kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 4db51d78461cdfe84c19dc21f31de078f192c953
parent 3d24b652688bcb3346b413a3118fd231594b66b7
Author: Joris Vink <joris@coders.se>
Date:   Fri, 10 Mar 2017 14:31:08 +0100

screw it, rework interface for cookies.

The only reason you would want to directly modify the cookie
after creating it should be to unset the HTTPONLY or SECURE flags
if that is what you *really* want to do.

Change http_response_cookie() to take all required parameters instead
of having to marshall those in yourself after.

Now you set a sane default cookie in one shot:

http_response_cookie(req, "key", "value", "/", 0, -1, NULL);

Which would create a session cookie key=value for / under the current domain.

Diffstat:
examples/cookies/src/cookies.c | 18+++++++++++-------
includes/http.h | 5+++--
src/http.c | 13+++++++++----
3 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/examples/cookies/src/cookies.c b/examples/cookies/src/cookies.c @@ -36,15 +36,19 @@ serve_cookies(struct http_request *req) if (http_request_cookie(req, "Formatted", &value)) kore_log(LOG_DEBUG, "Got formatted: %s", value); - /* set simple cookie */ - http_response_cookie(req, "Simple", "Hello World!", NULL); + /* no expire, no maxage for current path. */ + http_response_cookie(req, "Simple", "Hello World!", + req->path, 0, -1, NULL); - /* set complex cookie */ - http_response_cookie(req, "Complex", "Secure Value!", &cookie); - cookie->path = kore_strdup("/secure"); - cookie->expires = time(NULL) + 1 * 60 * 60; + /* expire, no maxage, for /secure. */ + http_response_cookie(req, "Complex", "Secure Value!", "/secure", + time(NULL) + (1 * 60 * 60), -1, NULL); - /* set formatted cookie */ + /* maxage, no httponly, for current path. */ + http_response_cookie(req, "key", "value", req->path, 0, 60, &cookie); + cookie->flags &= ~HTTP_COOKIE_HTTPONLY; + + /* set formatted cookie via header directly. */ http_response_header(req, "set-cookie", "Formatted=TheValue; Path=/vault; HttpOnly"); diff --git a/includes/http.h b/includes/http.h @@ -268,8 +268,9 @@ int http_state_run(struct http_state *, u_int8_t, struct http_request *); int http_request_cookie(struct http_request *, const char *, char **); -void http_response_cookie(struct http_request *, - const char *, const char *, struct http_cookie **); +void http_response_cookie(struct http_request *, const char *, + const char *, const char *, time_t, int, + struct http_cookie **); int http_argument_urldecode(char *); int http_header_recv(struct netbuf *); diff --git a/src/http.c b/src/http.c @@ -1019,7 +1019,8 @@ http_file_rewind(struct http_file *file) void http_response_cookie(struct http_request *req, const char *name, - const char *val, struct http_cookie **out) + const char *val, const char *path, time_t expires, int maxage, + struct http_cookie **out) { struct http_cookie *ck; @@ -1028,14 +1029,18 @@ http_response_cookie(struct http_request *req, const char *name, ck = kore_pool_get(&http_cookie_pool); - ck->expires = 0; - ck->maxage = -1; - ck->path = NULL; + ck->maxage = maxage; + ck->expires = expires; ck->name = kore_strdup(name); ck->value = kore_strdup(val); ck->domain = kore_strdup(req->host); ck->flags = HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE; + if (path != NULL) + ck->path = kore_strdup(path); + else + ck->path = NULL; + TAILQ_INSERT_TAIL(&(req->resp_cookies), ck, list); if (out != NULL)