Commit 6afe7eba authored by Petar Maymounkov's avatar Petar Maymounkov Committed by Russ Cox

http: add cookie support

R=rsc1, mattn, bradfitzwork, pascal, bradfitzgo
CC=golang-dev
https://golang.org/cl/4214042
parent eeb8d00c
......@@ -8,6 +8,7 @@ TARG=http
GOFILES=\
chunked.go\
client.go\
cookie.go\
dump.go\
fs.go\
header.go\
......
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package http
import (
"bytes"
"fmt"
"io"
"os"
"sort"
"strconv"
"strings"
"time"
)
// A note on Version=0 vs. Version=1 cookies
//
// The difference between Set-Cookie and Set-Cookie2 is hard to discern from the
// RFCs as it is not stated explicitly. There seem to be three standards
// lingering on the web: Netscape, RFC 2109 (aka Version=0) and RFC 2965 (aka
// Version=1). It seems that Netscape and RFC 2109 are the same thing, hereafter
// Version=0 cookies.
//
// In general, Set-Cookie2 is a superset of Set-Cookie. It has a few new
// attributes like HttpOnly and Secure. To be meticulous, if a server intends
// to use these, it needs to send a Set-Cookie2. However, it is most likely
// most modern browsers will not complain seeing an HttpOnly attribute in a
// Set-Cookie header.
//
// Both RFC 2109 and RFC 2965 use Cookie in the same way - two send cookie
// values from clients to servers - and the allowable attributes seem to be the
// same.
//
// The Cookie2 header is used for a different purpose. If a client suspects that
// the server speaks Version=1 (RFC 2965) then along with the Cookie header
// lines, you can also send:
//
// Cookie2: $Version="1"
//
// in order to suggest to the server that you understand Version=1 cookies. At
// which point the server may continue responding with Set-Cookie2 headers.
// When a client sends the (above) Cookie2 header line, it must be prepated to
// understand incoming Set-Cookie2.
//
// This implementation of cookies supports neither Set-Cookie2 nor Cookie2
// headers. However, it parses Version=1 Cookies (along with Version=0) as well
// as Set-Cookie headers which utilize the full Set-Cookie2 syntax.
// TODO(petar): Explicitly forbid parsing of Set-Cookie attributes
// starting with '$', which have been used to hack into broken
// servers using the eventual Request headers containing those
// invalid attributes that may overwrite intended $Version, $Path,
// etc. attributes.
// TODO(petar): Read 'Set-Cookie2' headers and prioritize them over equivalent
// 'Set-Cookie' headers. 'Set-Cookie2' headers are still extremely rare.
// A Cookie represents an RFC 2965 HTTP cookie as sent in
// the Set-Cookie header of an HTTP response or the Cookie header
// of an HTTP request.
// The Set-Cookie2 and Cookie2 headers are unimplemented.
type Cookie struct {
Name string
Value string
Path string
Domain string
Comment string
Version int
Expires time.Time
RawExpires string
MaxAge int // Max age in seconds
Secure bool
HttpOnly bool
Raw string
Unparsed []string // Raw text of unparsed attribute-value pairs
}
// readSetCookies parses all "Set-Cookie" values from
// the header h, removes the successfully parsed values from the
// "Set-Cookie" key in h and returns the parsed Cookies.
func readSetCookies(h Header) []*Cookie {
cookies := []*Cookie{}
var unparsedLines []string
for _, line := range h["Set-Cookie"] {
parts := strings.Split(strings.TrimSpace(line), ";", -1)
if len(parts) == 1 && parts[0] == "" {
continue
}
parts[0] = strings.TrimSpace(parts[0])
j := strings.Index(parts[0], "=")
if j < 0 {
unparsedLines = append(unparsedLines, line)
continue
}
name, value := parts[0][:j], parts[0][j+1:]
value, err := URLUnescape(value)
if err != nil {
unparsedLines = append(unparsedLines, line)
continue
}
c := &Cookie{
Name: name,
Value: value,
MaxAge: -1, // Not specified
Raw: line,
}
for i := 1; i < len(parts); i++ {
parts[i] = strings.TrimSpace(parts[i])
if len(parts[i]) == 0 {
continue
}
attr, val := parts[i], ""
if j := strings.Index(attr, "="); j >= 0 {
attr, val = attr[:j], attr[j+1:]
val, err = URLUnescape(val)
if err != nil {
c.Unparsed = append(c.Unparsed, parts[i])
continue
}
}
switch strings.ToLower(attr) {
case "secure":
c.Secure = true
continue
case "httponly":
c.HttpOnly = true
continue
case "comment":
c.Comment = val
continue
case "domain":
c.Domain = val
// TODO: Add domain parsing
continue
case "max-age":
secs, err := strconv.Atoi(val)
if err != nil || secs < 0 {
break
}
c.MaxAge = secs
continue
case "expires":
c.RawExpires = val
exptime, err := time.Parse(time.RFC1123, val)
if err != nil {
c.Expires = time.Time{}
break
}
c.Expires = *exptime
continue
case "path":
c.Path = val
// TODO: Add path parsing
continue
case "version":
c.Version, err = strconv.Atoi(val)
if err != nil {
c.Version = 0
break
}
continue
}
c.Unparsed = append(c.Unparsed, parts[i])
}
cookies = append(cookies, c)
}
h["Set-Cookie"] = unparsedLines, unparsedLines != nil
return cookies
}
// writeSetCookies writes the wire representation of the set-cookies
// to w. Each cookie is written on a separate "Set-Cookie: " line.
// This choice is made because HTTP parsers tend to have a limit on
// line-length, so it seems safer to place cookies on separate lines.
func writeSetCookies(w io.Writer, kk []*Cookie) os.Error {
if kk == nil {
return nil
}
lines := make([]string, 0, len(kk))
var b bytes.Buffer
for _, c := range kk {
b.Reset()
// TODO(petar): c.Value (below) should be unquoted if it is recognized as quoted
fmt.Fprintf(&b, "%s=%s", CanonicalHeaderKey(c.Name), c.Value)
if c.Version > 0 {
fmt.Fprintf(&b, "Version=%d; ", c.Version)
}
if len(c.Path) > 0 {
fmt.Fprintf(&b, "; Path=%s", URLEscape(c.Path))
}
if len(c.Domain) > 0 {
fmt.Fprintf(&b, "; Domain=%s", URLEscape(c.Domain))
}
if len(c.Expires.Zone) > 0 {
fmt.Fprintf(&b, "; Expires=%s", c.Expires.Format(time.RFC1123))
}
if c.MaxAge >= 0 {
fmt.Fprintf(&b, "; Max-Age=%d", c.MaxAge)
}
if c.HttpOnly {
fmt.Fprintf(&b, "; HttpOnly")
}
if c.Secure {
fmt.Fprintf(&b, "; Secure")
}
if len(c.Comment) > 0 {
fmt.Fprintf(&b, "; Comment=%s", URLEscape(c.Comment))
}
lines = append(lines, "Set-Cookie: "+b.String()+"\r\n")
}
sort.SortStrings(lines)
for _, l := range lines {
if _, err := io.WriteString(w, l); err != nil {
return err
}
}
return nil
}
// readCookies parses all "Cookie" values from
// the header h, removes the successfully parsed values from the
// "Cookie" key in h and returns the parsed Cookies.
func readCookies(h Header) []*Cookie {
cookies := []*Cookie{}
lines, ok := h["Cookie"]
if !ok {
return cookies
}
unparsedLines := []string{}
for _, line := range lines {
parts := strings.Split(strings.TrimSpace(line), ";", -1)
if len(parts) == 1 && parts[0] == "" {
continue
}
// Per-line attributes
var lineCookies = make(map[string]string)
var version int
var path string
var domain string
var comment string
var httponly bool
for i := 0; i < len(parts); i++ {
parts[i] = strings.TrimSpace(parts[i])
if len(parts[i]) == 0 {
continue
}
attr, val := parts[i], ""
var err os.Error
if j := strings.Index(attr, "="); j >= 0 {
attr, val = attr[:j], attr[j+1:]
val, err = URLUnescape(val)
if err != nil {
continue
}
}
switch strings.ToLower(attr) {
case "$httponly":
httponly = true
case "$version":
version, err = strconv.Atoi(val)
if err != nil {
version = 0
continue
}
case "$domain":
domain = val
// TODO: Add domain parsing
case "$path":
path = val
// TODO: Add path parsing
case "$comment":
comment = val
default:
lineCookies[attr] = val
}
}
if len(lineCookies) == 0 {
unparsedLines = append(unparsedLines, line)
}
for n, v := range lineCookies {
cookies = append(cookies, &Cookie{
Name: n,
Value: v,
Path: path,
Domain: domain,
Comment: comment,
Version: version,
HttpOnly: httponly,
MaxAge: -1,
Raw: line,
})
}
}
h["Cookie"] = unparsedLines, len(unparsedLines) > 0
return cookies
}
// writeCookies writes the wire representation of the cookies
// to w. Each cookie is written on a separate "Cookie: " line.
// This choice is made because HTTP parsers tend to have a limit on
// line-length, so it seems safer to place cookies on separate lines.
func writeCookies(w io.Writer, kk []*Cookie) os.Error {
lines := make([]string, 0, len(kk))
var b bytes.Buffer
for _, c := range kk {
b.Reset()
n := c.Name
if c.Version > 0 {
fmt.Fprintf(&b, "$Version=%d; ", c.Version)
}
// TODO(petar): c.Value (below) should be unquoted if it is recognized as quoted
fmt.Fprintf(&b, "%s=%s", CanonicalHeaderKey(n), c.Value)
if len(c.Path) > 0 {
fmt.Fprintf(&b, "; $Path=%s", URLEscape(c.Path))
}
if len(c.Domain) > 0 {
fmt.Fprintf(&b, "; $Domain=%s", URLEscape(c.Domain))
}
if c.HttpOnly {
fmt.Fprintf(&b, "; $HttpOnly")
}
if len(c.Comment) > 0 {
fmt.Fprintf(&b, "; $Comment=%s", URLEscape(c.Comment))
}
lines = append(lines, "Cookie: "+b.String()+"\r\n")
}
sort.SortStrings(lines)
for _, l := range lines {
if _, err := io.WriteString(w, l); err != nil {
return err
}
}
return nil
}
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package http
import (
"bytes"
"reflect"
"testing"
)
var writeSetCookiesTests = []struct {
Cookies []*Cookie
Raw string
}{
{
[]*Cookie{&Cookie{Name: "cookie-1", Value: "v$1", MaxAge: -1}},
"Set-Cookie: Cookie-1=v$1\r\n",
},
}
func TestWriteSetCookies(t *testing.T) {
for i, tt := range writeSetCookiesTests {
var w bytes.Buffer
writeSetCookies(&w, tt.Cookies)
seen := string(w.Bytes())
if seen != tt.Raw {
t.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i, tt.Raw, seen)
continue
}
}
}
var writeCookiesTests = []struct {
Cookies []*Cookie
Raw string
}{
{
[]*Cookie{&Cookie{Name: "cookie-1", Value: "v$1", MaxAge: -1}},
"Cookie: Cookie-1=v$1\r\n",
},
}
func TestWriteCookies(t *testing.T) {
for i, tt := range writeCookiesTests {
var w bytes.Buffer
writeCookies(&w, tt.Cookies)
seen := string(w.Bytes())
if seen != tt.Raw {
t.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i, tt.Raw, seen)
continue
}
}
}
var readSetCookiesTests = []struct {
Header Header
Cookies []*Cookie
}{
{
Header{"Set-Cookie": {"Cookie-1=v$1"}},
[]*Cookie{&Cookie{Name: "Cookie-1", Value: "v$1", MaxAge: -1, Raw: "Cookie-1=v$1"}},
},
}
func TestReadSetCookies(t *testing.T) {
for i, tt := range readSetCookiesTests {
c := readSetCookies(tt.Header)
if !reflect.DeepEqual(c, tt.Cookies) {
t.Errorf("#%d readSetCookies: have\n%#v\nwant\n%#v\n", i, c, tt.Cookies)
continue
}
}
}
var readCookiesTests = []struct {
Header Header
Cookies []*Cookie
}{
{
Header{"Cookie": {"Cookie-1=v$1"}},
[]*Cookie{&Cookie{Name: "Cookie-1", Value: "v$1", MaxAge: -1, Raw: "Cookie-1=v$1"}},
},
}
func TestReadCookies(t *testing.T) {
for i, tt := range readCookiesTests {
c := readCookies(tt.Header)
if !reflect.DeepEqual(c, tt.Cookies) {
t.Errorf("#%d readCookies: have\n%#v\nwant\n%#v\n", i, c, tt.Cookies)
continue
}
}
}
......@@ -92,6 +92,9 @@ type Request struct {
// following a hyphen uppercase and the rest lowercase.
Header Header
// Cookie records the HTTP cookies sent with the request.
Cookie []*Cookie
// The message body.
Body io.ReadCloser
......@@ -249,6 +252,10 @@ func (req *Request) write(w io.Writer, usingProxy bool) os.Error {
return err
}
if err = writeCookies(w, req.Cookie); err != nil {
return err
}
io.WriteString(w, "\r\n")
// Write body and trailer
......@@ -485,6 +492,8 @@ func ReadRequest(b *bufio.Reader) (req *Request, err os.Error) {
return nil, err
}
req.Cookie = readCookies(req.Header)
return req, nil
}
......
......@@ -46,6 +46,9 @@ type Response struct {
// Keys in the map are canonicalized (see CanonicalHeaderKey).
Header Header
// SetCookie records the Set-Cookie requests sent with the response.
SetCookie []*Cookie
// Body represents the response body.
Body io.ReadCloser
......@@ -124,6 +127,8 @@ func ReadResponse(r *bufio.Reader, requestMethod string) (resp *Response, err os
return nil, err
}
resp.SetCookie = readSetCookies(resp.Header)
return resp, nil
}
......@@ -193,6 +198,10 @@ func (resp *Response) Write(w io.Writer) os.Error {
return err
}
if err = writeSetCookies(w, resp.SetCookie); err != nil {
return err
}
// End-of-header
io.WriteString(w, "\r\n")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment