enable curl cookie engine

Enabling Curl cookie engine brings advantages:
* handle cookies during a redirection: when a srv redirects including
  cookies, curl sends back the cookies correctly during the next request
* benefit curl's cookie parsing: we now use curl's lib to parse cookies
  instead of parsing them from headers manually

Author: krichprollsch

src/browser/storage/cookie.zig

@@ -109,6 +109,17 @@ pub const Jar = struct {
         }
     }
 
+    // https://curl.se/docs/http-cookies.html
+    pub fn populateFromCurl(self: *Jar, set_cookie: []const u8) !void {
+        const c = Cookie.parseCurl(self.allocator, set_cookie) catch |err| {
+            log.warn(.web_api, "cookie parse failed", .{ .raw = set_cookie, .err = err });
+            return;
+        };
+
+        const now = std.time.timestamp();
+        try self.add(c, now);
+    }
+
     pub fn populateFromResponse(self: *Jar, uri: *const Uri, set_cookie: []const u8) !void {
         const c = Cookie.parse(self.allocator, uri, set_cookie) catch |err| {
             log.warn(.web_api, "cookie parse failed", .{ .raw = set_cookie, .err = err });
@@ -192,6 +203,62 @@ pub const Cookie = struct {
         self.arena.deinit();
     }
 
+    // Parse curl's cookie file format
+    // https://curl.se/docs/http-cookies.html
+    pub fn parseCurl(allocator: Allocator, str: []const u8) !Cookie {
+        var c: Cookie = .{
+            .arena = ArenaAllocator.init(allocator),
+            .name = undefined,
+            .value = undefined,
+            .path = undefined,
+            .same_site = undefined,
+            .secure = undefined,
+            .http_only = undefined,
+            .domain = undefined,
+            .expires = undefined,
+        };
+        errdefer c.deinit();
+
+        var aa = c.arena.allocator();
+
+        var it = std.mem.splitScalar(u8, str, '\t');
+        var index: u8 = 0;
+        while (it.next()) |v| {
+            defer index += 1;
+
+            switch (index) {
+                0 => {
+                    // domain name, can start with #HttpOnly_
+                    if (std.mem.indexOf(u8, v, "#HttpOnly_")) |pos| {
+                        c.http_only = true;
+                        c.domain = try aa.dupe(u8, v[pos + "#HttpOnly_".len ..]);
+                    } else {
+                        c.http_only = false;
+                        c.domain = try aa.dupe(u8, v);
+                    }
+                },
+                1 => c.same_site = .lax, // TODO
+                2 => c.path = try aa.dupe(u8, v),
+                3 => c.secure = std.mem.eql(u8, "TRUE", v),
+                4 => {
+                    if (std.mem.eql(u8, "0", v)) {
+                        c.expires = null;
+                    } else {
+                        const i = try std.fmt.parseInt(i64, v, 10);
+                        c.expires = @floatFromInt(i);
+                    }
+                },
+                5 => c.name = try aa.dupe(u8, v),
+                6 => c.value = try aa.dupe(u8, v),
+                else => return error.TooMuchCookieFields,
+            }
+        }
+
+        if (index != 7) return error.MissingCookieFields;
+
+        return c;
+    }
+
     // There's https://datatracker.ietf.org/doc/html/rfc6265 but browsers are
     // far less strict. I only found 2 cases where browsers will reject a cookie:
     //   - a byte 0...32 and 127..255 anywhere in the cookie (the HTTP header
@@ -912,6 +979,25 @@ test "Cookie: parse domain" {
     try expectError(error.InvalidDomain, "http://lightpanda.io/", "b;domain=other.example.com");
 }
 
+test "Cookie: parse curl" {
+    try expectCookieCurl(.{
+        .name = "cookie_key",
+        .value = "cookie_value",
+        .path = "/cookies/",
+        .domain = "httpbin.io",
+        .http_only = true,
+    }, "#HttpOnly_httpbin.io\tFALSE\t/cookies/\tFALSE\t0\tcookie_key\tcookie_value");
+
+    try expectCookieCurl(.{
+        .name = "cookie_key",
+        .value = "cookie_value",
+        .path = "/cookies/",
+        .domain = "httpbin.io",
+        .expires = 10,
+        .secure = true,
+    }, "httpbin.io\tTRUE\t/cookies/\tTRUE\t10\tcookie_key\tcookie_value");
+}
+
 const ExpectedCookie = struct {
     name: []const u8,
     value: []const u8,
@@ -939,6 +1025,21 @@ fn expectCookie(expected: ExpectedCookie, url: []const u8, set_cookie: []const u
     try testing.expectDelta(expected.expires, cookie.expires, 2.0);
 }
 
+fn expectCookieCurl(expected: ExpectedCookie, set_cookie: []const u8) !void {
+    var cookie = try Cookie.parseCurl(testing.allocator, set_cookie);
+    defer cookie.deinit();
+
+    try testing.expectEqual(expected.name, cookie.name);
+    try testing.expectEqual(expected.value, cookie.value);
+    try testing.expectEqual(expected.secure, cookie.secure);
+    try testing.expectEqual(expected.http_only, cookie.http_only);
+    try testing.expectEqual(expected.same_site, cookie.same_site);
+    try testing.expectEqual(expected.path, cookie.path);
+    try testing.expectEqual(expected.domain, cookie.domain);
+
+    try testing.expectDelta(expected.expires, cookie.expires, 2.0);
+}
+
 fn expectAttribute(expected: anytype, url: ?[]const u8, set_cookie: []const u8) !void {
     const uri = if (url) |u| try Uri.parse(u) else test_uri;
     var cookie = try Cookie.parse(testing.allocator, &uri, set_cookie);

src/http/Client.zig

@@ -588,6 +588,22 @@ pub const Transfer = struct {
                 return 0;
             };
 
+            // Read all cookies.
+            var cookies: ?*c.curl_slist = undefined;
+            errorCheck(c.curl_easy_getinfo(easy, c.CURLINFO_COOKIELIST, &cookies)) catch |err| {
+                log.err(.http, "failed to get cookies", .{ .err = err });
+                return 0;
+            };
+            defer c.curl_slist_free_all(cookies);
+
+            // populate cookies in the jar
+            while (cookies) |_cookie| {
+                transfer.req.cookie_jar.populateFromCurl(std.mem.span(_cookie.data[0..])) catch |err| {
+                    log.err(.http, "set cookie", .{ .err = err, .req = transfer });
+                };
+                cookies = _cookie.next;
+            }
+
             transfer.response_header = .{
                 .url = url,
                 .status = status,
@@ -609,18 +625,6 @@ pub const Transfer = struct {
             }
         }
 
-        {
-            const SET_COOKIE_LEN = "set-cookie:".len;
-            if (header.len > SET_COOKIE_LEN) {
-                if (std.ascii.eqlIgnoreCase(header[0..SET_COOKIE_LEN], "set-cookie:")) {
-                    const value = std.mem.trimLeft(u8, header[SET_COOKIE_LEN..], " ");
-                    transfer.req.cookie_jar.populateFromResponse(&transfer.uri, value) catch |err| {
-                        log.err(.http, "set cookie", .{ .err = err, .req = transfer });
-                    };
-                }
-            }
-        }
-
         if (buf_len == 2) {
             transfer.req.header_done_callback(transfer) catch |err| {
                 log.err(.http, "header_done_callback", .{ .err = err, .req = transfer });

src/http/Http.zig

@@ -107,6 +107,7 @@ pub const Connection = struct {
         // redirect behavior
         try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_MAXREDIRS, @as(c_long, @intCast(opts.max_redirects))));
         try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_FOLLOWLOCATION, @as(c_long, 2)));
+        try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_COOKIEFILE, "")); // enable curl's cookie engine
         try errorCheck(c.curl_easy_setopt(easy, c.CURLOPT_REDIR_PROTOCOLS_STR, "HTTP,HTTPS")); // remove FTP and FTPS from the default
 
         // proxy