wip

Author: krichprollsch

src/cdp/cdp.zig

@@ -477,12 +477,16 @@ pub fn BrowserContext(comptime CDP_T: type) type {
             self.cdp.browser.notification.unregister(.http_response_header_done, self);
         }
 
-        pub fn fetchEnable(self: *Self) !void {
+        pub fn fetchEnable(self: *Self, auth: bool) !void {
             try self.cdp.browser.notification.register(.http_request_intercept, self, onHttpRequestIntercept);
+            if (auth) {
+                try self.cdp.browser.notification.register(.http_request_auth_required, self, onHttpRequestAuthRequired);
+            }
         }
 
         pub fn fetchDisable(self: *Self) void {
             self.cdp.browser.notification.unregister(.http_request_intercept, self);
+            self.cdp.browser.notification.unregister(.http_request_auth_required, self);
         }
 
         pub fn onPageRemove(ctx: *anyopaque, _: Notification.PageRemove) !void {
@@ -548,6 +552,12 @@ pub fn BrowserContext(comptime CDP_T: type) type {
             try gop.value_ptr.appendSlice(arena, try arena.dupe(u8, msg.data));
         }
 
+        pub fn onHttpRequestAuthRequired(ctx: *anyopaque, data: *const Notification.RequestAuthRequired) !void {
+            const self: *Self = @alignCast(@ptrCast(ctx));
+            defer self.resetNotificationArena();
+            try @import("domains/fetch.zig").requestAuthRequired(self.notification_arena, self, data);
+        }
+
         fn resetNotificationArena(self: *Self) void {
             defer _ = self.cdp.notification_arena.reset(.{ .retain_with_limit = 1024 * 64 });
         }

src/cdp/domains/fetch.zig

@@ -144,12 +144,8 @@ fn enable(cmd: anytype) !void {
         return cmd.sendResult(null, .{});
     }
 
-    if (params.handleAuthRequests) {
-        log.warn(.cdp, "not implemented", .{ .feature = "Fetch.enable handleAuthRequests is not supported yet" });
-    }
-
     const bc = cmd.browser_context orelse return error.BrowserContextNotLoaded;
-    try bc.fetchEnable();
+    try bc.fetchEnable(params.handleAuthRequests);
 
     return cmd.sendResult(null, .{});
 }
@@ -346,6 +342,92 @@ fn failRequest(cmd: anytype) !void {
     return cmd.sendResult(null, .{});
 }
 
+const AuthChallenge = struct {
+    scheme: enum { basic, digest },
+    realm: []const u8,
+
+    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
+    // Supports only basic and digest schemes.
+    pub fn parse(header: []const u8) !AuthChallenge {
+        var ac: AuthChallenge = .{
+            .scheme = undefined,
+            .realm = "",
+        };
+
+        const pos = std.mem.indexOfPos(u8, std.mem.trim(u8, header, std.ascii.whitespace[0..]), 0, " ") orelse header.len;
+        const _scheme = header[0..pos];
+        if (std.ascii.eqlIgnoreCase(_scheme, "basic")) {
+            ac.scheme = .basic;
+        } else if (std.ascii.eqlIgnoreCase(_scheme, "digest")) {
+            ac.scheme = .digest;
+        } else {
+            return error.UnknownAuthChallengeScheme;
+        }
+
+        // TODO get the realm
+
+        return ac;
+    }
+};
+
+pub fn requestAuthRequired(arena: Allocator, bc: anytype, intercept: *const Notification.RequestAuthRequired) !void {
+    // unreachable because we _have_ to have a page.
+    const session_id = bc.session_id orelse unreachable;
+    const target_id = bc.target_id orelse unreachable;
+    const page = bc.session.currentPage() orelse unreachable;
+
+    // We keep it around to wait for modifications to the request.
+    // NOTE: we assume whomever created the request created it with a lifetime of the Page.
+    // TODO: What to do when receiving replies for a previous page's requests?
+
+    const transfer = intercept.transfer;
+    try bc.intercept_state.put(transfer);
+
+    var challenge: AuthChallenge = undefined;
+    var source: enum { server, proxy } = undefined;
+    var it = transfer.responseHeaderIterator();
+    while (it.next()) |hdr| {
+        if (std.ascii.eqlIgnoreCase("WWW-Authenticate", hdr.name)) {
+            source = .server;
+            challenge = try AuthChallenge.parse(hdr.value);
+            break;
+        }
+        if (std.ascii.eqlIgnoreCase("Proxy-Authenticate", hdr.name)) {
+            source = .proxy;
+            challenge = try AuthChallenge.parse(hdr.value);
+            break;
+        }
+    }
+
+    try bc.cdp.sendEvent("Fetch.authRequired", .{
+        .requestId = try std.fmt.allocPrint(arena, "INTERCEPT-{d}", .{transfer.id}),
+        .request = network.TransferAsRequestWriter.init(transfer),
+        .frameId = target_id,
+        .resourceType = switch (transfer.req.resource_type) {
+            .script => "Script",
+            .xhr => "XHR",
+            .document => "Document",
+        },
+        .authChallenge = .{
+            .source = if (source == .server) "Server" else "Proxy",
+            .origin = "", // TODO get origin, could be the proxy address for example.
+            .scheme = if (challenge.scheme == .digest) "digest" else "basic",
+            .realm = challenge.realm,
+        },
+        .networkId = try std.fmt.allocPrint(arena, "REQ-{d}", .{transfer.id}),
+    }, .{ .session_id = session_id });
+
+    log.debug(.cdp, "request auth required", .{
+        .state = "paused",
+        .id = transfer.id,
+        .url = transfer.uri,
+    });
+    // Await continueWithAuth
+
+    intercept.wait_for_interception.* = true;
+    page.request_intercepted = true;
+}
+
 // Get u64 from requestId which is formatted as: "INTERCEPT-{d}"
 fn idFromRequestId(request_id: []const u8) !u64 {
     if (!std.mem.startsWith(u8, request_id, "INTERCEPT-")) {

src/http/Client.zig

@@ -577,6 +577,7 @@ pub const Transfer = struct {
     _handle: ?*Handle = null,
 
     _redirecting: bool = false,
+    _forbidden: bool = false,
 
     // use_proxy is set when the transfer has been associated to a given
     // connection in makeRequest().
@@ -796,6 +797,22 @@ pub const Transfer = struct {
                     if (i >= ct.?.amount) break;
                 }
 
+                // If the response requires an auth challenge and the auth
+                // interception is enable, we must create a new request and wait
+                // for the interception's response.
+                // We won't call the req's callbacks now, but for the following request only.
+                const status = transfer.response_header.?.status;
+                if (status == 401 or status == 407) {
+                    if (transfer.client.notification) |notification| {
+                        var wait_for_interception = false;
+                        notification.dispatch(.http_request_auth_required, &.{ .transfer = transfer, .wait_for_interception = &wait_for_interception });
+                        if (wait_for_interception) {
+                            // The user is send an invitation to intercept this request.
+                            return buf_len;
+                        }
+                    }
+                }
+
                 transfer.req.header_callback(transfer) catch |err| {
                     log.err(.http, "header_callback", .{ .err = err, .req = transfer });
                     // returning < buf_len terminates the request

src/notification.zig

@@ -64,6 +64,7 @@ pub const Notification = struct {
         http_request_start: List = .{},
         http_request_intercept: List = .{},
         http_request_done: List = .{},
+        http_request_auth_required: List = .{},
         http_response_data: List = .{},
         http_response_header_done: List = .{},
         notification_created: List = .{},
@@ -77,6 +78,7 @@ pub const Notification = struct {
         http_request_fail: *const RequestFail,
         http_request_start: *const RequestStart,
         http_request_intercept: *const RequestIntercept,
+        http_request_auth_required: *const RequestAuthRequired,
         http_request_done: *const RequestDone,
         http_response_data: *const ResponseData,
         http_response_header_done: *const ResponseHeaderDone,
@@ -106,6 +108,11 @@ pub const Notification = struct {
         wait_for_interception: *bool,
     };
 
+    pub const RequestAuthRequired = struct {
+        transfer: *Transfer,
+        wait_for_interception: *bool,
+    };
+
     pub const ResponseData = struct {
         data: []const u8,
         transfer: *Transfer,