aboutsummaryrefslogtreecommitdiffstats
path: root/src/cowboy_cookies.erl
diff options
context:
space:
mode:
Diffstat (limited to 'src/cowboy_cookies.erl')
-rw-r--r--src/cowboy_cookies.erl405
1 files changed, 405 insertions, 0 deletions
diff --git a/src/cowboy_cookies.erl b/src/cowboy_cookies.erl
new file mode 100644
index 0000000..acaefee
--- /dev/null
+++ b/src/cowboy_cookies.erl
@@ -0,0 +1,405 @@
+%% Copyright 2007 Mochi Media, Inc.
+%% Copyright 2011 Thomas Burdick <[email protected]>
+%%
+%% Permission to use, copy, modify, and/or distribute this software for any
+%% purpose with or without fee is hereby granted, provided that the above
+%% copyright notice and this permission notice appear in all copies.
+%%
+%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+%% @doc HTTP Cookie parsing and generating (RFC 2965).
+
+-module(cowboy_cookies).
+
+%% API.
+-export([parse_cookie/1, cookie/3, cookie/2]).
+
+%% Types.
+-type kv() :: {Name::binary(), Value::binary()}.
+-type kvlist() :: [kv()].
+-type cookie_option() :: {max_age, integer()}
+ | {local_time, {calendar:date(), calendar:time()}}
+ | {domain, binary()} | {path, binary()}
+ | {secure, true | false} | {http_only, true | false}.
+-export_type([kv/0, kvlist/0, cookie_option/0]).
+
+-define(QUOTE, $\").
+
+-include_lib("eunit/include/eunit.hrl").
+
+
+%% ----------------------------------------------------------------------------
+%% API
+%% ----------------------------------------------------------------------------
+
+%% @doc Parse the contents of a Cookie header field, ignoring cookie
+%% attributes, and return a simple property list.
+-spec parse_cookie(binary()) -> kvlist().
+parse_cookie(<<>>) ->
+ [];
+parse_cookie(Cookie) ->
+ parse_cookie(Cookie, []).
+
+%% @doc Short-hand for <code>cookie(Key, Value, [])</code>.
+-spec cookie(binary(), binary()) -> kvlist().
+cookie(Key, Value) ->
+ cookie(Key, Value, []).
+
+%% @doc Generate a Set-Cookie header field tuple.
+-spec cookie(binary(), binary(), [cookie_option()]) -> kvlist().
+cookie(Key, Value, Options) ->
+ Cookie = <<(any_to_binary(Key))/binary, "=", (quote(Value))/binary, "; Version=1">>,
+ %% Set-Cookie:
+ %% Comment, Domain, Max-Age, Path, Secure, Version
+ ExpiresPart =
+ case proplists:get_value(max_age, Options) of
+ undefined ->
+ <<"">>;
+ RawAge ->
+ When = case proplists:get_value(local_time, Options) of
+ undefined ->
+ calendar:local_time();
+ LocalTime ->
+ LocalTime
+ end,
+ Age = case RawAge < 0 of
+ true ->
+ 0;
+ false ->
+ RawAge
+ end,
+ AgeBinary = quote(Age),
+ CookieDate = age_to_cookie_date(Age, When),
+ <<"; Expires=", CookieDate/binary,
+ "; Max-Age=", AgeBinary/binary>>
+ end,
+ SecurePart =
+ case proplists:get_value(secure, Options) of
+ true ->
+ <<"; Secure">>;
+ _ ->
+ <<"">>
+ end,
+ DomainPart =
+ case proplists:get_value(domain, Options) of
+ undefined ->
+ <<"">>;
+ Domain ->
+ <<"; Domain=", (quote(Domain))/binary>>
+ end,
+ PathPart =
+ case proplists:get_value(path, Options) of
+ undefined ->
+ <<"">>;
+ Path ->
+ <<"; Path=", (quote(Path))/binary>>
+ end,
+ HttpOnlyPart =
+ case proplists:get_value(http_only, Options) of
+ true ->
+ <<"; HttpOnly">>;
+ _ ->
+ <<"">>
+ end,
+ CookieParts = <<Cookie/binary, ExpiresPart/binary, SecurePart/binary, DomainPart/binary, PathPart/binary, HttpOnlyPart/binary>>,
+ {<<"Set-Cookie">>, CookieParts}.
+
+
+%% ----------------------------------------------------------------------------
+%% Private
+%% ----------------------------------------------------------------------------
+
+%% @doc Check if a character is a white space character.
+-spec is_whitespace(char()) -> boolean().
+is_whitespace($\s) -> true;
+is_whitespace($\t) -> true;
+is_whitespace($\r) -> true;
+is_whitespace($\n) -> true;
+is_whitespace(_) -> false.
+
+%% @doc Check if a character is a seperator.
+-spec is_separator(char()) -> boolean().
+is_separator(C) when C < 32 -> true;
+is_separator($\s) -> true;
+is_separator($\t) -> true;
+is_separator($() -> true;
+is_separator($)) -> true;
+is_separator($<) -> true;
+is_separator($>) -> true;
+is_separator($@) -> true;
+is_separator($,) -> true;
+is_separator($;) -> true;
+is_separator($:) -> true;
+is_separator($\\) -> true;
+is_separator(?QUOTE) -> true;
+is_separator($/) -> true;
+is_separator($[) -> true;
+is_separator($]) -> true;
+is_separator($?) -> true;
+is_separator($=) -> true;
+is_separator(${) -> true;
+is_separator($}) -> true;
+is_separator(_) -> false.
+
+%% @doc Check if a binary has an ASCII seperator character.
+-spec has_seperator(binary()) -> boolean().
+has_seperator(<<>>) ->
+ false;
+has_seperator(<<$/, Rest/binary>>) ->
+ has_seperator(Rest);
+has_seperator(<<C, Rest/binary>>) ->
+ case is_separator(C) of
+ true ->
+ true;
+ false ->
+ has_seperator(Rest)
+ end.
+
+%% @doc Convert to a binary and raise an error if quoting is required. Quoting
+%% is broken in different ways for different browsers. Its better to simply
+%% avoiding doing it at all.
+%% @end
+-spec quote(term()) -> binary().
+quote(V0) ->
+ V = any_to_binary(V0),
+ case has_seperator(V) of
+ true ->
+ erlang:error({cookie_quoting_required, V});
+ false ->
+ V
+ end.
+
+-spec add_seconds(integer(), cowboy_clock:datetime()) -> cowboy_clock:datetime().
+add_seconds(Secs, LocalTime) ->
+ Greg = calendar:datetime_to_gregorian_seconds(LocalTime),
+ calendar:gregorian_seconds_to_datetime(Greg + Secs).
+
+-spec age_to_cookie_date(integer(), cowboy_clock:datetime()) -> binary().
+age_to_cookie_date(Age, LocalTime) ->
+ cowboy_clock:rfc2109(add_seconds(Age, LocalTime)).
+
+-spec parse_cookie(binary(), kvlist()) -> kvlist().
+parse_cookie(<<>>, Acc) ->
+ lists:reverse(Acc);
+parse_cookie(String, Acc) ->
+ {{Token, Value}, Rest} = read_pair(String),
+ Acc1 = case Token of
+ <<"">> ->
+ Acc;
+ <<"$", _R/binary>> ->
+ Acc;
+ _ ->
+ [{Token, Value} | Acc]
+ end,
+ parse_cookie(Rest, Acc1).
+
+-spec read_pair(binary()) -> {binary(), binary(), binary()}.
+read_pair(String) ->
+ {Token, Rest} = read_token(skip_whitespace(String)),
+ {Value, Rest1} = read_value(skip_whitespace(Rest)),
+ {{Token, Value}, skip_past_separator(Rest1)}.
+
+-spec read_value(binary()) -> {binary(), binary()}.
+read_value(<<"=", Value/binary>>) ->
+ Value1 = skip_whitespace(Value),
+ case Value1 of
+ <<?QUOTE, _R/binary>> ->
+ read_quoted(Value1);
+ _ ->
+ read_token(Value1)
+ end;
+read_value(String) ->
+ {<<"">>, String}.
+
+-spec read_quoted(binary()) -> {binary(), binary()}.
+read_quoted(<<?QUOTE, String/binary>>) ->
+ read_quoted(String, <<"">>).
+
+-spec read_quoted(binary(), binary()) -> {binary(), binary()}.
+read_quoted(<<"">>, Acc) ->
+ {Acc, <<"">>};
+read_quoted(<<?QUOTE, Rest/binary>>, Acc) ->
+ {Acc, Rest};
+read_quoted(<<$\\, Any, Rest/binary>>, Acc) ->
+ read_quoted(Rest, <<Acc/binary, Any>>);
+read_quoted(<<C, Rest/binary>>, Acc) ->
+ read_quoted(Rest, <<Acc/binary, C>>).
+
+
+%% @doc Drop characters while a function returns true.
+-spec binary_dropwhile(fun((char()) -> boolean()), binary()) -> binary().
+binary_dropwhile(_F, <<"">>) ->
+ <<"">>;
+binary_dropwhile(F, String) ->
+ <<C, Rest/binary>> = String,
+ case F(C) of
+ true ->
+ binary_dropwhile(F, Rest);
+ false ->
+ String
+ end.
+
+%% @doc Remove leading whitespace.
+-spec skip_whitespace(binary()) -> binary().
+skip_whitespace(String) ->
+ binary_dropwhile(fun is_whitespace/1, String).
+
+%% @doc Split a binary when the current character causes F to return true.
+-spec binary_splitwith(fun((char()) -> boolean()), binary(), binary()) -> {binary(), binary()}.
+binary_splitwith(_F, Head, <<>>) ->
+ {Head, <<>>};
+binary_splitwith(F, Head, Tail) ->
+ <<C, NTail/binary>> = Tail,
+ case F(C) of
+ true ->
+ {Head, Tail};
+ false ->
+ binary_splitwith(F, <<Head/binary, C>>, NTail)
+ end.
+
+%% @doc Split a binary with a function returning true or false on each char.
+-spec binary_splitwith(fun((char()) -> boolean()), binary()) -> {binary(), binary()}.
+binary_splitwith(F, String) ->
+ binary_splitwith(F, <<>>, String).
+
+%% @doc Split the binary when the next seperator is found.
+-spec read_token(binary()) -> {binary(), binary()}.
+read_token(String) ->
+ binary_splitwith(fun is_separator/1, String).
+
+%% @doc Return string after ; or , characters.
+-spec skip_past_separator(binary()) -> binary().
+skip_past_separator(<<"">>) ->
+ <<"">>;
+skip_past_separator(<<";", Rest/binary>>) ->
+ Rest;
+skip_past_separator(<<",", Rest/binary>>) ->
+ Rest;
+skip_past_separator(<<_C, Rest/binary>>) ->
+ skip_past_separator(Rest).
+
+-spec any_to_binary(binary() | string() | atom() | integer()) -> binary().
+any_to_binary(V) when is_binary(V) ->
+ V;
+any_to_binary(V) when is_list(V) ->
+ erlang:list_to_binary(V);
+any_to_binary(V) when is_atom(V) ->
+ erlang:atom_to_binary(V, latin1);
+any_to_binary(V) when is_integer(V) ->
+ list_to_binary(integer_to_list(V)).
+
+%% ----------------------------------------------------------------------------
+%% Tests
+%% ----------------------------------------------------------------------------
+
+-ifdef(TEST).
+
+quote_test() ->
+ %% ?assertError eunit macro is not compatible with coverage module
+ try quote(<<":wq">>)
+ catch error:{cookie_quoting_required, <<":wq">>} -> ok
+ end,
+ ?assertEqual(<<"foo">>,quote(foo)),
+ ok.
+
+parse_cookie_test() ->
+ %% RFC example
+ C1 = <<"$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\";
+ Part_Number=\"Rocket_Launcher_0001\"; $Path=\"/acme\";
+ Shipping=\"FedEx\"; $Path=\"/acme\"">>,
+ ?assertEqual(
+ [{<<"Customer">>,<<"WILE_E_COYOTE">>},
+ {<<"Part_Number">>,<<"Rocket_Launcher_0001">>},
+ {<<"Shipping">>,<<"FedEx">>}],
+ parse_cookie(C1)),
+ %% Potential edge cases
+ ?assertEqual(
+ [{<<"foo">>, <<"x">>}],
+ parse_cookie(<<"foo=\"\\x\"">>)),
+ ?assertEqual(
+ [],
+ parse_cookie(<<"=">>)),
+ ?assertEqual(
+ [{<<"foo">>, <<"">>}, {<<"bar">>, <<"">>}],
+ parse_cookie(<<" foo ; bar ">>)),
+ ?assertEqual(
+ [{<<"foo">>, <<"">>}, {<<"bar">>, <<"">>}],
+ parse_cookie(<<"foo=;bar=">>)),
+ ?assertEqual(
+ [{<<"foo">>, <<"\";">>}, {<<"bar">>, <<"">>}],
+ parse_cookie(<<"foo = \"\\\";\";bar ">>)),
+ ?assertEqual(
+ [{<<"foo">>, <<"\";bar">>}],
+ parse_cookie(<<"foo=\"\\\";bar">>)),
+ ?assertEqual(
+ [],
+ parse_cookie(<<"">>)),
+ ?assertEqual(
+ [{<<"foo">>, <<"bar">>}, {<<"baz">>, <<"wibble">>}],
+ parse_cookie(<<"foo=bar , baz=wibble ">>)),
+ ok.
+
+domain_test() ->
+ ?assertEqual(
+ {<<"Set-Cookie">>,
+ <<"Customer=WILE_E_COYOTE; "
+ "Version=1; "
+ "Domain=acme.com; "
+ "HttpOnly">>},
+ cookie(<<"Customer">>, <<"WILE_E_COYOTE">>,
+ [{http_only, true}, {domain, <<"acme.com">>}])),
+ ok.
+
+local_time_test() ->
+ {<<"Set-Cookie">>, B} = cookie(<<"Customer">>, <<"WILE_E_COYOTE">>,
+ [{max_age, 111}, {secure, true}]),
+
+ ?assertMatch(
+ [<<"Customer=WILE_E_COYOTE">>,
+ <<" Version=1">>,
+ <<" Expires=", _R/binary>>,
+ <<" Max-Age=111">>,
+ <<" Secure">>],
+ binary:split(B, <<";">>, [global])),
+ ok.
+
+cookie_test() ->
+ C1 = {<<"Set-Cookie">>,
+ <<"Customer=WILE_E_COYOTE; "
+ "Version=1; "
+ "Path=/acme">>},
+ C1 = cookie(<<"Customer">>, <<"WILE_E_COYOTE">>, [{path, <<"/acme">>}]),
+
+ C1 = cookie(<<"Customer">>, <<"WILE_E_COYOTE">>,
+ [{path, <<"/acme">>}, {badoption, <<"negatory">>}]),
+
+ C1 = cookie('Customer', 'WILE_E_COYOTE', [{path, '/acme'}]),
+
+ C1 = cookie("Customer", "WILE_E_COYOTE", [{path, "/acme"}]),
+
+ {<<"Set-Cookie">>,<<"=NoKey; Version=1">>} = cookie(<<"">>, <<"NoKey">>, []),
+ {<<"Set-Cookie">>,<<"=NoKey; Version=1">>} = cookie(<<"">>, <<"NoKey">>),
+ LocalTime = calendar:universal_time_to_local_time({{2007, 5, 15}, {13, 45, 33}}),
+ C2 = {<<"Set-Cookie">>,
+ <<"Customer=WILE_E_COYOTE; "
+ "Version=1; "
+ "Expires=Tue, 15 May 2007 13:45:33 GMT; "
+ "Max-Age=0">>},
+ C2 = cookie(<<"Customer">>, <<"WILE_E_COYOTE">>,
+ [{max_age, -111}, {local_time, LocalTime}]),
+ C3 = {<<"Set-Cookie">>,
+ <<"Customer=WILE_E_COYOTE; "
+ "Version=1; "
+ "Expires=Wed, 16 May 2007 13:45:50 GMT; "
+ "Max-Age=86417">>},
+ C3 = cookie(<<"Customer">>, <<"WILE_E_COYOTE">>,
+ [{max_age, 86417}, {local_time, LocalTime}]),
+ ok.
+
+-endif.