123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458 |
- /*!
- * content-disposition
- * Copyright(c) 2014-2017 Douglas Christopher Wilson
- * MIT Licensed
- */
- 'use strict'
- /**
- * Module exports.
- * @public
- */
- module.exports = contentDisposition
- module.exports.parse = parse
- /**
- * Module dependencies.
- * @private
- */
- var basename = require('path').basename
- var Buffer = require('safe-buffer').Buffer
- /**
- * RegExp to match non attr-char, *after* encodeURIComponent (i.e. not including "%")
- * @private
- */
- var ENCODE_URL_ATTR_CHAR_REGEXP = /[\x00-\x20"'()*,/:;<=>?@[\\\]{}\x7f]/g // eslint-disable-line no-control-regex
- /**
- * RegExp to match percent encoding escape.
- * @private
- */
- var HEX_ESCAPE_REGEXP = /%[0-9A-Fa-f]{2}/
- var HEX_ESCAPE_REPLACE_REGEXP = /%([0-9A-Fa-f]{2})/g
- /**
- * RegExp to match non-latin1 characters.
- * @private
- */
- var NON_LATIN1_REGEXP = /[^\x20-\x7e\xa0-\xff]/g
- /**
- * RegExp to match quoted-pair in RFC 2616
- *
- * quoted-pair = "\" CHAR
- * CHAR = <any US-ASCII character (octets 0 - 127)>
- * @private
- */
- var QESC_REGEXP = /\\([\u0000-\u007f])/g // eslint-disable-line no-control-regex
- /**
- * RegExp to match chars that must be quoted-pair in RFC 2616
- * @private
- */
- var QUOTE_REGEXP = /([\\"])/g
- /**
- * RegExp for various RFC 2616 grammar
- *
- * parameter = token "=" ( token | quoted-string )
- * token = 1*<any CHAR except CTLs or separators>
- * separators = "(" | ")" | "<" | ">" | "@"
- * | "," | ";" | ":" | "\" | <">
- * | "/" | "[" | "]" | "?" | "="
- * | "{" | "}" | SP | HT
- * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
- * qdtext = <any TEXT except <">>
- * quoted-pair = "\" CHAR
- * CHAR = <any US-ASCII character (octets 0 - 127)>
- * TEXT = <any OCTET except CTLs, but including LWS>
- * LWS = [CRLF] 1*( SP | HT )
- * CRLF = CR LF
- * CR = <US-ASCII CR, carriage return (13)>
- * LF = <US-ASCII LF, linefeed (10)>
- * SP = <US-ASCII SP, space (32)>
- * HT = <US-ASCII HT, horizontal-tab (9)>
- * CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
- * OCTET = <any 8-bit sequence of data>
- * @private
- */
- var PARAM_REGEXP = /;[\x09\x20]*([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*=[\x09\x20]*("(?:[\x20!\x23-\x5b\x5d-\x7e\x80-\xff]|\\[\x20-\x7e])*"|[!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*/g // eslint-disable-line no-control-regex
- var TEXT_REGEXP = /^[\x20-\x7e\x80-\xff]+$/
- var TOKEN_REGEXP = /^[!#$%&'*+.0-9A-Z^_`a-z|~-]+$/
- /**
- * RegExp for various RFC 5987 grammar
- *
- * ext-value = charset "'" [ language ] "'" value-chars
- * charset = "UTF-8" / "ISO-8859-1" / mime-charset
- * mime-charset = 1*mime-charsetc
- * mime-charsetc = ALPHA / DIGIT
- * / "!" / "#" / "$" / "%" / "&"
- * / "+" / "-" / "^" / "_" / "`"
- * / "{" / "}" / "~"
- * language = ( 2*3ALPHA [ extlang ] )
- * / 4ALPHA
- * / 5*8ALPHA
- * extlang = *3( "-" 3ALPHA )
- * value-chars = *( pct-encoded / attr-char )
- * pct-encoded = "%" HEXDIG HEXDIG
- * attr-char = ALPHA / DIGIT
- * / "!" / "#" / "$" / "&" / "+" / "-" / "."
- * / "^" / "_" / "`" / "|" / "~"
- * @private
- */
- var EXT_VALUE_REGEXP = /^([A-Za-z0-9!#$%&+\-^_`{}~]+)'(?:[A-Za-z]{2,3}(?:-[A-Za-z]{3}){0,3}|[A-Za-z]{4,8}|)'((?:%[0-9A-Fa-f]{2}|[A-Za-z0-9!#$&+.^_`|~-])+)$/
- /**
- * RegExp for various RFC 6266 grammar
- *
- * disposition-type = "inline" | "attachment" | disp-ext-type
- * disp-ext-type = token
- * disposition-parm = filename-parm | disp-ext-parm
- * filename-parm = "filename" "=" value
- * | "filename*" "=" ext-value
- * disp-ext-parm = token "=" value
- * | ext-token "=" ext-value
- * ext-token = <the characters in token, followed by "*">
- * @private
- */
- var DISPOSITION_TYPE_REGEXP = /^([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*(?:$|;)/ // eslint-disable-line no-control-regex
- /**
- * Create an attachment Content-Disposition header.
- *
- * @param {string} [filename]
- * @param {object} [options]
- * @param {string} [options.type=attachment]
- * @param {string|boolean} [options.fallback=true]
- * @return {string}
- * @public
- */
- function contentDisposition (filename, options) {
- var opts = options || {}
- // get type
- var type = opts.type || 'attachment'
- // get parameters
- var params = createparams(filename, opts.fallback)
- // format into string
- return format(new ContentDisposition(type, params))
- }
- /**
- * Create parameters object from filename and fallback.
- *
- * @param {string} [filename]
- * @param {string|boolean} [fallback=true]
- * @return {object}
- * @private
- */
- function createparams (filename, fallback) {
- if (filename === undefined) {
- return
- }
- var params = {}
- if (typeof filename !== 'string') {
- throw new TypeError('filename must be a string')
- }
- // fallback defaults to true
- if (fallback === undefined) {
- fallback = true
- }
- if (typeof fallback !== 'string' && typeof fallback !== 'boolean') {
- throw new TypeError('fallback must be a string or boolean')
- }
- if (typeof fallback === 'string' && NON_LATIN1_REGEXP.test(fallback)) {
- throw new TypeError('fallback must be ISO-8859-1 string')
- }
- // restrict to file base name
- var name = basename(filename)
- // determine if name is suitable for quoted string
- var isQuotedString = TEXT_REGEXP.test(name)
- // generate fallback name
- var fallbackName = typeof fallback !== 'string'
- ? fallback && getlatin1(name)
- : basename(fallback)
- var hasFallback = typeof fallbackName === 'string' && fallbackName !== name
- // set extended filename parameter
- if (hasFallback || !isQuotedString || HEX_ESCAPE_REGEXP.test(name)) {
- params['filename*'] = name
- }
- // set filename parameter
- if (isQuotedString || hasFallback) {
- params.filename = hasFallback
- ? fallbackName
- : name
- }
- return params
- }
- /**
- * Format object to Content-Disposition header.
- *
- * @param {object} obj
- * @param {string} obj.type
- * @param {object} [obj.parameters]
- * @return {string}
- * @private
- */
- function format (obj) {
- var parameters = obj.parameters
- var type = obj.type
- if (!type || typeof type !== 'string' || !TOKEN_REGEXP.test(type)) {
- throw new TypeError('invalid type')
- }
- // start with normalized type
- var string = String(type).toLowerCase()
- // append parameters
- if (parameters && typeof parameters === 'object') {
- var param
- var params = Object.keys(parameters).sort()
- for (var i = 0; i < params.length; i++) {
- param = params[i]
- var val = param.substr(-1) === '*'
- ? ustring(parameters[param])
- : qstring(parameters[param])
- string += '; ' + param + '=' + val
- }
- }
- return string
- }
- /**
- * Decode a RFC 6987 field value (gracefully).
- *
- * @param {string} str
- * @return {string}
- * @private
- */
- function decodefield (str) {
- var match = EXT_VALUE_REGEXP.exec(str)
- if (!match) {
- throw new TypeError('invalid extended field value')
- }
- var charset = match[1].toLowerCase()
- var encoded = match[2]
- var value
- // to binary string
- var binary = encoded.replace(HEX_ESCAPE_REPLACE_REGEXP, pdecode)
- switch (charset) {
- case 'iso-8859-1':
- value = getlatin1(binary)
- break
- case 'utf-8':
- value = Buffer.from(binary, 'binary').toString('utf8')
- break
- default:
- throw new TypeError('unsupported charset in extended field')
- }
- return value
- }
- /**
- * Get ISO-8859-1 version of string.
- *
- * @param {string} val
- * @return {string}
- * @private
- */
- function getlatin1 (val) {
- // simple Unicode -> ISO-8859-1 transformation
- return String(val).replace(NON_LATIN1_REGEXP, '?')
- }
- /**
- * Parse Content-Disposition header string.
- *
- * @param {string} string
- * @return {object}
- * @public
- */
- function parse (string) {
- if (!string || typeof string !== 'string') {
- throw new TypeError('argument string is required')
- }
- var match = DISPOSITION_TYPE_REGEXP.exec(string)
- if (!match) {
- throw new TypeError('invalid type format')
- }
- // normalize type
- var index = match[0].length
- var type = match[1].toLowerCase()
- var key
- var names = []
- var params = {}
- var value
- // calculate index to start at
- index = PARAM_REGEXP.lastIndex = match[0].substr(-1) === ';'
- ? index - 1
- : index
- // match parameters
- while ((match = PARAM_REGEXP.exec(string))) {
- if (match.index !== index) {
- throw new TypeError('invalid parameter format')
- }
- index += match[0].length
- key = match[1].toLowerCase()
- value = match[2]
- if (names.indexOf(key) !== -1) {
- throw new TypeError('invalid duplicate parameter')
- }
- names.push(key)
- if (key.indexOf('*') + 1 === key.length) {
- // decode extended value
- key = key.slice(0, -1)
- value = decodefield(value)
- // overwrite existing value
- params[key] = value
- continue
- }
- if (typeof params[key] === 'string') {
- continue
- }
- if (value[0] === '"') {
- // remove quotes and escapes
- value = value
- .substr(1, value.length - 2)
- .replace(QESC_REGEXP, '$1')
- }
- params[key] = value
- }
- if (index !== -1 && index !== string.length) {
- throw new TypeError('invalid parameter format')
- }
- return new ContentDisposition(type, params)
- }
- /**
- * Percent decode a single character.
- *
- * @param {string} str
- * @param {string} hex
- * @return {string}
- * @private
- */
- function pdecode (str, hex) {
- return String.fromCharCode(parseInt(hex, 16))
- }
- /**
- * Percent encode a single character.
- *
- * @param {string} char
- * @return {string}
- * @private
- */
- function pencode (char) {
- return '%' + String(char)
- .charCodeAt(0)
- .toString(16)
- .toUpperCase()
- }
- /**
- * Quote a string for HTTP.
- *
- * @param {string} val
- * @return {string}
- * @private
- */
- function qstring (val) {
- var str = String(val)
- return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"'
- }
- /**
- * Encode a Unicode string for HTTP (RFC 5987).
- *
- * @param {string} val
- * @return {string}
- * @private
- */
- function ustring (val) {
- var str = String(val)
- // percent encode as UTF-8
- var encoded = encodeURIComponent(str)
- .replace(ENCODE_URL_ATTR_CHAR_REGEXP, pencode)
- return 'UTF-8\'\'' + encoded
- }
- /**
- * Class for parsed Content-Disposition header for v8 optimization
- *
- * @public
- * @param {string} type
- * @param {object} parameters
- * @constructor
- */
- function ContentDisposition (type, parameters) {
- this.type = type
- this.parameters = parameters
- }
|