goscript 0.2.5 → 0.2.7

package/gs/net/http/index.ts

@@ -420,10 +420,11 @@ function parseRequestURL(rawURL: string): [RequestURL | null, $.GoError] {
       return [null, errors.New(`parse "${rawURL}": invalid URL escape`)]
     }
     const parsed = new URL(rawURL, 'http://goscript.invalid')
+    const path = decodeURIComponent(parsed.pathname)
     const hasHost = /^[a-zA-Z][a-zA-Z0-9+.-]*:\/\//.test(rawURL)
     return [
       new RequestURL(
-        parsed.pathname,
+        path,
         parsed.search.startsWith('?') ? parsed.search.slice(1) : parsed.search,
         hasHost ? parsed.protocol.replace(/:$/, '') : '',
         hasHost ? parsed.host : '',
@@ -1508,6 +1509,11 @@ async function readFetchBody(
 
 type maybePromise<T> = T | Promise<T>
 
+type httpRange = {
+  start: number
+  length: number
+}
+
 export interface FileSystem {
   Open(name: string): maybePromise<[File | null, $.GoError]>
 }
@@ -1524,7 +1530,7 @@ interface fileServerFileSystem {
 interface fileServerFile {
   Close(): maybePromise<$.GoError>
   Read(p: $.Bytes): maybePromise<[number, $.GoError]>
-  Seek(offset: number, whence: number): maybePromise<[number, $.GoError]>
+  Seek(offset: bigint, whence: number): maybePromise<[bigint, $.GoError]>
   Readdir(count: number): maybePromise<[$.Slice<fs.FileInfo> | null, $.GoError]>
   Stat(): maybePromise<[fs.FileInfo | null, $.GoError]>
 }
@@ -1554,7 +1560,7 @@ function httpFileFromFSFile(file: Exclude<fs.File, null>): File {
     Stat: () => file.Stat(),
     Seek:
       seek == null ?
-        () => [0, errors.New('net/http: file does not support seek')]
+        () => [0n, errors.New('net/http: file does not support seek')]
       : seek.bind(file),
     Readdir: readdir == null ? () => [null, io.EOF] : readdir.bind(file),
   }
@@ -1588,28 +1594,13 @@ export function FileServer(root: fileServerFileSystem | null): Handler {
           NotFound(w, req)
           return
         }
-        const header = await w.Header()
-        if (Header_Get(header, 'Content-Type') === '') {
-          const contentType = mime.TypeByExtension(
-            path.Ext(info?.Name?.() || req.URL?.Path || ''),
-          )
-          if (contentType !== '') {
-            Header_Set(header, 'Content-Type', contentType)
-          }
-        }
-        if (info?.Size != null) {
-          Header_Set(header, 'Content-Length', String(info.Size()))
-        }
-        await w.WriteHeader(StatusOK)
-        if (req.Method !== MethodHead) {
-          const [, copyErr] = await io.Copy(
-            w as unknown as io.Writer,
-            file as io.Reader,
-          )
-          if (copyErr != null) {
-            return
-          }
-        }
+        await serveContent(
+          w,
+          req,
+          info?.Name?.() || req.URL?.Path || '',
+          file as io.Reader,
+          typeof info?.Size === 'function' ? Number(info.Size()) : null,
+        )
       } finally {
         await file.Close()
       }
@@ -1637,13 +1628,45 @@ export function ServeFile(
   NotFound(w, req)
 }
 
-export function ServeFileFS(
+export async function ServeFileFS(
   w: ResponseWriter | null,
   r: Request | $.VarRef<Request> | null,
-  _fsys: fs.FS,
+  fsys: fs.FS,
   name: string,
-): void {
-  ServeFile(w, r, name)
+): Promise<void> {
+  const req = $.pointerValue<Request | null>(r)
+  if (w == null || req == null) {
+    return
+  }
+  if (req.Method !== MethodGet && req.Method !== MethodHead) {
+    Error(w, 'method not allowed', StatusMethodNotAllowed)
+    return
+  }
+  const [file, err] = (await FS(fsys).Open(name)) ?? [null, fs.ErrInvalid]
+  if (err != null || file == null) {
+    NotFound(w, req)
+    return
+  }
+  try {
+    const [info, statErr] = await file.Stat()
+    if (statErr != null) {
+      Error(w, statErr.Error(), StatusInternalServerError)
+      return
+    }
+    if (info?.IsDir?.() === true) {
+      NotFound(w, req)
+      return
+    }
+    await serveContent(
+      w,
+      req,
+      info?.Name?.() || name,
+      file as io.Reader,
+      typeof info?.Size === 'function' ? Number(info.Size()) : null,
+    )
+  } finally {
+    await file.Close()
+  }
 }
 
 function cleanFileServerPath(name: string): string {
@@ -2115,23 +2138,58 @@ export function HandleFunc(pattern: string, handler: HandlerFunc): void {
 }
 
 export function StripPrefix(prefix: string, handler: Handler | null): Handler {
+  if (prefix === '') {
+    return handler ?? NotFoundHandler()
+  }
   return {
     ServeHTTP(w, r) {
       const req = $.pointerValue<Request | null>(r)
+      const urlPath = req?.URL?.Path
+      const rawPath = req?.URL?.RawPath ?? ''
+      const strippedPath =
+        typeof urlPath === 'string' && urlPath.startsWith(prefix) ?
+          urlPath.slice(prefix.length)
+        : urlPath
+      const strippedRawPath =
+        rawPath !== '' && rawPath.startsWith(prefix) ?
+          rawPath.slice(prefix.length)
+        : rawPath
       if (
-        req?.URL != null &&
-        typeof req.URL.Path === 'string' &&
-        req.URL.Path.startsWith(prefix)
+        req != null &&
+        req.URL != null &&
+        typeof urlPath === 'string' &&
+        strippedPath.length < urlPath.length &&
+        (rawPath === '' || strippedRawPath.length < rawPath.length)
       ) {
-        req.URL = { ...req.URL, Path: req.URL.Path.slice(prefix.length) || '/' }
+        const reqCopy = req.Clone(req.Context())
+        reqCopy.URL = {
+          ...reqCopy.URL,
+          Path: strippedPath,
+          RawPath: strippedRawPath,
+        }
+        return handler?.ServeHTTP(w, reqCopy)
       }
-      return handler?.ServeHTTP(w, req)
+      NotFound(w, req)
     },
   }
 }
 
 export function AllowQuerySemicolons(handler: Handler | null): Handler {
-  return handler ?? NotFoundHandler()
+  const target = handler ?? NotFoundHandler()
+  return {
+    ServeHTTP(w, r) {
+      const req = $.pointerValue<Request | null>(r)
+      if (req?.URL?.RawQuery?.includes(';') === true) {
+        const reqCopy = req.Clone(req.Context())
+        reqCopy.URL = {
+          ...reqCopy.URL,
+          RawQuery: req.URL.RawQuery.replaceAll(';', '&'),
+        }
+        return target.ServeHTTP(w, reqCopy)
+      }
+      return target.ServeHTTP(w, r)
+    },
+  }
 }
 
 export function MaxBytesHandler(handler: Handler | null, n: number): Handler {
@@ -2198,18 +2256,54 @@ export function NotFound(
 
 export async function Redirect(
   w: ResponseWriter | null,
-  _r: Request | $.VarRef<Request> | null,
+  r: Request | $.VarRef<Request> | null,
   url: string,
   code: number,
 ): Promise<void> {
   if (w == null) {
     return
   }
+  const req = $.pointerValue<Request | null>(r)
+  url = redirectLocation(req, url)
   const header = await w.Header()
+  const hadContentType = Header_Get(header, 'Content-Type') !== ''
   if (header != null) {
     Header_Set(header, 'Location', url)
+    if (!hadContentType && req?.Method === MethodGet) {
+      Header_Set(header, 'Content-Type', 'text/html; charset=utf-8')
+    }
   }
   await w.WriteHeader(code)
+  if (!hadContentType && req?.Method === MethodGet) {
+    await w.Write(
+      $.stringToBytes(`<a href="${url}">${StatusText(code)}</a>.\n\n`),
+    )
+  }
+}
+
+function redirectLocation(req: Request | null, url: string): string {
+  if (
+    req?.URL == null ||
+    url === '' ||
+    url.startsWith('/') ||
+    /^[A-Za-z][A-Za-z0-9+.-]*:/.test(url)
+  ) {
+    return url
+  }
+  const [dir] = path.Split(req.URL.Path || '/')
+  let pathPart = dir + url
+  let query = ''
+  const queryIndex = pathPart.indexOf('?')
+  if (queryIndex >= 0) {
+    query = pathPart.slice(queryIndex)
+    pathPart = pathPart.slice(0, queryIndex)
+  }
+  const trailingSlash = pathPart.endsWith('/')
+  pathPart = path.Clean(pathPart)
+  if (trailingSlash && !pathPart.endsWith('/')) {
+    pathPart += '/'
+  }
+  return pathPart + query
 }
 
 export function ParseTime(text: string): [time.Time, $.GoError] {
@@ -2220,7 +2314,7 @@ export function ParseTime(text: string): [time.Time, $.GoError] {
       $.newError(`parsing time "${text}" as HTTP-date: cannot parse`),
     ]
   }
-  return [time.UnixMilli(date.getTime()), null]
+  return [time.UnixMilli(BigInt(date.getTime())), null]
 }
 
 export function DetectContentType(data: $.Slice<number>): string {
@@ -2604,7 +2698,7 @@ export function ParseSetCookie(line: string): [Cookie | null, $.GoError] {
         if (Number.isNaN(parsed.getTime())) {
           break
         }
-        cookie.Expires = time.UnixMilli(parsed.getTime())
+        cookie.Expires = time.UnixMilli(BigInt(parsed.getTime()))
         continue
       }
       case 'path':
@@ -2702,27 +2796,326 @@ export async function PostForm(
   return await DefaultClient.PostForm(_url, data)
 }
 
+export function ProxyURL(
+  fixedURL: any,
+): (req: Request | $.VarRef<Request> | null) => [any, $.GoError] {
+  return () => [fixedURL, null]
+}
+
 export function ProxyFromEnvironment(
   _req: Request | $.VarRef<Request> | null,
 ): [any, $.GoError] {
   return [null, null]
 }
 
-export function ProxyURL(
-  fixedURL: any,
-): (req: Request | $.VarRef<Request> | null) => [any, $.GoError] {
-  return () => [fixedURL, null]
+export async function ReadRequest(
+  reader: any,
+): Promise<[Request | null, $.GoError]> {
+  const [wire, readErr] = await readHTTPWire(reader)
+  if (readErr != null) {
+    return [null, readErr]
+  }
+  const parsed = parseHTTPWire(wire)
+  if (parsed.error != null) {
+    return [null, parsed.error]
+  }
+  const [method, requestURI, proto] = splitRequestLine(parsed.startLine)
+  if (method === '' || requestURI === '' || proto === '') {
+    return [null, badHTTPMessageError('malformed HTTP request')]
+  }
+  if (!isToken(method)) {
+    return [null, badHTTPMessageError(`invalid method ${method}`)]
+  }
+  const [protoMajor, protoMinor, protoOK] = ParseHTTPVersion(proto)
+  if (!protoOK) {
+    return [null, badHTTPMessageError(`malformed HTTP version ${proto}`)]
+  }
+  const [url, urlErr] = parseRequestURL(requestURI)
+  if (urlErr != null || url == null) {
+    return [null, urlErr]
+  }
+  const host = Header_Get(parsed.header, 'Host')
+  Header_Del(parsed.header, 'Host')
+  const bodyInfo = parseHTTPBody(parsed.header, parsed.body)
+  if (bodyInfo.error != null) {
+    return [null, bodyInfo.error]
+  }
+  return [
+    new Request({
+      Method: method,
+      URL: url,
+      Proto: proto,
+      ProtoMajor: protoMajor,
+      ProtoMinor: protoMinor,
+      Body: bodyInfo.body,
+      Header: parsed.header,
+      ContentLength: bodyInfo.contentLength,
+      TransferEncoding: bodyInfo.transferEncoding,
+      Close: shouldClose(protoMajor, protoMinor, parsed.header),
+      Host: host,
+      RequestURI: requestURI,
+    }),
+    null,
+  ]
+}
+
+export async function ReadResponse(
+  reader: any,
+  req: Request | $.VarRef<Request> | null,
+): Promise<[Response | null, $.GoError]> {
+  const [wire, readErr] = await readHTTPWire(reader)
+  if (readErr != null) {
+    return [null, readErr]
+  }
+  const parsed = parseHTTPWire(wire)
+  if (parsed.error != null) {
+    return [null, parsed.error]
+  }
+  const match = /^(HTTP\/\d+\.\d+) ([0-9]{3})(?: (.*))?$/.exec(parsed.startLine)
+  if (match == null) {
+    return [null, badHTTPMessageError('malformed HTTP response')]
+  }
+  const [, proto, statusCodeText, statusText = ''] = match
+  const [protoMajor, protoMinor, protoOK] = ParseHTTPVersion(proto)
+  if (!protoOK) {
+    return [null, badHTTPMessageError(`malformed HTTP version ${proto}`)]
+  }
+  const statusCode = Number(statusCodeText)
+  const noBody =
+    statusCode === StatusNoContent || statusCode === StatusNotModified
+  const bodyInfo =
+    noBody ?
+      {
+        body: NoBody,
+        contentLength: 0,
+        transferEncoding: null,
+        error: null,
+      }
+    : parseHTTPBody(parsed.header, parsed.body)
+  if (bodyInfo.error != null) {
+    return [null, bodyInfo.error]
+  }
+  return [
+    new Response({
+      Status: `${statusCodeText}${statusText === '' ? '' : ` ${statusText}`}`,
+      StatusCode: statusCode,
+      Proto: proto,
+      ProtoMajor: protoMajor,
+      ProtoMinor: protoMinor,
+      Body: bodyInfo.body,
+      Header: parsed.header,
+      ContentLength: bodyInfo.contentLength,
+      TransferEncoding: bodyInfo.transferEncoding,
+      Close: shouldClose(protoMajor, protoMinor, parsed.header),
+      Request: req,
+    }),
+    null,
+  ]
 }
 
-export function ReadRequest(_reader: any): [Request | null, $.GoError] {
-  return [null, ErrNotSupported]
+async function readHTTPWire(reader: any): Promise<[string, $.GoError]> {
+  const r = $.pointerValueOrNil<any>(reader)
+  if (r == null || typeof r.Read !== 'function') {
+    return ['', errors.New('malformed HTTP message')]
+  }
+  const [data, err] = await io.ReadAll(r)
+  if (err != null) {
+    return ['', err]
+  }
+  return [$.bytesToString(data), null]
 }
 
-export function ReadResponse(
-  _reader: any,
-  _req: Request | $.VarRef<Request> | null,
-): [Response | null, $.GoError] {
-  return [null, ErrNotSupported]
+function splitRequestLine(line: string): [string, string, string] {
+  const first = line.indexOf(' ')
+  const last = line.lastIndexOf(' ')
+  if (first <= 0 || last <= first) {
+    return ['', '', '']
+  }
+  return [
+    line.slice(0, first),
+    line.slice(first + 1, last),
+    line.slice(last + 1),
+  ]
+}
+
+function parseHTTPWire(wire: string): {
+  startLine: string
+  header: Header
+  body: string
+  error: $.GoError
+} {
+  const headerEnd = wire.indexOf('\r\n\r\n')
+  const separatorLength = headerEnd >= 0 ? 4 : 2
+  const fallbackHeaderEnd = headerEnd >= 0 ? headerEnd : wire.indexOf('\n\n')
+  if (fallbackHeaderEnd < 0) {
+    return {
+      startLine: '',
+      header: new Header(),
+      body: '',
+      error: badHTTPMessageError('malformed HTTP message'),
+    }
+  }
+  const head = wire.slice(0, fallbackHeaderEnd).replace(/\r\n/g, '\n')
+  const lines = head.split('\n')
+  const startLine = lines.shift() ?? ''
+  const header = new Header()
+  let lastKey = ''
+  for (const rawLine of lines) {
+    if (rawLine === '') {
+      continue
+    }
+    if ((rawLine[0] === ' ' || rawLine[0] === '\t') && lastKey !== '') {
+      const values = Array.from(header.get(lastKey) ?? [])
+      values[values.length - 1] =
+        `${values[values.length - 1]} ${rawLine.trim()}`
+      header.set(lastKey, $.arrayToSlice(values))
+      continue
+    }
+    const colon = rawLine.indexOf(':')
+    if (colon <= 0) {
+      return {
+        startLine: '',
+        header: new Header(),
+        body: '',
+        error: badHTTPMessageError('malformed MIME header line'),
+      }
+    }
+    lastKey = canonicalMIMEHeaderKey(rawLine.slice(0, colon).trim())
+    Header_Add(header, lastKey, rawLine.slice(colon + 1).trim())
+  }
+  return {
+    startLine,
+    header,
+    body: wire.slice(fallbackHeaderEnd + separatorLength),
+    error: null,
+  }
+}
+
+function parseHTTPBody(
+  header: Header,
+  rawBody: string,
+): {
+  body: io.ReadCloser
+  contentLength: number
+  transferEncoding: $.Slice<string>
+  error: $.GoError
+} {
+  const transferEncoding = Header_Get(header, 'Transfer-Encoding')
+  if (transferEncoding.toLowerCase() === 'chunked') {
+    const chunked = decodeChunkedBody(rawBody)
+    if (chunked.error != null) {
+      return {
+        body: NoBody,
+        contentLength: -1,
+        transferEncoding: $.arrayToSlice(['chunked']),
+        error: chunked.error,
+      }
+    }
+    return {
+      body: bodyFromString(chunked.body),
+      contentLength: -1,
+      transferEncoding: $.arrayToSlice(['chunked']),
+      error: null,
+    }
+  }
+  const contentLength = Header_Get(header, 'Content-Length')
+  if (contentLength !== '') {
+    const parsedLength = Number.parseInt(contentLength, 10)
+    if (
+      !/^[0-9]+$/.test(contentLength) ||
+      !Number.isSafeInteger(parsedLength)
+    ) {
+      return {
+        body: NoBody,
+        contentLength: 0,
+        transferEncoding: null,
+        error: badHTTPMessageError(`bad Content-Length ${contentLength}`),
+      }
+    }
+    return {
+      body: bodyFromString(rawBody.slice(0, parsedLength)),
+      contentLength: parsedLength,
+      transferEncoding: null,
+      error: null,
+    }
+  }
+  if (rawBody === '') {
+    return {
+      body: NoBody,
+      contentLength: 0,
+      transferEncoding: null,
+      error: null,
+    }
+  }
+  return {
+    body: bodyFromString(rawBody),
+    contentLength: -1,
+    transferEncoding: null,
+    error: null,
+  }
+}
+
+function decodeChunkedBody(rawBody: string): {
+  body: string
+  error: $.GoError
+} {
+  let offset = 0
+  let body = ''
+  while (true) {
+    const lineEnd = rawBody.indexOf('\r\n', offset)
+    if (lineEnd < 0) {
+      return { body: '', error: io.ErrUnexpectedEOF }
+    }
+    const sizeText = rawBody.slice(offset, lineEnd).split(';', 1)[0].trim()
+    const size = Number.parseInt(sizeText, 16)
+    if (!/^[0-9A-Fa-f]+$/.test(sizeText) || !Number.isSafeInteger(size)) {
+      return { body: '', error: badHTTPMessageError('invalid chunk length') }
+    }
+    offset = lineEnd + 2
+    if (size === 0) {
+      return { body, error: null }
+    }
+    if (offset + size + 2 > rawBody.length) {
+      return { body: '', error: io.ErrUnexpectedEOF }
+    }
+    body += rawBody.slice(offset, offset + size)
+    offset += size
+    if (rawBody.slice(offset, offset + 2) !== '\r\n') {
+      return { body: '', error: badHTTPMessageError('malformed chunk') }
+    }
+    offset += 2
+  }
+}
+
+function bodyFromString(body: string): io.ReadCloser {
+  return body === '' ? NoBody : new responseBody($.stringToBytes(body))
+}
+
+function shouldClose(
+  protoMajor: number,
+  protoMinor: number,
+  header: Header,
+): boolean {
+  const connection = Header_Get(header, 'Connection').toLowerCase()
+  if (
+    connection
+      .split(',')
+      .map((part) => part.trim())
+      .includes('close')
+  ) {
+    return true
+  }
+  if (protoMajor < 1 || (protoMajor === 1 && protoMinor === 0)) {
+    return !connection
+      .split(',')
+      .map((part) => part.trim())
+      .includes('keep-alive')
+  }
+  return false
+}
+
+function badHTTPMessageError(message: string): $.GoError {
+  return errors.New(message)
 }
 
 export async function ServeContent(
@@ -2732,20 +3125,168 @@ export async function ServeContent(
   _modtime: time.Time,
   content: io.Reader | null,
 ): Promise<void> {
+  await serveContent(w, $.pointerValueOrNil(req), _name, content, null)
+}
+
+async function serveContent(
+  w: ResponseWriter | null,
+  req: Request | null,
+  name: string,
+  content: io.Reader | null,
+  knownSize: number | null,
+): Promise<void> {
+  // Browser media seeks depend on FileServer and ServeContent sharing byte-range semantics.
   if (content == null) {
-    NotFound(w, req)
+    NotFound(w, req as Request | null)
     return
   }
-  const [data, err] = await io.ReadAll(content)
-  if (err != null) {
-    Error(w, err.Error(), StatusInternalServerError)
+  if (w == null) {
+    return
+  }
+  const header = await w.Header()
+  if (Header_Get(header, 'Content-Type') === '') {
+    const contentType = mime.TypeByExtension(path.Ext(name))
+    if (contentType !== '') {
+      Header_Set(header, 'Content-Type', contentType)
+    }
+  }
+  const rangeHeader = req?.Header == null ? '' : Header_Get(req.Header, 'Range')
+  if (rangeHeader === '' && knownSize != null) {
+    Header_Set(header, 'Content-Length', String(knownSize))
+    await w.WriteHeader(StatusOK)
+    if (req?.Method !== MethodHead) {
+      await io.Copy(w as unknown as io.Writer, content)
+    }
+    return
+  }
+
+  const seeker = content as io.Reader & Partial<io.Seeker>
+  if (typeof seeker.Seek !== 'function') {
+    const [data, err] = await io.ReadAll(content)
+    if (err != null) {
+      Error(w, err.Error(), StatusInternalServerError)
+      return
+    }
+    const body = data ?? new Uint8Array(0)
+    Header_Set(header, 'Content-Length', String(body.length))
+    await w.WriteHeader(StatusOK)
+    if (req?.Method !== MethodHead) {
+      await w.Write(body)
+    }
+    return
+  }
+
+  let size = knownSize
+  if (size == null) {
+    const [end, err] = await seeker.Seek(0n, io.SeekEnd)
+    if (err != null) {
+      Error(w, err.Error(), StatusInternalServerError)
+      return
+    }
+    size = Number(end)
+  }
+  const [, seekErr] = await seeker.Seek(0n, io.SeekStart)
+  if (seekErr != null) {
+    Error(w, seekErr.Error(), StatusInternalServerError)
+    return
+  }
+
+  Header_Set(header, 'Accept-Ranges', 'bytes')
+  const parsedRange =
+    rangeHeader === '' ? null : parseHTTPRange(rangeHeader, size)
+  if (parsedRange?.error === true) {
+    Header_Set(header, 'Content-Range', `bytes */${size}`)
+    Header_Set(header, 'Content-Length', '0')
+    await w.WriteHeader(StatusRequestedRangeNotSatisfiable)
+    return
+  }
+
+  let status = StatusOK
+  let start = 0
+  let length = size
+  if (parsedRange?.range != null) {
+    status = StatusPartialContent
+    start = parsedRange.range.start
+    length = parsedRange.range.length
+    Header_Set(
+      header,
+      'Content-Range',
+      `bytes ${start}-${start + length - 1}/${size}`,
+    )
+  }
+  Header_Set(header, 'Content-Length', String(length))
+
+  const [, rangeSeekErr] = await seeker.Seek(BigInt(start), io.SeekStart)
+  if (rangeSeekErr != null) {
+    Error(w, rangeSeekErr.Error(), StatusInternalServerError)
     return
   }
-  w?.WriteHeader(StatusOK)
-  const request = $.pointerValueOrNil(req)
-  if (request?.Method !== MethodHead) {
-    w?.Write(data)
+  await w.WriteHeader(status)
+  if (req?.Method === MethodHead) {
+    return
+  }
+  if (length === 0) {
+    return
+  }
+  await io.CopyN(w as unknown as io.Writer, seeker, BigInt(length))
+}
+
+function parseHTTPRange(
+  header: string,
+  size: number,
+): { range: httpRange | null; error: boolean } {
+  if (!header.startsWith('bytes=') || header.includes(',')) {
+    return { range: null, error: true }
+  }
+  const spec = header.slice('bytes='.length).trim()
+  const dash = spec.indexOf('-')
+  if (dash < 0) {
+    return { range: null, error: true }
+  }
+  const startText = spec.slice(0, dash).trim()
+  const endText = spec.slice(dash + 1).trim()
+  if (startText === '' && endText === '') {
+    return { range: null, error: true }
+  }
+  if (size < 0) {
+    return { range: null, error: true }
+  }
+  if (startText === '') {
+    const suffixLength = parseHTTPRangeNumber(endText)
+    if (suffixLength == null || suffixLength <= 0) {
+      return { range: null, error: true }
+    }
+    if (size === 0) {
+      return { range: null, error: true }
+    }
+    const length = Math.min(suffixLength, size)
+    return { range: { start: size - length, length }, error: false }
+  }
+
+  const start = parseHTTPRangeNumber(startText)
+  if (start == null || start >= size) {
+    return { range: null, error: true }
+  }
+  let end = size - 1
+  if (endText !== '') {
+    const parsedEnd = parseHTTPRangeNumber(endText)
+    if (parsedEnd == null || parsedEnd < start) {
+      return { range: null, error: true }
+    }
+    end = Math.min(parsedEnd, size - 1)
+  }
+  return { range: { start, length: end - start + 1 }, error: false }
+}
+
+function parseHTTPRangeNumber(value: string): number | null {
+  if (!/^[0-9]+$/.test(value)) {
+    return null
+  }
+  const parsed = Number(value)
+  if (!Number.isSafeInteger(parsed)) {
+    return null
   }
+  return parsed
 }
 
 function readCloserForBody(body: io.Reader | null): io.ReadCloser | null {