// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package http import ( "bytes" "fmt" "io" "os" "sort" "strconv" "strings" "time" ) // This implementation is done according to RFC 6265: // // http://tools.ietf.org/html/rfc6265 // A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an // HTTP response or the Cookie header of an HTTP request. type Cookie struct { Name string Value string Path string Domain string Expires time.Time RawExpires string // MaxAge=0 means no 'Max-Age' attribute specified. // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0' // MaxAge>0 means Max-Age attribute present and given in seconds MaxAge int Secure bool HttpOnly bool Raw string Unparsed []string // Raw text of unparsed attribute-value pairs } // readSetCookies parses all "Set-Cookie" values from // the header h, removes the successfully parsed values from the // "Set-Cookie" key in h and returns the parsed Cookies. func readSetCookies(h Header) []*Cookie { cookies := []*Cookie{} var unparsedLines []string for _, line := range h["Set-Cookie"] { parts := strings.Split(strings.TrimSpace(line), ";", -1) if len(parts) == 1 && parts[0] == "" { continue } parts[0] = strings.TrimSpace(parts[0]) j := strings.Index(parts[0], "=") if j < 0 { unparsedLines = append(unparsedLines, line) continue } name, value := parts[0][:j], parts[0][j+1:] if !isCookieNameValid(name) { unparsedLines = append(unparsedLines, line) continue } value, success := parseCookieValue(value) if !success { unparsedLines = append(unparsedLines, line) continue } c := &Cookie{ Name: name, Value: value, Raw: line, } for i := 1; i < len(parts); i++ { parts[i] = strings.TrimSpace(parts[i]) if len(parts[i]) == 0 { continue } attr, val := parts[i], "" if j := strings.Index(attr, "="); j >= 0 { attr, val = attr[:j], attr[j+1:] } val, success = parseCookieValue(val) if !success { c.Unparsed = append(c.Unparsed, parts[i]) continue } switch strings.ToLower(attr) { case "secure": c.Secure = true continue case "httponly": c.HttpOnly = true continue case "domain": c.Domain = val // TODO: Add domain parsing continue case "max-age": secs, err := strconv.Atoi(val) if err != nil || secs < 0 || secs != 0 && val[0] == '0' { break } if secs <= 0 { c.MaxAge = -1 } else { c.MaxAge = secs } continue case "expires": c.RawExpires = val exptime, err := time.Parse(time.RFC1123, val) if err != nil { c.Expires = time.Time{} break } c.Expires = *exptime continue case "path": c.Path = val // TODO: Add path parsing continue } c.Unparsed = append(c.Unparsed, parts[i]) } cookies = append(cookies, c) } h["Set-Cookie"] = unparsedLines, unparsedLines != nil return cookies } // writeSetCookies writes the wire representation of the set-cookies // to w. Each cookie is written on a separate "Set-Cookie: " line. // This choice is made because HTTP parsers tend to have a limit on // line-length, so it seems safer to place cookies on separate lines. func writeSetCookies(w io.Writer, kk []*Cookie) os.Error { if kk == nil { return nil } lines := make([]string, 0, len(kk)) var b bytes.Buffer for _, c := range kk { b.Reset() fmt.Fprintf(&b, "%s=%s", sanitizeName(c.Name), sanitizeValue(c.Value)) if len(c.Path) > 0 { fmt.Fprintf(&b, "; Path=%s", sanitizeValue(c.Path)) } if len(c.Domain) > 0 { fmt.Fprintf(&b, "; Domain=%s", sanitizeValue(c.Domain)) } if len(c.Expires.Zone) > 0 { fmt.Fprintf(&b, "; Expires=%s", c.Expires.Format(time.RFC1123)) } if c.MaxAge > 0 { fmt.Fprintf(&b, "; Max-Age=%d", c.MaxAge) } else if c.MaxAge < 0 { fmt.Fprintf(&b, "; Max-Age=0") } if c.HttpOnly { fmt.Fprintf(&b, "; HttpOnly") } if c.Secure { fmt.Fprintf(&b, "; Secure") } lines = append(lines, "Set-Cookie: "+b.String()+"\r\n") } sort.SortStrings(lines) for _, l := range lines { if _, err := io.WriteString(w, l); err != nil { return err } } return nil } // readCookies parses all "Cookie" values from // the header h, removes the successfully parsed values from the // "Cookie" key in h and returns the parsed Cookies. func readCookies(h Header) []*Cookie { cookies := []*Cookie{} lines, ok := h["Cookie"] if !ok { return cookies } unparsedLines := []string{} for _, line := range lines { parts := strings.Split(strings.TrimSpace(line), ";", -1) if len(parts) == 1 && parts[0] == "" { continue } // Per-line attributes parsedPairs := 0 for i := 0; i < len(parts); i++ { parts[i] = strings.TrimSpace(parts[i]) if len(parts[i]) == 0 { continue } attr, val := parts[i], "" if j := strings.Index(attr, "="); j >= 0 { attr, val = attr[:j], attr[j+1:] } if !isCookieNameValid(attr) { continue } val, success := parseCookieValue(val) if !success { continue } cookies = append(cookies, &Cookie{Name: attr, Value: val}) parsedPairs++ } if parsedPairs == 0 { unparsedLines = append(unparsedLines, line) } } h["Cookie"] = unparsedLines, len(unparsedLines) > 0 return cookies } // writeCookies writes the wire representation of the cookies to // w. According to RFC 6265 section 5.4, writeCookies does not // attach more than one Cookie header field. That means all // cookies, if any, are written into the same line, separated by // semicolon. func writeCookies(w io.Writer, kk []*Cookie) os.Error { if len(kk) == 0 { return nil } var buf bytes.Buffer fmt.Fprintf(&buf, "Cookie: ") for i, c := range kk { if i > 0 { fmt.Fprintf(&buf, "; ") } fmt.Fprintf(&buf, "%s=%s", sanitizeName(c.Name), sanitizeValue(c.Value)) } fmt.Fprintf(&buf, "\r\n") _, err := w.Write(buf.Bytes()) return err } func sanitizeName(n string) string { n = strings.Replace(n, "\n", "-", -1) n = strings.Replace(n, "\r", "-", -1) return n } func sanitizeValue(v string) string { v = strings.Replace(v, "\n", " ", -1) v = strings.Replace(v, "\r", " ", -1) v = strings.Replace(v, ";", " ", -1) return v } func unquoteCookieValue(v string) string { if len(v) > 1 && v[0] == '"' && v[len(v)-1] == '"' { return v[1 : len(v)-1] } return v } func isCookieByte(c byte) bool { switch true { case c == 0x21, 0x23 <= c && c <= 0x2b, 0x2d <= c && c <= 0x3a, 0x3c <= c && c <= 0x5b, 0x5d <= c && c <= 0x7e: return true } return false } func parseCookieValue(raw string) (string, bool) { raw = unquoteCookieValue(raw) for i := 0; i < len(raw); i++ { if !isCookieByte(raw[i]) { return "", false } } return raw, true } func isCookieNameValid(raw string) bool { for _, c := range raw { if !isToken(byte(c)) { return false } } return true }