's secret
      return signedValue
    },
    unsign: (value, req) => {
      // get tenant from req and fetch corresponding secret
      // unsign cookie with the tenant's secret
      return {
        valid: true, // the cookie has been unsigned successfully
        renew: false, // the cookie has been unsigned with an old secret
        value: 'unsignedValue'
      }
    }
  }
})

[mcollina]

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.