cookiejar_of_greed 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c7fed7210e10cc3b9c36b720a812aebf97c55a45c5a270dfd9d2e66ae9f4f1b3
+  data.tar.gz: 441f3d672b874199e0e13ab9e6c5b45ec9d967983cf3bd8d5c974dd882246e3e
+SHA512:
+  metadata.gz: c17fa636869e11c82b67473268e7945519c454fb1342696a02b9780d3c7b49cd0f7ae31e9fa7695aae2c71c39ad9a26f992390569df9bfa770f1ca2c48caef18
+  data.tar.gz: d19d1243dcf32fc5e427ed606517ead882177a5a5035c77146469cfe903d673e2e1108d564f3a08f1415003a525be0d2287e45a2ee83530840af9b750a47f5d0

data/lib/cookiejar_of_greed.rb

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+require_relative 'greed'

data/lib/greed.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+require 'active_support/dependencies/autoload'
+
+module Greed
+  extend ::ActiveSupport::Autoload
+  autoload :Cookie
+end

data/lib/greed/cookie.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+require 'active_support/dependencies/autoload'
+require_relative './cookie/version'
+
+module Greed
+  module Cookie
+    extend ::ActiveSupport::Autoload
+
+    autoload :Error
+    autoload :Iterator
+    autoload :Jar
+    autoload :Parser
+
+    'greed/cookie/expiration_handler'.tap do |load_path|
+      autoload :ExpirationHandler
+      autoload :ExpirationError, load_path
+      autoload :Expired, load_path
+    end
+
+    'greed/cookie/domain_handler'.tap do |load_path|
+      autoload :DomainHandler
+      autoload :DomainError, load_path
+      autoload :CrossDomainViolation, load_path
+      autoload :MalformedCookieDomain, load_path
+    end
+
+    'greed/cookie/path_handler'.tap do |load_path|
+      autoload :PathHandler
+      autoload :PathError, load_path
+      autoload :PathViolation, load_path
+    end
+  end
+end

data/lib/greed/cookie/domain_handler.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+require 'active_support/core_ext/object/blank'
+require 'ipaddr'
+require 'public_suffix'
+
+module Greed
+  module Cookie
+    class DomainError < Error
+    end
+    class CrossDomainViolation < DomainError
+    end
+    class MalformedCookieDomain < DomainError
+    end
+
+    class DomainHandler
+      def determine_domain(document_domain, cookie_domain)
+        document_domain = document_domain.downcase
+        unless cookie_domain.present?
+          return {
+            domain: document_domain, # cookie domain not present
+            include_subdomains: false
+          }
+        end
+        document_ip_address = begin
+          ::IPAddr.new(document_domain)
+        rescue ::IPAddr::Error
+          nil
+        end
+        if document_ip_address
+          # handles IP Addresses
+          cookie_ip_address = begin
+            ::IPAddr.new(cookie_domain)
+          rescue ::IPAddr::Error
+            raise CrossDomainViolation
+          end
+          raise CrossDomainViolation unless cookie_ip_address == document_ip_address
+          return {
+            domain: cookie_ip_address.to_s, # normalized
+            include_subdomains: false
+          }
+        end
+        cookie_domain = cookie_domain.downcase
+        # ignore leading dot
+        matched_data = /\A\s*\.?(?!\.)(\S+)\s*\z/.match(cookie_domain)
+        raise MalformedCookieDomain unless matched_data
+        cookie_domain = matched_data[1]
+        if document_domain == cookie_domain
+          # exact domain matched
+          return {
+            domain: document_domain,
+            include_subdomains: true
+          }
+        end
+        # prevent setting cookie on a top level domain
+        # "localhost" use cases should already ruled out with the exact domain match condition
+        raise CrossDomainViolation unless ::PublicSuffix.valid?(cookie_domain, ignore_private: true)
+        # prevent parent domain from setting cookie of a subdomain
+        raise CrossDomainViolation unless (document_domain[
+          document_domain.size - cookie_domain.size,
+          cookie_domain.size
+        ] == cookie_domain) && \
+        (document_domain[
+          document_domain.size - cookie_domain.size - 1
+        ] == ?.)
+        {
+          domain: cookie_domain, # set cookie for its parent domain
+          include_subdomains: true
+        }
+      end
+    end
+  end
+end

data/lib/greed/cookie/error.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module Greed
+  module Cookie
+    class Error < StandardError
+    end
+  end
+end

data/lib/greed/cookie/expiration_handler.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'active_support/core_ext/time'
+require 'time'
+
+module Greed
+  module Cookie
+    class ExpirationError < Error
+    end
+    class Expired < ExpirationError
+    end
+
+    class ExpirationHandler
+      def calculate_expiration(current_time, max_age, expires)
+        {
+          expires: if max_age
+            current_time + max_age.seconds
+          else
+            expires
+          end,
+          retrieved_at: current_time,
+        }.tap do |tapped|
+          tapped_expires = tapped[:expires]
+          return tapped unless tapped_expires # keep session cookie
+          raise Expired unless (current_time < tapped_expires) # reject expired cookie
+        end
+      end
+    end
+  end
+end

data/lib/greed/cookie/iterator.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require 'active_support/core_ext/object/blank'
+require 'public_suffix'
+require 'strscan'
+
+module Greed
+  module Cookie
+    module Iterator
+      private
+
+      def iterate_cookie_domain(domain_name)
+        chunk_scanner = /\A[-_\w\d]+\./
+        ::Enumerator.new do |yielder|
+          scanner = ::StringScanner.new(domain_name.downcase)
+          until scanner.eos?
+            removed_part = scanner.scan(chunk_scanner)
+            break unless removed_part
+            yielder << scanner.rest
+          end
+        end.lazy.take_while do |parent_domain|
+          ::PublicSuffix.valid?(parent_domain, ignore_private: true)
+        end.yield_self do |parent_domains|
+          [domain_name].chain(parent_domains)
+        end
+      end
+
+      def iterate_cookie_path(path)
+        ensured_absolute = path.sub(/\A\/*/, ?/)
+        ::Enumerator.new do |yielder|
+          scanner = ::File.expand_path(?., ensured_absolute)
+          loop do
+            yielder << scanner
+            break if (scanner.blank?) || (?/ == scanner)
+            scanner = ::File.expand_path('..', scanner)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/greed/cookie/jar.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/object/try'
+require 'active_support/core_ext/time'
+require 'ipaddr'
+require 'time'
+require 'uri'
+
+module Greed
+  module Cookie
+    class Jar
+      include Iterator
+
+      def initialize(\
+        state = nil,
+        set_cookie_parser: nil,
+        get_current_time: nil,
+        calculate_expiration: nil,
+        determine_domain: nil,
+        determine_path: nil
+      )
+        @set_cookie_parser = set_cookie_parser || Parser.new.method(:parse)
+        @get_current_time = get_current_time || ::Time.method(:current)
+        @calculate_expiration = calculate_expiration || ExpirationHandler.new.method(:calculate_expiration)
+        @determine_domain = determine_domain || DomainHandler.new.method(:determine_domain)
+        @determine_path = determine_path || PathHandler.new.method(:determine_path)
+        @cookie_map = state || {}
+      end
+
+      def append_cookie(document_uri, cookie_hash)
+        return false unless cookie_hash.present?
+        current_time = @get_current_time.call
+        parsed_document_uri = ::URI.parse(document_uri)
+        base = cookie_hash.slice(:name, :value, :secure)
+        domain_attributes = @determine_domain.call(
+          parsed_document_uri.hostname,
+          cookie_hash[:domain]
+        )
+        path_attributes = @determine_path.call(
+          parsed_document_uri.path,
+          cookie_hash[:path]
+        )
+        final_domain = domain_attributes[:domain]
+        final_path = path_attributes[:path]
+        domain_holder = @cookie_map[final_domain].try(:clone) || {}
+        path_holder = domain_holder[final_path].try(:clone) || {}
+        expires_attributes = @calculate_expiration.call(
+          current_time,
+          cookie_hash[:'max-age'],
+          cookie_hash[:expires]
+        )
+        path_holder[base[:name]] = base.merge(
+          domain_attributes,
+          expires_attributes,
+          path_attributes,
+        )
+        domain_holder[final_path] = path_holder
+        @cookie_map[final_domain] = domain_holder
+        true
+      rescue DomainError, PathError
+        return false
+      rescue Expired
+        removed_cookie = path_holder.delete(base[:name])
+        return false unless removed_cookie
+        domain_holder[final_path] = path_holder
+        @cookie_map[final_domain] = domain_holder
+        return true
+      end
+
+      def dump
+        garbage_collect
+        @cookie_map.clone
+      end
+
+      def cookie_record_for(document_uri)
+        parsed_document_uri = begin
+          ::URI.parse(document_uri)
+        rescue ::URI::Error
+          return []
+        end
+        is_secure = case parsed_document_uri
+        when ::URI::HTTPS
+          true
+        when ::URI::HTTP
+          false
+        else
+          return []
+        end
+        domain_name = parsed_document_uri.hostname
+        ip_address = begin
+          ::IPAddr.new(domain_name)
+        rescue ::IPAddr::Error
+          nil
+        end
+        return cookie_for_ip_address(parsed_document_uri.path, is_secure, ip_address) if ip_address
+        return [] unless domain_name.present?
+        cookie_for_domain(parsed_document_uri.path, is_secure, domain_name)
+      end
+
+      def cookie_header_for(document_uri)
+        cookie_record_for(document_uri).map do |cookie_record|
+          "#{cookie_record[:name]}=#{cookie_record[:value]}"
+        end.to_a.join('; ')
+      end
+
+      def parse_set_cookie(document_uri, header)
+        append_cookie(document_uri, @set_cookie_parser.call(header))
+      end
+
+      def garbage_collect
+        current_time = @get_current_time.call
+        @cookie_map = @cookie_map.map do |domain_name, domain_holder|
+          domain_holder.map do |path_name, path_holder|
+            path_holder.select do |_cookie_name, cookie_record|
+              !cookie_record[:expires] || current_time < cookie_record[:expires]
+            end.yield_self do |filtered_result|
+              break nil unless filtered_result.present?
+              [path_name, filtered_result]
+            end
+          end.compact.to_h.yield_self do |filtered_result|
+            break nil unless filtered_result.present?
+            [domain_name, filtered_result]
+          end
+        end.compact.to_h
+        nil
+      end
+
+      private
+
+      def compile_effective_cookies(domain_candidates, document_path, &cookie_selector)
+        path_candidates = iterate_cookie_path(document_path)
+        effective_cookies = {}
+        domain_candidates.each do |domain_candidate|
+          domain_holder = @cookie_map[domain_candidate]
+          next if domain_holder.blank?
+          path_candidates.each do |path_candidate|
+            path_holder = domain_holder[path_candidate]
+            next unless path_holder.present? && path_holder.respond_to?(:select)
+            path_holder = path_holder.select(&cookie_selector)
+            effective_cookies = path_holder.merge(effective_cookies)
+          end
+        end
+        effective_cookies
+      end
+
+      def cookie_for_domain(document_path, is_document_secure, domain_name)
+        current_time = @get_current_time.call
+        domain_candidates = iterate_cookie_domain(domain_name)
+        compile_effective_cookies(domain_candidates, document_path) do |_cookie_name, cookie_record|
+          filter_cookie(cookie_record, is_document_secure, current_time) &&
+            ((cookie_record[:domain] == domain_name) || cookie_record[:include_subdomains])
+        end.values
+      end
+
+      def cookie_for_ip_address(document_path, is_document_secure, ip_address)
+        current_time = @get_current_time.call
+        compile_effective_cookies([ip_address.to_s], document_path) do |_cookie_name, cookie_record|
+          filter_cookie(cookie_record, is_document_secure, current_time)
+        end.values
+      end
+
+      def filter_cookie(cookie_record, is_document_secure, current_time)
+        (!cookie_record[:expires] || current_time < cookie_record[:expires]) &&
+          (is_document_secure || !cookie_record[:secure])
+      end
+    end
+  end
+end

data/lib/greed/cookie/parser.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/object/try'
+require 'active_support/core_ext/time'
+require 'memoist'
+require 'strscan'
+require 'time'
+
+module Greed
+  module Cookie
+    class Parser
+      class << self
+        extend ::Memoist
+
+        memoize def _default_kv_matcher
+          /\A\s*([-_.+%\d\w]+)=\s*([^;]*)\s*(?:;\s*|\z)/
+        end
+
+        memoize def _default_flag_matcher
+          /\A\s*([-_\w\d]+)\s*(?:;\s*|\z)/
+        end
+      end
+
+      def initialize(\
+        cookie_matcher: nil,
+        attribute_matcher: nil,
+        flag_matcher: nil
+      )
+        @cookie_matcher = cookie_matcher || self.class._default_kv_matcher
+        @attribute_matcher = attribute_matcher || self.class._default_kv_matcher
+        @flag_matcher = flag_matcher || self.class._default_flag_matcher
+        freeze
+      end
+
+      def parse(set_cookie_header)
+        scanner = ::StringScanner.new(set_cookie_header)
+        matched = scanner.scan(@cookie_matcher)
+        return nil unless matched
+        captured = scanner.captures
+        mandatory_parsed = {
+          name: captured[0].tap do |cookie_name|
+            return nil unless cookie_name.present?
+          end,
+          value: captured[1],
+        }
+        flags_parsed = {}
+        attributes_parsed = {}
+        until scanner.eos? do
+          matched = scanner.scan(@flag_matcher)
+          if matched
+            captured = scanner.captures
+            flags_parsed.merge!(
+              "#{captured[0].downcase}": true,
+            )
+            next
+          end
+          matched = scanner.scan(@attribute_matcher)
+          if matched
+            captured = scanner.captures
+            attributes_parsed.merge!(
+              "#{captured[0].downcase}": captured[1],
+            )
+            next
+          end
+          return nil
+        end
+        combine_fragments(
+          mandatory_parsed,
+          attributes_parsed,
+          flags_parsed
+        )
+      end
+
+      private
+
+      def combine_fragments(\
+        mandatory_parsed,
+        attributes_parsed,
+        flags_parsed
+      )
+        mandatory_parsed.merge(
+          expires: attributes_parsed[:expires].yield_self do |expires|
+            ::Time.parse(expires)
+          rescue ArgumentError, TypeError
+            nil
+          end,
+          'max-age': attributes_parsed[:'max-age'].yield_self do |max_age|
+            Integer(max_age)
+          rescue ArgumentError, TypeError
+            nil
+          end,
+          domain: attributes_parsed[:domain].presence.try(:strip),
+          path: attributes_parsed[:path].presence.try(:strip),
+          samesite: attributes_parsed[:samesite].yield_self do |same_site|
+            break 'Lax' unless same_site.present?
+            %w[Strict Lax None]
+              .lazy
+              .select { |enum_value| enum_value.casecmp?(same_site) }
+              .first || 'Lax'
+          end,
+          secure: !!flags_parsed[:secure],
+          httponly: !!flags_parsed[:httponly],
+        )
+      end
+    end
+  end
+end

data/lib/greed/cookie/path_handler.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/time'
+require 'time'
+
+module Greed
+  module Cookie
+    class PathError < Error
+    end
+    class PathViolation < PathError
+    end
+
+    class PathHandler
+      include Iterator
+
+      def determine_path(document_path, cookie_path)
+        return generate_default_path(document_path) if cookie_path.blank?
+        # speed optimization for the common use case
+        if cookie_path == ?/
+          return {
+            path: ?/,
+          }
+        end
+        normalized_cookie_path = ::File.expand_path(?., cookie_path)
+        iterate_cookie_path(document_path).each do |path_candidate|
+          next unless path_candidate == normalized_cookie_path
+          return {
+            path: normalized_cookie_path,
+          }
+        end
+        raise PathViolation
+      end
+
+      private
+
+      def generate_default_path(document_path)
+        # RFC 6265 5.1.4
+        if (document_path.blank?) ||
+          (!document_path.start_with?(?/))
+          return {
+            path: ?/,
+          }
+        end
+        {
+          path: ::File.expand_path('..', document_path),
+        }
+      end
+    end
+  end
+end

data/lib/greed/cookie/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Greed
+  module Cookie
+    VERSION = '0.0.1'
+  end
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: cookiejar_of_greed
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Sarun Rattanasiri
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-02-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: memoist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: public_suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Cookiejar of greed is an implementation of cookiejar focused on browser
+  compatibility and loosely based on the standard.
+email: midnight_w@gmx.tw
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/cookiejar_of_greed.rb
+- lib/greed.rb
+- lib/greed/cookie.rb
+- lib/greed/cookie/domain_handler.rb
+- lib/greed/cookie/error.rb
+- lib/greed/cookie/expiration_handler.rb
+- lib/greed/cookie/iterator.rb
+- lib/greed/cookie/jar.rb
+- lib/greed/cookie/parser.rb
+- lib/greed/cookie/path_handler.rb
+- lib/greed/cookie/version.rb
+homepage: https://github.com/the-cave/cookiejar-of-greed
+licenses:
+- BSD-3-Clause
+metadata:
+  source_code_uri: https://github.com/the-cave/cookiejar-of-greed/tree/v0.0.1
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: A compatibility-first cookiejar implementation
+test_files: []