diff options
author | Micael Karlberg <[email protected]> | 2010-01-13 16:18:24 +0000 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2010-01-13 16:18:24 +0000 |
commit | 6153ba7599f2ce1ab22959a40b6ca33b4238f0d0 (patch) | |
tree | a81d50b08c7828d3662dd50e48bcf55b72f507b2 /lib/inets/src/http_client/httpc_cookie.erl | |
parent | 68c2f188c3446f53fad03d0f652207a9a8bb1946 (diff) | |
download | otp-6153ba7599f2ce1ab22959a40b6ca33b4238f0d0.tar.gz otp-6153ba7599f2ce1ab22959a40b6ca33b4238f0d0.tar.bz2 otp-6153ba7599f2ce1ab22959a40b6ca33b4238f0d0.zip |
OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,
OTP-8351, OTP-8359 & OTP-8371.
Diffstat (limited to 'lib/inets/src/http_client/httpc_cookie.erl')
-rw-r--r-- | lib/inets/src/http_client/httpc_cookie.erl | 495 |
1 files changed, 495 insertions, 0 deletions
diff --git a/lib/inets/src/http_client/httpc_cookie.erl b/lib/inets/src/http_client/httpc_cookie.erl new file mode 100644 index 0000000000..586701b4a1 --- /dev/null +++ b/lib/inets/src/http_client/httpc_cookie.erl @@ -0,0 +1,495 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2010. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% Description: Cookie handling according to RFC 2109 + +-module(httpc_cookie). + +-include("httpc_internal.hrl"). + +-export([open_db/3, close_db/1, insert/2, header/4, cookies/3]). +-export([reset_db/1, which_cookies/1]). + +-record(cookie_db, {db, session_db}). + + +%%%========================================================================= +%%% API +%%%========================================================================= + +%%-------------------------------------------------------------------- +%% Func: open_db(DbName, DbDir, SessionDbName) -> #cookie_db{} +%% Purpose: Create the cookie db +%%-------------------------------------------------------------------- + +open_db(_, only_session_cookies, SessionDbName) -> + ?hcrt("open (session cookies only) db", + [{session_db_name, SessionDbName}]), + SessionDb = ets:new(SessionDbName, + [protected, bag, {keypos, #http_cookie.domain}]), + #cookie_db{session_db = SessionDb}; + +open_db(Name, Dir, SessionDbName) -> + ?hcrt("open db", + [{name, Name}, {dir, Dir}, {session_db_name, SessionDbName}]), + File = filename:join(Dir, atom_to_list(Name)), + case dets:open_file(Name, [{keypos, #http_cookie.domain}, + {type, bag}, + {file, File}, + {ram_file, true}]) of + {ok, Db} -> + SessionDb = ets:new(SessionDbName, + [protected, bag, + {keypos, #http_cookie.domain}]), + #cookie_db{db = Db, session_db = SessionDb}; + {error, Reason} -> + throw({error, {failed_open_file, Name, File, Reason}}) + end. + + +%%-------------------------------------------------------------------- +%% Func: reset_db(CookieDb) -> void() +%% Purpose: Reset (empty) the cookie database +%% +%%-------------------------------------------------------------------- + +reset_db(#cookie_db{db = undefined, session_db = SessionDb}) -> + ets:delete_all_objects(SessionDb), + ok; +reset_db(#cookie_db{db = Db, session_db = SessionDb}) -> + dets:delete_all_objects(Db), + ets:delete_all_objects(SessionDb), + ok. + + +%%-------------------------------------------------------------------- +%% Func: close_db(CookieDb) -> ok +%% Purpose: Close the cookie db +%%-------------------------------------------------------------------- + +close_db(#cookie_db{db = Db, session_db = SessionDb}) -> + ?hcrt("close db", []), + maybe_dets_close(Db), + ets:delete(SessionDb), + ok. + +maybe_dets_close(undefined) -> + ok; +maybe_dets_close(Db) -> + dets:close(Db). + + +%%-------------------------------------------------------------------- +%% Func: insert(CookieDb) -> ok +%% Purpose: Close the cookie db +%%-------------------------------------------------------------------- + +%% If no persistent cookie database is defined we +%% treat all cookies as if they where session cookies. +insert(#cookie_db{db = undefined} = CookieDb, + #http_cookie{max_age = Int} = Cookie) when is_integer(Int) -> + insert(CookieDb, Cookie#http_cookie{max_age = session}); + +insert(#cookie_db{session_db = SessionDb} = CookieDb, + #http_cookie{domain = Key, + name = Name, + path = Path, + max_age = session} = Cookie) -> + ?hcrt("insert session cookie", [{cookie, Cookie}]), + Pattern = #http_cookie{domain = Key, name = Name, path = Path, _ = '_'}, + case ets:match_object(SessionDb, Pattern) of + [] -> + ets:insert(SessionDb, Cookie); + [NewCookie] -> + delete(CookieDb, NewCookie), + ets:insert(SessionDb, Cookie) + end, + ok; +insert(#cookie_db{db = Db} = CookieDb, + #http_cookie{domain = Key, + name = Name, + path = Path, + max_age = 0}) -> + ?hcrt("insert", [{domain, Key}, {name, Name}, {path, Path}]), + Pattern = #http_cookie{domain = Key, name = Name, path = Path, _ = '_'}, + case dets:match_object(Db, Pattern) of + [] -> + ok; + [NewCookie] -> + delete(CookieDb, NewCookie) + end, + ok; +insert(#cookie_db{db = Db} = CookieDb, + #http_cookie{domain = Key, name = Name, path = Path} = Cookie) -> + ?hcrt("insert", [{cookie, Cookie}]), + Pattern = #http_cookie{domain = Key, + name = Name, + path = Path, + _ = '_'}, + case dets:match_object(Db, Pattern) of + [] -> + dets:insert(Db, Cookie); + [OldCookie] -> + delete(CookieDb, OldCookie), + dets:insert(Db, Cookie) + end, + ok. + + + +%%-------------------------------------------------------------------- +%% Func: header(CookieDb) -> ok +%% Purpose: Cookies +%%-------------------------------------------------------------------- + +header(CookieDb, Scheme, {Host, _}, Path) -> + ?hcrd("header", [{scheme, Scheme}, {host, Host}, {path, Path}]), + case lookup_cookies(CookieDb, Host, Path) of + [] -> + {"cookie", ""}; + Cookies -> + {"cookie", cookies_to_string(Scheme, Cookies)} + end. + + +%%-------------------------------------------------------------------- +%% Func: cookies(Headers, RequestPath, RequestHost) -> [cookie()] +%% Purpose: Which cookies are stored +%%-------------------------------------------------------------------- + +cookies(Headers, RequestPath, RequestHost) -> + ?hcrt("cookies", [{headers, Headers}, + {request_path, RequestPath}, + {request_host, RequestHost}]), + Cookies = parse_set_cookies(Headers, {RequestPath, RequestHost}), + accept_cookies(Cookies, RequestPath, RequestHost). + + +%%-------------------------------------------------------------------- +%% Func: which_cookies(CookieDb) -> [cookie()] +%% Purpose: For test and debug purpose, +%% dump the entire cookie database +%%-------------------------------------------------------------------- + +which_cookies(#cookie_db{db = undefined, session_db = SessionDb}) -> + SessionCookies = ets:tab2list(SessionDb), + [{session_cookies, SessionCookies}]; +which_cookies(#cookie_db{db = Db, session_db = SessionDb}) -> + Cookies = dets:match_object(Db, '_'), + SessionCookies = ets:tab2list(SessionDb), + [{cookies, Cookies}, {session_cookies, SessionCookies}]. + + +%%%======================================================================== +%%% Internal functions +%%%======================================================================== + +delete(#cookie_db{session_db = SessionDb}, + #http_cookie{max_age = session} = Cookie) -> + ets:delete_object(SessionDb, Cookie); +delete(#cookie_db{db = Db}, Cookie) -> + dets:delete_object(Db, Cookie). + + +lookup_cookies(#cookie_db{db = undefined, session_db = SessionDb}, Key) -> + Pattern = #http_cookie{domain = Key, _ = '_'}, + Cookies = ets:match_object(SessionDb, Pattern), + ?hcrt("lookup cookies", [{cookies, Cookies}]), + Cookies; + +lookup_cookies(#cookie_db{db = Db, session_db = SessionDb}, Key) -> + Pattern = #http_cookie{domain = Key, _ = '_'}, + SessionCookies = ets:match_object(SessionDb, Pattern), + ?hcrt("lookup cookies", [{session_cookies, SessionCookies}]), + Cookies = dets:match_object(Db, Pattern), + ?hcrt("lookup cookies", [{cookies, Cookies}]), + Cookies ++ SessionCookies. + + +lookup_cookies(CookieDb, Host, Path) -> + Cookies = + case http_util:is_hostname(Host) of + true -> + HostCookies = lookup_cookies(CookieDb, Host), + [_| DomainParts] = string:tokens(Host, "."), + lookup_domain_cookies(CookieDb, DomainParts, HostCookies); + false -> % IP-adress + lookup_cookies(CookieDb, Host) + end, + ValidCookies = valid_cookies(CookieDb, Cookies), + lists:filter(fun(Cookie) -> + lists:prefix(Cookie#http_cookie.path, Path) + end, ValidCookies). + +%% For instance if Host=localhost +lookup_domain_cookies(_CookieDb, [], AccCookies) -> + lists:flatten(AccCookies); + +%% Top domains can not have cookies +lookup_domain_cookies(_CookieDb, [_], AccCookies) -> + lists:flatten(AccCookies); + +lookup_domain_cookies(CookieDb, [Next | DomainParts], AccCookies) -> + Domain = merge_domain_parts(DomainParts, [Next ++ "."]), + lookup_domain_cookies(CookieDb, DomainParts, + [lookup_cookies(CookieDb, Domain) | AccCookies]). + +merge_domain_parts([Part], Merged) -> + lists:flatten(["." | lists:reverse([Part | Merged])]); +merge_domain_parts([Part| Rest], Merged) -> + merge_domain_parts(Rest, [".", Part | Merged]). + +cookies_to_string(Scheme, [Cookie | _] = Cookies) -> + Version = "$Version=" ++ Cookie#http_cookie.version ++ "; ", + cookies_to_string(Scheme, path_sort(Cookies), [Version]). + +cookies_to_string(_, [], CookieStrs) -> + case length(CookieStrs) of + 1 -> + ""; + _ -> + lists:flatten(lists:reverse(CookieStrs)) + end; + +cookies_to_string(https, [#http_cookie{secure = true} = Cookie| Cookies], + CookieStrs) -> + Str = case Cookies of + [] -> + cookie_to_string(Cookie); + _ -> + cookie_to_string(Cookie) ++ "; " + end, + cookies_to_string(https, Cookies, [Str | CookieStrs]); + +cookies_to_string(Scheme, [#http_cookie{secure = true}| Cookies], + CookieStrs) -> + cookies_to_string(Scheme, Cookies, CookieStrs); + +cookies_to_string(Scheme, [Cookie | Cookies], CookieStrs) -> + Str = case Cookies of + [] -> + cookie_to_string(Cookie); + _ -> + cookie_to_string(Cookie) ++ "; " + end, + cookies_to_string(Scheme, Cookies, [Str | CookieStrs]). + +cookie_to_string(#http_cookie{name = Name, value = Value} = Cookie) -> + Str = Name ++ "=" ++ Value, + add_domain(add_path(Str, Cookie), Cookie). + +add_path(Str, #http_cookie{path_default = true}) -> + Str; +add_path(Str, #http_cookie{path = Path}) -> + Str ++ "; $Path=" ++ Path. + +add_domain(Str, #http_cookie{domain_default = true}) -> + Str; +add_domain(Str, #http_cookie{domain = Domain}) -> + Str ++ "; $Domain=" ++ Domain. + +parse_set_cookies(OtherHeaders, DefaultPathDomain) -> + SetCookieHeaders = + lists:foldl(fun({"set-cookie", Value}, Acc) -> + [string:tokens(Value, ",")| Acc]; + (_, Acc) -> + Acc + end, [], OtherHeaders), + + lists:flatten( + lists:map(fun(CookieHeader) -> + NewHeader = fix_netscape_cookie(CookieHeader, []), + parse_set_cookie(NewHeader, [], DefaultPathDomain) + end, + SetCookieHeaders)). + +parse_set_cookie([], AccCookies, _) -> + AccCookies; +parse_set_cookie([CookieHeader | CookieHeaders], AccCookies, + Defaults = {DefaultPath, DefaultDomain}) -> + [CookieStr | Attributes] = case string:tokens(CookieHeader, ";") of + [CStr] -> + [CStr, ""]; + [CStr | Attr] -> + [CStr, Attr] + end, + Pos = string:chr(CookieStr, $=), + Name = string:substr(CookieStr, 1, Pos - 1), + Value = string:substr(CookieStr, Pos + 1), + Cookie = #http_cookie{name = string:strip(Name), + value = string:strip(Value)}, + NewAttributes = parse_set_cookie_attributes(Attributes), + TmpCookie = cookie_attributes(NewAttributes, Cookie), + %% Add runtime defult values if necessary + NewCookie = domain_default(path_default(TmpCookie, DefaultPath), + DefaultDomain), + parse_set_cookie(CookieHeaders, [NewCookie | AccCookies], Defaults). + +parse_set_cookie_attributes([]) -> + []; +parse_set_cookie_attributes([Attributes]) -> + lists:map(fun(Attr) -> + [AttrName, AttrValue] = + case string:tokens(Attr, "=") of + %% All attributes have the form + %% Name=Value except "secure"! + [Name] -> + [Name, ""]; + [Name, Value] -> + [Name, Value]; + %% Anything not expected will be + %% disregarded + _ -> + ["Dummy",""] + end, + {http_util:to_lower(string:strip(AttrName)), + string:strip(AttrValue)} + end, Attributes). + +cookie_attributes([], Cookie) -> + Cookie; +cookie_attributes([{"comment", Value}| Attributes], Cookie) -> + cookie_attributes(Attributes, + Cookie#http_cookie{comment = Value}); +cookie_attributes([{"domain", Value}| Attributes], Cookie) -> + cookie_attributes(Attributes, + Cookie#http_cookie{domain = Value}); +cookie_attributes([{"max-age", Value}| Attributes], Cookie) -> + ExpireTime = cookie_expires(list_to_integer(Value)), + cookie_attributes(Attributes, + Cookie#http_cookie{max_age = ExpireTime}); +%% Backwards compatibility with netscape cookies +cookie_attributes([{"expires", Value}| Attributes], Cookie) -> + Time = http_util:convert_netscapecookie_date(Value), + ExpireTime = calendar:datetime_to_gregorian_seconds(Time), + cookie_attributes(Attributes, + Cookie#http_cookie{max_age = ExpireTime}); +cookie_attributes([{"path", Value}| Attributes], Cookie) -> + cookie_attributes(Attributes, + Cookie#http_cookie{path = Value}); +cookie_attributes([{"secure", _}| Attributes], Cookie) -> + cookie_attributes(Attributes, + Cookie#http_cookie{secure = true}); +cookie_attributes([{"version", Value}| Attributes], Cookie) -> + cookie_attributes(Attributes, + Cookie#http_cookie{version = Value}); +%% Disregard unknown attributes. +cookie_attributes([_| Attributes], Cookie) -> + cookie_attributes(Attributes, Cookie). + +domain_default(Cookie = #http_cookie{domain = undefined}, + DefaultDomain) -> + Cookie#http_cookie{domain = DefaultDomain, domain_default = true}; +domain_default(Cookie, _) -> + Cookie. + +path_default(#http_cookie{path = undefined} = Cookie, DefaultPath) -> + Cookie#http_cookie{path = skip_right_most_slash(DefaultPath), + path_default = true}; +path_default(Cookie, _) -> + Cookie. + +%% Note: if the path is only / that / will be keept +skip_right_most_slash("/") -> + "/"; +skip_right_most_slash(Str) -> + string:strip(Str, right, $/). + +accept_cookies(Cookies, RequestPath, RequestHost) -> + lists:filter(fun(Cookie) -> + accept_cookie(Cookie, RequestPath, RequestHost) + end, Cookies). + +accept_cookie(Cookie, RequestPath, RequestHost) -> + Accepted = + accept_path(Cookie, RequestPath) andalso + accept_domain(Cookie, RequestHost), + Accepted. + +accept_path(#http_cookie{path = Path}, RequestPath) -> + lists:prefix(Path, RequestPath). + +accept_domain(#http_cookie{domain = RequestHost}, RequestHost) -> + true; + +accept_domain(#http_cookie{domain = Domain}, RequestHost) -> + HostCheck = + case http_util:is_hostname(RequestHost) of + true -> + (lists:suffix(Domain, RequestHost) andalso + (not + lists:member($., + string:substr(RequestHost, 1, + (length(RequestHost) - + length(Domain)))))); + false -> + false + end, + HostCheck + andalso (hd(Domain) =:= $.) + andalso (length(string:tokens(Domain, ".")) > 1). + +cookie_expires(0) -> + 0; +cookie_expires(DeltaSec) -> + NowSec = calendar:datetime_to_gregorian_seconds({date(), time()}), + NowSec + DeltaSec. + +is_cookie_expired(#http_cookie{max_age = session}) -> + false; +is_cookie_expired(#http_cookie{max_age = ExpireTime}) -> + NowSec = calendar:datetime_to_gregorian_seconds({date(), time()}), + ExpireTime - NowSec =< 0. + + +valid_cookies(Db, Cookies) -> + valid_cookies(Db, Cookies, []). + +valid_cookies(_Db, [], Valid) -> + Valid; + +valid_cookies(Db, [Cookie | Cookies], Valid) -> + case is_cookie_expired(Cookie) of + true -> + delete(Db, Cookie), + valid_cookies(Db, Cookies, Valid); + false -> + valid_cookies(Db, Cookies, [Cookie | Valid]) + end. + +path_sort(Cookies)-> + lists:reverse(lists:keysort(#http_cookie.path, Cookies)). + + +%% Informally, the Set-Cookie response header comprises the token +%% Set-Cookie:, followed by a comma-separated list of one or more +%% cookies. Netscape cookies expires attribute may also have a +%% , in this case the header list will have been incorrectly split +%% in parse_set_cookies/2 this functions fixs that problem. +fix_netscape_cookie([Cookie1, Cookie2 | Rest], Acc) -> + case inets_regexp:match(Cookie1, "expires=") of + {_, _, _} -> + fix_netscape_cookie(Rest, [Cookie1 ++ Cookie2 | Acc]); + nomatch -> + fix_netscape_cookie([Cookie2 |Rest], [Cookie1| Acc]) + end; +fix_netscape_cookie([Cookie | Rest], Acc) -> + fix_netscape_cookie(Rest, [Cookie | Acc]); + +fix_netscape_cookie([], Acc) -> + Acc. |