rekwest 7.2.2 → 7.2.4

package/README.md

@@ -127,9 +127,8 @@ console.log(res.body);
     with the request
   * `bufferBody` **{boolean}** `Default: false` Toggles the buffering of the streamable request bodies for redirects and
     retries
-  * `cookies` **{boolean | string[] | Array<[k, v]> | Cookies | Object | URLSearchParams}** `Default: true` The
-    cookies to add to
-    the request
+  * `cookies` **{boolean | string | string[] | [k, v][] | Cookies | Object | URLSearchParams}** `Default: true` The
+    cookies to add to the request. Manually set `cookie` header to override.
   * `cookiesTTL` **{boolean}** `Default: false` Controls enablement of TTL for the cookies cache
   * `credentials` **{include | omit | same-origin}** `Default: same-origin` Controls credentials in case of cross-origin
     redirects

package/dist/cookies.cjs

@@ -3,10 +3,17 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.Cookies = void 0;
+exports.splitCookie = exports.maxCookieSize = exports.maxCookieLifetimeCap = exports.isValidCookie = exports.illegalCookieChars = exports.cookieRex = exports.cookiePairRex = exports.Cookies = void 0;
 var _utils = require("./utils.cjs");
-const lifetimeCap = 3456e7; // 400 days
-
+const cookieRex = exports.cookieRex = /^[\w-]+=(?:"[^"]*"|[^\p{Control};]*)(?:;\s*(?:[\w-]+=(?:"[^"]*"|[^\p{Control};]*)|[\w-]+))*$/u;
+const cookiePairRex = exports.cookiePairRex = /(?:[^;"\s]+="[^"]*"|[^;]+)(?=;|$)/g;
+const illegalCookieChars = exports.illegalCookieChars = /\p{Control}/u;
+const isValidCookie = str => str?.constructor === String && cookieRex.test(str);
+exports.isValidCookie = isValidCookie;
+const maxCookieLifetimeCap = exports.maxCookieLifetimeCap = 3456e7; // 400 days
+const maxCookieSize = exports.maxCookieSize = 4096;
+const splitCookie = str => str.match(cookiePairRex).map(str => str.trim());
+exports.splitCookie = splitCookie;
 class Cookies extends URLSearchParams {
   static #finalizers = new Set();
   static jar = new Map();
@@ -27,27 +34,39 @@ class Cookies extends URLSearchParams {
   } = {
     cookiesTTL: false
   }) {
-    if (Array.isArray(input) && input.every(it => !Array.isArray(it))) {
-      input = input.map(it => {
-        if (!cookiesTTL) {
-          return [it.split(';').at(0).trim()];
-        }
-        const [cookie, ...attrs] = it.split(';').map(it => it.trim());
-        const ttl = {};
-        for (const attr of attrs) {
-          if (/(?:expires|max-age)=/i.test(attr)) {
-            const [key, val] = attr.toLowerCase().split('=');
-            const ms = Number.isFinite(Number.parseInt(val, 10)) ? val * 1e3 : Date.parse(val) - Date.now();
-            ttl[(0, _utils.toCamelCase)(key)] = Math.min(ms, lifetimeCap);
+    if (isValidCookie(input)) {
+      input = splitCookie(input);
+    }
+    const ttlMap = new Map();
+    if (Array.isArray(input)) {
+      if (input.every(it => isValidCookie(it))) {
+        input = input.filter(it => !illegalCookieChars.test(it) && it.length <= maxCookieSize);
+        input = input.map(splitCookie).map(([cookie, ...attrs]) => {
+          try {
+            cookie = cookie.split('=').map(it => decodeURIComponent(it.trim()));
+            return cookie;
+          } finally {
+            if (cookiesTTL) {
+              for (const attr of attrs) {
+                if (/(?:expires|max-age)=/i.test(attr)) {
+                  const [key, val] = attr.toLowerCase().split('=');
+                  let interval = val * 1e3 || Date.parse(val) - Date.now();
+                  if (interval < 0 || Number.isNaN(interval)) {
+                    interval = 0;
+                  }
+                  ttlMap.set(cookie[0], {
+                    [(0, _utils.toCamelCase)(key.trim())]: Math.min(interval, maxCookieLifetimeCap)
+                  });
+                }
+              }
+            }
           }
-        }
-        return [cookie.replace(/\u0022/g, ''), Object.keys(ttl).length ? ttl : null];
-      });
+        });
+      }
     }
-    super(Array.isArray(input) ? input.map(it => it.at(0)).join('&') : input);
-    if (Array.isArray(input) && cookiesTTL) {
-      for (const [cookie, ttl] of input.filter(it => it.at(1))) {
-        const key = cookie.split('=').at(0);
+    super(input);
+    if (ttlMap.size) {
+      for (const [key, attrs] of ttlMap) {
         if (this.#chronometry.has(key)) {
           clearTimeout(this.#chronometry.get(key));
           this.#chronometry.delete(key);
@@ -55,9 +74,9 @@ class Cookies extends URLSearchParams {
         const {
           expires,
           maxAge
-        } = ttl;
-        for (const ms of [maxAge, expires]) {
-          if (!Number.isInteger(ms)) {
+        } = attrs;
+        for (const interval of [maxAge, expires]) {
+          if (!Number.isInteger(interval)) {
             continue;
           }
           const ref = new WeakRef(this);
@@ -67,7 +86,7 @@ class Cookies extends URLSearchParams {
               ctx.#chronometry.delete(key);
               ctx.delete(key);
             }
-          }, Math.max(ms, 0));
+          }, Math.max(interval, 0));
           this.constructor.#register(this, tid);
           this.#chronometry.set(key, tid);
           break;

package/dist/formdata.cjs

@@ -7,7 +7,6 @@ exports.FormData = void 0;
 var _nodeBuffer = require("node:buffer");
 var _nodeCrypto = require("node:crypto");
 var _nodeHttp = _interopRequireDefault(require("node:http2"));
-var _nodeUtil = require("node:util");
 var _mediatypes = require("./mediatypes.cjs");
 var _utils = require("./utils.cjs");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
@@ -44,15 +43,15 @@ class FormData {
     return FormData.name === val?.[Symbol.toStringTag];
   }
   static #enfoldEntry(name, value, filename) {
-    name = (0, _nodeUtil.toUSVString)(name);
-    filename &&= (0, _nodeUtil.toUSVString)(filename);
+    name = String(name).toWellFormed();
+    filename &&= String(filename).toWellFormed();
     if ((0, _utils.isFileLike)(value)) {
       filename ??= value.name || 'blob';
       value = new _nodeBuffer.File([value], filename, value);
     } else if (this.#ensureInstance(value)) {
       value.name = filename;
     } else {
-      value = (0, _nodeUtil.toUSVString)(value);
+      value = String(value).toWellFormed();
     }
     return {
       name,
@@ -106,7 +105,7 @@ class FormData {
   delete(...args) {
     (0, _utils.brandCheck)(this, FormData);
     this.#ensureArgs(args, 1, 'delete');
-    const name = (0, _nodeUtil.toUSVString)(args[0]);
+    const name = String(args[0]).toWellFormed();
     this.#entries = this.#entries.filter(it => it.name !== name);
   }
   forEach(...args) {
@@ -120,19 +119,19 @@ class FormData {
   get(...args) {
     (0, _utils.brandCheck)(this, FormData);
     this.#ensureArgs(args, 1, 'get');
-    const name = (0, _nodeUtil.toUSVString)(args[0]);
-    return (this.#entries.find(it => it.name === name) ?? {}).value ?? null;
+    const name = String(args[0]).toWellFormed();
+    return this.#entries.find(it => it.name === name)?.value ?? null;
   }
   getAll(...args) {
     (0, _utils.brandCheck)(this, FormData);
     this.#ensureArgs(args, 1, 'getAll');
-    const name = (0, _nodeUtil.toUSVString)(args[0]);
+    const name = String(args[0]).toWellFormed();
     return this.#entries.filter(it => it.name === name).map(it => it.value);
   }
   has(...args) {
     (0, _utils.brandCheck)(this, FormData);
     this.#ensureArgs(args, 1, 'has');
-    const name = (0, _nodeUtil.toUSVString)(args[0]);
+    const name = String(args[0]).toWellFormed();
     return !!this.#entries.find(it => it.name === name);
   }
   set(...args) {

package/dist/preflight.cjs

@@ -56,7 +56,7 @@ const preflight = options => {
     } else {
       cookie &&= _cookies.Cookies.jar.get(url.origin);
     }
-    options.headers = {
+    headers = {
       ...(cookie && {
         [HTTP2_HEADER_COOKIE]: cookie
       }),

package/dist/retries.cjs

@@ -35,7 +35,7 @@ const retries = (err, options) => {
       } = retry;
       if (retry.retryAfter && err.headers?.[HTTP2_HEADER_RETRY_AFTER]) {
         interval = err.headers[HTTP2_HEADER_RETRY_AFTER];
-        interval = Number.isFinite(Number.parseInt(interval, 10)) ? interval * 1e3 : new Date(interval) - Date.now();
+        interval = interval * 1e3 || Date.parse(interval) - Date.now();
         if (interval > retry.maxRetryAfter) {
           throw new _errors.RequestError(`Maximum '${HTTP2_HEADER_RETRY_AFTER}' limit exceeded: ${interval} ms`, {
             cause: err
@@ -44,7 +44,7 @@ const retries = (err, options) => {
       } else {
         interval = new Function('interval', `return Math.ceil(${retry.backoffStrategy});`)(interval);
       }
-      if (interval < 0) {
+      if (interval < 0 || Number.isNaN(interval)) {
         interval = 0;
       }
       retry.attempts--;

package/dist/utils.cjs

@@ -118,37 +118,43 @@ const normalize = (url, options = {}) => {
   if (!options.redirected) {
     options = cloneWith(_config.default.defaults, options);
   }
-  if (options.trimTrailingSlashes) {
-    url = `${url}`.replace(/(?<!:)\/+/g, '/');
-  }
-  if (options.stripTrailingSlash) {
-    url = `${url}`.replace(/\/$|\/(?=#)|\/(?=\?)/g, '');
-  }
   return Object.assign(options, {
     headers: normalizeHeaders(options.headers),
     method: options.method.toUpperCase(),
-    url: addSearchParams(new URL(url, options.baseURL), options.params)
+    url: addSearchParams(normalizeUrl(new URL(url, options.baseURL), options), options.params)
   });
 };
 exports.normalize = normalize;
 const normalizeHeaders = (headers = {}) => {
   const acc = {};
-  for (const [key, val] of Object.entries(headers)) {
-    const name = key.toLowerCase();
+  for (let [key, val] of Object.entries(headers)) {
+    key = key.toLowerCase();
     acc[key] = val;
     if (key === HTTP2_HEADER_ACCEPT_ENCODING && !_config.isZstdSupported) {
-      const modified = val.replace(/\s?zstd,?/gi, '').trim();
-      if (modified) {
-        acc[key] = modified;
+      val = val.replace(/\s?zstd,?/gi, '').trim();
+      if (val) {
+        acc[key] = val;
       } else {
-        Reflect.deleteProperty(acc, name);
+        Reflect.deleteProperty(acc, key);
       }
     }
   }
   return acc;
 };
 exports.normalizeHeaders = normalizeHeaders;
-const sameOrigin = (a, b) => a.protocol === b.protocol && a.hostname === b.hostname && a.port === b.port;
+function normalizeUrl(url, {
+  trimTrailingSlashes,
+  stripTrailingSlash
+} = {}) {
+  if (trimTrailingSlashes) {
+    url.pathname = url.pathname.replace(/\/{2,}/g, '/');
+  }
+  if (stripTrailingSlash && url.pathname !== '/') {
+    url.pathname = url.pathname.replace(/\/$/, '');
+  }
+  return url;
+}
+const sameOrigin = (a, b) => a.origin === b.origin;
 exports.sameOrigin = sameOrigin;
 const snoop = (client, req, options) => {
   req.once('close', () => client?.close());
@@ -162,9 +168,9 @@ const snoop = (client, req, options) => {
   });
 };
 exports.snoop = snoop;
-const stripHeaders = (headers = {}, names = []) => {
-  names = new Set(names);
-  return Object.fromEntries(Object.entries(headers).filter(([key]) => !names.has(key.toLowerCase())));
+const stripHeaders = (headers = {}, keys = []) => {
+  keys = new Set(keys);
+  return Object.fromEntries(Object.entries(headers).filter(([key]) => !keys.has(key)));
 };
 exports.stripHeaders = stripHeaders;
 async function* tap(val) {

package/package.json

@@ -71,5 +71,5 @@
     "test:cover": "c8 --include=src --reporter=lcov --reporter=text npm test"
   },
   "type": "module",
-  "version": "7.2.2"
+  "version": "7.2.4"
 }

package/src/cookies.js

@@ -3,7 +3,13 @@ import {
   toCamelCase,
 } from './utils.js';
 
-const lifetimeCap = 3456e7; // 400 days
+export const cookieRex = /^[\w-]+=(?:"[^"]*"|[^\p{Control};]*)(?:;\s*(?:[\w-]+=(?:"[^"]*"|[^\p{Control};]*)|[\w-]+))*$/u;
+export const cookiePairRex = /(?:[^;"\s]+="[^"]*"|[^;]+)(?=;|$)/g;
+export const illegalCookieChars = /\p{Control}/u;
+export const isValidCookie = (str) => str?.constructor === String && cookieRex.test(str);
+export const maxCookieLifetimeCap = 3456e7; // 400 days
+export const maxCookieSize = 4096;
+export const splitCookie = (str) => str.match(cookiePairRex).map((str) => str.trim());
 
 export class Cookies extends URLSearchParams {
 
@@ -27,49 +33,60 @@ export class Cookies extends URLSearchParams {
   }
 
   constructor(input, { cookiesTTL } = { cookiesTTL: false }) {
-    if (Array.isArray(input) && input.every((it) => !Array.isArray(it))) {
-      input = input.map((it) => {
-        if (!cookiesTTL) {
-          return [it.split(';').at(0).trim()];
-        }
-
-        const [cookie, ...attrs] = it.split(';').map((it) => it.trim());
-        const ttl = {};
-
-        for (const attr of attrs) {
-          if (/(?:expires|max-age)=/i.test(attr)) {
-            const [key, val] = attr.toLowerCase().split('=');
-            const ms = Number.isFinite(Number.parseInt(val, 10)) ? val * 1e3 : Date.parse(val) - Date.now();
+    if (isValidCookie(input)) {
+      input = splitCookie(input);
+    }
 
-            ttl[toCamelCase(key)] = Math.min(ms, lifetimeCap);
+    const ttlMap = new Map();
+
+    if (Array.isArray(input)) {
+      if (input.every((it) => isValidCookie(it))) {
+        input = input.filter((it) => !illegalCookieChars.test(it) && it.length <= maxCookieSize);
+        input = input.map(splitCookie).map(([cookie, ...attrs]) => {
+          try {
+            cookie = cookie.split('=').map((it) => decodeURIComponent(it.trim()));
+
+            return cookie;
+          } finally {
+            if (cookiesTTL) {
+              for (const attr of attrs) {
+                if (/(?:expires|max-age)=/i.test(attr)) {
+                  const [key, val] = attr.toLowerCase().split('=');
+                  let interval = val * 1e3 || Date.parse(val) - Date.now();
+
+                  if (interval < 0 || Number.isNaN(interval)) {
+                    interval = 0;
+                  }
+
+                  ttlMap.set(
+                    cookie[0],
+                    { [toCamelCase(key.trim())]: Math.min(interval, maxCookieLifetimeCap) },
+                  );
+                }
+              }
+            }
           }
-        }
-
-        return [
-          cookie.replace(/\u0022/g, ''),
-          Object.keys(ttl).length ? ttl : null,
-        ];
-      });
+        });
+      }
     }
 
-    super(Array.isArray(input) ? input.map((it) => it.at(0)).join('&') : input);
+    super(input);
 
-    if (Array.isArray(input) && cookiesTTL) {
-      for (const [cookie, ttl] of input.filter((it) => it.at(1))) {
-        const key = cookie.split('=').at(0);
+    if (ttlMap.size) {
+      for (const [key, attrs] of ttlMap) {
 
         if (this.#chronometry.has(key)) {
           clearTimeout(this.#chronometry.get(key));
           this.#chronometry.delete(key);
         }
 
-        const { expires, maxAge } = ttl;
+        const { expires, maxAge } = attrs;
 
-        for (const ms of [
+        for (const interval of [
           maxAge,
           expires,
         ]) {
-          if (!Number.isInteger(ms)) {
+          if (!Number.isInteger(interval)) {
             continue;
           }
 
@@ -81,7 +98,7 @@ export class Cookies extends URLSearchParams {
               ctx.#chronometry.delete(key);
               ctx.delete(key);
             }
-          }, Math.max(ms, 0));
+          }, Math.max(interval, 0));
 
           this.constructor.#register(this, tid);
           this.#chronometry.set(key, tid);

package/src/formdata.js

@@ -1,7 +1,6 @@
 import { File } from 'node:buffer';
 import { randomBytes } from 'node:crypto';
 import http2 from 'node:http2';
-import { toUSVString } from 'node:util';
 import {
   APPLICATION_OCTET_STREAM,
   MULTIPART_FORM_DATA,
@@ -64,8 +63,8 @@ export class FormData {
   }
 
   static #enfoldEntry(name, value, filename) {
-    name = toUSVString(name);
-    filename &&= toUSVString(filename);
+    name = String(name).toWellFormed();
+    filename &&= String(filename).toWellFormed();
 
     if (isFileLike(value)) {
       filename ??= value.name || 'blob';
@@ -73,7 +72,7 @@ export class FormData {
     } else if (this.#ensureInstance(value)) {
       value.name = filename;
     } else {
-      value = toUSVString(value);
+      value = String(value).toWellFormed();
     }
 
     return {
@@ -152,7 +151,7 @@ export class FormData {
   delete(...args) {
     brandCheck(this, FormData);
     this.#ensureArgs(args, 1, 'delete');
-    const name = toUSVString(args[0]);
+    const name = String(args[0]).toWellFormed();
 
     this.#entries = this.#entries.filter((it) => it.name !== name);
   }
@@ -173,15 +172,15 @@ export class FormData {
   get(...args) {
     brandCheck(this, FormData);
     this.#ensureArgs(args, 1, 'get');
-    const name = toUSVString(args[0]);
+    const name = String(args[0]).toWellFormed();
 
-    return (this.#entries.find((it) => it.name === name) ?? {}).value ?? null;
+    return this.#entries.find((it) => it.name === name)?.value ?? null;
   }
 
   getAll(...args) {
     brandCheck(this, FormData);
     this.#ensureArgs(args, 1, 'getAll');
-    const name = toUSVString(args[0]);
+    const name = String(args[0]).toWellFormed();
 
     return this.#entries.filter((it) => it.name === name).map((it) => it.value);
   }
@@ -189,7 +188,7 @@ export class FormData {
   has(...args) {
     brandCheck(this, FormData);
     this.#ensureArgs(args, 1, 'has');
-    const name = toUSVString(args[0]);
+    const name = String(args[0]).toWellFormed();
 
     return !!this.#entries.find((it) => it.name === name);
   }

package/src/preflight.js

@@ -64,7 +64,7 @@ export const preflight = (options) => {
       cookie &&= Cookies.jar.get(url.origin);
     }
 
-    options.headers = {
+    headers = {
       ...cookie && { [HTTP2_HEADER_COOKIE]: cookie },
       ...headers,
     };

package/src/retries.js

@@ -27,7 +27,7 @@ export const retries = (err, options) => {
 
       if (retry.retryAfter && err.headers?.[HTTP2_HEADER_RETRY_AFTER]) {
         interval = err.headers[HTTP2_HEADER_RETRY_AFTER];
-        interval = Number.isFinite(Number.parseInt(interval, 10)) ? interval * 1e3 : new Date(interval) - Date.now();
+        interval = interval * 1e3 || Date.parse(interval) - Date.now();
         if (interval > retry.maxRetryAfter) {
           throw new RequestError(
             `Maximum '${ HTTP2_HEADER_RETRY_AFTER }' limit exceeded: ${ interval } ms`,
@@ -38,7 +38,7 @@ export const retries = (err, options) => {
         interval = new Function('interval', `return Math.ceil(${ retry.backoffStrategy });`)(interval);
       }
 
-      if (interval < 0) {
+      if (interval < 0 || Number.isNaN(interval)) {
         interval = 0;
       }
 

package/src/utils.js

@@ -126,36 +126,28 @@ export const normalize = (url, options = {}) => {
     options = cloneWith(config.defaults, options);
   }
 
-  if (options.trimTrailingSlashes) {
-    url = `${ url }`.replace(/(?<!:)\/+/g, '/');
-  }
-
-  if (options.stripTrailingSlash) {
-    url = `${ url }`.replace(/\/$|\/(?=#)|\/(?=\?)/g, '');
-  }
-
   return Object.assign(options, {
     headers: normalizeHeaders(options.headers),
     method: options.method.toUpperCase(),
-    url: addSearchParams(new URL(url, options.baseURL), options.params),
+    url: addSearchParams(normalizeUrl(new URL(url, options.baseURL), options), options.params),
   });
 };
 
 export const normalizeHeaders = (headers = {}) => {
   const acc = {};
 
-  for (const [key, val] of Object.entries(headers)) {
-    const name = key.toLowerCase();
+  for (let [key, val] of Object.entries(headers)) {
+    key = key.toLowerCase();
 
     acc[key] = val;
 
     if (key === HTTP2_HEADER_ACCEPT_ENCODING && !isZstdSupported) {
-      const modified = val.replace(/\s?zstd,?/gi, '').trim();
+      val = val.replace(/\s?zstd,?/gi, '').trim();
 
-      if (modified) {
-        acc[key] = modified;
+      if (val) {
+        acc[key] = val;
       } else {
-        Reflect.deleteProperty(acc, name);
+        Reflect.deleteProperty(acc, key);
       }
     }
   }
@@ -163,7 +155,19 @@ export const normalizeHeaders = (headers = {}) => {
   return acc;
 };
 
-export const sameOrigin = (a, b) => a.protocol === b.protocol && a.hostname === b.hostname && a.port === b.port;
+function normalizeUrl(url, { trimTrailingSlashes, stripTrailingSlash } = {}) {
+  if (trimTrailingSlashes) {
+    url.pathname = url.pathname.replace(/\/{2,}/g, '/');
+  }
+
+  if (stripTrailingSlash && url.pathname !== '/') {
+    url.pathname = url.pathname.replace(/\/$/, '');
+  }
+
+  return url;
+}
+
+export const sameOrigin = (a, b) => a.origin === b.origin;
 
 export const snoop = (client, req, options) => {
   req.once('close', () => client?.close());
@@ -177,14 +181,10 @@ export const snoop = (client, req, options) => {
   });
 };
 
-export const stripHeaders = (headers = {}, names = []) => {
-  names = new Set(names);
+export const stripHeaders = (headers = {}, keys = []) => {
+  keys = new Set(keys);
 
-  return Object.fromEntries(
-    Object.entries(headers).filter(
-      ([key]) => !names.has(key.toLowerCase()),
-    ),
-  );
+  return Object.fromEntries(Object.entries(headers).filter(([key]) => !keys.has(key)));
 };
 
 export async function* tap(val) {