httpx 0.9.0 → 0.10.0

data/lib/httpx/plugins/cookies.rb

@@ -12,93 +12,55 @@ module HTTPX
     # https://gitlab.com/honeyryderchuck/httpx/wikis/Cookies
     #
     module Cookies
-      using URIExtensions
+      def self.load_dependencies(*)
+        require "httpx/plugins/cookies/jar"
+        require "httpx/plugins/cookies/cookie"
+        require "httpx/plugins/cookies/set_cookie_parser"
+      end
 
       def self.extra_options(options)
         Class.new(options.class) do
           def_option(:cookies) do |cookies|
-            if cookies.is_a?(Store)
+            if cookies.is_a?(Jar)
               cookies
             else
-              Store.new(cookies)
+              Jar.new(cookies)
             end
           end
         end.new(options)
       end
 
-      class Store
-        def self.new(cookies = nil)
-          return cookies if cookies.is_a?(self)
-
-          super
-        end
-
-        def initialize(cookies = nil)
-          @store = Hash.new { |hash, origin| hash[origin] = HTTP::CookieJar.new }
-          return unless cookies
-
-          cookies = cookies.split(/ *; */) if cookies.is_a?(String)
-          @default_cookies = cookies.map do |cookie, v|
-            if cookie.is_a?(HTTP::Cookie)
-              cookie
-            else
-              HTTP::Cookie.new(cookie.to_s, v.to_s)
-            end
-          end
-        end
-
-        def set(origin, cookies)
-          return unless cookies
-
-          @store[origin].parse(cookies, origin)
-        end
-
-        def [](uri)
-          store = @store[uri.origin]
-          @default_cookies.each do |cookie|
-            c = cookie.dup
-            c.domain ||= uri.authority
-            c.path ||= uri.path
-            store.add(c)
-          end if @default_cookies
-          store
-        end
-
-        def ==(other)
-          @store == other.instance_variable_get(:@store)
-        end
-      end
-
-      def self.load_dependencies(*)
-        require "http/cookie"
-      end
-
       module InstanceMethods
         extend Forwardable
 
         def_delegator :@options, :cookies
 
         def initialize(options = {}, &blk)
-          super({ cookies: Store.new }.merge(options), &blk)
+          super({ cookies: Jar.new }.merge(options), &blk)
         end
 
         def wrap
           return super unless block_given?
 
           super do |session|
-            old_cookies_store = @options.cookies.dup
+            old_cookies_jar = @options.cookies.dup
             begin
               yield session
             ensure
-              @options = @options.with(cookies: old_cookies_store)
+              @options = @options.merge(cookies: old_cookies_jar)
             end
           end
         end
 
         private
 
-        def on_response(request, response)
-          @options.cookies.set(request.origin, response.headers["set-cookie"]) if response.respond_to?(:headers)
+        def on_response(reuest, response)
+          if response && response.respond_to?(:headers) && (set_cookie = response.headers["set-cookie"])
+
+            log { "cookies: set-cookie is over #{Cookie::MAX_LENGTH}" } if set_cookie.bytesize > Cookie::MAX_LENGTH
+
+            @options.cookies.parse(set_cookie)
+          end
 
           super
         end
@@ -111,13 +73,12 @@ module HTTPX
       end
 
       module HeadersMethods
-        def set_cookie(jar)
-          return unless jar
+        def set_cookie(cookies)
+          return if cookies.empty?
 
-          cookie_value = HTTP::Cookie.cookie_value(jar.cookies)
-          return if cookie_value.empty?
+          header_value = cookies.sort.join("; ")
 
-          add("cookie", cookie_value)
+          add("cookie", header_value)
         end
       end
     end

data/lib/httpx/plugins/cookies/cookie.rb

@@ -0,0 +1,173 @@
+# frozen_string_literal: true
+
+module HTTPX
+  module Plugins::Cookies
+    # The HTTP Cookie.
+    #
+    # Contains the single cookie info: name, value and attributes.
+    class Cookie
+      include Comparable
+      # Maximum number of bytes per cookie (RFC 6265 6.1 requires 4096 at
+      # least)
+      MAX_LENGTH = 4096
+
+      attr_reader :domain, :path, :name, :value, :created_at
+
+      def path=(path)
+        path = String(path)
+        @path = path.start_with?("/") ? path : "/"
+      end
+
+      # See #domain.
+      def domain=(domain)
+        domain = String(domain)
+
+        if domain.start_with?(".")
+          @for_domain = true
+          domain = domain[1..-1]
+        end
+
+        return if domain.empty?
+
+        @domain_name = DomainName.new(domain)
+        # RFC 6265 5.3 5.
+        @for_domain = false if @domain_name.domain.nil? # a public suffix or IP address
+
+        @domain = @domain_name.hostname
+      end
+
+      # Compares the cookie with another.  When there are many cookies with
+      # the same name for a URL, the value of the smallest must be used.
+      def <=>(other)
+        # RFC 6265 5.4
+        # Precedence: 1. longer path  2. older creation
+        (@name <=> other.name).nonzero? ||
+          (other.path.length <=> @path.length).nonzero? ||
+          (@created_at <=> other.created_at).nonzero? ||
+          @value <=> other.value
+      end
+
+      class << self
+        def new(cookie, *args)
+          return cookie if cookie.is_a?(self)
+
+          super
+        end
+
+        # Tests if +target_path+ is under +base_path+ as described in RFC
+        # 6265 5.1.4.  +base_path+ must be an absolute path.
+        # +target_path+ may be empty, in which case it is treated as the
+        # root path.
+        #
+        # e.g.
+        #
+        #         path_match?('/admin/', '/admin/index') == true
+        #         path_match?('/admin/', '/Admin/index') == false
+        #         path_match?('/admin/', '/admin/') == true
+        #         path_match?('/admin/', '/admin') == false
+        #
+        #         path_match?('/admin', '/admin') == true
+        #         path_match?('/admin', '/Admin') == false
+        #         path_match?('/admin', '/admins') == false
+        #         path_match?('/admin', '/admin/') == true
+        #         path_match?('/admin', '/admin/index') == true
+        def path_match?(base_path, target_path)
+          base_path.start_with?("/") || (return false)
+          # RFC 6265 5.1.4
+          bsize = base_path.size
+          tsize = target_path.size
+          return bsize == 1 if tsize.zero? # treat empty target_path as "/"
+          return false unless target_path.start_with?(base_path)
+          return true if bsize == tsize || base_path.end_with?("/")
+
+          target_path[bsize] == "/"
+        end
+      end
+
+      def initialize(arg, *attrs)
+        @created_at = Time.now
+
+        if attrs.empty?
+          attr_hash = Hash.try_convert(arg)
+        else
+          @name = arg
+          @value, attr_hash = attrs
+          attr_hash = Hash.try_convert(attr_hash)
+        end
+
+        attr_hash.each do |key, val|
+          key = key.downcase.tr("-", "_").to_sym unless key.is_a?(Symbol)
+
+          case key
+          when :domain, :path
+            __send__(:"#{key}=", val)
+          else
+            instance_variable_set(:"@#{key}", val)
+          end
+        end if attr_hash
+
+        @path ||= "/"
+        raise ArgumentError, "name must be specified" if @name.nil?
+      end
+
+      def expires
+        @expires || (@created_at && @max_age ? @created_at + @max_age : nil)
+      end
+
+      def expired?(time = Time.now)
+        return false unless expires
+
+        expires <= time
+      end
+
+      # Returns a string for use in the Cookie header, i.e. `name=value`
+      # or `name="value"`.
+      def cookie_value
+        "#{@name}=#{Scanner.quote(@value)}"
+      end
+      alias_method :to_s, :cookie_value
+
+      # Tests if it is OK to send this cookie to a given `uri`.  A
+      # RuntimeError is raised if the cookie's domain is unknown.
+      def valid_for_uri?(uri)
+        uri = URI(uri)
+        # RFC 6265 5.4
+
+        return false if @secure && uri.scheme != "https"
+
+        acceptable_from_uri?(uri) && Cookie.path_match?(@path, uri.path)
+      end
+
+      private
+
+      # Tests if it is OK to accept this cookie if it is sent from a given
+      # URI/URL, `uri`.
+      def acceptable_from_uri?(uri)
+        uri = URI(uri)
+
+        host = DomainName.new(uri.host)
+
+        # RFC 6265 5.3
+        if host.hostname == @domain
+          true
+        elsif @for_domain # !host-only-flag
+          host.cookie_domain?(@domain_name)
+        else
+          @domain.nil?
+        end
+      end
+
+      module Scanner
+        RE_BAD_CHAR = /([\x00-\x20\x7F",;\\])/.freeze
+
+        module_function
+
+        def quote(s)
+          return s unless s.match(RE_BAD_CHAR)
+
+          "\"#{s.gsub(/([\\"])/, "\\\\\\1")}\""
+        end
+      end
+    end
+  end
+end

data/lib/httpx/plugins/cookies/jar.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module HTTPX
+  module Plugins::Cookies
+    # The Cookie Jar
+    #
+    # It holds a bunch of cookies.
+    class Jar
+      using URIExtensions
+
+      include Enumerable
+
+      def initialize_dup(orig)
+        super
+        @cookies = orig.instance_variable_get(:@cookies).dup
+      end
+
+      def initialize(cookies = nil)
+        @cookies = []
+
+        cookies.each do |elem|
+          cookie = case elem
+                   when Cookie
+                     elem
+                   when Array
+                     Cookie.new(*elem)
+                   else
+                     Cookie.new(elem)
+          end
+
+          @cookies << cookie
+        end if cookies
+      end
+
+      def parse(set_cookie)
+        SetCookieParser.call(set_cookie) do |name, value, attrs|
+          add(Cookie.new(name, value, attrs))
+        end
+      end
+
+      def add(cookie, path = nil)
+        c = cookie.dup
+
+        c.path = path if path && c.path == "/"
+
+        @cookies << c
+      end
+
+      def [](uri)
+        each(uri).sort
+      end
+
+      def each(uri = nil, &blk)
+        return enum_for(__method__, uri) unless block_given?
+
+        return @store.each(&blk) unless uri
+
+        uri = URI(uri)
+
+        now = Time.now
+        tpath = uri.path
+
+        @cookies.delete_if do |cookie|
+          if cookie.expired?(now)
+            true
+          else
+            yield cookie if cookie.valid_for_uri?(uri) && Cookie.path_match?(cookie.path, tpath)
+            false
+          end
+        end
+      end
+    end
+  end
+end

data/lib/httpx/plugins/cookies/set_cookie_parser.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require "strscan"
+require "time"
+
+module HTTPX
+  module Plugins::Cookies
+    module SetCookieParser
+      using(RegexpExtensions) unless Regexp.method_defined?(:match?)
+
+      # Whitespace.
+      RE_WSP = /[ \t]+/.freeze
+
+      # A pattern that matches a cookie name or attribute name which may
+      # be empty, capturing trailing whitespace.
+      RE_NAME = /(?!#{RE_WSP})[^,;\\"=]*/.freeze
+
+      RE_BAD_CHAR = /([\x00-\x20\x7F",;\\])/.freeze
+
+      # A pattern that matches the comma in a (typically date) value.
+      RE_COOKIE_COMMA = /,(?=#{RE_WSP}?#{RE_NAME}=)/.freeze
+
+      module_function
+
+      def scan_dquoted(scanner)
+        s = +""
+
+        until scanner.eos?
+          break if scanner.skip(/"/)
+
+          if scanner.skip(/\\/)
+            s << scanner.getch
+          elsif scanner.scan(/[^"\\]+/)
+            s << scanner.matched
+          end
+        end
+
+        s
+      end
+
+      def scan_value(scanner, comma_as_separator = false)
+        value = +""
+
+        until scanner.eos?
+          if scanner.scan(/[^,;"]+/)
+            value << scanner.matched
+          elsif scanner.skip(/"/)
+            # RFC 6265 2.2
+            # A cookie-value may be DQUOTE'd.
+            value << scan_dquoted(scanner)
+          elsif scanner.check(/;/)
+            break
+          elsif comma_as_separator && scanner.check(RE_COOKIE_COMMA)
+            break
+          else
+            value << scanner.getch
+          end
+        end
+
+        value.rstrip!
+        value
+      end
+
+      def scan_name_value(scanner, comma_as_separator = false)
+        name = scanner.scan(RE_NAME)
+        name.rstrip! if name
+
+        if scanner.skip(/=/)
+          value = scan_value(scanner, comma_as_separator)
+        else
+          scan_value(scanner, comma_as_separator)
+          value = nil
+        end
+        [name, value]
+      end
+
+      def call(set_cookie)
+        scanner = StringScanner.new(set_cookie)
+
+        # RFC 6265 4.1.1 & 5.2
+        until scanner.eos?
+          start = scanner.pos
+          len = nil
+
+          scanner.skip(RE_WSP)
+
+          name, value = scan_name_value(scanner, true)
+          value = nil if name.empty?
+
+          attrs = {}
+
+          until scanner.eos?
+            if scanner.skip(/,/)
+              # The comma is used as separator for concatenating multiple
+              # values of a header.
+              len = (scanner.pos - 1) - start
+              break
+            elsif scanner.skip(/;/)
+              scanner.skip(RE_WSP)
+
+              aname, avalue = scan_name_value(scanner, true)
+
+              next if aname.empty? || value.nil?
+
+              aname.downcase!
+
+              case aname
+              when "expires"
+                # RFC 6265 5.2.1
+                (avalue &&= Time.httpdate(avalue)) || next
+              when "max-age"
+                # RFC 6265 5.2.2
+                next unless /\A-?\d+\z/.match?(avalue)
+
+                avalue = Integer(avalue)
+              when "domain"
+                # RFC 6265 5.2.3
+                # An empty value SHOULD be ignored.
+                next if avalue.nil? || avalue.empty?
+              when "path"
+                # RFC 6265 5.2.4
+                # A relative path must be ignored rather than normalizing it
+                # to "/".
+                next unless avalue.start_with?("/")
+              when "secure", "httponly"
+                # RFC 6265 5.2.5, 5.2.6
+                avalue = true
+              end
+              attrs[aname] = avalue
+            end
+          end
+
+          len ||= scanner.pos - start
+
+          next if len > Cookie::MAX_LENGTH
+
+          yield(name, value, attrs) if name && !name.empty? && value
+        end
+      end
+    end
+  end
+end