@worker-tools/request-cookie-store

// deno-lint-ignore-file no-control-regex import type { CookieInit } from 'cookie-store-interface'; export const attrsToSetCookie = (attrs: string[][]) => attrs.map(att => att.join('=')).join('; '); /** * RegExp to match field-content in RFC 7230 sec 3.2 * * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] * field-vchar = VCHAR / obs-text * obs-text = %x80-FF */ const RE_FIELD_CONTENT = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/; type Attr = [string] | [string, string]; type Attrs = [[string, string], ...Attr[]]; /** * Implements <https://wicg.github.io/cookie-store/#set-a-cookie> * with some additional behaviors taken from Chrome's implementation. */ export function setCookie( options: string | CookieInit, value?: string, origin?: URL, encode = (x?: string) => x?.toString() ?? '', ): [Attrs, Date | null] | null { const [name, val] = (typeof options === 'string' ? [options, value] : [options.name, options.value]).map(encode) const opts = typeof options === 'string' ? <CookieInit>{} : options; if (name == null || val == null) throw TypeError("required value(s) missing"); if (!name.length && val.includes('=')) throw TypeError("Cookie value cannot contain '=' if the name is empty"); if (!name.length && !val.length) throw TypeError("Cookie name and value both cannot be empty"); // Unspecified, emulating Chrome's current behavior if (!RE_FIELD_CONTENT.test(name + val) || name.includes('=') || val.includes(';')) return null; if (val.includes(', ')) { throw TypeError("The cookie value must not contain sequence: ', '."); } const attrs: Attrs = [[name, val]]; const { domain, path, sameSite } = opts; if (domain) { // Unspecified, emulating Chrome's current behavior if (!RE_FIELD_CONTENT.test(domain) || domain.includes(';')) return null; if (domain.startsWith('.')) throw TypeError('Cookie domain cannot start with "."'); const host = origin?.host; if (host && domain !== host && !domain.endsWith(`.${host}`)) throw TypeError('Cookie domain must match current host'); attrs.push(['Domain', domain]); } let expires: Date | null = null; if (opts.expires) { expires = opts.expires instanceof Date ? opts.expires : new Date(opts.expires); attrs.push(['Expires', expires.toUTCString()]); } if (path) { if (!path.toString().startsWith('/')) throw TypeError('Cookie path must start with "/"'); // Unspecified, emulating Chrome's current behavior if (!RE_FIELD_CONTENT.test(path) || path.includes(';')) return null; attrs.push(['Path', path]); } // Always secure, except for localhost if (origin && origin.hostname !== 'localhost') attrs.push(['Secure']); if (opts.httpOnly) attrs.push(['HttpOnly']); switch (sameSite) { case undefined: break; case 'none': attrs.push(['SameSite', 'None']); break; case 'lax': attrs.push(['SameSite', 'Lax']); break; case 'strict': attrs.push(['SameSite', 'Strict']); break; default: throw TypeError(`The provided value '${sameSite}' is not a valid enum value of type CookieSameSite.`); } return [attrs, expires] } /** * A not-so-strict parser for cookie headers. * - Allows pretty much everything in the value, including `=` * - Trims keys and values * - Ignores when both name and value are empty (but either empty allowed) * * For more on the state of allowed cookie characters, * see <https://stackoverflow.com/a/1969339/870615>. */ export function parseCookieHeader(cookie?: string | null) { return new Map(cookie?.split(/;\s+/) .map(x => x.split('=')) .map(([n, ...vs]) => <const>[n.trim(), vs.join('=').trim()]) .filter(([n, v]) => !(n === '' && v === '')) ); }