94 lines
4.5 KiB
JavaScript
94 lines
4.5 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.domainMatch = domainMatch;
|
|
const canonicalDomain_1 = require("./canonicalDomain");
|
|
// Dumped from ip-regex@4.0.0, with the following changes:
|
|
// * all capturing groups converted to non-capturing -- "(?:)"
|
|
// * support for IPv6 Scoped Literal ("%eth1") removed
|
|
// * lowercase hexadecimal only
|
|
const IP_REGEX_LOWERCASE = /(?:^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}$)|(?:^(?:(?:[a-f\d]{1,4}:){7}(?:[a-f\d]{1,4}|:)|(?:[a-f\d]{1,4}:){6}(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|:[a-f\d]{1,4}|:)|(?:[a-f\d]{1,4}:){5}(?::(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-f\d]{1,4}){1,2}|:)|(?:[a-f\d]{1,4}:){4}(?:(?::[a-f\d]{1,4}){0,1}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-f\d]{1,4}){1,3}|:)|(?:[a-f\d]{1,4}:){3}(?:(?::[a-f\d]{1,4}){0,2}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-f\d]{1,4}){1,4}|:)|(?:[a-f\d]{1,4}:){2}(?:(?::[a-f\d]{1,4}){0,3}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-f\d]{1,4}){1,5}|:)|(?:[a-f\d]{1,4}:){1}(?:(?::[a-f\d]{1,4}){0,4}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-f\d]{1,4}){1,6}|:)|(?::(?:(?::[a-f\d]{1,4}){0,5}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-f\d]{1,4}){1,7}|:)))$)/;
|
|
/**
|
|
* Answers "does this real domain match the domain in a cookie?". The `domain` is the "current" domain name and the
|
|
* `cookieDomain` is the "cookie" domain name. Matches according to {@link https://www.rfc-editor.org/rfc/rfc6265.html#section-5.1.3 | RFC6265 - Section 5.1.3},
|
|
* but it helps to think of it as a "suffix match".
|
|
*
|
|
* @remarks
|
|
* ### 5.1.3. Domain Matching
|
|
*
|
|
* A string domain-matches a given domain string if at least one of the
|
|
* following conditions hold:
|
|
*
|
|
* - The domain string and the string are identical. (Note that both
|
|
* the domain string and the string will have been canonicalized to
|
|
* lower case at this point.)
|
|
*
|
|
* - All of the following conditions hold:
|
|
*
|
|
* - The domain string is a suffix of the string.
|
|
*
|
|
* - The last character of the string that is not included in the
|
|
* domain string is a %x2E (".") character.
|
|
*
|
|
* - The string is a host name (i.e., not an IP address).
|
|
*
|
|
* @example
|
|
* ```
|
|
* domainMatch('example.com', 'example.com') === true
|
|
* domainMatch('eXaMpLe.cOm', 'ExAmPlE.CoM') === true
|
|
* domainMatch('no.ca', 'yes.ca') === false
|
|
* ```
|
|
*
|
|
* @param domain - The domain string to test
|
|
* @param cookieDomain - The cookie domain string to match against
|
|
* @param canonicalize - The canonicalize parameter toggles whether the domain parameters get normalized with canonicalDomain or not
|
|
* @public
|
|
*/
|
|
function domainMatch(domain, cookieDomain, canonicalize) {
|
|
if (domain == null || cookieDomain == null) {
|
|
return undefined;
|
|
}
|
|
let _str;
|
|
let _domStr;
|
|
if (canonicalize !== false) {
|
|
_str = (0, canonicalDomain_1.canonicalDomain)(domain);
|
|
_domStr = (0, canonicalDomain_1.canonicalDomain)(cookieDomain);
|
|
}
|
|
else {
|
|
_str = domain;
|
|
_domStr = cookieDomain;
|
|
}
|
|
if (_str == null || _domStr == null) {
|
|
return undefined;
|
|
}
|
|
/*
|
|
* S5.1.3:
|
|
* "A string domain-matches a given domain string if at least one of the
|
|
* following conditions hold:"
|
|
*
|
|
* " o The domain string and the string are identical. (Note that both the
|
|
* domain string and the string will have been canonicalized to lower case at
|
|
* this point)"
|
|
*/
|
|
if (_str == _domStr) {
|
|
return true;
|
|
}
|
|
/* " o All of the following [three] conditions hold:" */
|
|
/* "* The domain string is a suffix of the string" */
|
|
const idx = _str.lastIndexOf(cookieDomain);
|
|
if (idx <= 0) {
|
|
return false; // it's a non-match (-1) or prefix (0)
|
|
}
|
|
// next, check it's a proper suffix
|
|
// e.g., "a.b.c".indexOf("b.c") === 2
|
|
// 5 === 3+2
|
|
if (_str.length !== _domStr.length + idx) {
|
|
return false; // it's not a suffix
|
|
}
|
|
/* " * The last character of the string that is not included in the
|
|
* domain string is a %x2E (".") character." */
|
|
if (_str.substring(idx - 1, idx) !== '.') {
|
|
return false; // doesn't align on "."
|
|
}
|
|
/* " * The string is a host name (i.e., not an IP address)." */
|
|
return !IP_REGEX_LOWERCASE.test(_str);
|
|
}
|