fix(parse): fix auth param regex pattern

Author: TomokiMiyauci

_abnf.ts

@@ -1,5 +1,4 @@
 import {
-  capture,
   either,
   maybe,
   namedCapture,
@@ -42,7 +41,7 @@ const obsText = /[\x80-\xFF]/;
 const HTAB = /\t/;
 const qdtext = either(HTAB, SP, "\x21", /[\x23-\x5B/, /[\x5D-\x7E]/, obsText);
 const VCHAR = /[\x21-\x7E]/;
-const quotedPair = sequence("\\", either(HTAB, SP, VCHAR), obsText);
+const quotedPair = sequence("\\", either(HTAB, SP, VCHAR, obsText));
 
 const quotedString = sequence(
   DQUOTE,
@@ -55,13 +54,16 @@ const authParam = sequence(
   BWS,
   "=",
   BWS,
-  capture(either(token, quotedString)),
+  either(
+    namedCapture("token", token),
+    namedCapture("quotedString", quotedString),
+  ),
 );
 
 if (import.meta.main) {
   console.log("challenge:", challenge);
   console.log("element: ", element);
-  console.log("authParam: ", authParam);
+  console.log("authParam: ", optimize(authParam).toRegExp());
   console.log("token: ", optimize(token).toRegExp());
   console.log("token68: ", optimize(token68).toRegExp());
   console.log(

auth_param.json

@@ -19,6 +19,23 @@
     "header": "a=a,b=b, c=c ,  d=d  ,   e=e   ",
     "expected": { "a": "a", "b": "b", "c": "c", "d": "d", "e": "e" }
   },
+  {
+    "name": "all char",
+    "header": "a=abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+    "expected": {
+      "a": "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    }
+  },
+  {
+    "name": "quoted-string",
+    "header": "a=\"a\", b=\"b\"",
+    "expected": { "a": "\"a\"", "b": "\"b\"" }
+  },
+  {
+    "name": "quoted-pair",
+    "header": "a=\"\\a\", b=\"\\\\\"",
+    "expected": { "a": "\"a\"", "b": "\"\\\"" }
+  },
   {
     "name": "duplicate key",
     "header": "a=a,a=a",
@@ -33,5 +50,15 @@
     "name": "invalid format",
     "header": "YWxhZGRpbjpvcGVuc2VzYW1l a=a",
     "must_fail": true
+  },
+  {
+    "name": "invalid quoted-string",
+    "header": "a=\u0000",
+    "must_fail": true
+  },
+  {
+    "name": "invalid quoted-pair",
+    "header": "a=\"\u0000\"",
+    "must_fail": true
   }
 ]

parse.ts

@@ -58,9 +58,17 @@ type ParsedGroups = {
 };
 
 const reAuthParam =
-  /^(?<key>[!#$%&'*+.^_`|~\dA-Za-z-]+)[ \t]*=[ \t]*(?<value>[!#$%&'*+.^_`|~\dA-Za-z-]+|"(?:\t| |!|[\x23-\x5B/, /[\x5D-\x7E]|[\x80-\xFF]|\\(?:\t| |[\x21-\x7E])[\x80-\xFF])*")$/;
+  /^(?<key>[\w!#$%&'*+.^`|~-]+)[\t ]*=[\t ]*(?:(?<token>[\w!#$%&'*+.^`|~-]+)|(?<quotedString>"(?:\t| |!|[ \x23-\x5B\x5D-\x7E]|[\x80-\xFF]|\\(?:\t| |[\x21-\x7E]|[\x80-\xFF]))*"))$/;
+
+type AuthParamGroups =
+  & { key: string }
+  & ({ token: string; quotedString: never } | {
+    token: never;
+    quotedString: string;
+  });
 
 /** Parse string into {@link AuthParam}.
+ * @throws {SyntaxError} It the input is invalid [auth-param](https://www.rfc-editor.org/rfc/rfc9110.html#section-11.2-5).
  * @throws {Error} If the auth param key is duplicated.
  */
 export function parseAuthParams(input: string): AuthParams {
@@ -71,7 +79,12 @@ export function parseAuthParams(input: string): AuthParams {
 
     if (!result || !result.groups) throw SyntaxError(Msg.InvalidSyntax);
 
-    return [result.groups.key, result.groups.value] as const;
+    const groups = result.groups as AuthParamGroups;
+    const value = isString(groups.token)
+      ? groups.token
+      : groups.quotedString.replace(/\\(.)/g, "$1");
+
+    return [groups.key, value] as const;
   });
 
   const duplicates = duplicate(