cookie.go 6.21 KB
Newer Older
Petar Maymounkov's avatar
Petar Maymounkov committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package http

import (
	"bytes"
	"fmt"
	"strconv"
	"strings"
	"time"
)

15
// This implementation is done according to RFC 6265:
Petar Maymounkov's avatar
Petar Maymounkov committed
16
//
17
//    http://tools.ietf.org/html/rfc6265
Petar Maymounkov's avatar
Petar Maymounkov committed
18

19 20
// A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
// HTTP response or the Cookie header of an HTTP request.
Petar Maymounkov's avatar
Petar Maymounkov committed
21 22 23 24 25 26 27
type Cookie struct {
	Name       string
	Value      string
	Path       string
	Domain     string
	Expires    time.Time
	RawExpires string
28 29 30 31 32 33 34 35 36

	// MaxAge=0 means no 'Max-Age' attribute specified. 
	// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
	// MaxAge>0 means Max-Age attribute present and given in seconds
	MaxAge   int
	Secure   bool
	HttpOnly bool
	Raw      string
	Unparsed []string // Raw text of unparsed attribute-value pairs
Petar Maymounkov's avatar
Petar Maymounkov committed
37 38 39
}

// readSetCookies parses all "Set-Cookie" values from
40
// the header h and returns the successfully parsed Cookies.
Petar Maymounkov's avatar
Petar Maymounkov committed
41 42 43 44 45 46 47 48 49 50 51 52 53
func readSetCookies(h Header) []*Cookie {
	cookies := []*Cookie{}
	for _, line := range h["Set-Cookie"] {
		parts := strings.Split(strings.TrimSpace(line), ";", -1)
		if len(parts) == 1 && parts[0] == "" {
			continue
		}
		parts[0] = strings.TrimSpace(parts[0])
		j := strings.Index(parts[0], "=")
		if j < 0 {
			continue
		}
		name, value := parts[0][:j], parts[0][j+1:]
54 55 56 57 58
		if !isCookieNameValid(name) {
			continue
		}
		value, success := parseCookieValue(value)
		if !success {
Petar Maymounkov's avatar
Petar Maymounkov committed
59 60 61
			continue
		}
		c := &Cookie{
62 63 64
			Name:  name,
			Value: value,
			Raw:   line,
Petar Maymounkov's avatar
Petar Maymounkov committed
65 66 67 68 69 70 71 72 73 74
		}
		for i := 1; i < len(parts); i++ {
			parts[i] = strings.TrimSpace(parts[i])
			if len(parts[i]) == 0 {
				continue
			}

			attr, val := parts[i], ""
			if j := strings.Index(attr, "="); j >= 0 {
				attr, val = attr[:j], attr[j+1:]
75
			}
76 77 78 79 80 81
			lowerAttr := strings.ToLower(attr)
			parseCookieValueFn := parseCookieValue
			if lowerAttr == "expires" {
				parseCookieValueFn = parseCookieExpiresValue
			}
			val, success = parseCookieValueFn(val)
82 83 84
			if !success {
				c.Unparsed = append(c.Unparsed, parts[i])
				continue
Petar Maymounkov's avatar
Petar Maymounkov committed
85
			}
86
			switch lowerAttr {
Petar Maymounkov's avatar
Petar Maymounkov committed
87 88 89 90 91 92 93 94 95 96 97 98
			case "secure":
				c.Secure = true
				continue
			case "httponly":
				c.HttpOnly = true
				continue
			case "domain":
				c.Domain = val
				// TODO: Add domain parsing
				continue
			case "max-age":
				secs, err := strconv.Atoi(val)
99
				if err != nil || secs < 0 || secs != 0 && val[0] == '0' {
Petar Maymounkov's avatar
Petar Maymounkov committed
100 101
					break
				}
102 103 104 105 106
				if secs <= 0 {
					c.MaxAge = -1
				} else {
					c.MaxAge = secs
				}
Petar Maymounkov's avatar
Petar Maymounkov committed
107 108 109 110 111
				continue
			case "expires":
				c.RawExpires = val
				exptime, err := time.Parse(time.RFC1123, val)
				if err != nil {
112 113 114 115 116
					exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", val)
					if err != nil {
						c.Expires = time.Time{}
						break
					}
Petar Maymounkov's avatar
Petar Maymounkov committed
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
				}
				c.Expires = *exptime
				continue
			case "path":
				c.Path = val
				// TODO: Add path parsing
				continue
			}
			c.Unparsed = append(c.Unparsed, parts[i])
		}
		cookies = append(cookies, c)
	}
	return cookies
}

132 133
// SetCookie adds a Set-Cookie header to the provided ResponseWriter's headers.
func SetCookie(w ResponseWriter, cookie *Cookie) {
134
	w.Header().Add("Set-Cookie", cookie.String())
135 136
}

137 138 139 140 141 142
// String returns the serialization of the cookie for use in a Cookie
// header (if only Name and Value are set) or a Set-Cookie response
// header (if other fields are set).
func (c *Cookie) String() string {
	var b bytes.Buffer
	fmt.Fprintf(&b, "%s=%s", sanitizeName(c.Name), sanitizeValue(c.Value))
143
	if len(c.Path) > 0 {
144
		fmt.Fprintf(&b, "; Path=%s", sanitizeValue(c.Path))
145 146
	}
	if len(c.Domain) > 0 {
147
		fmt.Fprintf(&b, "; Domain=%s", sanitizeValue(c.Domain))
148 149
	}
	if len(c.Expires.Zone) > 0 {
150
		fmt.Fprintf(&b, "; Expires=%s", c.Expires.Format(time.RFC1123))
151 152
	}
	if c.MaxAge > 0 {
153
		fmt.Fprintf(&b, "; Max-Age=%d", c.MaxAge)
154
	} else if c.MaxAge < 0 {
155
		fmt.Fprintf(&b, "; Max-Age=0")
156 157
	}
	if c.HttpOnly {
158
		fmt.Fprintf(&b, "; HttpOnly")
159 160
	}
	if c.Secure {
161
		fmt.Fprintf(&b, "; Secure")
Petar Maymounkov's avatar
Petar Maymounkov committed
162
	}
163
	return b.String()
Petar Maymounkov's avatar
Petar Maymounkov committed
164 165
}

166 167 168 169 170
// readCookies parses all "Cookie" values from the header h and
// returns the successfully parsed Cookies.
//
// if filter isn't empty, only cookies of that name are returned
func readCookies(h Header, filter string) []*Cookie {
Petar Maymounkov's avatar
Petar Maymounkov committed
171 172 173 174 175
	cookies := []*Cookie{}
	lines, ok := h["Cookie"]
	if !ok {
		return cookies
	}
176

Petar Maymounkov's avatar
Petar Maymounkov committed
177 178 179 180 181 182
	for _, line := range lines {
		parts := strings.Split(strings.TrimSpace(line), ";", -1)
		if len(parts) == 1 && parts[0] == "" {
			continue
		}
		// Per-line attributes
183
		parsedPairs := 0
Petar Maymounkov's avatar
Petar Maymounkov committed
184 185 186 187 188
		for i := 0; i < len(parts); i++ {
			parts[i] = strings.TrimSpace(parts[i])
			if len(parts[i]) == 0 {
				continue
			}
189 190 191
			name, val := parts[i], ""
			if j := strings.Index(name, "="); j >= 0 {
				name, val = name[:j], name[j+1:]
Petar Maymounkov's avatar
Petar Maymounkov committed
192
			}
193
			if !isCookieNameValid(name) {
194 195
				continue
			}
196
			if filter != "" && filter != name {
197
				continue
198
			}
199 200 201
			val, success := parseCookieValue(val)
			if !success {
				continue
Petar Maymounkov's avatar
Petar Maymounkov committed
202
			}
203
			cookies = append(cookies, &Cookie{Name: name, Value: val})
204
			parsedPairs++
Petar Maymounkov's avatar
Petar Maymounkov committed
205 206 207 208 209
		}
	}
	return cookies
}

210 211 212 213 214 215 216 217 218 219 220 221 222
func sanitizeName(n string) string {
	n = strings.Replace(n, "\n", "-", -1)
	n = strings.Replace(n, "\r", "-", -1)
	return n
}

func sanitizeValue(v string) string {
	v = strings.Replace(v, "\n", " ", -1)
	v = strings.Replace(v, "\r", " ", -1)
	v = strings.Replace(v, ";", " ", -1)
	return v
}

223 224 225 226 227 228 229 230
func unquoteCookieValue(v string) string {
	if len(v) > 1 && v[0] == '"' && v[len(v)-1] == '"' {
		return v[1 : len(v)-1]
	}
	return v
}

func isCookieByte(c byte) bool {
231
	switch {
232 233 234 235 236 237 238
	case c == 0x21, 0x23 <= c && c <= 0x2b, 0x2d <= c && c <= 0x3a,
		0x3c <= c && c <= 0x5b, 0x5d <= c && c <= 0x7e:
		return true
	}
	return false
}

239 240 241 242
func isCookieExpiresByte(c byte) (ok bool) {
	return isCookieByte(c) || c == ',' || c == ' '
}

243
func parseCookieValue(raw string) (string, bool) {
244 245 246 247 248 249 250 251
	return parseCookieValueUsing(raw, isCookieByte)
}

func parseCookieExpiresValue(raw string) (string, bool) {
	return parseCookieValueUsing(raw, isCookieExpiresByte)
}

func parseCookieValueUsing(raw string, validByte func(byte) bool) (string, bool) {
252 253
	raw = unquoteCookieValue(raw)
	for i := 0; i < len(raw); i++ {
254
		if !validByte(raw[i]) {
255 256 257 258 259 260 261 262 263 264 265 266 267 268
			return "", false
		}
	}
	return raw, true
}

func isCookieNameValid(raw string) bool {
	for _, c := range raw {
		if !isToken(byte(c)) {
			return false
		}
	}
	return true
}