1// Copyright 2009 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package http
6
7import (
8	"bytes"
9	"fmt"
10	"log"
11	"net"
12	"strconv"
13	"strings"
14	"time"
15)
16
17// A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
18// HTTP response or the Cookie header of an HTTP request.
19//
20// See http://tools.ietf.org/html/rfc6265 for details.
21type Cookie struct {
22	Name  string
23	Value string
24
25	Path       string    // optional
26	Domain     string    // optional
27	Expires    time.Time // optional
28	RawExpires string    // for reading cookies only
29
30	// MaxAge=0 means no 'Max-Age' attribute specified.
31	// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
32	// MaxAge>0 means Max-Age attribute present and given in seconds
33	MaxAge   int
34	Secure   bool
35	HttpOnly bool
36	Raw      string
37	Unparsed []string // Raw text of unparsed attribute-value pairs
38}
39
40// readSetCookies parses all "Set-Cookie" values from
41// the header h and returns the successfully parsed Cookies.
42func readSetCookies(h Header) []*Cookie {
43	cookies := []*Cookie{}
44	for _, line := range h["Set-Cookie"] {
45		parts := strings.Split(strings.TrimSpace(line), ";")
46		if len(parts) == 1 && parts[0] == "" {
47			continue
48		}
49		parts[0] = strings.TrimSpace(parts[0])
50		j := strings.Index(parts[0], "=")
51		if j < 0 {
52			continue
53		}
54		name, value := parts[0][:j], parts[0][j+1:]
55		if !isCookieNameValid(name) {
56			continue
57		}
58		value, success := parseCookieValue(value, true)
59		if !success {
60			continue
61		}
62		c := &Cookie{
63			Name:  name,
64			Value: value,
65			Raw:   line,
66		}
67		for i := 1; i < len(parts); i++ {
68			parts[i] = strings.TrimSpace(parts[i])
69			if len(parts[i]) == 0 {
70				continue
71			}
72
73			attr, val := parts[i], ""
74			if j := strings.Index(attr, "="); j >= 0 {
75				attr, val = attr[:j], attr[j+1:]
76			}
77			lowerAttr := strings.ToLower(attr)
78			val, success = parseCookieValue(val, false)
79			if !success {
80				c.Unparsed = append(c.Unparsed, parts[i])
81				continue
82			}
83			switch lowerAttr {
84			case "secure":
85				c.Secure = true
86				continue
87			case "httponly":
88				c.HttpOnly = true
89				continue
90			case "domain":
91				c.Domain = val
92				continue
93			case "max-age":
94				secs, err := strconv.Atoi(val)
95				if err != nil || secs != 0 && val[0] == '0' {
96					break
97				}
98				if secs <= 0 {
99					c.MaxAge = -1
100				} else {
101					c.MaxAge = secs
102				}
103				continue
104			case "expires":
105				c.RawExpires = val
106				exptime, err := time.Parse(time.RFC1123, val)
107				if err != nil {
108					exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", val)
109					if err != nil {
110						c.Expires = time.Time{}
111						break
112					}
113				}
114				c.Expires = exptime.UTC()
115				continue
116			case "path":
117				c.Path = val
118				continue
119			}
120			c.Unparsed = append(c.Unparsed, parts[i])
121		}
122		cookies = append(cookies, c)
123	}
124	return cookies
125}
126
127// SetCookie adds a Set-Cookie header to the provided ResponseWriter's headers.
128// The provided cookie must have a valid Name. Invalid cookies may be
129// silently dropped.
130func SetCookie(w ResponseWriter, cookie *Cookie) {
131	if v := cookie.String(); v != "" {
132		w.Header().Add("Set-Cookie", v)
133	}
134}
135
136// String returns the serialization of the cookie for use in a Cookie
137// header (if only Name and Value are set) or a Set-Cookie response
138// header (if other fields are set).
139// If c is nil or c.Name is invalid, the empty string is returned.
140func (c *Cookie) String() string {
141	if c == nil || !isCookieNameValid(c.Name) {
142		return ""
143	}
144	var b bytes.Buffer
145	fmt.Fprintf(&b, "%s=%s", sanitizeCookieName(c.Name), sanitizeCookieValue(c.Value))
146	if len(c.Path) > 0 {
147		fmt.Fprintf(&b, "; Path=%s", sanitizeCookiePath(c.Path))
148	}
149	if len(c.Domain) > 0 {
150		if validCookieDomain(c.Domain) {
151			// A c.Domain containing illegal characters is not
152			// sanitized but simply dropped which turns the cookie
153			// into a host-only cookie. A leading dot is okay
154			// but won't be sent.
155			d := c.Domain
156			if d[0] == '.' {
157				d = d[1:]
158			}
159			fmt.Fprintf(&b, "; Domain=%s", d)
160		} else {
161			log.Printf("net/http: invalid Cookie.Domain %q; dropping domain attribute",
162				c.Domain)
163		}
164	}
165	if c.Expires.Unix() > 0 {
166		fmt.Fprintf(&b, "; Expires=%s", c.Expires.UTC().Format(TimeFormat))
167	}
168	if c.MaxAge > 0 {
169		fmt.Fprintf(&b, "; Max-Age=%d", c.MaxAge)
170	} else if c.MaxAge < 0 {
171		fmt.Fprintf(&b, "; Max-Age=0")
172	}
173	if c.HttpOnly {
174		fmt.Fprintf(&b, "; HttpOnly")
175	}
176	if c.Secure {
177		fmt.Fprintf(&b, "; Secure")
178	}
179	return b.String()
180}
181
182// readCookies parses all "Cookie" values from the header h and
183// returns the successfully parsed Cookies.
184//
185// if filter isn't empty, only cookies of that name are returned
186func readCookies(h Header, filter string) []*Cookie {
187	cookies := []*Cookie{}
188	lines, ok := h["Cookie"]
189	if !ok {
190		return cookies
191	}
192
193	for _, line := range lines {
194		parts := strings.Split(strings.TrimSpace(line), ";")
195		if len(parts) == 1 && parts[0] == "" {
196			continue
197		}
198		// Per-line attributes
199		parsedPairs := 0
200		for i := 0; i < len(parts); i++ {
201			parts[i] = strings.TrimSpace(parts[i])
202			if len(parts[i]) == 0 {
203				continue
204			}
205			name, val := parts[i], ""
206			if j := strings.Index(name, "="); j >= 0 {
207				name, val = name[:j], name[j+1:]
208			}
209			if !isCookieNameValid(name) {
210				continue
211			}
212			if filter != "" && filter != name {
213				continue
214			}
215			val, success := parseCookieValue(val, true)
216			if !success {
217				continue
218			}
219			cookies = append(cookies, &Cookie{Name: name, Value: val})
220			parsedPairs++
221		}
222	}
223	return cookies
224}
225
226// validCookieDomain returns wheter v is a valid cookie domain-value.
227func validCookieDomain(v string) bool {
228	if isCookieDomainName(v) {
229		return true
230	}
231	if net.ParseIP(v) != nil && !strings.Contains(v, ":") {
232		return true
233	}
234	return false
235}
236
237// isCookieDomainName returns whether s is a valid domain name or a valid
238// domain name with a leading dot '.'.  It is almost a direct copy of
239// package net's isDomainName.
240func isCookieDomainName(s string) bool {
241	if len(s) == 0 {
242		return false
243	}
244	if len(s) > 255 {
245		return false
246	}
247
248	if s[0] == '.' {
249		// A cookie a domain attribute may start with a leading dot.
250		s = s[1:]
251	}
252	last := byte('.')
253	ok := false // Ok once we've seen a letter.
254	partlen := 0
255	for i := 0; i < len(s); i++ {
256		c := s[i]
257		switch {
258		default:
259			return false
260		case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z':
261			// No '_' allowed here (in contrast to package net).
262			ok = true
263			partlen++
264		case '0' <= c && c <= '9':
265			// fine
266			partlen++
267		case c == '-':
268			// Byte before dash cannot be dot.
269			if last == '.' {
270				return false
271			}
272			partlen++
273		case c == '.':
274			// Byte before dot cannot be dot, dash.
275			if last == '.' || last == '-' {
276				return false
277			}
278			if partlen > 63 || partlen == 0 {
279				return false
280			}
281			partlen = 0
282		}
283		last = c
284	}
285	if last == '-' || partlen > 63 {
286		return false
287	}
288
289	return ok
290}
291
292var cookieNameSanitizer = strings.NewReplacer("\n", "-", "\r", "-")
293
294func sanitizeCookieName(n string) string {
295	return cookieNameSanitizer.Replace(n)
296}
297
298// http://tools.ietf.org/html/rfc6265#section-4.1.1
299// cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
300// cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
301//           ; US-ASCII characters excluding CTLs,
302//           ; whitespace DQUOTE, comma, semicolon,
303//           ; and backslash
304// We loosen this as spaces and commas are common in cookie values
305// but we produce a quoted cookie-value in when value starts or ends
306// with a comma or space.
307// See https://golang.org/issue/7243 for the discussion.
308func sanitizeCookieValue(v string) string {
309	v = sanitizeOrWarn("Cookie.Value", validCookieValueByte, v)
310	if len(v) == 0 {
311		return v
312	}
313	if v[0] == ' ' || v[0] == ',' || v[len(v)-1] == ' ' || v[len(v)-1] == ',' {
314		return `"` + v + `"`
315	}
316	return v
317}
318
319func validCookieValueByte(b byte) bool {
320	return 0x20 <= b && b < 0x7f && b != '"' && b != ';' && b != '\\'
321}
322
323// path-av           = "Path=" path-value
324// path-value        = <any CHAR except CTLs or ";">
325func sanitizeCookiePath(v string) string {
326	return sanitizeOrWarn("Cookie.Path", validCookiePathByte, v)
327}
328
329func validCookiePathByte(b byte) bool {
330	return 0x20 <= b && b < 0x7f && b != ';'
331}
332
333func sanitizeOrWarn(fieldName string, valid func(byte) bool, v string) string {
334	ok := true
335	for i := 0; i < len(v); i++ {
336		if valid(v[i]) {
337			continue
338		}
339		log.Printf("net/http: invalid byte %q in %s; dropping invalid bytes", v[i], fieldName)
340		ok = false
341		break
342	}
343	if ok {
344		return v
345	}
346	buf := make([]byte, 0, len(v))
347	for i := 0; i < len(v); i++ {
348		if b := v[i]; valid(b) {
349			buf = append(buf, b)
350		}
351	}
352	return string(buf)
353}
354
355func parseCookieValue(raw string, allowDoubleQuote bool) (string, bool) {
356	// Strip the quotes, if present.
357	if allowDoubleQuote && len(raw) > 1 && raw[0] == '"' && raw[len(raw)-1] == '"' {
358		raw = raw[1 : len(raw)-1]
359	}
360	for i := 0; i < len(raw); i++ {
361		if !validCookieValueByte(raw[i]) {
362			return "", false
363		}
364	}
365	return raw, true
366}
367
368func isCookieNameValid(raw string) bool {
369	if raw == "" {
370		return false
371	}
372	return strings.IndexFunc(raw, isNotToken) < 0
373}
374