feat(stringify): add escape for quoted-pair

TomokiMiyauci · TomokiMiyauci · commit 5f1bba43512f · 2023-04-28T13:01:22.000+09:00
diff --git a/auth_param.json b/auth_param.json
@@ -17,7 +17,8 @@
   {
     "name": "dirty auth param",
     "header": "a=a,b=b, c=c ,  d=d  ,   e=e   ",
-    "expected": { "a": "a", "b": "b", "c": "c", "d": "d", "e": "e" }
+    "expected": { "a": "a", "b": "b", "c": "c", "d": "d", "e": "e" },
+    "canonical": "a=a, b=b, c=c, d=d, e=e"
   },
   {
     "name": "all char",
@@ -34,7 +35,8 @@
   {
     "name": "quoted-pair",
     "header": "a=\"\\a\", b=\"\\\\\"",
-    "expected": { "a": "\"a\"", "b": "\"\\\"" }
+    "expected": { "a": "\"a\"", "b": "\"\\\"" },
+    "canonical": "a=\"a\", b=\"\\\\\""
   },
   {
     "name": "duplicate key",
diff --git a/deno.lock b/deno.lock
diff --git a/deps.ts b/deps.ts
@@ -6,3 +6,4 @@ export { trim } from "https://deno.land/x/prelude_js@1.2.0/trim.ts";
 export { head } from "https://deno.land/x/prelude_js@1.2.0/head.ts";
 export { isString } from "https://deno.land/x/isx@1.3.1/is_string.ts";
 export { isNullable } from "https://deno.land/x/isx@1.3.1/is_nullable.ts";
+export { mapValues } from "https://deno.land/std@0.184.0/collections/map_values.ts";
diff --git a/stringify.ts b/stringify.ts
@@ -1,7 +1,7 @@
 // Copyright 2023-latest the httpland authors. All rights reserved. MIT license.
 // This module is browser compatible.
 
-import { isNullable, isString, toLowerCase } from "./deps.ts";
+import { isNullable, isString, mapValues, toLowerCase } from "./deps.ts";
 import { duplicate } from "./utils.ts";
 import { Msg } from "./constants.ts";
 import type { Authorization, AuthParams } from "./types.ts";
@@ -75,7 +75,7 @@ export function assertToken68(
 }
 
 const reQuotedString =
-  /^"(?:\t| |!|[ \x23-\x5B\x5D-\x7E]|[\x80-\xFF]|\\(?:\t| |[\x21-\x7E])[\x80-\xFF])*"$/;
+  /^"(?:\t| |!|[ \x23-\x5B\x5D-\x7E]|[\x80-\xFF]|\\(?:\t| |[\x21-\x7E]|[\x80-\xFF]))*"$/;
 
 export function isQuotedString(input: string): boolean {
   return reQuotedString.test(input);
@@ -98,6 +98,8 @@ function assertAuthParam(input: AuthParams): asserts input {
 }
 
 export function stringifyAuthParams(input: AuthParams): string {
+  input = mapValues(input, normalizeParameterValue);
+
   assertAuthParam(input);
 
   return Object
@@ -106,6 +108,31 @@ export function stringifyAuthParams(input: AuthParams): string {
     .join(", ");
 }
 
+export function normalizeParameterValue(input: string): string {
+  return isQuoted(input) ? `"${escapeOctet(trimChar(input))}"` : input;
+}
+
+/** Escape DQuote and Backslash.
+ * Skip escaped.
+ * @see https://www.rfc-editor.org/rfc/rfc9110.html#section-5.6.4-5
+ */
+export function escapeOctet(input: string): string {
+  // TODO(miyauci): dirty
+  return input
+    .replaceAll(`"`, `\\"`)
+    .replaceAll("\\", "\\\\")
+    .replaceAll("\\\\\\\\", "\\\\")
+    .replaceAll(`\\\\"`, '\\"');
+}
+
+export function isQuoted(input: string): input is `"${string}"` {
+  return /^".*"$/.test(input);
+}
+
+export function trimChar(input: string): string {
+  return input.slice(1, -1);
+}
+
 function joinEntry(
   entry: readonly [string, string],
 ): string {
diff --git a/stringify_test.ts b/stringify_test.ts
@@ -1,13 +1,35 @@
-import { AuthorizationLike, stringifyAuthorization } from "./stringify.ts";
+import {
+  AuthorizationLike,
+  escapeOctet,
+  isQuoted,
+  stringifyAuthorization,
+  stringifyAuthParams,
+  trimChar,
+} from "./stringify.ts";
 import {
   assertEquals,
   assertThrows,
   Authorization,
   describe,
   it,
 } from "./_dev_deps.ts";
-
 import authorization from "./authorization.json" assert { type: "json" };
+import authParam from "./auth_param.json" assert { type: "json" };
+
+describe("stringifyAuthParams", () => {
+  authParam.forEach((v) => {
+    it(v.name, () => {
+      if (!v.must_fail && v.expected) {
+        const input = v.canonical ? v.canonical : v.header;
+
+        assertEquals(
+          stringifyAuthParams(v.expected as Record<string, string>),
+          input,
+        );
+      }
+    });
+  });
+});
 
 describe("stringifyAuthorization", () => {
   it("should return string if the input is valid", () => {
@@ -61,3 +83,97 @@ describe("stringifyAuthorization", () => {
     });
   });
 });
+
+describe("escapeOctet", () => {
+  it("should escape double quote and backslash", () => {
+    const table: [string, string][] = [
+      ["", ""],
+      ["a", "a"],
+      [`\\"`, `\\"`],
+      [`""`, `\\"\\"`],
+      [`"\\"`, `\\"\\"`],
+      [`\\"\\"`, `\\"\\"`],
+      [`"""`, `\\"\\"\\"`],
+      [`""""`, `\\"\\"\\"\\"`],
+      [`"`, `\\"`],
+      [`"a"`, `\\"a\\"`],
+      [`a\\`, `a\\\\`],
+      [`a"`, `a\\"`],
+      [`a\\"`, `a\\"`],
+      [`\\\\`, `\\\\`],
+      [`\\\\\\`, `\\\\\\\\`],
+      [`\\\\\\\\`, `\\\\\\\\`],
+      [`\\`, `\\\\`],
+      ['"\\"', `\\"\\"`],
+      ['\\\\\\"', `\\\\\\"`],
+    ];
+
+    table.forEach(([input, expected]) => {
+      assertEquals(escapeOctet(input), expected);
+    });
+  });
+});
+
+describe("escapeOctet", () => {
+  it("should escape double quote and backslash", () => {
+    const table: [string, string][] = [
+      ["", ""],
+      ["a", "a"],
+      [`\\"`, `\\"`],
+      [`""`, `\\"\\"`],
+      [`"\\"`, `\\"\\"`],
+      [`\\"\\"`, `\\"\\"`],
+      [`"""`, `\\"\\"\\"`],
+      [`""""`, `\\"\\"\\"\\"`],
+      [`"`, `\\"`],
+      [`"a"`, `\\"a\\"`],
+      [`a\\`, `a\\\\`],
+      [`a"`, `a\\"`],
+      [`a\\"`, `a\\"`],
+      [`\\\\`, `\\\\`],
+      [`\\\\\\`, `\\\\\\\\`],
+      [`\\\\\\\\`, `\\\\\\\\`],
+      [`\\`, `\\\\`],
+      ['"\\"', `\\"\\"`],
+      ['\\\\\\"', `\\\\\\"`],
+    ];
+
+    table.forEach(([input, expected]) => {
+      assertEquals(escapeOctet(input), expected);
+    });
+  });
+});
+
+describe("isQuoted", () => {
+  it("should pass", () => {
+    const table: [string, boolean][] = [
+      ["a", false],
+      ["ab", false],
+      [`"`, false],
+      [` ""`, false],
+      [`""`, true],
+      [`"a"`, true],
+      [`""""`, true],
+      [`"""`, true],
+    ];
+
+    table.forEach(([input, expected]) => {
+      assertEquals(isQuoted(input), expected);
+    });
+  });
+});
+
+describe("trimChar", () => {
+  it("should pass", () => {
+    const table: [string, string][] = [
+      ["a", ""],
+      ["ab", ""],
+      ["abc", "b"],
+      ["abcd", "bc"],
+    ];
+
+    table.forEach(([input, expected]) => {
+      assertEquals(trimChar(input), expected);
+    });
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,8 @@`
`17`	`17`	`{`
`18`	`18`	`"name": "dirty auth param",`
`19`	`19`	`"header": "a=a,b=b, c=c , d=d , e=e ",`
`20`		`- "expected": { "a": "a", "b": "b", "c": "c", "d": "d", "e": "e" }`
	`20`	`+ "expected": { "a": "a", "b": "b", "c": "c", "d": "d", "e": "e" },`
	`21`	`+ "canonical": "a=a, b=b, c=c, d=d, e=e"`
`21`	`22`	`},`
`22`	`23`	`{`
`23`	`24`	`"name": "all char",`
`@@ -34,7 +35,8 @@`
`34`	`35`	`{`
`35`	`36`	`"name": "quoted-pair",`
`36`	`37`	`"header": "a=\"\\a\", b=\"\\\\\"",`
`37`		`- "expected": { "a": "\"a\"", "b": "\"\\\"" }`
	`38`	`+ "expected": { "a": "\"a\"", "b": "\"\\\"" },`
	`39`	`+ "canonical": "a=\"a\", b=\"\\\\\""`
`38`	`40`	`},`
`39`	`41`	`{`
`40`	`42`	`"name": "duplicate key",`
-Original file line number
+Diff line change
 export { head } from "https://deno.land/x/[email protected]/head.ts";
 export { isString } from "https://deno.land/x/[email protected]/is_string.ts";
 export { isNullable } from "https://deno.land/x/[email protected]/is_nullable.ts";
 +export { mapValues } from "https://deno.land/[email protected]/collections/map_values.ts";