1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483 |
- /*!
- * Copyright (c) 2015, Salesforce.com, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * 3. Neither the name of Salesforce.com nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
- 'use strict';
- var net = require('net');
- var urlParse = require('url').parse;
- var util = require('util');
- var pubsuffix = require('./pubsuffix-psl');
- var Store = require('./store').Store;
- var MemoryCookieStore = require('./memstore').MemoryCookieStore;
- var pathMatch = require('./pathMatch').pathMatch;
- var VERSION = require('./version');
- var punycode;
- try {
- punycode = require('punycode');
- } catch(e) {
- console.warn("tough-cookie: can't load punycode; won't use punycode for domain normalization");
- }
- // From RFC6265 S4.1.1
- // note that it excludes \x3B ";"
- var COOKIE_OCTETS = /^[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]+$/;
- var CONTROL_CHARS = /[\x00-\x1F]/;
- // From Chromium // '\r', '\n' and '\0' should be treated as a terminator in
- // the "relaxed" mode, see:
- // https://github.com/ChromiumWebApps/chromium/blob/b3d3b4da8bb94c1b2e061600df106d590fda3620/net/cookies/parsed_cookie.cc#L60
- var TERMINATORS = ['\n', '\r', '\0'];
- // RFC6265 S4.1.1 defines path value as 'any CHAR except CTLs or ";"'
- // Note ';' is \x3B
- var PATH_VALUE = /[\x20-\x3A\x3C-\x7E]+/;
- // date-time parsing constants (RFC6265 S5.1.1)
- var DATE_DELIM = /[\x09\x20-\x2F\x3B-\x40\x5B-\x60\x7B-\x7E]/;
- var MONTH_TO_NUM = {
- jan:0, feb:1, mar:2, apr:3, may:4, jun:5,
- jul:6, aug:7, sep:8, oct:9, nov:10, dec:11
- };
- var NUM_TO_MONTH = [
- 'Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec'
- ];
- var NUM_TO_DAY = [
- 'Sun','Mon','Tue','Wed','Thu','Fri','Sat'
- ];
- var MAX_TIME = 2147483647000; // 31-bit max
- var MIN_TIME = 0; // 31-bit min
- /*
- * Parses a Natural number (i.e., non-negative integer) with either the
- * <min>*<max>DIGIT ( non-digit *OCTET )
- * or
- * <min>*<max>DIGIT
- * grammar (RFC6265 S5.1.1).
- *
- * The "trailingOK" boolean controls if the grammar accepts a
- * "( non-digit *OCTET )" trailer.
- */
- function parseDigits(token, minDigits, maxDigits, trailingOK) {
- var count = 0;
- while (count < token.length) {
- var c = token.charCodeAt(count);
- // "non-digit = %x00-2F / %x3A-FF"
- if (c <= 0x2F || c >= 0x3A) {
- break;
- }
- count++;
- }
- // constrain to a minimum and maximum number of digits.
- if (count < minDigits || count > maxDigits) {
- return null;
- }
- if (!trailingOK && count != token.length) {
- return null;
- }
- return parseInt(token.substr(0,count), 10);
- }
- function parseTime(token) {
- var parts = token.split(':');
- var result = [0,0,0];
- /* RF6256 S5.1.1:
- * time = hms-time ( non-digit *OCTET )
- * hms-time = time-field ":" time-field ":" time-field
- * time-field = 1*2DIGIT
- */
- if (parts.length !== 3) {
- return null;
- }
- for (var i = 0; i < 3; i++) {
- // "time-field" must be strictly "1*2DIGIT", HOWEVER, "hms-time" can be
- // followed by "( non-digit *OCTET )" so therefore the last time-field can
- // have a trailer
- var trailingOK = (i == 2);
- var num = parseDigits(parts[i], 1, 2, trailingOK);
- if (num === null) {
- return null;
- }
- result[i] = num;
- }
- return result;
- }
- function parseMonth(token) {
- token = String(token).substr(0,3).toLowerCase();
- var num = MONTH_TO_NUM[token];
- return num >= 0 ? num : null;
- }
- /*
- * RFC6265 S5.1.1 date parser (see RFC for full grammar)
- */
- function parseDate(str) {
- if (!str) {
- return;
- }
- /* RFC6265 S5.1.1:
- * 2. Process each date-token sequentially in the order the date-tokens
- * appear in the cookie-date
- */
- var tokens = str.split(DATE_DELIM);
- if (!tokens) {
- return;
- }
- var hour = null;
- var minute = null;
- var second = null;
- var dayOfMonth = null;
- var month = null;
- var year = null;
- for (var i=0; i<tokens.length; i++) {
- var token = tokens[i].trim();
- if (!token.length) {
- continue;
- }
- var result;
- /* 2.1. If the found-time flag is not set and the token matches the time
- * production, set the found-time flag and set the hour- value,
- * minute-value, and second-value to the numbers denoted by the digits in
- * the date-token, respectively. Skip the remaining sub-steps and continue
- * to the next date-token.
- */
- if (second === null) {
- result = parseTime(token);
- if (result) {
- hour = result[0];
- minute = result[1];
- second = result[2];
- continue;
- }
- }
- /* 2.2. If the found-day-of-month flag is not set and the date-token matches
- * the day-of-month production, set the found-day-of- month flag and set
- * the day-of-month-value to the number denoted by the date-token. Skip
- * the remaining sub-steps and continue to the next date-token.
- */
- if (dayOfMonth === null) {
- // "day-of-month = 1*2DIGIT ( non-digit *OCTET )"
- result = parseDigits(token, 1, 2, true);
- if (result !== null) {
- dayOfMonth = result;
- continue;
- }
- }
- /* 2.3. If the found-month flag is not set and the date-token matches the
- * month production, set the found-month flag and set the month-value to
- * the month denoted by the date-token. Skip the remaining sub-steps and
- * continue to the next date-token.
- */
- if (month === null) {
- result = parseMonth(token);
- if (result !== null) {
- month = result;
- continue;
- }
- }
- /* 2.4. If the found-year flag is not set and the date-token matches the
- * year production, set the found-year flag and set the year-value to the
- * number denoted by the date-token. Skip the remaining sub-steps and
- * continue to the next date-token.
- */
- if (year === null) {
- // "year = 2*4DIGIT ( non-digit *OCTET )"
- result = parseDigits(token, 2, 4, true);
- if (result !== null) {
- year = result;
- /* From S5.1.1:
- * 3. If the year-value is greater than or equal to 70 and less
- * than or equal to 99, increment the year-value by 1900.
- * 4. If the year-value is greater than or equal to 0 and less
- * than or equal to 69, increment the year-value by 2000.
- */
- if (year >= 70 && year <= 99) {
- year += 1900;
- } else if (year >= 0 && year <= 69) {
- year += 2000;
- }
- }
- }
- }
- /* RFC 6265 S5.1.1
- * "5. Abort these steps and fail to parse the cookie-date if:
- * * at least one of the found-day-of-month, found-month, found-
- * year, or found-time flags is not set,
- * * the day-of-month-value is less than 1 or greater than 31,
- * * the year-value is less than 1601,
- * * the hour-value is greater than 23,
- * * the minute-value is greater than 59, or
- * * the second-value is greater than 59.
- * (Note that leap seconds cannot be represented in this syntax.)"
- *
- * So, in order as above:
- */
- if (
- dayOfMonth === null || month === null || year === null || second === null ||
- dayOfMonth < 1 || dayOfMonth > 31 ||
- year < 1601 ||
- hour > 23 ||
- minute > 59 ||
- second > 59
- ) {
- return;
- }
- return new Date(Date.UTC(year, month, dayOfMonth, hour, minute, second));
- }
- function formatDate(date) {
- var d = date.getUTCDate(); d = d >= 10 ? d : '0'+d;
- var h = date.getUTCHours(); h = h >= 10 ? h : '0'+h;
- var m = date.getUTCMinutes(); m = m >= 10 ? m : '0'+m;
- var s = date.getUTCSeconds(); s = s >= 10 ? s : '0'+s;
- return NUM_TO_DAY[date.getUTCDay()] + ', ' +
- d+' '+ NUM_TO_MONTH[date.getUTCMonth()] +' '+ date.getUTCFullYear() +' '+
- h+':'+m+':'+s+' GMT';
- }
- // S5.1.2 Canonicalized Host Names
- function canonicalDomain(str) {
- if (str == null) {
- return null;
- }
- str = str.trim().replace(/^\./,''); // S4.1.2.3 & S5.2.3: ignore leading .
- // convert to IDN if any non-ASCII characters
- if (punycode && /[^\u0001-\u007f]/.test(str)) {
- str = punycode.toASCII(str);
- }
- return str.toLowerCase();
- }
- // S5.1.3 Domain Matching
- function domainMatch(str, domStr, canonicalize) {
- if (str == null || domStr == null) {
- return null;
- }
- if (canonicalize !== false) {
- str = canonicalDomain(str);
- domStr = canonicalDomain(domStr);
- }
- /*
- * "The domain string and the string are identical. (Note that both the
- * domain string and the string will have been canonicalized to lower case at
- * this point)"
- */
- if (str == domStr) {
- return true;
- }
- /* "All of the following [three] conditions hold:" (order adjusted from the RFC) */
- /* "* The string is a host name (i.e., not an IP address)." */
- if (net.isIP(str)) {
- return false;
- }
- /* "* The domain string is a suffix of the string" */
- var idx = str.indexOf(domStr);
- if (idx <= 0) {
- return false; // it's a non-match (-1) or prefix (0)
- }
- // e.g "a.b.c".indexOf("b.c") === 2
- // 5 === 3+2
- if (str.length !== domStr.length + idx) { // it's not a suffix
- return false;
- }
- /* "* The last character of the string that is not included in the domain
- * string is a %x2E (".") character." */
- if (str.substr(idx-1,1) !== '.') {
- return false;
- }
- return true;
- }
- // RFC6265 S5.1.4 Paths and Path-Match
- /*
- * "The user agent MUST use an algorithm equivalent to the following algorithm
- * to compute the default-path of a cookie:"
- *
- * Assumption: the path (and not query part or absolute uri) is passed in.
- */
- function defaultPath(path) {
- // "2. If the uri-path is empty or if the first character of the uri-path is not
- // a %x2F ("/") character, output %x2F ("/") and skip the remaining steps.
- if (!path || path.substr(0,1) !== "/") {
- return "/";
- }
- // "3. If the uri-path contains no more than one %x2F ("/") character, output
- // %x2F ("/") and skip the remaining step."
- if (path === "/") {
- return path;
- }
- var rightSlash = path.lastIndexOf("/");
- if (rightSlash === 0) {
- return "/";
- }
- // "4. Output the characters of the uri-path from the first character up to,
- // but not including, the right-most %x2F ("/")."
- return path.slice(0, rightSlash);
- }
- function trimTerminator(str) {
- for (var t = 0; t < TERMINATORS.length; t++) {
- var terminatorIdx = str.indexOf(TERMINATORS[t]);
- if (terminatorIdx !== -1) {
- str = str.substr(0,terminatorIdx);
- }
- }
- return str;
- }
- function parseCookiePair(cookiePair, looseMode) {
- cookiePair = trimTerminator(cookiePair);
- var firstEq = cookiePair.indexOf('=');
- if (looseMode) {
- if (firstEq === 0) { // '=' is immediately at start
- cookiePair = cookiePair.substr(1);
- firstEq = cookiePair.indexOf('='); // might still need to split on '='
- }
- } else { // non-loose mode
- if (firstEq <= 0) { // no '=' or is at start
- return; // needs to have non-empty "cookie-name"
- }
- }
- var cookieName, cookieValue;
- if (firstEq <= 0) {
- cookieName = "";
- cookieValue = cookiePair.trim();
- } else {
- cookieName = cookiePair.substr(0, firstEq).trim();
- cookieValue = cookiePair.substr(firstEq+1).trim();
- }
- if (CONTROL_CHARS.test(cookieName) || CONTROL_CHARS.test(cookieValue)) {
- return;
- }
- var c = new Cookie();
- c.key = cookieName;
- c.value = cookieValue;
- return c;
- }
- function parse(str, options) {
- if (!options || typeof options !== 'object') {
- options = {};
- }
- str = str.trim();
- // We use a regex to parse the "name-value-pair" part of S5.2
- var firstSemi = str.indexOf(';'); // S5.2 step 1
- var cookiePair = (firstSemi === -1) ? str : str.substr(0, firstSemi);
- var c = parseCookiePair(cookiePair, !!options.loose);
- if (!c) {
- return;
- }
- if (firstSemi === -1) {
- return c;
- }
- // S5.2.3 "unparsed-attributes consist of the remainder of the set-cookie-string
- // (including the %x3B (";") in question)." plus later on in the same section
- // "discard the first ";" and trim".
- var unparsed = str.slice(firstSemi + 1).trim();
- // "If the unparsed-attributes string is empty, skip the rest of these
- // steps."
- if (unparsed.length === 0) {
- return c;
- }
- /*
- * S5.2 says that when looping over the items "[p]rocess the attribute-name
- * and attribute-value according to the requirements in the following
- * subsections" for every item. Plus, for many of the individual attributes
- * in S5.3 it says to use the "attribute-value of the last attribute in the
- * cookie-attribute-list". Therefore, in this implementation, we overwrite
- * the previous value.
- */
- var cookie_avs = unparsed.split(';');
- while (cookie_avs.length) {
- var av = cookie_avs.shift().trim();
- if (av.length === 0) { // happens if ";;" appears
- continue;
- }
- var av_sep = av.indexOf('=');
- var av_key, av_value;
- if (av_sep === -1) {
- av_key = av;
- av_value = null;
- } else {
- av_key = av.substr(0,av_sep);
- av_value = av.substr(av_sep+1);
- }
- av_key = av_key.trim().toLowerCase();
- if (av_value) {
- av_value = av_value.trim();
- }
- switch(av_key) {
- case 'expires': // S5.2.1
- if (av_value) {
- var exp = parseDate(av_value);
- // "If the attribute-value failed to parse as a cookie date, ignore the
- // cookie-av."
- if (exp) {
- // over and underflow not realistically a concern: V8's getTime() seems to
- // store something larger than a 32-bit time_t (even with 32-bit node)
- c.expires = exp;
- }
- }
- break;
- case 'max-age': // S5.2.2
- if (av_value) {
- // "If the first character of the attribute-value is not a DIGIT or a "-"
- // character ...[or]... If the remainder of attribute-value contains a
- // non-DIGIT character, ignore the cookie-av."
- if (/^-?[0-9]+$/.test(av_value)) {
- var delta = parseInt(av_value, 10);
- // "If delta-seconds is less than or equal to zero (0), let expiry-time
- // be the earliest representable date and time."
- c.setMaxAge(delta);
- }
- }
- break;
- case 'domain': // S5.2.3
- // "If the attribute-value is empty, the behavior is undefined. However,
- // the user agent SHOULD ignore the cookie-av entirely."
- if (av_value) {
- // S5.2.3 "Let cookie-domain be the attribute-value without the leading %x2E
- // (".") character."
- var domain = av_value.trim().replace(/^\./, '');
- if (domain) {
- // "Convert the cookie-domain to lower case."
- c.domain = domain.toLowerCase();
- }
- }
- break;
- case 'path': // S5.2.4
- /*
- * "If the attribute-value is empty or if the first character of the
- * attribute-value is not %x2F ("/"):
- * Let cookie-path be the default-path.
- * Otherwise:
- * Let cookie-path be the attribute-value."
- *
- * We'll represent the default-path as null since it depends on the
- * context of the parsing.
- */
- c.path = av_value && av_value[0] === "/" ? av_value : null;
- break;
- case 'secure': // S5.2.5
- /*
- * "If the attribute-name case-insensitively matches the string "Secure",
- * the user agent MUST append an attribute to the cookie-attribute-list
- * with an attribute-name of Secure and an empty attribute-value."
- */
- c.secure = true;
- break;
- case 'httponly': // S5.2.6 -- effectively the same as 'secure'
- c.httpOnly = true;
- break;
- default:
- c.extensions = c.extensions || [];
- c.extensions.push(av);
- break;
- }
- }
- return c;
- }
- // avoid the V8 deoptimization monster!
- function jsonParse(str) {
- var obj;
- try {
- obj = JSON.parse(str);
- } catch (e) {
- return e;
- }
- return obj;
- }
- function fromJSON(str) {
- if (!str) {
- return null;
- }
- var obj;
- if (typeof str === 'string') {
- obj = jsonParse(str);
- if (obj instanceof Error) {
- return null;
- }
- } else {
- // assume it's an Object
- obj = str;
- }
- var c = new Cookie();
- for (var i=0; i<Cookie.serializableProperties.length; i++) {
- var prop = Cookie.serializableProperties[i];
- if (obj[prop] === undefined ||
- obj[prop] === Cookie.prototype[prop])
- {
- continue; // leave as prototype default
- }
- if (prop === 'expires' ||
- prop === 'creation' ||
- prop === 'lastAccessed')
- {
- if (obj[prop] === null) {
- c[prop] = null;
- } else {
- c[prop] = obj[prop] == "Infinity" ?
- "Infinity" : new Date(obj[prop]);
- }
- } else {
- c[prop] = obj[prop];
- }
- }
- return c;
- }
- /* Section 5.4 part 2:
- * "* Cookies with longer paths are listed before cookies with
- * shorter paths.
- *
- * * Among cookies that have equal-length path fields, cookies with
- * earlier creation-times are listed before cookies with later
- * creation-times."
- */
- function cookieCompare(a,b) {
- var cmp = 0;
- // descending for length: b CMP a
- var aPathLen = a.path ? a.path.length : 0;
- var bPathLen = b.path ? b.path.length : 0;
- cmp = bPathLen - aPathLen;
- if (cmp !== 0) {
- return cmp;
- }
- // ascending for time: a CMP b
- var aTime = a.creation ? a.creation.getTime() : MAX_TIME;
- var bTime = b.creation ? b.creation.getTime() : MAX_TIME;
- cmp = aTime - bTime;
- if (cmp !== 0) {
- return cmp;
- }
- // break ties for the same millisecond (precision of JavaScript's clock)
- cmp = a.creationIndex - b.creationIndex;
- return cmp;
- }
- // Gives the permutation of all possible pathMatch()es of a given path. The
- // array is in longest-to-shortest order. Handy for indexing.
- function permutePath(path) {
- if (path === '/') {
- return ['/'];
- }
- if (path.lastIndexOf('/') === path.length-1) {
- path = path.substr(0,path.length-1);
- }
- var permutations = [path];
- while (path.length > 1) {
- var lindex = path.lastIndexOf('/');
- if (lindex === 0) {
- break;
- }
- path = path.substr(0,lindex);
- permutations.push(path);
- }
- permutations.push('/');
- return permutations;
- }
- function getCookieContext(url) {
- if (url instanceof Object) {
- return url;
- }
- // NOTE: decodeURI will throw on malformed URIs (see GH-32).
- // Therefore, we will just skip decoding for such URIs.
- try {
- url = decodeURI(url);
- }
- catch(err) {
- // Silently swallow error
- }
- return urlParse(url);
- }
- function Cookie(options) {
- options = options || {};
- Object.keys(options).forEach(function(prop) {
- if (Cookie.prototype.hasOwnProperty(prop) &&
- Cookie.prototype[prop] !== options[prop] &&
- prop.substr(0,1) !== '_')
- {
- this[prop] = options[prop];
- }
- }, this);
- this.creation = this.creation || new Date();
- // used to break creation ties in cookieCompare():
- Object.defineProperty(this, 'creationIndex', {
- configurable: false,
- enumerable: false, // important for assert.deepEqual checks
- writable: true,
- value: ++Cookie.cookiesCreated
- });
- }
- Cookie.cookiesCreated = 0; // incremented each time a cookie is created
- Cookie.parse = parse;
- Cookie.fromJSON = fromJSON;
- Cookie.prototype.key = "";
- Cookie.prototype.value = "";
- // the order in which the RFC has them:
- Cookie.prototype.expires = "Infinity"; // coerces to literal Infinity
- Cookie.prototype.maxAge = null; // takes precedence over expires for TTL
- Cookie.prototype.domain = null;
- Cookie.prototype.path = null;
- Cookie.prototype.secure = false;
- Cookie.prototype.httpOnly = false;
- Cookie.prototype.extensions = null;
- // set by the CookieJar:
- Cookie.prototype.hostOnly = null; // boolean when set
- Cookie.prototype.pathIsDefault = null; // boolean when set
- Cookie.prototype.creation = null; // Date when set; defaulted by Cookie.parse
- Cookie.prototype.lastAccessed = null; // Date when set
- Object.defineProperty(Cookie.prototype, 'creationIndex', {
- configurable: true,
- enumerable: false,
- writable: true,
- value: 0
- });
- Cookie.serializableProperties = Object.keys(Cookie.prototype)
- .filter(function(prop) {
- return !(
- Cookie.prototype[prop] instanceof Function ||
- prop === 'creationIndex' ||
- prop.substr(0,1) === '_'
- );
- });
- Cookie.prototype.inspect = function inspect() {
- var now = Date.now();
- return 'Cookie="'+this.toString() +
- '; hostOnly='+(this.hostOnly != null ? this.hostOnly : '?') +
- '; aAge='+(this.lastAccessed ? (now-this.lastAccessed.getTime())+'ms' : '?') +
- '; cAge='+(this.creation ? (now-this.creation.getTime())+'ms' : '?') +
- '"';
- };
- // Use the new custom inspection symbol to add the custom inspect function if
- // available.
- if (util.inspect.custom) {
- Cookie.prototype[util.inspect.custom] = Cookie.prototype.inspect;
- }
- Cookie.prototype.toJSON = function() {
- var obj = {};
- var props = Cookie.serializableProperties;
- for (var i=0; i<props.length; i++) {
- var prop = props[i];
- if (this[prop] === Cookie.prototype[prop]) {
- continue; // leave as prototype default
- }
- if (prop === 'expires' ||
- prop === 'creation' ||
- prop === 'lastAccessed')
- {
- if (this[prop] === null) {
- obj[prop] = null;
- } else {
- obj[prop] = this[prop] == "Infinity" ? // intentionally not ===
- "Infinity" : this[prop].toISOString();
- }
- } else if (prop === 'maxAge') {
- if (this[prop] !== null) {
- // again, intentionally not ===
- obj[prop] = (this[prop] == Infinity || this[prop] == -Infinity) ?
- this[prop].toString() : this[prop];
- }
- } else {
- if (this[prop] !== Cookie.prototype[prop]) {
- obj[prop] = this[prop];
- }
- }
- }
- return obj;
- };
- Cookie.prototype.clone = function() {
- return fromJSON(this.toJSON());
- };
- Cookie.prototype.validate = function validate() {
- if (!COOKIE_OCTETS.test(this.value)) {
- return false;
- }
- if (this.expires != Infinity && !(this.expires instanceof Date) && !parseDate(this.expires)) {
- return false;
- }
- if (this.maxAge != null && this.maxAge <= 0) {
- return false; // "Max-Age=" non-zero-digit *DIGIT
- }
- if (this.path != null && !PATH_VALUE.test(this.path)) {
- return false;
- }
- var cdomain = this.cdomain();
- if (cdomain) {
- if (cdomain.match(/\.$/)) {
- return false; // S4.1.2.3 suggests that this is bad. domainMatch() tests confirm this
- }
- var suffix = pubsuffix.getPublicSuffix(cdomain);
- if (suffix == null) { // it's a public suffix
- return false;
- }
- }
- return true;
- };
- Cookie.prototype.setExpires = function setExpires(exp) {
- if (exp instanceof Date) {
- this.expires = exp;
- } else {
- this.expires = parseDate(exp) || "Infinity";
- }
- };
- Cookie.prototype.setMaxAge = function setMaxAge(age) {
- if (age === Infinity || age === -Infinity) {
- this.maxAge = age.toString(); // so JSON.stringify() works
- } else {
- this.maxAge = age;
- }
- };
- // gives Cookie header format
- Cookie.prototype.cookieString = function cookieString() {
- var val = this.value;
- if (val == null) {
- val = '';
- }
- if (this.key === '') {
- return val;
- }
- return this.key+'='+val;
- };
- // gives Set-Cookie header format
- Cookie.prototype.toString = function toString() {
- var str = this.cookieString();
- if (this.expires != Infinity) {
- if (this.expires instanceof Date) {
- str += '; Expires='+formatDate(this.expires);
- } else {
- str += '; Expires='+this.expires;
- }
- }
- if (this.maxAge != null && this.maxAge != Infinity) {
- str += '; Max-Age='+this.maxAge;
- }
- if (this.domain && !this.hostOnly) {
- str += '; Domain='+this.domain;
- }
- if (this.path) {
- str += '; Path='+this.path;
- }
- if (this.secure) {
- str += '; Secure';
- }
- if (this.httpOnly) {
- str += '; HttpOnly';
- }
- if (this.extensions) {
- this.extensions.forEach(function(ext) {
- str += '; '+ext;
- });
- }
- return str;
- };
- // TTL() partially replaces the "expiry-time" parts of S5.3 step 3 (setCookie()
- // elsewhere)
- // S5.3 says to give the "latest representable date" for which we use Infinity
- // For "expired" we use 0
- Cookie.prototype.TTL = function TTL(now) {
- /* RFC6265 S4.1.2.2 If a cookie has both the Max-Age and the Expires
- * attribute, the Max-Age attribute has precedence and controls the
- * expiration date of the cookie.
- * (Concurs with S5.3 step 3)
- */
- if (this.maxAge != null) {
- return this.maxAge<=0 ? 0 : this.maxAge*1000;
- }
- var expires = this.expires;
- if (expires != Infinity) {
- if (!(expires instanceof Date)) {
- expires = parseDate(expires) || Infinity;
- }
- if (expires == Infinity) {
- return Infinity;
- }
- return expires.getTime() - (now || Date.now());
- }
- return Infinity;
- };
- // expiryTime() replaces the "expiry-time" parts of S5.3 step 3 (setCookie()
- // elsewhere)
- Cookie.prototype.expiryTime = function expiryTime(now) {
- if (this.maxAge != null) {
- var relativeTo = now || this.creation || new Date();
- var age = (this.maxAge <= 0) ? -Infinity : this.maxAge*1000;
- return relativeTo.getTime() + age;
- }
- if (this.expires == Infinity) {
- return Infinity;
- }
- return this.expires.getTime();
- };
- // expiryDate() replaces the "expiry-time" parts of S5.3 step 3 (setCookie()
- // elsewhere), except it returns a Date
- Cookie.prototype.expiryDate = function expiryDate(now) {
- var millisec = this.expiryTime(now);
- if (millisec == Infinity) {
- return new Date(MAX_TIME);
- } else if (millisec == -Infinity) {
- return new Date(MIN_TIME);
- } else {
- return new Date(millisec);
- }
- };
- // This replaces the "persistent-flag" parts of S5.3 step 3
- Cookie.prototype.isPersistent = function isPersistent() {
- return (this.maxAge != null || this.expires != Infinity);
- };
- // Mostly S5.1.2 and S5.2.3:
- Cookie.prototype.cdomain =
- Cookie.prototype.canonicalizedDomain = function canonicalizedDomain() {
- if (this.domain == null) {
- return null;
- }
- return canonicalDomain(this.domain);
- };
- function CookieJar(store, options) {
- if (typeof options === "boolean") {
- options = {rejectPublicSuffixes: options};
- } else if (options == null) {
- options = {};
- }
- if (options.rejectPublicSuffixes != null) {
- this.rejectPublicSuffixes = options.rejectPublicSuffixes;
- }
- if (options.looseMode != null) {
- this.enableLooseMode = options.looseMode;
- }
- if (!store) {
- store = new MemoryCookieStore();
- }
- this.store = store;
- }
- CookieJar.prototype.store = null;
- CookieJar.prototype.rejectPublicSuffixes = true;
- CookieJar.prototype.enableLooseMode = false;
- var CAN_BE_SYNC = [];
- CAN_BE_SYNC.push('setCookie');
- CookieJar.prototype.setCookie = function(cookie, url, options, cb) {
- var err;
- var context = getCookieContext(url);
- if (options instanceof Function) {
- cb = options;
- options = {};
- }
- var host = canonicalDomain(context.hostname);
- var loose = this.enableLooseMode;
- if (options.loose != null) {
- loose = options.loose;
- }
- // S5.3 step 1
- if (!(cookie instanceof Cookie)) {
- cookie = Cookie.parse(cookie, { loose: loose });
- }
- if (!cookie) {
- err = new Error("Cookie failed to parse");
- return cb(options.ignoreError ? null : err);
- }
- // S5.3 step 2
- var now = options.now || new Date(); // will assign later to save effort in the face of errors
- // S5.3 step 3: NOOP; persistent-flag and expiry-time is handled by getCookie()
- // S5.3 step 4: NOOP; domain is null by default
- // S5.3 step 5: public suffixes
- if (this.rejectPublicSuffixes && cookie.domain) {
- var suffix = pubsuffix.getPublicSuffix(cookie.cdomain());
- if (suffix == null) { // e.g. "com"
- err = new Error("Cookie has domain set to a public suffix");
- return cb(options.ignoreError ? null : err);
- }
- }
- // S5.3 step 6:
- if (cookie.domain) {
- if (!domainMatch(host, cookie.cdomain(), false)) {
- err = new Error("Cookie not in this host's domain. Cookie:"+cookie.cdomain()+" Request:"+host);
- return cb(options.ignoreError ? null : err);
- }
- if (cookie.hostOnly == null) { // don't reset if already set
- cookie.hostOnly = false;
- }
- } else {
- cookie.hostOnly = true;
- cookie.domain = host;
- }
- //S5.2.4 If the attribute-value is empty or if the first character of the
- //attribute-value is not %x2F ("/"):
- //Let cookie-path be the default-path.
- if (!cookie.path || cookie.path[0] !== '/') {
- cookie.path = defaultPath(context.pathname);
- cookie.pathIsDefault = true;
- }
- // S5.3 step 8: NOOP; secure attribute
- // S5.3 step 9: NOOP; httpOnly attribute
- // S5.3 step 10
- if (options.http === false && cookie.httpOnly) {
- err = new Error("Cookie is HttpOnly and this isn't an HTTP API");
- return cb(options.ignoreError ? null : err);
- }
- var store = this.store;
- if (!store.updateCookie) {
- store.updateCookie = function(oldCookie, newCookie, cb) {
- this.putCookie(newCookie, cb);
- };
- }
- function withCookie(err, oldCookie) {
- if (err) {
- return cb(err);
- }
- var next = function(err) {
- if (err) {
- return cb(err);
- } else {
- cb(null, cookie);
- }
- };
- if (oldCookie) {
- // S5.3 step 11 - "If the cookie store contains a cookie with the same name,
- // domain, and path as the newly created cookie:"
- if (options.http === false && oldCookie.httpOnly) { // step 11.2
- err = new Error("old Cookie is HttpOnly and this isn't an HTTP API");
- return cb(options.ignoreError ? null : err);
- }
- cookie.creation = oldCookie.creation; // step 11.3
- cookie.creationIndex = oldCookie.creationIndex; // preserve tie-breaker
- cookie.lastAccessed = now;
- // Step 11.4 (delete cookie) is implied by just setting the new one:
- store.updateCookie(oldCookie, cookie, next); // step 12
- } else {
- cookie.creation = cookie.lastAccessed = now;
- store.putCookie(cookie, next); // step 12
- }
- }
- store.findCookie(cookie.domain, cookie.path, cookie.key, withCookie);
- };
- // RFC6365 S5.4
- CAN_BE_SYNC.push('getCookies');
- CookieJar.prototype.getCookies = function(url, options, cb) {
- var context = getCookieContext(url);
- if (options instanceof Function) {
- cb = options;
- options = {};
- }
- var host = canonicalDomain(context.hostname);
- var path = context.pathname || '/';
- var secure = options.secure;
- if (secure == null && context.protocol &&
- (context.protocol == 'https:' || context.protocol == 'wss:'))
- {
- secure = true;
- }
- var http = options.http;
- if (http == null) {
- http = true;
- }
- var now = options.now || Date.now();
- var expireCheck = options.expire !== false;
- var allPaths = !!options.allPaths;
- var store = this.store;
- function matchingCookie(c) {
- // "Either:
- // The cookie's host-only-flag is true and the canonicalized
- // request-host is identical to the cookie's domain.
- // Or:
- // The cookie's host-only-flag is false and the canonicalized
- // request-host domain-matches the cookie's domain."
- if (c.hostOnly) {
- if (c.domain != host) {
- return false;
- }
- } else {
- if (!domainMatch(host, c.domain, false)) {
- return false;
- }
- }
- // "The request-uri's path path-matches the cookie's path."
- if (!allPaths && !pathMatch(path, c.path)) {
- return false;
- }
- // "If the cookie's secure-only-flag is true, then the request-uri's
- // scheme must denote a "secure" protocol"
- if (c.secure && !secure) {
- return false;
- }
- // "If the cookie's http-only-flag is true, then exclude the cookie if the
- // cookie-string is being generated for a "non-HTTP" API"
- if (c.httpOnly && !http) {
- return false;
- }
- // deferred from S5.3
- // non-RFC: allow retention of expired cookies by choice
- if (expireCheck && c.expiryTime() <= now) {
- store.removeCookie(c.domain, c.path, c.key, function(){}); // result ignored
- return false;
- }
- return true;
- }
- store.findCookies(host, allPaths ? null : path, function(err,cookies) {
- if (err) {
- return cb(err);
- }
- cookies = cookies.filter(matchingCookie);
- // sorting of S5.4 part 2
- if (options.sort !== false) {
- cookies = cookies.sort(cookieCompare);
- }
- // S5.4 part 3
- var now = new Date();
- cookies.forEach(function(c) {
- c.lastAccessed = now;
- });
- // TODO persist lastAccessed
- cb(null,cookies);
- });
- };
- CAN_BE_SYNC.push('getCookieString');
- CookieJar.prototype.getCookieString = function(/*..., cb*/) {
- var args = Array.prototype.slice.call(arguments,0);
- var cb = args.pop();
- var next = function(err,cookies) {
- if (err) {
- cb(err);
- } else {
- cb(null, cookies
- .sort(cookieCompare)
- .map(function(c){
- return c.cookieString();
- })
- .join('; '));
- }
- };
- args.push(next);
- this.getCookies.apply(this,args);
- };
- CAN_BE_SYNC.push('getSetCookieStrings');
- CookieJar.prototype.getSetCookieStrings = function(/*..., cb*/) {
- var args = Array.prototype.slice.call(arguments,0);
- var cb = args.pop();
- var next = function(err,cookies) {
- if (err) {
- cb(err);
- } else {
- cb(null, cookies.map(function(c){
- return c.toString();
- }));
- }
- };
- args.push(next);
- this.getCookies.apply(this,args);
- };
- CAN_BE_SYNC.push('serialize');
- CookieJar.prototype.serialize = function(cb) {
- var type = this.store.constructor.name;
- if (type === 'Object') {
- type = null;
- }
- // update README.md "Serialization Format" if you change this, please!
- var serialized = {
- // The version of tough-cookie that serialized this jar. Generally a good
- // practice since future versions can make data import decisions based on
- // known past behavior. When/if this matters, use `semver`.
- version: 'tough-cookie@'+VERSION,
- // add the store type, to make humans happy:
- storeType: type,
- // CookieJar configuration:
- rejectPublicSuffixes: !!this.rejectPublicSuffixes,
- // this gets filled from getAllCookies:
- cookies: []
- };
- if (!(this.store.getAllCookies &&
- typeof this.store.getAllCookies === 'function'))
- {
- return cb(new Error('store does not support getAllCookies and cannot be serialized'));
- }
- this.store.getAllCookies(function(err,cookies) {
- if (err) {
- return cb(err);
- }
- serialized.cookies = cookies.map(function(cookie) {
- // convert to serialized 'raw' cookies
- cookie = (cookie instanceof Cookie) ? cookie.toJSON() : cookie;
- // Remove the index so new ones get assigned during deserialization
- delete cookie.creationIndex;
- return cookie;
- });
- return cb(null, serialized);
- });
- };
- // well-known name that JSON.stringify calls
- CookieJar.prototype.toJSON = function() {
- return this.serializeSync();
- };
- // use the class method CookieJar.deserialize instead of calling this directly
- CAN_BE_SYNC.push('_importCookies');
- CookieJar.prototype._importCookies = function(serialized, cb) {
- var jar = this;
- var cookies = serialized.cookies;
- if (!cookies || !Array.isArray(cookies)) {
- return cb(new Error('serialized jar has no cookies array'));
- }
- cookies = cookies.slice(); // do not modify the original
- function putNext(err) {
- if (err) {
- return cb(err);
- }
- if (!cookies.length) {
- return cb(err, jar);
- }
- var cookie;
- try {
- cookie = fromJSON(cookies.shift());
- } catch (e) {
- return cb(e);
- }
- if (cookie === null) {
- return putNext(null); // skip this cookie
- }
- jar.store.putCookie(cookie, putNext);
- }
- putNext();
- };
- CookieJar.deserialize = function(strOrObj, store, cb) {
- if (arguments.length !== 3) {
- // store is optional
- cb = store;
- store = null;
- }
- var serialized;
- if (typeof strOrObj === 'string') {
- serialized = jsonParse(strOrObj);
- if (serialized instanceof Error) {
- return cb(serialized);
- }
- } else {
- serialized = strOrObj;
- }
- var jar = new CookieJar(store, serialized.rejectPublicSuffixes);
- jar._importCookies(serialized, function(err) {
- if (err) {
- return cb(err);
- }
- cb(null, jar);
- });
- };
- CookieJar.deserializeSync = function(strOrObj, store) {
- var serialized = typeof strOrObj === 'string' ?
- JSON.parse(strOrObj) : strOrObj;
- var jar = new CookieJar(store, serialized.rejectPublicSuffixes);
- // catch this mistake early:
- if (!jar.store.synchronous) {
- throw new Error('CookieJar store is not synchronous; use async API instead.');
- }
- jar._importCookiesSync(serialized);
- return jar;
- };
- CookieJar.fromJSON = CookieJar.deserializeSync;
- CookieJar.prototype.clone = function(newStore, cb) {
- if (arguments.length === 1) {
- cb = newStore;
- newStore = null;
- }
- this.serialize(function(err,serialized) {
- if (err) {
- return cb(err);
- }
- CookieJar.deserialize(serialized, newStore, cb);
- });
- };
- CAN_BE_SYNC.push('removeAllCookies');
- CookieJar.prototype.removeAllCookies = function(cb) {
- var store = this.store;
- // Check that the store implements its own removeAllCookies(). The default
- // implementation in Store will immediately call the callback with a "not
- // implemented" Error.
- if (store.removeAllCookies instanceof Function &&
- store.removeAllCookies !== Store.prototype.removeAllCookies)
- {
- return store.removeAllCookies(cb);
- }
- store.getAllCookies(function(err, cookies) {
- if (err) {
- return cb(err);
- }
- if (cookies.length === 0) {
- return cb(null);
- }
- var completedCount = 0;
- var removeErrors = [];
- function removeCookieCb(removeErr) {
- if (removeErr) {
- removeErrors.push(removeErr);
- }
- completedCount++;
- if (completedCount === cookies.length) {
- return cb(removeErrors.length ? removeErrors[0] : null);
- }
- }
- cookies.forEach(function(cookie) {
- store.removeCookie(cookie.domain, cookie.path, cookie.key, removeCookieCb);
- });
- });
- };
- CookieJar.prototype._cloneSync = syncWrap('clone');
- CookieJar.prototype.cloneSync = function(newStore) {
- if (!newStore.synchronous) {
- throw new Error('CookieJar clone destination store is not synchronous; use async API instead.');
- }
- return this._cloneSync(newStore);
- };
- // Use a closure to provide a true imperative API for synchronous stores.
- function syncWrap(method) {
- return function() {
- if (!this.store.synchronous) {
- throw new Error('CookieJar store is not synchronous; use async API instead.');
- }
- var args = Array.prototype.slice.call(arguments);
- var syncErr, syncResult;
- args.push(function syncCb(err, result) {
- syncErr = err;
- syncResult = result;
- });
- this[method].apply(this, args);
- if (syncErr) {
- throw syncErr;
- }
- return syncResult;
- };
- }
- // wrap all declared CAN_BE_SYNC methods in the sync wrapper
- CAN_BE_SYNC.forEach(function(method) {
- CookieJar.prototype[method+'Sync'] = syncWrap(method);
- });
- exports.version = VERSION;
- exports.CookieJar = CookieJar;
- exports.Cookie = Cookie;
- exports.Store = Store;
- exports.MemoryCookieStore = MemoryCookieStore;
- exports.parseDate = parseDate;
- exports.formatDate = formatDate;
- exports.parse = parse;
- exports.fromJSON = fromJSON;
- exports.domainMatch = domainMatch;
- exports.defaultPath = defaultPath;
- exports.pathMatch = pathMatch;
- exports.getPublicSuffix = pubsuffix.getPublicSuffix;
- exports.cookieCompare = cookieCompare;
- exports.permuteDomain = require('./permuteDomain').permuteDomain;
- exports.permutePath = permutePath;
- exports.canonicalDomain = canonicalDomain;
|