Source file src/pkg/net/http/cookie.go
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package http
6
7 import (
8 "bytes"
9 "fmt"
10 "strconv"
11 "strings"
12 "time"
13 )
14
15 // This implementation is done according to RFC 6265:
16 //
17 // http://tools.ietf.org/html/rfc6265
18
19 // A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
20 // HTTP response or the Cookie header of an HTTP request.
21 type Cookie struct {
22 Name string
23 Value string
24 Path string
25 Domain string
26 Expires time.Time
27 RawExpires string
28
29 // MaxAge=0 means no 'Max-Age' attribute specified.
30 // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
31 // MaxAge>0 means Max-Age attribute present and given in seconds
32 MaxAge int
33 Secure bool
34 HttpOnly bool
35 Raw string
36 Unparsed []string // Raw text of unparsed attribute-value pairs
37 }
38
39 // readSetCookies parses all "Set-Cookie" values from
40 // the header h and returns the successfully parsed Cookies.
41 func readSetCookies(h Header) []*Cookie {
42 cookies := []*Cookie{}
43 for _, line := range h["Set-Cookie"] {
44 parts := strings.Split(strings.TrimSpace(line), ";")
45 if len(parts) == 1 && parts[0] == "" {
46 continue
47 }
48 parts[0] = strings.TrimSpace(parts[0])
49 j := strings.Index(parts[0], "=")
50 if j < 0 {
51 continue
52 }
53 name, value := parts[0][:j], parts[0][j+1:]
54 if !isCookieNameValid(name) {
55 continue
56 }
57 value, success := parseCookieValue(value)
58 if !success {
59 continue
60 }
61 c := &Cookie{
62 Name: name,
63 Value: value,
64 Raw: line,
65 }
66 for i := 1; i < len(parts); i++ {
67 parts[i] = strings.TrimSpace(parts[i])
68 if len(parts[i]) == 0 {
69 continue
70 }
71
72 attr, val := parts[i], ""
73 if j := strings.Index(attr, "="); j >= 0 {
74 attr, val = attr[:j], attr[j+1:]
75 }
76 lowerAttr := strings.ToLower(attr)
77 parseCookieValueFn := parseCookieValue
78 if lowerAttr == "expires" {
79 parseCookieValueFn = parseCookieExpiresValue
80 }
81 val, success = parseCookieValueFn(val)
82 if !success {
83 c.Unparsed = append(c.Unparsed, parts[i])
84 continue
85 }
86 switch lowerAttr {
87 case "secure":
88 c.Secure = true
89 continue
90 case "httponly":
91 c.HttpOnly = true
92 continue
93 case "domain":
94 c.Domain = val
95 // TODO: Add domain parsing
96 continue
97 case "max-age":
98 secs, err := strconv.Atoi(val)
99 if err != nil || secs != 0 && val[0] == '0' {
100 break
101 }
102 if secs <= 0 {
103 c.MaxAge = -1
104 } else {
105 c.MaxAge = secs
106 }
107 continue
108 case "expires":
109 c.RawExpires = val
110 exptime, err := time.Parse(time.RFC1123, val)
111 if err != nil {
112 exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", val)
113 if err != nil {
114 c.Expires = time.Time{}
115 break
116 }
117 }
118 c.Expires = exptime.UTC()
119 continue
120 case "path":
121 c.Path = val
122 // TODO: Add path parsing
123 continue
124 }
125 c.Unparsed = append(c.Unparsed, parts[i])
126 }
127 cookies = append(cookies, c)
128 }
129 return cookies
130 }
131
132 // SetCookie adds a Set-Cookie header to the provided ResponseWriter's headers.
133 func SetCookie(w ResponseWriter, cookie *Cookie) {
134 w.Header().Add("Set-Cookie", cookie.String())
135 }
136
137 // String returns the serialization of the cookie for use in a Cookie
138 // header (if only Name and Value are set) or a Set-Cookie response
139 // header (if other fields are set).
140 func (c *Cookie) String() string {
141 var b bytes.Buffer
142 fmt.Fprintf(&b, "%s=%s", sanitizeName(c.Name), sanitizeValue(c.Value))
143 if len(c.Path) > 0 {
144 fmt.Fprintf(&b, "; Path=%s", sanitizeValue(c.Path))
145 }
146 if len(c.Domain) > 0 {
147 fmt.Fprintf(&b, "; Domain=%s", sanitizeValue(c.Domain))
148 }
149 if c.Expires.Unix() > 0 {
150 fmt.Fprintf(&b, "; Expires=%s", c.Expires.UTC().Format(time.RFC1123))
151 }
152 if c.MaxAge > 0 {
153 fmt.Fprintf(&b, "; Max-Age=%d", c.MaxAge)
154 } else if c.MaxAge < 0 {
155 fmt.Fprintf(&b, "; Max-Age=0")
156 }
157 if c.HttpOnly {
158 fmt.Fprintf(&b, "; HttpOnly")
159 }
160 if c.Secure {
161 fmt.Fprintf(&b, "; Secure")
162 }
163 return b.String()
164 }
165
166 // readCookies parses all "Cookie" values from the header h and
167 // returns the successfully parsed Cookies.
168 //
169 // if filter isn't empty, only cookies of that name are returned
170 func readCookies(h Header, filter string) []*Cookie {
171 cookies := []*Cookie{}
172 lines, ok := h["Cookie"]
173 if !ok {
174 return cookies
175 }
176
177 for _, line := range lines {
178 parts := strings.Split(strings.TrimSpace(line), ";")
179 if len(parts) == 1 && parts[0] == "" {
180 continue
181 }
182 // Per-line attributes
183 parsedPairs := 0
184 for i := 0; i < len(parts); i++ {
185 parts[i] = strings.TrimSpace(parts[i])
186 if len(parts[i]) == 0 {
187 continue
188 }
189 name, val := parts[i], ""
190 if j := strings.Index(name, "="); j >= 0 {
191 name, val = name[:j], name[j+1:]
192 }
193 if !isCookieNameValid(name) {
194 continue
195 }
196 if filter != "" && filter != name {
197 continue
198 }
199 val, success := parseCookieValue(val)
200 if !success {
201 continue
202 }
203 cookies = append(cookies, &Cookie{Name: name, Value: val})
204 parsedPairs++
205 }
206 }
207 return cookies
208 }
209
210 var cookieNameSanitizer = strings.NewReplacer("\n", "-", "\r", "-")
211
212 func sanitizeName(n string) string {
213 return cookieNameSanitizer.Replace(n)
214 }
215
216 var cookieValueSanitizer = strings.NewReplacer("\n", " ", "\r", " ", ";", " ")
217
218 func sanitizeValue(v string) string {
219 return cookieValueSanitizer.Replace(v)
220 }
221
222 func unquoteCookieValue(v string) string {
223 if len(v) > 1 && v[0] == '"' && v[len(v)-1] == '"' {
224 return v[1 : len(v)-1]
225 }
226 return v
227 }
228
229 func isCookieByte(c byte) bool {
230 switch {
231 case c == 0x21, 0x23 <= c && c <= 0x2b, 0x2d <= c && c <= 0x3a,
232 0x3c <= c && c <= 0x5b, 0x5d <= c && c <= 0x7e:
233 return true
234 }
235 return false
236 }
237
238 func isCookieExpiresByte(c byte) (ok bool) {
239 return isCookieByte(c) || c == ',' || c == ' '
240 }
241
242 func parseCookieValue(raw string) (string, bool) {
243 return parseCookieValueUsing(raw, isCookieByte)
244 }
245
246 func parseCookieExpiresValue(raw string) (string, bool) {
247 return parseCookieValueUsing(raw, isCookieExpiresByte)
248 }
249
250 func parseCookieValueUsing(raw string, validByte func(byte) bool) (string, bool) {
251 raw = unquoteCookieValue(raw)
252 for i := 0; i < len(raw); i++ {
253 if !validByte(raw[i]) {
254 return "", false
255 }
256 }
257 return raw, true
258 }
259
260 func isCookieNameValid(raw string) bool {
261 for _, c := range raw {
262 if !isToken(byte(c)) {
263 return false
264 }
265 }
266 return true
267 }