fix(core): build in CookieSerializeOptions def

packages/adapter-nextjs/package.json

@@ -8,11 +8,9 @@
 		"next": ">=13.5.0 <16.0.0"
 	},
 	"dependencies": {
-		"aws-jwt-verify": "^4.0.1",
-		"cookie": "^0.7.0"
+		"aws-jwt-verify": "^4.0.1"
 	},
 	"devDependencies": {
-		"@types/cookie": "^0.5.1",
 		"@types/node": "^20.3.1",
 		"@types/react": "^18.2.13",
 		"@types/react-dom": "^18.2.6",

packages/core/package.json

@@ -54,7 +54,6 @@
 		"@aws-sdk/types": "3.398.0",
 		"@smithy/util-hex-encoding": "2.0.0",
 		"@types/uuid": "^9.0.0",
-		"cookie": "^0.7.0",
 		"js-cookie": "^3.0.5",
 		"rxjs": "^7.8.1",
 		"tslib": "^2.5.0",

packages/core/src/adapterCore/serverContext/types/cookieStorage.ts

@@ -1,7 +1,104 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-import { CookieSerializeOptions } from 'cookie';
+interface CookieSerializeOptions {
+	/**
+	 * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.3|Domain Set-Cookie attribute}. By default, no
+	 * domain is set, and most clients will consider the cookie to apply to only
+	 * the current domain.
+	 */
+	domain?: string | undefined;
+
+	/**
+	 * Specifies a function that will be used to encode a cookie's value. Since
+	 * value of a cookie has a limited character set (and must be a simple
+	 * string), this function can be used to encode a value into a string suited
+	 * for a cookie's value.
+	 *
+	 * The default function is the global `encodeURIComponent`, which will
+	 * encode a JavaScript string into UTF-8 byte sequences and then URL-encode
+	 * any that fall outside of the cookie range.
+	 */
+	encode?(value: string): string;
+
+	/**
+	 * Specifies the `Date` object to be the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.1|`Expires` `Set-Cookie` attribute}. By default,
+	 * no expiration is set, and most clients will consider this a "non-persistent cookie" and will delete
+	 * it on a condition like exiting a web browser application.
+	 *
+	 * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+	 * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+	 * possible not all clients by obey this, so if both are set, they should
+	 * point to the same date and time.
+	 */
+	expires?: Date | undefined;
+	/**
+	 * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.6|`HttpOnly` `Set-Cookie` attribute}.
+	 * When truthy, the `HttpOnly` attribute is set, otherwise it is not. By
+	 * default, the `HttpOnly` attribute is not set.
+	 *
+	 * *Note* be careful when setting this to true, as compliant clients will
+	 * not allow client-side JavaScript to see the cookie in `document.cookie`.
+	 */
+	httpOnly?: boolean | undefined;
+	/**
+	 * Specifies the number (in seconds) to be the value for the `Max-Age`
+	 * `Set-Cookie` attribute. The given number will be converted to an integer
+	 * by rounding down. By default, no maximum age is set.
+	 *
+	 * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+	 * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+	 * possible not all clients by obey this, so if both are set, they should
+	 * point to the same date and time.
+	 */
+	maxAge?: number | undefined;
+	/**
+	 * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.4|`Path` `Set-Cookie` attribute}.
+	 * By default, the path is considered the "default path".
+	 */
+	path?: string | undefined;
+	/**
+	 * Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+	 *
+	 * - `'low'` will set the `Priority` attribute to `Low`.
+	 * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+	 * - `'high'` will set the `Priority` attribute to `High`.
+	 *
+	 * More information about the different priority levels can be found in
+	 * [the specification][rfc-west-cookie-priority-00-4.1].
+	 *
+	 * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+	 * This also means many clients may ignore this attribute until they understand it.
+	 */
+	priority?: 'low' | 'medium' | 'high' | undefined;
+	/**
+	 * Specifies the boolean or string to be the value for the {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute}.
+	 *
+	 * - `true` will set the `SameSite` attribute to `Strict` for strict same
+	 * site enforcement.
+	 * - `false` will not set the `SameSite` attribute.
+	 * - `'lax'` will set the `SameSite` attribute to Lax for lax same site
+	 * enforcement.
+	 * - `'strict'` will set the `SameSite` attribute to Strict for strict same
+	 * site enforcement.
+	 *  - `'none'` will set the SameSite attribute to None for an explicit
+	 *  cross-site cookie.
+	 *
+	 * More information about the different enforcement levels can be found in {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|the specification}.
+	 *
+	 * *note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
+	 */
+	sameSite?: true | false | 'lax' | 'strict' | 'none' | undefined;
+	/**
+	 * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute}. When truthy, the
+	 * `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
+	 *
+	 * *Note* be careful when setting this to `true`, as compliant clients will
+	 * not send the cookie back to the server in the future if the browser does
+	 * not have an HTTPS connection.
+	 */
+	secure?: boolean | undefined;
+}
 
 export declare namespace CookieStorage {
 	export type SetCookieOptions = Partial<