openwire 0.1.1

OkHttp-inspired async HTTP client for Rust built on hyper and tower
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

use std::sync::{Arc, RwLock};

use bytes::Bytes;
use cookie as cookie_crate;
use cookie_store::CookieStore;
use http::header::HeaderValue;
use openwire_core::CookieJar;

use crate::sync_util::{read_rwlock, write_rwlock};

pub(crate) type SharedCookieJar = Arc<dyn CookieJar>;

/// Default in-memory cookie jar backed by `cookie_store`.
#[derive(Default)]
pub struct Jar(RwLock<CookieStore>);

impl Jar {
    /// Creates an empty in-memory cookie jar.
    pub fn new() -> Self {
        Self::default()
    }

    /// Adds a single cookie string for the given URL.
    pub fn add_cookie_str(&self, cookie: &str, url: &url::Url) {
        let cookies = match cookie_crate::Cookie::parse(cookie) {
            Ok(cookie) => Some(cookie.into_owned()).into_iter(),
            Err(error) => {
                tracing::debug!(
                    %error,
                    cookie_name = cookie_name_hint(cookie).unwrap_or("<unknown>"),
                    cookie_len = cookie.len(),
                    "dropping invalid cookie string"
                );
                None.into_iter()
            }
        };
        write_rwlock(&self.0).store_response_cookies(cookies, url);
    }
}

impl CookieJar for Jar {
    fn set_cookies(&self, cookie_headers: &mut dyn Iterator<Item = &HeaderValue>, url: &url::Url) {
        let cookies = cookie_headers.filter_map(|value| {
            let value = match value.to_str() {
                Ok(value) => value,
                Err(error) => {
                    tracing::debug!(%error, "dropping non-UTF8 Set-Cookie header");
                    return None;
                }
            };
            match cookie_crate::Cookie::parse(value) {
                Ok(cookie) => Some(cookie.into_owned()),
                Err(error) => {
                    tracing::debug!(
                        %error,
                        cookie_name = cookie_name_hint(value).unwrap_or("<unknown>"),
                        header_len = value.len(),
                        "dropping invalid Set-Cookie header"
                    );
                    None
                }
            }
        });
        write_rwlock(&self.0).store_response_cookies(cookies, url);
    }

    fn cookies(&self, url: &url::Url) -> Option<HeaderValue> {
        let store = read_rwlock(&self.0);
        let mut values = store.get_request_values(url).peekable();
        values.peek()?;

        let mut cookies = String::new();
        let mut first = true;
        for (name, value) in values {
            if !first {
                cookies.push_str("; ");
            }
            first = false;
            cookies.push_str(name);
            cookies.push('=');
            cookies.push_str(value);
        }

        HeaderValue::from_maybe_shared(Bytes::from(cookies)).ok()
    }
}

fn cookie_name_hint(value: &str) -> Option<&str> {
    let name = value.split_once('=')?.0.trim();
    if name.is_empty() || !is_safe_cookie_name(name) {
        return None;
    }
    Some(name)
}

fn is_safe_cookie_name(name: &str) -> bool {
    name.bytes().all(is_cookie_name_byte)
}

fn is_cookie_name_byte(byte: u8) -> bool {
    matches!(
        byte,
        b'!' | b'#'..=b'\''
            | b'*'
            | b'+'
            | b'-'
            | b'.'
            | b'0'..=b'9'
            | b'A'..=b'Z'
            | b'^'
            | b'_'
            | b'`'
            | b'a'..=b'z'
            | b'|'
            | b'~'
    )
}

#[cfg(test)]
mod tests {
    use std::panic::{self, AssertUnwindSafe};

    use super::{cookie_name_hint, CookieJar, Jar};

    #[test]
    fn jar_recovers_after_rwlock_poisoning() {
        let jar = Jar::new();
        let url = url::Url::parse("https://example.com/").expect("url");

        let _ = panic::catch_unwind(AssertUnwindSafe(|| {
            let _guard = jar.0.write().expect("poison cookie store lock for test");
            panic!("poison cookie store");
        }));

        jar.add_cookie_str("session=abc; Path=/", &url);
        let cookies = jar.cookies(&url).expect("cookies");
        assert_eq!(cookies.to_str().ok(), Some("session=abc"));
    }

    #[test]
    fn cookie_name_hint_extracts_safe_cookie_names() {
        assert_eq!(cookie_name_hint("session=abc; Path=/"), Some("session"));
        assert_eq!(cookie_name_hint("theme=light"), Some("theme"));
        assert_eq!(cookie_name_hint("Path=/"), Some("Path"));
    }

    #[test]
    fn cookie_name_hint_rejects_missing_or_unsafe_names() {
        assert_eq!(cookie_name_hint(""), None);
        assert_eq!(cookie_name_hint("session id=abc"), None);
        assert_eq!(cookie_name_hint(" =abc"), None);
    }
}