const Enum = require('./enum');
const { fileScope } = require('@squeep/log-helper');
+/**
+ * @typedef {import('node:http')} http
+ */
+
/**
* Simple ETag from data.
- * @param {String} filePath (currently unused)
- * @param {fs.Stats} fileStat
+ * @param {string} _filePath (currently unused)
+ * @param {object} fileStat node:fs.Stats object
+ * @param {number} fileStat.mtimeMs node:fs.Stats object
* @param {crypto.BinaryLike} fileData content
- * @returns {String}
+ * @returns {string} etag
*/
const generateETag = (_filePath, fileStat, fileData) => {
const hash = crypto.createHash('sha256');
/**
* Access property with default.
- * @param {Object} obj
- * @param {String} prop
+ * @param {object} obj target object
+ * @param {string} prop target property
* @param {*} def default value if prop does not exist for obj
- * @return {*}
+ * @returns {*} property value or default
*/
const get = (obj, prop, def) => obj && prop && (prop in obj) ? obj[prop] : def;
/**
* Determine whether a client has already requested a resource,
* based on If-Modified-Since and If-None-Match headers.
- * @param {http.ClientRequest} req
- * @param {Number} modifiedTimeMs
- * @param {String} eTag
- * @returns {Boolean}
+ * @param {http.ClientRequest} req request
+ * @param {(string) => string} req.getHeader header accessor
+ * @param {number} modifiedTimeMs ms timestamp from client
+ * @param {string} eTag etag from client
+ * @returns {boolean} whether our version matches what client knows
*/
const isClientCached = (req, modifiedTimeMs, eTag) => {
let clientCached = false;
/**
* Shallow merge for enums, to be called by derived constructor.
* Expects only one-level deep, is not recursive!
- * @param {Object} origEnum
- * @param {Object} additionalEnum
- * @returns {Object}
+ * @param {object} origEnum enum object to be extended
+ * @param {object} additionalEnum enum object to add
+ * @returns {object} lightly merged enum object
*/
const mergeEnum = (origEnum, additionalEnum) => {
for (const e of Object.keys(additionalEnum)) {
/**
* Isolate the general category of an http status code.
- * @param {Number} statusCode
- * @returns {Number}
+ * @param {number} statusCode of response
+ * @returns {number} status category
*/
const httpStatusCodeClass = (statusCode) => Math.floor(statusCode / 100);
const _isObject = (obj) => obj && typeof obj === 'object';
const _isArray = (obj) => Array.isArray(obj);
+
/**
* Return a new object with all objects combined, later properties taking precedence.
- * @param {...Object} objects
- * @returns {Object}
+ * Arrays are concated.
+ * @param {...object} objects to be merged onto a new object
+ * @returns {object} new merged object
*/
const mergeDeep = (...objects) => {
return objects.reduce((acc, obj) => {
/**
* Return a new object with selected props.
- * @param {Object} obj
- * @param {String[]} props
- * @returns {Object}
+ * @param {object} obj source object
+ * @param {string[]} props list of property names
+ * @returns {object} object with selected properties
*/
const pick = (obj, props) => {
const picked = {};
/**
* Store all properties in defaultOptions on target from either options or defaultOptions.
- * @param {Object} target
- * @param {Object} defaultOptions
- * @param {Object} options
+ * @param {object} target object to populate
+ * @param {object} defaultOptions object with default property values
+ * @param {object} options object with potential overrides for defaults
+ * @returns {object} object with properties
*/
const setOptions = (target, defaultOptions, options) => {
Object.assign(target, defaultOptions, pick(options, Object.keys(defaultOptions)));
+ return target;
};
/**
* Return a two-item list of src, split at first delimiter encountered.
- * @param {String} src
- * @param {String} delimiter
- * @param {String} fill trailing stand-in if no delimiter in src
+ * @param {string} src source
+ * @param {string} delimiter delimiter
+ * @param {string} fill trailing stand-in if no delimiter in src
+ * @returns {string[]} [before-first-delimiter, rest-or-fill]
*/
const splitFirst = (src, delimiter, fill) => {
const idx = src.indexOf(delimiter);
/**
* Generate a new request identifier, a time/host-based uuid.
- * @returns {String}
+ * @returns {string} uuid
*/
const requestId = () => {
return uuid.v1();
/**
* Merges folded header lines
- * @param {String[]} lines
- * @returns {String}
+ * @param {string[]} lines header lines
+ * @returns {string} unfolded header string
*/
const unfoldHeaderLines = (lines) => {
const foldedLineRE = /^(\t| +)(.*)$/;
return lines;
};
+const validTokenRE = /^[!#$%&'*+-.0-9A-Z^_`a-z~]+$/;
+const validValueRE = /^[!#$%&'()*+-./0-9:<=>?@A-Z[\]^_`a-z{|}~]*$/;
+const validPathRE = /^[ !"#$%&'()*+,-./0-9:<=>?@A-Z[\\\]^_`a-z{|}~]*$/;
+const validLabelRE = /^[a-zA-Z0-9-]+$/;
+const invalidLabelRE = /--|^-|-$/;
+
+/**
+ * Adds a new set-cookie header value to response, with supplied data.
+ * @param {http.ServerResponse} res response
+ * @param {(string, string) => void} res.appendHeader sets header values
+ * @param {string} name cookie name
+ * @param {string} value cookie value
+ * @param {object=} opt cookie options
+ * @param {string=} opt.domain cookie domain
+ * @param {Date=} opt.expires cookie expiration
+ * @param {boolean=} opt.httpOnly cookie client visibility
+ * @param {number=} opt.maxAge cookie lifetime
+ * @param {string=} opt.path cookie path
+ * @param {string=} opt.sameSite cookie sharing
+ * @param {boolean=} opt.secure cookie security
+ * @param {string[]=} opt.extension cookie extension attribute values
+ */
+function addCookie(res, name, value, opt = {}) {
+ const options = {
+ domain: undefined,
+ expires: undefined,
+ httpOnly: false,
+ maxAge: undefined,
+ path: undefined,
+ sameSite: undefined,
+ secure: false,
+ extension: [],
+ ...opt,
+ };
+
+ if (!validTokenRE.test(name)) {
+ throw new RangeError('invalid cookie name');
+ }
+
+ if (value.startsWith('"') && value.endsWith('"')) {
+ if (!validValueRE.test(value.slice(1, value.length - 1))) {
+ throw new RangeError('invalid cookie value');
+ };
+ } else if (!validValueRE.test(value)) {
+ throw new RangeError('invalid cookie value');
+ }
+
+ const cookieParts = [
+ `${name}=${value}`,
+ ];
+
+ if (options.domain) {
+ for (const label of options.domain.split('.')) {
+ if (!validLabelRE.test(label) || invalidLabelRE.test(label)) {
+ throw new RangeError('invalid cookie domain');
+ }
+
+ }
+ cookieParts.push(`Domain=${options.domain}`);
+ }
+
+ if (options.expires) {
+ if (!(options.expires instanceof Date)) {
+ throw new TypeError('cookie expires must be Date');
+ }
+ cookieParts.push(`Expires=${options.expires.toUTCString()}`);
+ }
+
+ if (options.httpOnly) {
+ cookieParts.push('HttpOnly');
+ }
+
+ if (options.maxAge) {
+ cookieParts.push(`Max-Age=${options.maxAge}`);
+ }
+
+ if (options.path) {
+ if (!validPathRE.test(options.path)) {
+ throw new RangeError('cookie path value not valid');
+ }
+ cookieParts.push(`Path=${options.path}`);
+ }
+
+ if (options.sameSite) {
+ if (!(['Strict', 'Lax', 'None'].includes(options.sameSite))) {
+ throw new RangeError('cookie sameSite value not valid');
+ }
+ if (options.sameSite === 'None'
+ && !options.secure) {
+ throw new RangeError('cookie with sameSite None must also be secure');
+ }
+ cookieParts.push(`SameSite=${options.sameSite}`);
+ }
+
+ if (options.secure) {
+ cookieParts.push('Secure');
+ }
+
+ if (!Array.isArray(options.extension)) {
+ throw new TypeError('cookie extension must be Array');
+ }
+ for (const extension of options.extension) {
+ if (!validPathRE.test(extension)) {
+ throw new RangeError('cookie extension value not valid');
+ }
+ cookieParts.push(extension);
+ }
+
+ res.appendHeader(Enum.Header.SetCookie, cookieParts.join('; '));
+}
+
+
module.exports = {
+ addCookie,
fileScope,
generateETag,
get,