Merge pull request #34 from Frixuu/headers

BREAKING: Overhaul HTTP headers (make case-insensitive, allow for multiples)

Author: PXshadow

tests/Test.hx

@@ -16,6 +16,7 @@ class Test {
 		TestCookie.main();
 		TestCredentialsProvider.main();
 		TestEndpointExample.main();
+		TestHeaders.main();
 		TestJwks.main();
 		TestJwt.main();
 		TestOAuth2.main();

tests/TestCookie.hx

@@ -1,6 +1,7 @@
 import haxe.Http;
 import weblink.Cookie;
 import weblink.Weblink;
+import weblink.http.HeaderMap;
 
 class TestCookie {
 	public static function main() {
@@ -21,7 +22,7 @@ class TestCookie {
 			var http = new Http("http://localhost:2000");
 			http.onStatus = function(status) {
 				if (status == 200) {
-					var headers = http.responseHeaders;
+					final headers = HeaderMap.copyFrom(http.responseHeaders);
 					if (headers.get("Set-Cookie") != "foo=bar") {
 						throw 'Set-Cookie not foo=bar. got ${headers.get("Set-Cookie")}';
 					}

tests/TestHeaders.hx

@@ -0,0 +1,77 @@
+import weblink.http.HeaderMap;
+import weblink.http.HeaderName;
+import weblink.http.HeaderValue;
+
+class TestHeaders {
+	public static function main() {
+		trace("Starting Headers Test");
+
+		switch (HeaderName.tryNormalizeString("Foo")) {
+			case Valid(_):
+			case _:
+				throw "Foo should be a valid header name";
+		}
+
+		switch (HeaderName.tryNormalizeString("hello world")) {
+			case ForbiddenChar(_):
+			case _:
+				throw "'hello world' should not be a valid header name";
+		}
+
+		switch (HeaderName.tryNormalizeString("Øßą")) {
+			case NotAscii(_):
+			case _:
+				throw "'Øßą' should not be a valid header name";
+		}
+
+		switch (HeaderValue.validateString("hello world", true)) {
+			case Valid(_):
+			case _:
+				throw "'hello world' should be a valid header value";
+		}
+
+		switch (HeaderValue.validateString("Øß", false)) {
+			case Valid(_):
+			case _:
+				throw "'Øß' should be a valid header value in loose mode";
+		}
+
+		switch (HeaderValue.validateString("Øß", true)) {
+			case NotAscii(_):
+			case _:
+				throw "'Øß' should be an invalid header value in strict mode";
+		}
+
+		final map = new HeaderMap();
+		if (Lambda.count(map) != 0)
+			throw "fresh map should be empty";
+
+		map.add("foo", "bar");
+		if (Lambda.count(map) != 1)
+			throw "map should have one entry";
+		if (map.get("foo") != "bar")
+			throw "map should have foo=bar";
+		if (map.get("FOO") != "bar")
+			throw "map treats keys case-sensitively";
+
+		map.add("Foo", "baz");
+		if (Lambda.count(map) != 1)
+			throw "map should have one entry";
+		if (map.getAll("fOo").length != 2)
+			throw "map should have two values for foo";
+
+		map.set("foo", "qux");
+		if (map.getAll("fOo").length != 1)
+			throw "the result of map#set should be a single value";
+
+		map.set("stupid", "example");
+		if (Lambda.count(map) != 2)
+			throw "map should have two entries";
+
+		map.clear();
+		if (Lambda.count(map) != 0)
+			throw "cleared map should be empty";
+
+		trace("done");
+	}
+}

weblink/Compression.hx

@@ -5,9 +5,7 @@ import haxe.zip.Compress;
 
 class Compression {
 	public static function deflateCompressionMiddleware(request:Request, response:Response):Void {
-		if (response.headers == null)
-			response.headers = new List<Header>();
-		response.headers.add({key: 'Content-Encoding', value: 'deflate'});
+		response.headers.add(ContentEncoding, "deflate");
 		response.write = function(bytes:Bytes):Bytes {
 			return Compress.run(bytes, 9);
 		}

weblink/Header.hx

@@ -1,19 +1,25 @@
 package weblink;
 
-import haxe.ds.StringMap;
 import haxe.http.HttpMethod;
 import haxe.io.Bytes;
 import weblink._internal.Server;
+import weblink.http.HeaderMap;
+import weblink.http.HeaderName;
+import weblink.http.HeaderValue;
+
+using StringTools;
 
 class Request {
 	public var cookies:List<Cookie>;
 	public var path:String;
 	public var basePath:String;
+
 	/** Contains values for parameters declared in the route matched, if there are any. **/
 	public var routeParams:Map<String, String>;
+
 	public var ip:String;
 	public var baseUrl:String;
-	public var headers:StringMap<String>;
+	public final headers:HeaderMap;
 	public var text:String;
 	public var method:HttpMethod;
 	public var data:Bytes;
@@ -22,15 +28,13 @@ class Request {
 
 	var chunkSize:Null<Int>;
 
-	public var encoding:Array<String> = [];
+	public final encoding:Array<String>;
 
 	var pos:Int;
 
 	private function new(lines:Array<String>) {
-		headers = new StringMap<String>();
 		data = null;
-		// for (line in lines)
-		//    Sys.println(line);
+
 		if (lines.length == 0)
 			return;
 		var index = 0;
@@ -42,39 +46,70 @@ class Request {
 		if (index2 == -1)
 			index2 = index3;
 		if (index2 != -1) {
-			basePath = path.substr(0,index2);
-		}else{
+			basePath = path.substr(0, index2);
+		} else {
 			basePath = path;
 		}
-		// trace(basePath);
-		// trace(path);
-		//trace(first.substring(0, index - 1).toUpperCase());
+
 		method = first.substring(0, index - 1).toUpperCase();
+
+		final headers = this.headers = new HeaderMap();
 		for (i in 0...lines.length - 1) {
 			if (lines[i] == "") {
 				lines = lines.slice(i + 1);
 				break;
 			}
 			index = lines[i].indexOf(":");
-			headers.set(lines[i].substring(0, index), lines[i].substring(index + 2));
+
+			final left = lines[i].substring(0, index);
+			switch (HeaderName.tryNormalizeString(left)) {
+				case Valid(name):
+					final right = lines[i].substring(index + 2).trim();
+					switch (HeaderValue.validateString(right, false)) {
+						case Valid(value):
+							if (name.allowsRawCommaSeparatedValues()) {
+								for (subvalue in value.split(",").map(v -> v.trim())) {
+									headers.add(name, cast subvalue);
+								}
+							} else if (name.allowsRawSemicolonSeparatedValues()) {
+								for (subvalue in value.split(";").map(v -> v.trim())) {
+									headers.add(name, cast subvalue);
+								}
+							} else if (name.doesNotAllowRepeats() && headers.exists(name)) {
+								// Idea: respond with 400 Bad Request
+								headers.set(name, value);
+							} else {
+								headers.add(name, value);
+							}
+						case _:
+							// Silently ignore that the header value is invalid
+							// Idea: respond with 400 Bad Request immediately
+					}
+				case _:
+					// Silently ignore that the header name is invalid
+					// Idea: respond with 400 Bad Request immediately
+			}
 		}
-		baseUrl = headers.get("Host");
 
-		if (headers.exists("Cookie")) {
-			cookies = new List<Cookie>();
-			var string = headers.get("Cookie");
+		this.baseUrl = headers.get(Host);
 
-			for (sub in string.split(";")) {
-				string = StringTools.trim(sub);
-				// Split into the component Keyvalue pair for the cookie.
-				var keyVal = string.split("=");
-				cookies.add(new Cookie(keyVal[0], keyVal[1]));
+		this.cookies = new List<Cookie>();
+		final cookieValues = headers.getAll(Cookie);
+		if (cookieValues != null) {
+			for (value in cookieValues) {
+				final parts = value.split("=");
+				this.cookies.add(new Cookie(parts[0], parts[1]));
 			}
 		}
 
-		if (headers.exists("Transfer-Encoding")) {
-			encoding = headers.get("Transfer-Encoding").split(",");
+		this.encoding = [];
+		final encodingValues = headers.getAll(TransferEncoding);
+		if (encodingValues != null) {
+			for (value in encodingValues) {
+				this.encoding.push(value);
+			}
 		}
+
 		if (method == Post || method == Put) {
 			chunked = false;
 			if (encoding.indexOf("chunked") > -1) {

weblink/Request.hx

@@ -8,13 +8,14 @@ import weblink.Cookie;
 import weblink._internal.HttpStatusMessage;
 import weblink._internal.Server;
 import weblink._internal.Socket;
+import weblink.http.HeaderMap;
 
 private typedef Write = (bytes:Bytes) -> Bytes;
 
 class Response {
 	public var status:HttpStatus;
-	public var contentType:String;
-	public var headers:Null<List<Header>>;
+	public var contentType(get, set):String;
+	public final headers:HeaderMap;
 	public var cookies:List<Cookie> = new List<Cookie>();
 	public var write:Null<Write>;
 
@@ -25,10 +26,20 @@ class Response {
 	private function new(socket:Socket, server:Server) {
 		this.socket = socket;
 		this.server = server;
+		this.headers = new HeaderMap();
 		contentType = "text/html";
 		status = OK;
 	}
 
+	public inline function set_contentType(value:String):String {
+		this.headers.set(ContentType, value);
+		return value;
+	}
+
+	public inline function get_contentType():String {
+		return this.headers.get(ContentType);
+	}
+
 	public function sendBytes(bytes:Bytes) {
 		final socket = this.socket;
 		if (socket == null) {
@@ -41,7 +52,7 @@ class Response {
 		}
 
 		try {
-			socket.writeString(sendHeaders(bytes.length).toString());
+			socket.writeString(collectHeaders(bytes.length).toString());
 			socket.writeBytes(bytes);
 		} catch (_:Eof) {
 			// The connection has already been closed, silently ignore
@@ -52,7 +63,6 @@ class Response {
 
 	public inline function redirect(path:String) {
 		status = MovedPermanently;
-		headers = new List<Header>();
 		var string = initLine();
 		string += 'Location: $path\r\n\r\n';
 		socket.writeString(string);
@@ -78,22 +88,47 @@ class Response {
 		return 'HTTP/1.1 $status ${HttpStatusMessage.fromCode(status)}\r\n';
 	}
 
-	public inline function sendHeaders(length:Int):StringBuf {
+	public inline function collectHeaders(length:Int):StringBuf {
 		var string = new StringBuf();
-		string.add(initLine()
-			+ // 'Acess-Control-Allow-Origin: *\r\n' +
-			'Connection: ${close ? "close" : "keep-alive"}\r\n'
-			+ 'Content-type: $contentType\r\n'
-			+ 'Content-length: $length\r\n');
+		string.add(this.initLine());
+
+		this.headers.add(Connection, close ? (cast "close") : (cast "keep-alive"));
+		this.headers.set(ContentLength, Std.string(length));
+
 		for (cookie in cookies) {
-			string.add("Set-Cookie: " + cookie.resolveToResponseString() + "\r\n");
+			this.headers.add(SetCookie, cookie.resolveToResponseString());
 		}
-		if (headers != null) {
-			for (header in headers) {
-				string.add(header.key + ": " + header.value + "\r\n");
+
+		for (headerName => values in this.headers) {
+			if (values.length <= 0) // Sanity check
+				continue;
+
+			if (headerName == SetCookie) {
+				for (headerValue in values) {
+					string.add(headerName);
+					string.add(": ");
+					string.add(headerValue);
+					string.add("\r\n");
+				}
+			} else {
+				string.add(headerName);
+				string.add(": ");
+				if (values.length == 1) {
+					string.add(values[0]);
+				} else if (headerName.allowsRawCommaSeparatedValues()) {
+					string.add(values.join(", "));
+				} else if (headerName.allowsRawSemicolonSeparatedValues()) {
+					string.add(values.join("; "));
+				} else if (headerName.doesNotAllowRepeats()) {
+					throw 'unique header "$headerName" has ${values.length} assigned values';
+				} else {
+					string.add(Lambda.map(values, v -> '"$v"').join(", "));
+				}
+				string.add("\r\n");
 			}
-			headers = null;
 		}
+
+		this.headers.clear();
 		string.add("\r\n");
 		return string;
 	}

weblink/Response.hx

@@ -126,9 +126,8 @@ class Weblink {
 			request.path = request.basePath.substr(1);
 		var ext = request.path.extension();
 		var mime = weblink._internal.Mime.types.get(ext);
-		response.headers = new List<Header>();
 		if (_cors.length > 0)
-			response.headers.add({key: "Access-Control-Allow-Origin", value: _cors});
+			response.headers.add(AccessControlAllowOrigin, _cors);
 		response.contentType = mime == null ? "text/plain" : mime;
 		var path = Path.join([_dir, request.basePath.substr(_path.length)]).normalize();
 		if (path == "")