@johntalton/http-util 5.1.0 → 5.1.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@johntalton/http-util",
-  "version": "5.1.0",
+  "version": "5.1.1",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/conditional.js

@@ -1,3 +1,4 @@
+import { isQuoted, stripQuotes } from './quote.js'
 
 /**
  * @typedef {Object} WeakEtagItem
@@ -65,23 +66,6 @@ export function isValidEtag(etag) {
 	return true
 }
 
-/**
- * @param {string} etag
- */
-export function stripQuotes(etag) {
-	return etag.substring(1, etag.length - 1)
-}
-
-/**
- * @param {string} etag
- */
-export function isQuoted(etag) {
-	if(etag.length <= 2) { return false }
-	if(!etag.startsWith(ETAG_QUOTE)) { return false }
-	if(!etag.endsWith(ETAG_QUOTE)) { return false }
-	return true
-}
-
 export class ETag {
 	/**
 	 * @param {string} etag
@@ -121,6 +105,7 @@ export class ETag {
 
 		if(!isQuoted(quotedEtag)) { return undefined }
 		const etag = stripQuotes(quotedEtag)
+		if(etag === undefined) { return undefined }
 		if(!isValidEtag(etag)) { return undefined }
 		if(etag === CONDITION_ETAG_ANY) { return undefined }
 

package/src/index.js

@@ -5,12 +5,15 @@ export * from './accept-encoding.js'
 export * from './accept-language.js'
 export * from './accept-util.js'
 export * from './cache-control.js'
+export * from './clear-site-data.js'
 export * from './conditional.js'
 export * from './content-disposition.js'
 export * from './content-range.js'
 export * from './content-type.js'
 export * from './forwarded.js'
 export * from './multipart.js'
+export * from './preference.js'
 export * from './range.js'
 export * from './rate-limit.js'
 export * from './server-timing.js'
+export * from './www-authenticate.js'

package/src/preference.js

@@ -1,15 +1,15 @@
 // https://datatracker.ietf.org/doc/html/rfc7240
 // https://www.rfc-editor.org/rfc/rfc7240#section-3
 
-export const SEPARATOR = {
+import { isQuoted, stripQuotes } from './quote.js'
+
+export const PREFERENCE_SEPARATOR = {
 	PREFERENCE: ',',
 	PARAMS: ';',
 	PARAM_KVP: '=',
 	KVP: '='
 }
 
-export const QUOTE = '"'
-
 export const DIRECTIVE_RESPOND_ASYNC = 'respond-async'
 export const DIRECTIVE_WAIT = 'wait'
 export const DIRECTIVE_HANDLING = 'handling'
@@ -23,26 +23,6 @@ export const DIRECTIVE_REPRESENTATION_MINIMAL = 'minimal'
 export const DIRECTIVE_REPRESENTATION_HEADERS_ONLY = 'headers-only'
 export const DIRECTIVE_REPRESENTATION_FULL = 'representation'
 
-
-/**
- * @param {string|undefined} value
- */
-export function stripQuotes(value) {
-	if(value === undefined) { return undefined }
-	return value.substring(1, value.length - 1)
-}
-
-/**
- * @param {string|undefined} value
- */
-export function isQuoted(value) {
-	if(value === undefined) { return false }
-	if(value.length < 2) { return false }
-	if(!value.startsWith(QUOTE)) { return false }
-	if(!value.endsWith(QUOTE)) { return false }
-	return true
-}
-
 /**
  * @typedef {Object} Preference
  * @property {string|undefined} value
@@ -71,10 +51,10 @@ export class Preferences {
 	static parse(header) {
 		if(header === undefined) { return undefined }
 
-		const preferences = new Map(header.split(SEPARATOR.PREFERENCE)
+		const preferences = new Map(header.split(PREFERENCE_SEPARATOR.PREFERENCE)
 			.map(pref => {
-				const [ kvp, ...params ] = pref.trim().split(SEPARATOR.PARAMS)
-				const [ key, rawValue ] = kvp?.split(SEPARATOR.KVP) ?? []
+				const [ kvp, ...params ] = pref.trim().split(PREFERENCE_SEPARATOR.PARAMS)
+				const [ key, rawValue ] = kvp?.split(PREFERENCE_SEPARATOR.KVP) ?? []
 
 				if(key === undefined) { return {} }
 				const valueOrEmpty = isQuoted(rawValue) ? stripQuotes(rawValue) : rawValue
@@ -82,7 +62,7 @@ export class Preferences {
 
 				const parameters = new Map(params
 					.map(param => {
-						const [ pKey, rawPValue ] = param.split(SEPARATOR.PARAM_KVP)
+						const [ pKey, rawPValue ] = param.split(PREFERENCE_SEPARATOR.PARAM_KVP)
 						if(pKey === undefined) { return {} }
 						const trimmedRawPValue = rawPValue?.trim()
 						const pValueOrEmpty = isQuoted(trimmedRawPValue) ? stripQuotes(trimmedRawPValue) : trimmedRawPValue
@@ -129,10 +109,10 @@ export class AppliedPreferences {
 		return [ ...preferences.entries()
 			.map(([ key, value ]) => {
 				// todo check if value should be quoted
-				if(value !== undefined) { return `${key}${SEPARATOR.KVP}${value}` }
+				if(value !== undefined) { return `${key}${PREFERENCE_SEPARATOR.KVP}${value}` }
 				return key
 			}) ]
-			.join(SEPARATOR.PREFERENCE)
+			.join(PREFERENCE_SEPARATOR.PREFERENCE)
 	}
 
 	/**

package/src/quote.js

@@ -0,0 +1,20 @@
+export const QUOTE = '"'
+
+/**
+ * @param {string|undefined} value
+ */
+export function stripQuotes(value) {
+	if(value === undefined) { return undefined }
+	return value.substring(1, value.length - 1)
+}
+
+/**
+ * @param {string|undefined} value
+ */
+export function isQuoted(value) {
+	if(value === undefined) { return false }
+	if(value.length < 2) { return false }
+	if(!value.startsWith(QUOTE)) { return false }
+	if(!value.endsWith(QUOTE)) { return false }
+	return true
+}

package/src/rate-limit.js

@@ -8,7 +8,7 @@ export const HTTP_HEADER_RATE_LIMIT_POLICY = 'RateLimit-Policy'
  * @property {string} name
  * @property {number} remaining
  * @property {number} resetSeconds
- * @property {string} partitionKey
+ * @property {string|undefined} [partitionKey]
  */
 
 /**
@@ -50,7 +50,7 @@ export class RateLimit {
 		if(name === undefined || remaining === undefined) { return undefined }
 
 		const rs = resetSeconds ? `;${LIMIT_PARAMETERS.TIME_TILL_RESET_SECONDS}=${resetSeconds}` : ''
-		const pk = partitionKey ? `'${LIMIT_PARAMETERS.PARTITION_KEY}=${partitionKey}` : ''
+		const pk = partitionKey ? `;${LIMIT_PARAMETERS.PARTITION_KEY}=${partitionKey}` : ''
 		return `"${name}";${LIMIT_PARAMETERS.REMAINING_QUOTA}=${remaining}${rs}${pk}`
 	}
 }

package/src/response/permanent-redirect.js

@@ -1,4 +1,5 @@
 import http2 from 'node:http2'
+
 import { send } from './send-util.js'
 
 /** @import { ServerHttp2Stream } from 'node:http2' */
@@ -16,7 +17,6 @@ const { HTTP_STATUS_PERMANENT_REDIRECT } = http2.constants
  * @param {Metadata} meta
  */
 export function sendPermanentRedirect(stream, location, meta) {
-	throw new Error('unsupported')
 	send(stream, HTTP_STATUS_PERMANENT_REDIRECT, {
 		[HTTP2_HEADER_LOCATION]: location.href
 	}, [ HTTP2_HEADER_LOCATION ], undefined, undefined, meta)

package/src/response/send-util.js

@@ -20,7 +20,7 @@ import {
 } from './header-util.js'
 
 /** @import { ServerHttp2Stream } from 'node:http2' */
-/** @import { IncomingHttpHeaders } from 'node:http2' */
+/** @import { OutgoingHttpHeaders } from 'node:http2' */
 /** @import { InputType } from 'node:zlib' */
 /** @import { Metadata } from './defs.js' */
 /** @import { EtagItem } from '../conditional.js' */
@@ -136,7 +136,7 @@ export function send_bytes(stream, status, contentType, obj, range, contentLengt
 /**
  * @param {ServerHttp2Stream} stream
  * @param {number} status
- * @param {IncomingHttpHeaders} headers
+ * @param {OutgoingHttpHeaders} headers
  * @param {Array<string>} exposedHeaders
  * @param {string|undefined} contentType
  * @param {SendBody|undefined} body

package/src/response/unauthorized.js

@@ -1,18 +1,25 @@
 import http2 from 'node:http2'
 
+import { Challenge } from '../www-authenticate.js'
 import { send } from './send-util.js'
 
 /** @import { ServerHttp2Stream } from 'node:http2' */
 /** @import { Metadata } from './defs.js' */
+/** @import { ChallengeItem } from '../www-authenticate.js' */
+
+const {
+	HTTP2_HEADER_WWW_AUTHENTICATE
+} = http2.constants
 
 const { HTTP_STATUS_UNAUTHORIZED } = http2.constants
 
 /**
  * @param {ServerHttp2Stream} stream
+ * @param {Array<ChallengeItem>|undefined} challenge
  * @param {Metadata} meta
  */
-export function sendUnauthorized(stream, meta) {
+export function sendUnauthorized(stream, challenge, meta) {
 	send(stream, HTTP_STATUS_UNAUTHORIZED, {
-			//  WWW-Authenticate
-		}, [], undefined, undefined, meta)
+			[HTTP2_HEADER_WWW_AUTHENTICATE]: challenge?.map(Challenge.encode),
+		}, [ HTTP2_HEADER_WWW_AUTHENTICATE ], undefined, undefined, meta)
 }

package/src/www-authenticate.js

@@ -0,0 +1,132 @@
+/**
+ * @typedef {Object} ChallengeItem
+ * @property {string} scheme
+ * @property {Map<string, string|undefined>} [parameters]
+ */
+
+/** @typedef {'invalid_request'|'invalid_token'|'insufficient_scope'} BearerErrorCode */
+
+export const PARAMETERS_THAT_NEED_QUOTES = [
+	'realm',
+	'charset',
+	'domain',
+	'nonce',
+	'opaque',
+	'qop',
+	'uri',
+	'cnonce',
+	'response',
+	// 'max-age', // todo should this be included
+	'challenge',
+	'scope',
+	'error',
+	'error_description',
+	'error_uri'
+]
+
+/**
+ * @param {string} paramName
+ */
+export function paramNeedQuotes(paramName) {
+	return PARAMETERS_THAT_NEED_QUOTES.includes(paramName.toLowerCase())
+}
+
+
+export class Challenge {
+	/**
+	 * @param {string} realm
+	 * @param {string} [charset='utf-8']
+	 * @returns {ChallengeItem}
+	 */
+	static basic(realm, charset = 'utf-8') {
+		const parameters = new Map([ [ 'realm', realm ] ])
+		if(charset !== undefined) { parameters.set('charset', charset) }
+
+		return {
+			scheme: 'Basic',
+			parameters
+		}
+	}
+
+	/**
+	 * @param {string|undefined} [realm]
+	 * @param {string|undefined} [scope]
+	 * @param {BearerErrorCode} [error]
+	 * @param {string} [errorDescription]
+	 * @param {string} [errorUri]
+	 * @returns {ChallengeItem}
+	 */
+	static bearer(realm, scope, error, errorDescription, errorUri) {
+		const parameters = new Map()
+		if(realm !== undefined) { parameters.set('realm', realm) }
+		if(scope !== undefined) { parameters.set('scope', scope) }
+		if(error !== undefined) { parameters.set('error', error) }
+		if(errorDescription !== undefined) { parameters.set('error_description', errorDescription) }
+
+		return {
+			scheme: 'Bearer',
+			parameters
+		}
+	}
+
+	/**
+	 * @param {string} algorithm
+	 * @param {string} [realm]
+	 * @returns {ChallengeItem}
+	 */
+	static digest(algorithm, realm) {
+		return {
+			scheme: 'Digest'
+		}
+	}
+
+	/**
+	 * @returns {ChallengeItem}
+	 */
+	static hoba() {
+		return {
+			scheme: 'HOBA'
+		}
+	}
+
+	/**
+	 * @param {ChallengeItem} challenge
+	 */
+	static encode(challenge) {
+		const parameters = challenge.parameters?.entries().map(([ key, value ]) => {
+			if(value === undefined) { return key }
+			if(paramNeedQuotes(key)) { return `${key}="${value}"` }
+			return `${key}=${value}`
+		})
+
+		const params = parameters !== undefined ? [ ...parameters ].join(',') : ''
+
+		return `${challenge.scheme} ${params}`
+	}
+}
+
+// console.log(Challenge.encode(Challenge.basic('Dev')))
+// Basic realm="Dev", charset="UTF-8"
+
+//  HOBA max-age="180", challenge="16:MTEyMzEyMzEyMw==1:028:https://www.example.com:8080:3:MTI48:NjgxNDdjOTctNDYxYi00MzEwLWJlOWItNGM3MDcyMzdhYjUz"
+
+// Digest username="Mufasa",
+//     realm="http-auth@example.org",
+//     uri="/dir/index.html",
+//     algorithm=SHA-256,
+//     nonce="7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v",
+//     nc=00000001,
+//     cnonce="f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ",
+//     qop=auth,
+//     response="753927fa0e85d155564e2e272a28d1802ca10daf449
+//         6794697cf8db5856cb6c1",
+//     opaque="FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS"
+
+// console.log(Challenge.encode(Challenge.bearer(undefined, 'openid profile email')))
+// Bearer scope="openid profile email"
+// Bearer scope="urn:example:channel=HBO&urn:example:rating=G,PG-13"
+
+// WWW-Authenticate: Bearer realm="example",
+//                        error="invalid_token",
+//                        error_description="The access token expired"
+