View Javadoc
1   /*
2    * Copyright 2015 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.codec.http.cookie;
17  
18  import io.netty.handler.codec.DateFormatter;
19  import io.netty.handler.codec.http.HttpConstants;
20  import io.netty.handler.codec.http.HttpResponse;
21  
22  import java.util.ArrayList;
23  import java.util.Collection;
24  import java.util.Collections;
25  import java.util.Date;
26  import java.util.HashMap;
27  import java.util.Iterator;
28  import java.util.List;
29  import java.util.Map;
30  
31  import static io.netty.handler.codec.http.cookie.CookieUtil.add;
32  import static io.netty.handler.codec.http.cookie.CookieUtil.addQuoted;
33  import static io.netty.handler.codec.http.cookie.CookieUtil.stringBuilder;
34  import static io.netty.handler.codec.http.cookie.CookieUtil.stripTrailingSeparator;
35  import static io.netty.util.internal.ObjectUtil.checkNotNull;
36  
37  /**
38   * A <a href="https://tools.ietf.org/html/rfc6265">RFC6265</a> compliant cookie encoder to be used server side,
39   * so some fields are sent (Version is typically ignored).
40   *
41   * As Netty's Cookie merges Expires and MaxAge into one single field, only Max-Age field is sent.
42   *
43   * Note that multiple cookies must be sent as separate "Set-Cookie" headers.
44   *
45   * <pre>
46   * // Example
47   * {@link HttpResponse} res = ...;
48   * res.setHeader("Set-Cookie", {@link ServerCookieEncoder}.encode("JSESSIONID", "1234"));
49   * </pre>
50   *
51   * @see ServerCookieDecoder
52   */
53  public final class ServerCookieEncoder extends CookieEncoder {
54  
55      /**
56       * Strict encoder that validates that name and value chars are in the valid scope
57       * defined in RFC6265, and (for methods that accept multiple cookies) that only
58       * one cookie is encoded with any given name. (If multiple cookies have the same
59       * name, the last one is the one that is encoded.)
60       */
61      public static final ServerCookieEncoder STRICT = new ServerCookieEncoder(true);
62  
63      /**
64       * Lax instance that doesn't validate name and value, and that allows multiple
65       * cookies with the same name.
66       */
67      public static final ServerCookieEncoder LAX = new ServerCookieEncoder(false);
68  
69      private ServerCookieEncoder(boolean strict) {
70          super(strict);
71      }
72  
73      /**
74       * Encodes the specified cookie name-value pair into a Set-Cookie header value.
75       *
76       * @param name the cookie name
77       * @param value the cookie value
78       * @return a single Set-Cookie header value
79       */
80      public String encode(String name, String value) {
81          return encode(new DefaultCookie(name, value));
82      }
83  
84      /**
85       * Encodes the specified cookie into a Set-Cookie header value.
86       *
87       * @param cookie the cookie
88       * @return a single Set-Cookie header value
89       */
90      public String encode(Cookie cookie) {
91          final String name = checkNotNull(cookie, "cookie").name();
92          final String value = cookie.value() != null ? cookie.value() : "";
93  
94          validateCookie(name, value);
95  
96          StringBuilder buf = stringBuilder();
97  
98          if (cookie.wrap()) {
99              addQuoted(buf, name, value);
100         } else {
101             add(buf, name, value);
102         }
103 
104         if (cookie.maxAge() != Long.MIN_VALUE) {
105             add(buf, CookieHeaderNames.MAX_AGE, cookie.maxAge());
106             Date expires = new Date(cookie.maxAge() * 1000 + System.currentTimeMillis());
107             buf.append(CookieHeaderNames.EXPIRES);
108             buf.append('=');
109             DateFormatter.append(expires, buf);
110             buf.append(';');
111             buf.append(HttpConstants.SP_CHAR);
112         }
113 
114         if (cookie.path() != null) {
115             add(buf, CookieHeaderNames.PATH, cookie.path());
116         }
117 
118         if (cookie.domain() != null) {
119             add(buf, CookieHeaderNames.DOMAIN, cookie.domain());
120         }
121         if (cookie.isSecure()) {
122             add(buf, CookieHeaderNames.SECURE);
123         }
124         if (cookie.isHttpOnly()) {
125             add(buf, CookieHeaderNames.HTTPONLY);
126         }
127         if (cookie instanceof DefaultCookie) {
128             DefaultCookie c = (DefaultCookie) cookie;
129             if (c.sameSite() != null) {
130                 add(buf, CookieHeaderNames.SAMESITE, c.sameSite().name());
131             }
132         }
133 
134         return stripTrailingSeparator(buf);
135     }
136 
137     /** Deduplicate a list of encoded cookies by keeping only the last instance with a given name.
138      *
139      * @param encoded The list of encoded cookies.
140      * @param nameToLastIndex A map from cookie name to index of last cookie instance.
141      * @return The encoded list with all but the last instance of a named cookie.
142      */
143     private static List<String> dedup(List<String> encoded, Map<String, Integer> nameToLastIndex) {
144         boolean[] isLastInstance = new boolean[encoded.size()];
145         for (int idx : nameToLastIndex.values()) {
146             isLastInstance[idx] = true;
147         }
148         List<String> dedupd = new ArrayList<String>(nameToLastIndex.size());
149         for (int i = 0, n = encoded.size(); i < n; i++) {
150             if (isLastInstance[i]) {
151                 dedupd.add(encoded.get(i));
152             }
153         }
154         return dedupd;
155     }
156 
157     /**
158      * Batch encodes cookies into Set-Cookie header values.
159      *
160      * @param cookies a bunch of cookies
161      * @return the corresponding bunch of Set-Cookie headers
162      */
163     public List<String> encode(Cookie... cookies) {
164         if (checkNotNull(cookies, "cookies").length == 0) {
165             return Collections.emptyList();
166         }
167 
168         List<String> encoded = new ArrayList<String>(cookies.length);
169         Map<String, Integer> nameToIndex = strict && cookies.length > 1 ? new HashMap<String, Integer>() : null;
170         boolean hasDupdName = false;
171         for (int i = 0; i < cookies.length; i++) {
172             Cookie c = cookies[i];
173             encoded.add(encode(c));
174             if (nameToIndex != null) {
175                 hasDupdName |= nameToIndex.put(c.name(), i) != null;
176             }
177         }
178         return hasDupdName ? dedup(encoded, nameToIndex) : encoded;
179     }
180 
181     /**
182      * Batch encodes cookies into Set-Cookie header values.
183      *
184      * @param cookies a bunch of cookies
185      * @return the corresponding bunch of Set-Cookie headers
186      */
187     public List<String> encode(Collection<? extends Cookie> cookies) {
188         if (checkNotNull(cookies, "cookies").isEmpty()) {
189             return Collections.emptyList();
190         }
191 
192         List<String> encoded = new ArrayList<String>(cookies.size());
193         Map<String, Integer> nameToIndex = strict && cookies.size() > 1 ? new HashMap<String, Integer>() : null;
194         int i = 0;
195         boolean hasDupdName = false;
196         for (Cookie c : cookies) {
197             encoded.add(encode(c));
198             if (nameToIndex != null) {
199                 hasDupdName |= nameToIndex.put(c.name(), i++) != null;
200             }
201         }
202         return hasDupdName ? dedup(encoded, nameToIndex) : encoded;
203     }
204 
205     /**
206      * Batch encodes cookies into Set-Cookie header values.
207      *
208      * @param cookies a bunch of cookies
209      * @return the corresponding bunch of Set-Cookie headers
210      */
211     public List<String> encode(Iterable<? extends Cookie> cookies) {
212         Iterator<? extends Cookie> cookiesIt = checkNotNull(cookies, "cookies").iterator();
213         if (!cookiesIt.hasNext()) {
214             return Collections.emptyList();
215         }
216 
217         List<String> encoded = new ArrayList<String>();
218         Cookie firstCookie = cookiesIt.next();
219         Map<String, Integer> nameToIndex = strict && cookiesIt.hasNext() ? new HashMap<String, Integer>() : null;
220         int i = 0;
221         encoded.add(encode(firstCookie));
222         boolean hasDupdName = nameToIndex != null && nameToIndex.put(firstCookie.name(), i++) != null;
223         while (cookiesIt.hasNext()) {
224             Cookie c = cookiesIt.next();
225             encoded.add(encode(c));
226             if (nameToIndex != null) {
227                 hasDupdName |= nameToIndex.put(c.name(), i++) != null;
228             }
229         }
230         return hasDupdName ? dedup(encoded, nameToIndex) : encoded;
231     }
232 }