Improve cookie rewriting nfriedly#91

Author: weibeu

lib/cookies.js

@@ -1,5 +1,4 @@
 var URL = require('url');
-var libCookie = require('cookie');
 var setCookie = require('set-cookie-parser');
 var TLD = require('tld');
 var Transform = require('stream').Transform;
@@ -21,6 +20,54 @@ function cookies(config) {
 
     var REDIRECT_QUERY_PARAM = '__proxy_cookies_to';
 
+    // Serializes cookie without changing it
+    function serializeCookie(cookie) {
+        var str = cookie.name + '=' + cookie.value;
+
+        if (cookie.maxAge) {
+            str += '; Max-Age=' + cookie.maxAge;
+        }
+        if (cookie.domain) {
+            str += '; Domain=' + cookie.domain;
+        }
+        if (cookie.path) {
+            str += '; Path=' + cookie.path;
+        }
+        if (cookie.expires) {
+            str += '; Expires=' + cookie.expires.toUTCString();
+        }
+        if (cookie.httpOnly) {
+            str += '; HttpOnly';
+        }
+        if (cookie.secure) {
+            str += '; Secure';
+        }
+        return str;
+    }
+
+    // Parses the cookies without changing its value
+    function parseCookies(rawCookies) {
+        var obj = {};
+        var cookies;
+        if(typeof rawCookies !== 'string') return {};
+        if(rawCookies === '') return {};
+        cookies = rawCookies.split(';');
+        for (var i = 0, ii = cookies.length; i < ii; i++) {
+            // Removes first space if there is one
+            // V8 should always support trimLeft even though there is no standard for it.
+            // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/trimLeft
+            // https://www.npmjs.com/package/string could be a solution in case trimLeft() is dropped from V8.
+            cookies[i] = cookies[i].trimLeft();
+            // Puts the name and value in the object obj.
+            if(cookies[i].indexOf('=') !== -1) {
+                obj[cookies[i].substring(0, cookies[i].indexOf('='))] = cookies[i].substring(cookies[i].indexOf('=') + 1);
+            } else {
+                obj[cookies[i]] = '';
+            }
+        }
+        return obj;
+    }
+
     // normally we do nothing here, but when the user is switching protocols or subdomains, the handleResponse function
     // will rewrite the links to start with the old protocol & domain (so that we get sent the cookies), and then it
     // will copy the old cookies to the new path
@@ -29,10 +76,11 @@ function cookies(config) {
         if (uri.query[REDIRECT_QUERY_PARAM]) {
             var nextUri = URL.parse(uri.query[REDIRECT_QUERY_PARAM]);
             debug('copying cookies from %s to %s', data.url, uri.query[REDIRECT_QUERY_PARAM]);
-            var cookies = libCookie.parse(data.headers.cookie || '');
+            var cookies = parseCookies(data.headers.cookie || '');
             var setCookieHeaders = Object.keys(cookies).map(function(name) {
-                var value = cookies[name];
-                return libCookie.serialize(name, value, {
+                return serializeCookie({
+                    name: name,
+                    value: cookies[name],
                     path: config.prefix + nextUri.protocol + '//' + nextUri.host + '/'
                 });
             });
@@ -54,18 +102,15 @@ function cookies(config) {
         }
 
         // first update any set-cookie headers to ensure the path is prefixed with the site
-        var cookies = setCookie.parse(data, {
-            decodeValues: false // Calls dcodeURIComponent on each value - but we want to just pass them along unchanged in this case.
-        });
+        var cookies = setCookie.parse(data);
         if (cookies.length) {
             debug('remaping set-cookie headers');
             data.headers['set-cookie'] = cookies.map(function(cookie) {
                 var targetUri = nextUri || uri;
                 cookie.path = config.prefix + targetUri.protocol + '//' + targetUri.host + (cookie.path || '/');
                 delete cookie.domain;
                 delete cookie.secure; // todo: maybe leave this if we knot the proxy is being accessed over https?
-                cookie.value = decodeURIComponent(cookie.value); // Used to avoid double percent-encoding
-                return libCookie.serialize(cookie.name, cookie.value, cookie);
+                return serializeCookie(cookie);
             });
         }
 
@@ -77,9 +122,11 @@ function cookies(config) {
                 debug('copying cookies from %s to %s', data.url, data.redirectUrl);
 
                 // get all of the old cookies (from the request) indexed by name, and create set-cookie headers for each one
-                var oldCookies = libCookie.parse(data.clientRequest.headers.cookie || '');
+                var oldCookies = parseCookies(data.clientRequest.headers.cookie || '');
                 var oldSetCookieHeaders = _.mapValues(oldCookies, function(value, name) {
-                    return libCookie.serialize(name, value, {
+                    return serializeCookie({
+                        name: name,
+                        value: value,
                         path: config.prefix + nextUri.protocol + '//' + nextUri.host + '/'
                     });
                 });
@@ -132,4 +179,4 @@ function cookies(config) {
 }
 
 
-module.exports = cookies;
+module.exports = cookies;