-
Notifications
You must be signed in to change notification settings - Fork 1k
/
Cookie.kt
227 lines (201 loc) · 7.48 KB
/
Cookie.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
/*
* Copyright 2014-2021 JetBrains s.r.o and contributors. Use of this source code is governed by the Apache 2.0 license.
*/
package io.ktor.http
import io.ktor.util.*
import io.ktor.util.date.*
import kotlin.jvm.*
/**
* Represents a cookie with name, content and a set of settings such as expiration, visibility and security.
* A cookie with neither [expires] nor [maxAge] is a session cookie.
*
* @property name
* @property value
* @property encoding - cookie encoding type [CookieEncoding]
* @property maxAge number of seconds to keep cookie
* @property expires date when it expires
* @property domain for which it is set
* @property path for which it is set
* @property secure send it via secure connection only
* @property httpOnly only transfer cookie over HTTP, no access from JavaScript
* @property extensions additional cookie extensions
*/
public data class Cookie(
val name: String,
val value: String,
val encoding: CookieEncoding = CookieEncoding.URI_ENCODING,
@get:JvmName("getMaxAgeInt")
val maxAge: Int = 0,
val expires: GMTDate? = null,
val domain: String? = null,
val path: String? = null,
val secure: Boolean = false,
val httpOnly: Boolean = false,
val extensions: Map<String, String?> = emptyMap()
)
/**
* Cooke encoding strategy
*/
public enum class CookieEncoding {
/**
* No encoding (could be dangerous)
*/
RAW,
/**
* Double quotes with slash-escaping
*/
DQUOTES,
/**
* URI encoding
*/
URI_ENCODING,
/**
* BASE64 encoding
*/
BASE64_ENCODING
}
private val loweredPartNames = setOf("max-age", "expires", "domain", "path", "secure", "httponly", "\$x-enc")
/**
* Parse server's `Set-Cookie` header value
*/
public fun parseServerSetCookieHeader(cookiesHeader: String): Cookie {
val asMap = parseClientCookiesHeader(cookiesHeader, false)
val first = asMap.entries.first { !it.key.startsWith("$") }
val encoding = asMap["\$x-enc"]?.let { CookieEncoding.valueOf(it) } ?: CookieEncoding.RAW
val loweredMap = asMap.mapKeys { it.key.toLowerCasePreservingASCIIRules() }
return Cookie(
name = first.key,
value = decodeCookieValue(first.value, encoding),
encoding = encoding,
maxAge = loweredMap["max-age"]?.toIntClamping() ?: 0,
expires = loweredMap["expires"]?.fromCookieToGmtDate(),
domain = loweredMap["domain"],
path = loweredMap["path"],
secure = "secure" in loweredMap,
httpOnly = "httponly" in loweredMap,
extensions = asMap.filterKeys {
it.toLowerCasePreservingASCIIRules() !in loweredPartNames && it != first.key
}
)
}
private val clientCookieHeaderPattern = """(^|;)\s*([^;=\{\}\s]+)\s*(=\s*("[^"]*"|[^;]*))?""".toRegex()
/**
* Parse client's `Cookie` header value
*/
public fun parseClientCookiesHeader(cookiesHeader: String, skipEscaped: Boolean = true): Map<String, String> =
clientCookieHeaderPattern.findAll(cookiesHeader)
.map { (it.groups[2]?.value ?: "") to (it.groups[4]?.value ?: "") }
.filter { !skipEscaped || !it.first.startsWith("$") }
.map { cookie ->
if (cookie.second.startsWith("\"") && cookie.second.endsWith("\"")) {
cookie.copy(second = cookie.second.removeSurrounding("\""))
} else {
cookie
}
}
.toMap()
/**
* Format `Set-Cookie` header value
*/
public fun renderSetCookieHeader(cookie: Cookie): String = with(cookie) {
renderSetCookieHeader(
name,
value,
encoding,
maxAge,
expires,
domain,
path,
secure,
httpOnly,
extensions
)
}
/**
* Format `Cookie` header value
*/
public fun renderCookieHeader(cookie: Cookie): String = with(cookie) {
"$name=${encodeCookieValue(value, encoding)}"
}
/**
* Format `Set-Cookie` header value
*/
public fun renderSetCookieHeader(
name: String,
value: String,
encoding: CookieEncoding = CookieEncoding.URI_ENCODING,
maxAge: Int = 0,
expires: GMTDate? = null,
domain: String? = null,
path: String? = null,
secure: Boolean = false,
httpOnly: Boolean = false,
extensions: Map<String, String?> = emptyMap(),
includeEncoding: Boolean = true
): String = (
listOf(
cookiePart(name.assertCookieName(), value, encoding),
cookiePartUnencoded("Max-Age", if (maxAge > 0) maxAge else null),
cookiePartUnencoded("Expires", expires?.toHttpDate()),
cookiePart("Domain", domain, CookieEncoding.RAW),
cookiePart("Path", path, CookieEncoding.RAW),
cookiePartFlag("Secure", secure),
cookiePartFlag("HttpOnly", httpOnly)
) + extensions.map { cookiePartExt(it.key.assertCookieName(), it.value) } +
if (includeEncoding) cookiePartExt("\$x-enc", encoding.name) else ""
).filter { it.isNotEmpty() }
.joinToString("; ")
/**
* Encode cookie value using the specified [encoding]
*/
public fun encodeCookieValue(value: String, encoding: CookieEncoding): String = when (encoding) {
CookieEncoding.RAW -> when {
value.any { it.shouldEscapeInCookies() } ->
throw IllegalArgumentException(
"The cookie value contains characters that cannot be encoded in RAW format. " +
" Consider URL_ENCODING mode"
)
else -> value
}
CookieEncoding.DQUOTES -> when {
value.contains('"') -> throw IllegalArgumentException(
"The cookie value contains characters that cannot be encoded in DQUOTES format. " +
"Consider URL_ENCODING mode"
)
value.any { it.shouldEscapeInCookies() } -> "\"$value\""
else -> value
}
CookieEncoding.BASE64_ENCODING -> value.encodeBase64()
CookieEncoding.URI_ENCODING -> value.encodeURLQueryComponent(encodeFull = false, spaceToPlus = true)
}
/**
* Decode cookie value using the specified [encoding]
*/
public fun decodeCookieValue(encodedValue: String, encoding: CookieEncoding): String = when (encoding) {
CookieEncoding.RAW, CookieEncoding.DQUOTES -> when {
encodedValue.trimStart().startsWith("\"") && encodedValue.trimEnd().endsWith("\"") ->
encodedValue.trim().removeSurrounding("\"")
else -> encodedValue
}
CookieEncoding.URI_ENCODING -> encodedValue.decodeURLQueryComponent(plusIsSpace = true)
CookieEncoding.BASE64_ENCODING -> encodedValue.decodeBase64String()
}
private fun String.assertCookieName() = when {
any { it.shouldEscapeInCookies() } -> throw IllegalArgumentException("Cookie name is not valid: $this")
else -> this
}
private val cookieCharsShouldBeEscaped = setOf(';', ',', '"')
private fun Char.shouldEscapeInCookies() = isWhitespace() || this < ' ' || this in cookieCharsShouldBeEscaped
@Suppress("NOTHING_TO_INLINE")
private inline fun cookiePart(name: String, value: Any?, encoding: CookieEncoding) =
if (value != null) "$name=${encodeCookieValue(value.toString(), encoding)}" else ""
@Suppress("NOTHING_TO_INLINE")
private inline fun cookiePartUnencoded(name: String, value: Any?) =
if (value != null) "$name=$value" else ""
@Suppress("NOTHING_TO_INLINE")
private inline fun cookiePartFlag(name: String, value: Boolean) =
if (value) name else ""
@Suppress("NOTHING_TO_INLINE")
private inline fun cookiePartExt(name: String, value: String?) =
if (value == null) cookiePartFlag(name, true) else cookiePart(name, value, CookieEncoding.RAW)
private fun String.toIntClamping(): Int = toLong().coerceIn(0L, Int.MAX_VALUE.toLong()).toInt()