pi-cursor-sdk 0.1.47 → 0.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (291) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/README.md +2 -2
  3. package/node_modules/@connectrpc/connect-node/README.md +141 -0
  4. package/node_modules/@connectrpc/connect-node/dist/cjs/compression.d.ts +15 -0
  5. package/node_modules/@connectrpc/connect-node/dist/cjs/compression.js +89 -0
  6. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-node-adapter.d.ts +42 -0
  7. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-node-adapter.js +61 -0
  8. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-transport.d.ts +100 -0
  9. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-transport.js +25 -0
  10. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-transport.d.ts +96 -0
  11. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-transport.js +25 -0
  12. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-web-transport.d.ts +96 -0
  13. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-web-transport.js +25 -0
  14. package/node_modules/@connectrpc/connect-node/dist/cjs/http2-session-manager.d.ts +146 -0
  15. package/node_modules/@connectrpc/connect-node/dist/cjs/http2-session-manager.js +536 -0
  16. package/node_modules/@connectrpc/connect-node/dist/cjs/index.d.ts +15 -0
  17. package/node_modules/@connectrpc/connect-node/dist/cjs/index.js +36 -0
  18. package/node_modules/@connectrpc/connect-node/dist/cjs/node-error.d.ts +45 -0
  19. package/node_modules/@connectrpc/connect-node/dist/cjs/node-error.js +154 -0
  20. package/node_modules/@connectrpc/connect-node/dist/cjs/node-headers-polyfill.d.ts +1 -0
  21. package/node_modules/@connectrpc/connect-node/dist/cjs/node-headers-polyfill.js +29 -0
  22. package/node_modules/@connectrpc/connect-node/dist/cjs/node-transport-options.d.ts +89 -0
  23. package/node_modules/@connectrpc/connect-node/dist/cjs/node-transport-options.js +58 -0
  24. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-client.d.ts +54 -0
  25. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-client.js +326 -0
  26. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-handler.d.ts +41 -0
  27. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-handler.js +234 -0
  28. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-header.d.ts +19 -0
  29. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-header.js +97 -0
  30. package/node_modules/@connectrpc/connect-node/dist/cjs/package.json +1 -0
  31. package/node_modules/@connectrpc/connect-node/dist/esm/compression.d.ts +15 -0
  32. package/node_modules/@connectrpc/connect-node/dist/esm/compression.js +86 -0
  33. package/node_modules/@connectrpc/connect-node/dist/esm/connect-node-adapter.d.ts +42 -0
  34. package/node_modules/@connectrpc/connect-node/dist/esm/connect-node-adapter.js +58 -0
  35. package/node_modules/@connectrpc/connect-node/dist/esm/connect-transport.d.ts +100 -0
  36. package/node_modules/@connectrpc/connect-node/dist/esm/connect-transport.js +22 -0
  37. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-transport.d.ts +96 -0
  38. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-transport.js +22 -0
  39. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-web-transport.d.ts +96 -0
  40. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-web-transport.js +22 -0
  41. package/node_modules/@connectrpc/connect-node/dist/esm/http2-session-manager.d.ts +146 -0
  42. package/node_modules/@connectrpc/connect-node/dist/esm/http2-session-manager.js +532 -0
  43. package/node_modules/@connectrpc/connect-node/dist/esm/index.d.ts +15 -0
  44. package/node_modules/@connectrpc/connect-node/dist/esm/index.js +23 -0
  45. package/node_modules/@connectrpc/connect-node/dist/esm/node-error.d.ts +45 -0
  46. package/node_modules/@connectrpc/connect-node/dist/esm/node-error.js +147 -0
  47. package/node_modules/@connectrpc/connect-node/dist/esm/node-headers-polyfill.d.ts +1 -0
  48. package/node_modules/@connectrpc/connect-node/dist/esm/node-headers-polyfill.js +27 -0
  49. package/node_modules/@connectrpc/connect-node/dist/esm/node-transport-options.d.ts +89 -0
  50. package/node_modules/@connectrpc/connect-node/dist/esm/node-transport-options.js +58 -0
  51. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-client.d.ts +54 -0
  52. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-client.js +324 -0
  53. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-handler.d.ts +41 -0
  54. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-handler.js +230 -0
  55. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-header.d.ts +19 -0
  56. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-header.js +93 -0
  57. package/node_modules/@connectrpc/connect-node/package.json +46 -0
  58. package/node_modules/undici/LICENSE +21 -0
  59. package/node_modules/undici/README.md +741 -0
  60. package/node_modules/undici/docs/docs/api/Agent.md +84 -0
  61. package/node_modules/undici/docs/docs/api/BalancedPool.md +99 -0
  62. package/node_modules/undici/docs/docs/api/CacheStorage.md +30 -0
  63. package/node_modules/undici/docs/docs/api/CacheStore.md +164 -0
  64. package/node_modules/undici/docs/docs/api/Client.md +288 -0
  65. package/node_modules/undici/docs/docs/api/ClientStats.md +27 -0
  66. package/node_modules/undici/docs/docs/api/Connector.md +115 -0
  67. package/node_modules/undici/docs/docs/api/ContentType.md +57 -0
  68. package/node_modules/undici/docs/docs/api/Cookies.md +128 -0
  69. package/node_modules/undici/docs/docs/api/Debug.md +62 -0
  70. package/node_modules/undici/docs/docs/api/DiagnosticsChannel.md +315 -0
  71. package/node_modules/undici/docs/docs/api/Dispatcher.md +1392 -0
  72. package/node_modules/undici/docs/docs/api/EnvHttpProxyAgent.md +159 -0
  73. package/node_modules/undici/docs/docs/api/Errors.md +49 -0
  74. package/node_modules/undici/docs/docs/api/EventSource.md +45 -0
  75. package/node_modules/undici/docs/docs/api/Fetch.md +60 -0
  76. package/node_modules/undici/docs/docs/api/GlobalInstallation.md +139 -0
  77. package/node_modules/undici/docs/docs/api/H2CClient.md +263 -0
  78. package/node_modules/undici/docs/docs/api/MockAgent.md +603 -0
  79. package/node_modules/undici/docs/docs/api/MockCallHistory.md +197 -0
  80. package/node_modules/undici/docs/docs/api/MockCallHistoryLog.md +43 -0
  81. package/node_modules/undici/docs/docs/api/MockClient.md +81 -0
  82. package/node_modules/undici/docs/docs/api/MockErrors.md +12 -0
  83. package/node_modules/undici/docs/docs/api/MockPool.md +555 -0
  84. package/node_modules/undici/docs/docs/api/Pool.md +84 -0
  85. package/node_modules/undici/docs/docs/api/PoolStats.md +35 -0
  86. package/node_modules/undici/docs/docs/api/ProxyAgent.md +229 -0
  87. package/node_modules/undici/docs/docs/api/RedirectHandler.md +93 -0
  88. package/node_modules/undici/docs/docs/api/RetryAgent.md +50 -0
  89. package/node_modules/undici/docs/docs/api/RetryHandler.md +118 -0
  90. package/node_modules/undici/docs/docs/api/RoundRobinPool.md +145 -0
  91. package/node_modules/undici/docs/docs/api/SnapshotAgent.md +616 -0
  92. package/node_modules/undici/docs/docs/api/Socks5ProxyAgent.md +275 -0
  93. package/node_modules/undici/docs/docs/api/Util.md +25 -0
  94. package/node_modules/undici/docs/docs/api/WebSocket.md +141 -0
  95. package/node_modules/undici/docs/docs/api/api-lifecycle.md +91 -0
  96. package/node_modules/undici/docs/docs/best-practices/client-certificate.md +64 -0
  97. package/node_modules/undici/docs/docs/best-practices/crawling.md +58 -0
  98. package/node_modules/undici/docs/docs/best-practices/mocking-request.md +190 -0
  99. package/node_modules/undici/docs/docs/best-practices/proxy.md +127 -0
  100. package/node_modules/undici/docs/docs/best-practices/undici-vs-builtin-fetch.md +224 -0
  101. package/node_modules/undici/docs/docs/best-practices/writing-tests.md +63 -0
  102. package/node_modules/undici/index-fetch.js +65 -0
  103. package/node_modules/undici/index.d.ts +3 -0
  104. package/node_modules/undici/index.js +234 -0
  105. package/node_modules/undici/lib/api/abort-signal.js +59 -0
  106. package/node_modules/undici/lib/api/api-connect.js +110 -0
  107. package/node_modules/undici/lib/api/api-pipeline.js +252 -0
  108. package/node_modules/undici/lib/api/api-request.js +214 -0
  109. package/node_modules/undici/lib/api/api-stream.js +209 -0
  110. package/node_modules/undici/lib/api/api-upgrade.js +111 -0
  111. package/node_modules/undici/lib/api/index.js +7 -0
  112. package/node_modules/undici/lib/api/readable.js +580 -0
  113. package/node_modules/undici/lib/cache/memory-cache-store.js +234 -0
  114. package/node_modules/undici/lib/cache/sqlite-cache-store.js +461 -0
  115. package/node_modules/undici/lib/core/connect.js +153 -0
  116. package/node_modules/undici/lib/core/constants.js +143 -0
  117. package/node_modules/undici/lib/core/diagnostics.js +227 -0
  118. package/node_modules/undici/lib/core/errors.js +477 -0
  119. package/node_modules/undici/lib/core/request.js +453 -0
  120. package/node_modules/undici/lib/core/socks5-client.js +422 -0
  121. package/node_modules/undici/lib/core/socks5-utils.js +212 -0
  122. package/node_modules/undici/lib/core/symbols.js +75 -0
  123. package/node_modules/undici/lib/core/tree.js +160 -0
  124. package/node_modules/undici/lib/core/util.js +992 -0
  125. package/node_modules/undici/lib/dispatcher/agent.js +158 -0
  126. package/node_modules/undici/lib/dispatcher/balanced-pool.js +219 -0
  127. package/node_modules/undici/lib/dispatcher/client-h1.js +1722 -0
  128. package/node_modules/undici/lib/dispatcher/client-h2.js +995 -0
  129. package/node_modules/undici/lib/dispatcher/client.js +664 -0
  130. package/node_modules/undici/lib/dispatcher/dispatcher-base.js +184 -0
  131. package/node_modules/undici/lib/dispatcher/dispatcher.js +48 -0
  132. package/node_modules/undici/lib/dispatcher/env-http-proxy-agent.js +146 -0
  133. package/node_modules/undici/lib/dispatcher/fixed-queue.js +135 -0
  134. package/node_modules/undici/lib/dispatcher/h2c-client.js +51 -0
  135. package/node_modules/undici/lib/dispatcher/pool-base.js +214 -0
  136. package/node_modules/undici/lib/dispatcher/pool.js +118 -0
  137. package/node_modules/undici/lib/dispatcher/proxy-agent.js +319 -0
  138. package/node_modules/undici/lib/dispatcher/retry-agent.js +35 -0
  139. package/node_modules/undici/lib/dispatcher/round-robin-pool.js +137 -0
  140. package/node_modules/undici/lib/dispatcher/socks5-proxy-agent.js +260 -0
  141. package/node_modules/undici/lib/encoding/index.js +33 -0
  142. package/node_modules/undici/lib/global.js +59 -0
  143. package/node_modules/undici/lib/handler/cache-handler.js +578 -0
  144. package/node_modules/undici/lib/handler/cache-revalidation-handler.js +124 -0
  145. package/node_modules/undici/lib/handler/decorator-handler.js +67 -0
  146. package/node_modules/undici/lib/handler/deduplication-handler.js +460 -0
  147. package/node_modules/undici/lib/handler/redirect-handler.js +238 -0
  148. package/node_modules/undici/lib/handler/retry-handler.js +394 -0
  149. package/node_modules/undici/lib/handler/unwrap-handler.js +106 -0
  150. package/node_modules/undici/lib/handler/wrap-handler.js +105 -0
  151. package/node_modules/undici/lib/interceptor/cache.js +495 -0
  152. package/node_modules/undici/lib/interceptor/decompress.js +259 -0
  153. package/node_modules/undici/lib/interceptor/deduplicate.js +117 -0
  154. package/node_modules/undici/lib/interceptor/dns.js +571 -0
  155. package/node_modules/undici/lib/interceptor/dump.js +112 -0
  156. package/node_modules/undici/lib/interceptor/redirect.js +21 -0
  157. package/node_modules/undici/lib/interceptor/response-error.js +95 -0
  158. package/node_modules/undici/lib/interceptor/retry.js +19 -0
  159. package/node_modules/undici/lib/llhttp/.gitkeep +0 -0
  160. package/node_modules/undici/lib/llhttp/constants.d.ts +195 -0
  161. package/node_modules/undici/lib/llhttp/constants.js +531 -0
  162. package/node_modules/undici/lib/llhttp/llhttp-wasm.js +15 -0
  163. package/node_modules/undici/lib/llhttp/llhttp_simd-wasm.js +15 -0
  164. package/node_modules/undici/lib/llhttp/utils.d.ts +2 -0
  165. package/node_modules/undici/lib/llhttp/utils.js +12 -0
  166. package/node_modules/undici/lib/mock/mock-agent.js +232 -0
  167. package/node_modules/undici/lib/mock/mock-call-history.js +248 -0
  168. package/node_modules/undici/lib/mock/mock-client.js +68 -0
  169. package/node_modules/undici/lib/mock/mock-errors.js +29 -0
  170. package/node_modules/undici/lib/mock/mock-interceptor.js +209 -0
  171. package/node_modules/undici/lib/mock/mock-pool.js +68 -0
  172. package/node_modules/undici/lib/mock/mock-symbols.js +32 -0
  173. package/node_modules/undici/lib/mock/mock-utils.js +486 -0
  174. package/node_modules/undici/lib/mock/pending-interceptors-formatter.js +43 -0
  175. package/node_modules/undici/lib/mock/snapshot-agent.js +353 -0
  176. package/node_modules/undici/lib/mock/snapshot-recorder.js +588 -0
  177. package/node_modules/undici/lib/mock/snapshot-utils.js +158 -0
  178. package/node_modules/undici/lib/util/cache.js +414 -0
  179. package/node_modules/undici/lib/util/date.js +653 -0
  180. package/node_modules/undici/lib/util/promise.js +28 -0
  181. package/node_modules/undici/lib/util/runtime-features.js +124 -0
  182. package/node_modules/undici/lib/util/stats.js +32 -0
  183. package/node_modules/undici/lib/util/timers.js +425 -0
  184. package/node_modules/undici/lib/web/cache/cache.js +864 -0
  185. package/node_modules/undici/lib/web/cache/cachestorage.js +152 -0
  186. package/node_modules/undici/lib/web/cache/util.js +45 -0
  187. package/node_modules/undici/lib/web/cookies/constants.js +12 -0
  188. package/node_modules/undici/lib/web/cookies/index.js +199 -0
  189. package/node_modules/undici/lib/web/cookies/parse.js +314 -0
  190. package/node_modules/undici/lib/web/cookies/util.js +282 -0
  191. package/node_modules/undici/lib/web/eventsource/eventsource-stream.js +399 -0
  192. package/node_modules/undici/lib/web/eventsource/eventsource.js +501 -0
  193. package/node_modules/undici/lib/web/eventsource/util.js +29 -0
  194. package/node_modules/undici/lib/web/fetch/LICENSE +21 -0
  195. package/node_modules/undici/lib/web/fetch/body.js +509 -0
  196. package/node_modules/undici/lib/web/fetch/constants.js +131 -0
  197. package/node_modules/undici/lib/web/fetch/data-url.js +596 -0
  198. package/node_modules/undici/lib/web/fetch/formdata-parser.js +586 -0
  199. package/node_modules/undici/lib/web/fetch/formdata.js +259 -0
  200. package/node_modules/undici/lib/web/fetch/global.js +40 -0
  201. package/node_modules/undici/lib/web/fetch/headers.js +719 -0
  202. package/node_modules/undici/lib/web/fetch/index.js +2413 -0
  203. package/node_modules/undici/lib/web/fetch/request.js +1115 -0
  204. package/node_modules/undici/lib/web/fetch/response.js +641 -0
  205. package/node_modules/undici/lib/web/fetch/util.js +1522 -0
  206. package/node_modules/undici/lib/web/infra/index.js +229 -0
  207. package/node_modules/undici/lib/web/subresource-integrity/Readme.md +9 -0
  208. package/node_modules/undici/lib/web/subresource-integrity/subresource-integrity.js +307 -0
  209. package/node_modules/undici/lib/web/webidl/index.js +1006 -0
  210. package/node_modules/undici/lib/web/websocket/connection.js +329 -0
  211. package/node_modules/undici/lib/web/websocket/constants.js +126 -0
  212. package/node_modules/undici/lib/web/websocket/events.js +331 -0
  213. package/node_modules/undici/lib/web/websocket/frame.js +133 -0
  214. package/node_modules/undici/lib/web/websocket/permessage-deflate.js +100 -0
  215. package/node_modules/undici/lib/web/websocket/receiver.js +507 -0
  216. package/node_modules/undici/lib/web/websocket/sender.js +109 -0
  217. package/node_modules/undici/lib/web/websocket/stream/websocketerror.js +104 -0
  218. package/node_modules/undici/lib/web/websocket/stream/websocketstream.js +498 -0
  219. package/node_modules/undici/lib/web/websocket/util.js +347 -0
  220. package/node_modules/undici/lib/web/websocket/websocket.js +758 -0
  221. package/node_modules/undici/package.json +152 -0
  222. package/node_modules/undici/scripts/strip-comments.js +10 -0
  223. package/node_modules/undici/types/README.md +6 -0
  224. package/node_modules/undici/types/agent.d.ts +32 -0
  225. package/node_modules/undici/types/api.d.ts +43 -0
  226. package/node_modules/undici/types/balanced-pool.d.ts +30 -0
  227. package/node_modules/undici/types/cache-interceptor.d.ts +179 -0
  228. package/node_modules/undici/types/cache.d.ts +36 -0
  229. package/node_modules/undici/types/client-stats.d.ts +15 -0
  230. package/node_modules/undici/types/client.d.ts +139 -0
  231. package/node_modules/undici/types/connector.d.ts +36 -0
  232. package/node_modules/undici/types/content-type.d.ts +21 -0
  233. package/node_modules/undici/types/cookies.d.ts +30 -0
  234. package/node_modules/undici/types/diagnostics-channel.d.ts +74 -0
  235. package/node_modules/undici/types/dispatcher.d.ts +275 -0
  236. package/node_modules/undici/types/env-http-proxy-agent.d.ts +22 -0
  237. package/node_modules/undici/types/errors.d.ts +177 -0
  238. package/node_modules/undici/types/eventsource.d.ts +66 -0
  239. package/node_modules/undici/types/fetch.d.ts +231 -0
  240. package/node_modules/undici/types/formdata.d.ts +114 -0
  241. package/node_modules/undici/types/global-dispatcher.d.ts +9 -0
  242. package/node_modules/undici/types/global-origin.d.ts +7 -0
  243. package/node_modules/undici/types/h2c-client.d.ts +73 -0
  244. package/node_modules/undici/types/handlers.d.ts +14 -0
  245. package/node_modules/undici/types/header.d.ts +160 -0
  246. package/node_modules/undici/types/index.d.ts +91 -0
  247. package/node_modules/undici/types/interceptors.d.ts +80 -0
  248. package/node_modules/undici/types/mock-agent.d.ts +68 -0
  249. package/node_modules/undici/types/mock-call-history.d.ts +111 -0
  250. package/node_modules/undici/types/mock-client.d.ts +27 -0
  251. package/node_modules/undici/types/mock-errors.d.ts +12 -0
  252. package/node_modules/undici/types/mock-interceptor.d.ts +94 -0
  253. package/node_modules/undici/types/mock-pool.d.ts +27 -0
  254. package/node_modules/undici/types/patch.d.ts +29 -0
  255. package/node_modules/undici/types/pool-stats.d.ts +19 -0
  256. package/node_modules/undici/types/pool.d.ts +41 -0
  257. package/node_modules/undici/types/proxy-agent.d.ts +29 -0
  258. package/node_modules/undici/types/readable.d.ts +68 -0
  259. package/node_modules/undici/types/retry-agent.d.ts +8 -0
  260. package/node_modules/undici/types/retry-handler.d.ts +125 -0
  261. package/node_modules/undici/types/round-robin-pool.d.ts +41 -0
  262. package/node_modules/undici/types/snapshot-agent.d.ts +109 -0
  263. package/node_modules/undici/types/socks5-proxy-agent.d.ts +25 -0
  264. package/node_modules/undici/types/util.d.ts +18 -0
  265. package/node_modules/undici/types/utility.d.ts +7 -0
  266. package/node_modules/undici/types/webidl.d.ts +347 -0
  267. package/node_modules/undici/types/websocket.d.ts +188 -0
  268. package/package.json +161 -156
  269. package/src/context.ts +1 -1
  270. package/src/cursor-context-tools.ts +1 -1
  271. package/src/cursor-live-run-accounting.ts +1 -1
  272. package/src/cursor-live-run-coordinator.ts +1 -1
  273. package/src/cursor-native-replay-routing.ts +1 -1
  274. package/src/cursor-partial-content-emitter.ts +1 -1
  275. package/src/cursor-pi-tool-bridge-mcp.ts +1 -1
  276. package/src/cursor-pi-tool-bridge-run.ts +1 -1
  277. package/src/cursor-pi-tool-bridge-types.ts +1 -1
  278. package/src/cursor-provider-lazy.ts +1 -1
  279. package/src/cursor-provider-live-run-drain.ts +1 -1
  280. package/src/cursor-provider-run-finalizer.ts +1 -1
  281. package/src/cursor-provider-turn-coordinator.ts +1 -1
  282. package/src/cursor-provider-turn-lifecycle-emitter.ts +1 -1
  283. package/src/cursor-provider-turn-prepare.ts +1 -1
  284. package/src/cursor-provider-turn-types.ts +1 -1
  285. package/src/cursor-provider.ts +1 -1
  286. package/src/cursor-run-final-text.ts +1 -1
  287. package/src/cursor-sdk-event-debug.ts +1 -1
  288. package/src/cursor-session-agent.ts +1 -1
  289. package/src/cursor-session-send-policy.ts +1 -1
  290. package/src/cursor-usage-accounting.ts +1 -1
  291. package/src/model-discovery.ts +1 -1
@@ -0,0 +1,314 @@
1
+ 'use strict'
2
+
3
+ const { collectASequenceOfCodePointsFast } = require('../infra')
4
+ const { maxNameValuePairSize, maxAttributeValueSize } = require('./constants')
5
+ const { isCTLExcludingHtab } = require('./util')
6
+ const assert = require('node:assert')
7
+
8
+ /**
9
+ * @description Parses the field-value attributes of a set-cookie header string.
10
+ * @see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4
11
+ * @param {string} header
12
+ * @returns {import('./index').Cookie|null} if the header is invalid, null will be returned
13
+ */
14
+ function parseSetCookie (header) {
15
+ // 1. If the set-cookie-string contains a %x00-08 / %x0A-1F / %x7F
16
+ // character (CTL characters excluding HTAB): Abort these steps and
17
+ // ignore the set-cookie-string entirely.
18
+ if (isCTLExcludingHtab(header)) {
19
+ return null
20
+ }
21
+
22
+ let nameValuePair = ''
23
+ let unparsedAttributes = ''
24
+ let name = ''
25
+ let value = ''
26
+
27
+ // 2. If the set-cookie-string contains a %x3B (";") character:
28
+ if (header.includes(';')) {
29
+ // 1. The name-value-pair string consists of the characters up to,
30
+ // but not including, the first %x3B (";"), and the unparsed-
31
+ // attributes consist of the remainder of the set-cookie-string
32
+ // (including the %x3B (";") in question).
33
+ const position = { position: 0 }
34
+
35
+ nameValuePair = collectASequenceOfCodePointsFast(';', header, position)
36
+ unparsedAttributes = header.slice(position.position)
37
+ } else {
38
+ // Otherwise:
39
+
40
+ // 1. The name-value-pair string consists of all the characters
41
+ // contained in the set-cookie-string, and the unparsed-
42
+ // attributes is the empty string.
43
+ nameValuePair = header
44
+ }
45
+
46
+ // 3. If the name-value-pair string lacks a %x3D ("=") character, then
47
+ // the name string is empty, and the value string is the value of
48
+ // name-value-pair.
49
+ if (!nameValuePair.includes('=')) {
50
+ value = nameValuePair
51
+ } else {
52
+ // Otherwise, the name string consists of the characters up to, but
53
+ // not including, the first %x3D ("=") character, and the (possibly
54
+ // empty) value string consists of the characters after the first
55
+ // %x3D ("=") character.
56
+ const position = { position: 0 }
57
+ name = collectASequenceOfCodePointsFast(
58
+ '=',
59
+ nameValuePair,
60
+ position
61
+ )
62
+ value = nameValuePair.slice(position.position + 1)
63
+ }
64
+
65
+ // 4. Remove any leading or trailing WSP characters from the name
66
+ // string and the value string.
67
+ name = name.trim()
68
+ value = value.trim()
69
+
70
+ // 5. If the sum of the lengths of the name string and the value string
71
+ // is more than 4096 octets, abort these steps and ignore the set-
72
+ // cookie-string entirely.
73
+ if (name.length + value.length > maxNameValuePairSize) {
74
+ return null
75
+ }
76
+
77
+ // 6. The cookie-name is the name string, and the cookie-value is the
78
+ // value string.
79
+ // https://datatracker.ietf.org/doc/html/rfc6265
80
+ // To maximize compatibility with user agents, servers that wish to
81
+ // store arbitrary data in a cookie-value SHOULD encode that data, for
82
+ // example, using Base64 [RFC4648].
83
+ return {
84
+ name, value, ...parseUnparsedAttributes(unparsedAttributes)
85
+ }
86
+ }
87
+
88
+ /**
89
+ * Parses the remaining attributes of a set-cookie header
90
+ * @see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4
91
+ * @param {string} unparsedAttributes
92
+ * @param {Object.<string, unknown>} [cookieAttributeList={}]
93
+ */
94
+ function parseUnparsedAttributes (unparsedAttributes, cookieAttributeList = {}) {
95
+ // 1. If the unparsed-attributes string is empty, skip the rest of
96
+ // these steps.
97
+ if (unparsedAttributes.length === 0) {
98
+ return cookieAttributeList
99
+ }
100
+
101
+ // 2. Discard the first character of the unparsed-attributes (which
102
+ // will be a %x3B (";") character).
103
+ assert(unparsedAttributes[0] === ';')
104
+ unparsedAttributes = unparsedAttributes.slice(1)
105
+
106
+ let cookieAv = ''
107
+
108
+ // 3. If the remaining unparsed-attributes contains a %x3B (";")
109
+ // character:
110
+ if (unparsedAttributes.includes(';')) {
111
+ // 1. Consume the characters of the unparsed-attributes up to, but
112
+ // not including, the first %x3B (";") character.
113
+ cookieAv = collectASequenceOfCodePointsFast(
114
+ ';',
115
+ unparsedAttributes,
116
+ { position: 0 }
117
+ )
118
+ unparsedAttributes = unparsedAttributes.slice(cookieAv.length)
119
+ } else {
120
+ // Otherwise:
121
+
122
+ // 1. Consume the remainder of the unparsed-attributes.
123
+ cookieAv = unparsedAttributes
124
+ unparsedAttributes = ''
125
+ }
126
+
127
+ // Let the cookie-av string be the characters consumed in this step.
128
+
129
+ let attributeName = ''
130
+ let attributeValue = ''
131
+
132
+ // 4. If the cookie-av string contains a %x3D ("=") character:
133
+ if (cookieAv.includes('=')) {
134
+ // 1. The (possibly empty) attribute-name string consists of the
135
+ // characters up to, but not including, the first %x3D ("=")
136
+ // character, and the (possibly empty) attribute-value string
137
+ // consists of the characters after the first %x3D ("=")
138
+ // character.
139
+ const position = { position: 0 }
140
+
141
+ attributeName = collectASequenceOfCodePointsFast(
142
+ '=',
143
+ cookieAv,
144
+ position
145
+ )
146
+ attributeValue = cookieAv.slice(position.position + 1)
147
+ } else {
148
+ // Otherwise:
149
+
150
+ // 1. The attribute-name string consists of the entire cookie-av
151
+ // string, and the attribute-value string is empty.
152
+ attributeName = cookieAv
153
+ }
154
+
155
+ // 5. Remove any leading or trailing WSP characters from the attribute-
156
+ // name string and the attribute-value string.
157
+ attributeName = attributeName.trim()
158
+ attributeValue = attributeValue.trim()
159
+
160
+ // 6. If the attribute-value is longer than 1024 octets, ignore the
161
+ // cookie-av string and return to Step 1 of this algorithm.
162
+ if (attributeValue.length > maxAttributeValueSize) {
163
+ return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)
164
+ }
165
+
166
+ // 7. Process the attribute-name and attribute-value according to the
167
+ // requirements in the following subsections. (Notice that
168
+ // attributes with unrecognized attribute-names are ignored.)
169
+ const attributeNameLowercase = attributeName.toLowerCase()
170
+
171
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.1
172
+ // If the attribute-name case-insensitively matches the string
173
+ // "Expires", the user agent MUST process the cookie-av as follows.
174
+ if (attributeNameLowercase === 'expires') {
175
+ // 1. Let the expiry-time be the result of parsing the attribute-value
176
+ // as cookie-date (see Section 5.1.1).
177
+ const expiryTime = new Date(attributeValue)
178
+
179
+ // 2. If the attribute-value failed to parse as a cookie date, ignore
180
+ // the cookie-av.
181
+
182
+ cookieAttributeList.expires = expiryTime
183
+ } else if (attributeNameLowercase === 'max-age') {
184
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.2
185
+ // If the attribute-name case-insensitively matches the string "Max-
186
+ // Age", the user agent MUST process the cookie-av as follows.
187
+
188
+ // 1. If the first character of the attribute-value is not a DIGIT or a
189
+ // "-" character, ignore the cookie-av.
190
+ const charCode = attributeValue.charCodeAt(0)
191
+
192
+ if ((charCode < 48 || charCode > 57) && attributeValue[0] !== '-') {
193
+ return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)
194
+ }
195
+
196
+ // 2. If the remainder of attribute-value contains a non-DIGIT
197
+ // character, ignore the cookie-av.
198
+ if (!/^\d+$/.test(attributeValue)) {
199
+ return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)
200
+ }
201
+
202
+ // 3. Let delta-seconds be the attribute-value converted to an integer.
203
+ const deltaSeconds = Number(attributeValue)
204
+
205
+ // 4. Let cookie-age-limit be the maximum age of the cookie (which
206
+ // SHOULD be 400 days or less, see Section 4.1.2.2).
207
+
208
+ // 5. Set delta-seconds to the smaller of its present value and cookie-
209
+ // age-limit.
210
+ // deltaSeconds = Math.min(deltaSeconds * 1000, maxExpiresMs)
211
+
212
+ // 6. If delta-seconds is less than or equal to zero (0), let expiry-
213
+ // time be the earliest representable date and time. Otherwise, let
214
+ // the expiry-time be the current date and time plus delta-seconds
215
+ // seconds.
216
+ // const expiryTime = deltaSeconds <= 0 ? Date.now() : Date.now() + deltaSeconds
217
+
218
+ // 7. Append an attribute to the cookie-attribute-list with an
219
+ // attribute-name of Max-Age and an attribute-value of expiry-time.
220
+ cookieAttributeList.maxAge = deltaSeconds
221
+ } else if (attributeNameLowercase === 'domain') {
222
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.3
223
+ // If the attribute-name case-insensitively matches the string "Domain",
224
+ // the user agent MUST process the cookie-av as follows.
225
+
226
+ // 1. Let cookie-domain be the attribute-value.
227
+ let cookieDomain = attributeValue
228
+
229
+ // 2. If cookie-domain starts with %x2E ("."), let cookie-domain be
230
+ // cookie-domain without its leading %x2E (".").
231
+ if (cookieDomain[0] === '.') {
232
+ cookieDomain = cookieDomain.slice(1)
233
+ }
234
+
235
+ // 3. Convert the cookie-domain to lower case.
236
+ cookieDomain = cookieDomain.toLowerCase()
237
+
238
+ // 4. Append an attribute to the cookie-attribute-list with an
239
+ // attribute-name of Domain and an attribute-value of cookie-domain.
240
+ cookieAttributeList.domain = cookieDomain
241
+ } else if (attributeNameLowercase === 'path') {
242
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.4
243
+ // If the attribute-name case-insensitively matches the string "Path",
244
+ // the user agent MUST process the cookie-av as follows.
245
+
246
+ // 1. If the attribute-value is empty or if the first character of the
247
+ // attribute-value is not %x2F ("/"):
248
+ let cookiePath = ''
249
+ if (attributeValue.length === 0 || attributeValue[0] !== '/') {
250
+ // 1. Let cookie-path be the default-path.
251
+ cookiePath = '/'
252
+ } else {
253
+ // Otherwise:
254
+
255
+ // 1. Let cookie-path be the attribute-value.
256
+ cookiePath = attributeValue
257
+ }
258
+
259
+ // 2. Append an attribute to the cookie-attribute-list with an
260
+ // attribute-name of Path and an attribute-value of cookie-path.
261
+ cookieAttributeList.path = cookiePath
262
+ } else if (attributeNameLowercase === 'secure') {
263
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.5
264
+ // If the attribute-name case-insensitively matches the string "Secure",
265
+ // the user agent MUST append an attribute to the cookie-attribute-list
266
+ // with an attribute-name of Secure and an empty attribute-value.
267
+
268
+ cookieAttributeList.secure = true
269
+ } else if (attributeNameLowercase === 'httponly') {
270
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.6
271
+ // If the attribute-name case-insensitively matches the string
272
+ // "HttpOnly", the user agent MUST append an attribute to the cookie-
273
+ // attribute-list with an attribute-name of HttpOnly and an empty
274
+ // attribute-value.
275
+
276
+ cookieAttributeList.httpOnly = true
277
+ } else if (attributeNameLowercase === 'samesite') {
278
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.7
279
+ // If the attribute-name case-insensitively matches the string
280
+ // "SameSite", the user agent MUST process the cookie-av as follows:
281
+
282
+ const attributeValueLowercase = attributeValue.toLowerCase()
283
+
284
+ // 1. If cookie-av's attribute-value is a case-insensitive match for
285
+ // "None", append an attribute to the cookie-attribute-list with an
286
+ // attribute-name of "SameSite" and an attribute-value of "None".
287
+ if (attributeValueLowercase === 'none') {
288
+ cookieAttributeList.sameSite = 'None'
289
+ } else if (attributeValueLowercase === 'strict') {
290
+ // 2. If cookie-av's attribute-value is a case-insensitive match for
291
+ // "Strict", append an attribute to the cookie-attribute-list with
292
+ // an attribute-name of "SameSite" and an attribute-value of
293
+ // "Strict".
294
+ cookieAttributeList.sameSite = 'Strict'
295
+ } else if (attributeValueLowercase === 'lax') {
296
+ // 3. If cookie-av's attribute-value is a case-insensitive match for
297
+ // "Lax", append an attribute to the cookie-attribute-list with an
298
+ // attribute-name of "SameSite" and an attribute-value of "Lax".
299
+ cookieAttributeList.sameSite = 'Lax'
300
+ }
301
+ } else {
302
+ cookieAttributeList.unparsed ??= []
303
+
304
+ cookieAttributeList.unparsed.push(`${attributeName}=${attributeValue}`)
305
+ }
306
+
307
+ // 8. Return to Step 1 of this algorithm.
308
+ return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)
309
+ }
310
+
311
+ module.exports = {
312
+ parseSetCookie,
313
+ parseUnparsedAttributes
314
+ }
@@ -0,0 +1,282 @@
1
+ 'use strict'
2
+
3
+ /**
4
+ * @param {string} value
5
+ * @returns {boolean}
6
+ */
7
+ function isCTLExcludingHtab (value) {
8
+ for (let i = 0; i < value.length; ++i) {
9
+ const code = value.charCodeAt(i)
10
+
11
+ if (
12
+ (code >= 0x00 && code <= 0x08) ||
13
+ (code >= 0x0A && code <= 0x1F) ||
14
+ code === 0x7F
15
+ ) {
16
+ return true
17
+ }
18
+ }
19
+ return false
20
+ }
21
+
22
+ /**
23
+ CHAR = <any US-ASCII character (octets 0 - 127)>
24
+ token = 1*<any CHAR except CTLs or separators>
25
+ separators = "(" | ")" | "<" | ">" | "@"
26
+ | "," | ";" | ":" | "\" | <">
27
+ | "/" | "[" | "]" | "?" | "="
28
+ | "{" | "}" | SP | HT
29
+ * @param {string} name
30
+ */
31
+ function validateCookieName (name) {
32
+ for (let i = 0; i < name.length; ++i) {
33
+ const code = name.charCodeAt(i)
34
+
35
+ if (
36
+ code < 0x21 || // exclude CTLs (0-31), SP and HT
37
+ code > 0x7E || // exclude non-ascii and DEL
38
+ code === 0x22 || // "
39
+ code === 0x28 || // (
40
+ code === 0x29 || // )
41
+ code === 0x3C || // <
42
+ code === 0x3E || // >
43
+ code === 0x40 || // @
44
+ code === 0x2C || // ,
45
+ code === 0x3B || // ;
46
+ code === 0x3A || // :
47
+ code === 0x5C || // \
48
+ code === 0x2F || // /
49
+ code === 0x5B || // [
50
+ code === 0x5D || // ]
51
+ code === 0x3F || // ?
52
+ code === 0x3D || // =
53
+ code === 0x7B || // {
54
+ code === 0x7D // }
55
+ ) {
56
+ throw new Error('Invalid cookie name')
57
+ }
58
+ }
59
+ }
60
+
61
+ /**
62
+ cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
63
+ cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
64
+ ; US-ASCII characters excluding CTLs,
65
+ ; whitespace DQUOTE, comma, semicolon,
66
+ ; and backslash
67
+ * @param {string} value
68
+ */
69
+ function validateCookieValue (value) {
70
+ let len = value.length
71
+ let i = 0
72
+
73
+ // if the value is wrapped in DQUOTE
74
+ if (value[0] === '"') {
75
+ if (len === 1 || value[len - 1] !== '"') {
76
+ throw new Error('Invalid cookie value')
77
+ }
78
+ --len
79
+ ++i
80
+ }
81
+
82
+ while (i < len) {
83
+ const code = value.charCodeAt(i++)
84
+
85
+ if (
86
+ code < 0x21 || // exclude CTLs (0-31)
87
+ code > 0x7E || // non-ascii and DEL (127)
88
+ code === 0x22 || // "
89
+ code === 0x2C || // ,
90
+ code === 0x3B || // ;
91
+ code === 0x5C // \
92
+ ) {
93
+ throw new Error('Invalid cookie value')
94
+ }
95
+ }
96
+ }
97
+
98
+ /**
99
+ * path-value = <any CHAR except CTLs or ";">
100
+ * @param {string} path
101
+ */
102
+ function validateCookiePath (path) {
103
+ for (let i = 0; i < path.length; ++i) {
104
+ const code = path.charCodeAt(i)
105
+
106
+ if (
107
+ code < 0x20 || // exclude CTLs (0-31)
108
+ code === 0x7F || // DEL
109
+ code === 0x3B // ;
110
+ ) {
111
+ throw new Error('Invalid cookie path')
112
+ }
113
+ }
114
+ }
115
+
116
+ /**
117
+ * I have no idea why these values aren't allowed to be honest,
118
+ * but Deno tests these. - Khafra
119
+ * @param {string} domain
120
+ */
121
+ function validateCookieDomain (domain) {
122
+ if (
123
+ domain.startsWith('-') ||
124
+ domain.endsWith('.') ||
125
+ domain.endsWith('-')
126
+ ) {
127
+ throw new Error('Invalid cookie domain')
128
+ }
129
+ }
130
+
131
+ const IMFDays = [
132
+ 'Sun', 'Mon', 'Tue', 'Wed',
133
+ 'Thu', 'Fri', 'Sat'
134
+ ]
135
+
136
+ const IMFMonths = [
137
+ 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
138
+ 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'
139
+ ]
140
+
141
+ const IMFPaddedNumbers = Array(61).fill(0).map((_, i) => i.toString().padStart(2, '0'))
142
+
143
+ /**
144
+ * @see https://www.rfc-editor.org/rfc/rfc7231#section-7.1.1.1
145
+ * @param {number|Date} date
146
+ IMF-fixdate = day-name "," SP date1 SP time-of-day SP GMT
147
+ ; fixed length/zone/capitalization subset of the format
148
+ ; see Section 3.3 of [RFC5322]
149
+
150
+ day-name = %x4D.6F.6E ; "Mon", case-sensitive
151
+ / %x54.75.65 ; "Tue", case-sensitive
152
+ / %x57.65.64 ; "Wed", case-sensitive
153
+ / %x54.68.75 ; "Thu", case-sensitive
154
+ / %x46.72.69 ; "Fri", case-sensitive
155
+ / %x53.61.74 ; "Sat", case-sensitive
156
+ / %x53.75.6E ; "Sun", case-sensitive
157
+ date1 = day SP month SP year
158
+ ; e.g., 02 Jun 1982
159
+
160
+ day = 2DIGIT
161
+ month = %x4A.61.6E ; "Jan", case-sensitive
162
+ / %x46.65.62 ; "Feb", case-sensitive
163
+ / %x4D.61.72 ; "Mar", case-sensitive
164
+ / %x41.70.72 ; "Apr", case-sensitive
165
+ / %x4D.61.79 ; "May", case-sensitive
166
+ / %x4A.75.6E ; "Jun", case-sensitive
167
+ / %x4A.75.6C ; "Jul", case-sensitive
168
+ / %x41.75.67 ; "Aug", case-sensitive
169
+ / %x53.65.70 ; "Sep", case-sensitive
170
+ / %x4F.63.74 ; "Oct", case-sensitive
171
+ / %x4E.6F.76 ; "Nov", case-sensitive
172
+ / %x44.65.63 ; "Dec", case-sensitive
173
+ year = 4DIGIT
174
+
175
+ GMT = %x47.4D.54 ; "GMT", case-sensitive
176
+
177
+ time-of-day = hour ":" minute ":" second
178
+ ; 00:00:00 - 23:59:60 (leap second)
179
+
180
+ hour = 2DIGIT
181
+ minute = 2DIGIT
182
+ second = 2DIGIT
183
+ */
184
+ function toIMFDate (date) {
185
+ if (typeof date === 'number') {
186
+ date = new Date(date)
187
+ }
188
+
189
+ return `${IMFDays[date.getUTCDay()]}, ${IMFPaddedNumbers[date.getUTCDate()]} ${IMFMonths[date.getUTCMonth()]} ${date.getUTCFullYear()} ${IMFPaddedNumbers[date.getUTCHours()]}:${IMFPaddedNumbers[date.getUTCMinutes()]}:${IMFPaddedNumbers[date.getUTCSeconds()]} GMT`
190
+ }
191
+
192
+ /**
193
+ max-age-av = "Max-Age=" non-zero-digit *DIGIT
194
+ ; In practice, both expires-av and max-age-av
195
+ ; are limited to dates representable by the
196
+ ; user agent.
197
+ * @param {number} maxAge
198
+ */
199
+ function validateCookieMaxAge (maxAge) {
200
+ if (maxAge < 0) {
201
+ throw new Error('Invalid cookie max-age')
202
+ }
203
+ }
204
+
205
+ /**
206
+ * @see https://www.rfc-editor.org/rfc/rfc6265#section-4.1.1
207
+ * @param {import('./index').Cookie} cookie
208
+ */
209
+ function stringify (cookie) {
210
+ if (cookie.name.length === 0) {
211
+ return null
212
+ }
213
+
214
+ validateCookieName(cookie.name)
215
+ validateCookieValue(cookie.value)
216
+
217
+ const out = [`${cookie.name}=${cookie.value}`]
218
+
219
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.1
220
+ // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2
221
+ if (cookie.name.startsWith('__Secure-')) {
222
+ cookie.secure = true
223
+ }
224
+
225
+ if (cookie.name.startsWith('__Host-')) {
226
+ cookie.secure = true
227
+ cookie.domain = null
228
+ cookie.path = '/'
229
+ }
230
+
231
+ if (cookie.secure) {
232
+ out.push('Secure')
233
+ }
234
+
235
+ if (cookie.httpOnly) {
236
+ out.push('HttpOnly')
237
+ }
238
+
239
+ if (typeof cookie.maxAge === 'number') {
240
+ validateCookieMaxAge(cookie.maxAge)
241
+ out.push(`Max-Age=${cookie.maxAge}`)
242
+ }
243
+
244
+ if (cookie.domain) {
245
+ validateCookieDomain(cookie.domain)
246
+ out.push(`Domain=${cookie.domain}`)
247
+ }
248
+
249
+ if (cookie.path) {
250
+ validateCookiePath(cookie.path)
251
+ out.push(`Path=${cookie.path}`)
252
+ }
253
+
254
+ if (cookie.expires && cookie.expires.toString() !== 'Invalid Date') {
255
+ out.push(`Expires=${toIMFDate(cookie.expires)}`)
256
+ }
257
+
258
+ if (cookie.sameSite) {
259
+ out.push(`SameSite=${cookie.sameSite}`)
260
+ }
261
+
262
+ for (const part of cookie.unparsed) {
263
+ if (!part.includes('=')) {
264
+ throw new Error('Invalid unparsed')
265
+ }
266
+
267
+ const [key, ...value] = part.split('=')
268
+
269
+ out.push(`${key.trim()}=${value.join('=')}`)
270
+ }
271
+
272
+ return out.join('; ')
273
+ }
274
+
275
+ module.exports = {
276
+ isCTLExcludingHtab,
277
+ validateCookieName,
278
+ validateCookiePath,
279
+ validateCookieValue,
280
+ toIMFDate,
281
+ stringify
282
+ }