chillerlan
diff --git a/‎src/Cookie.php
Lines changed: 218 additions & 0 deletions b/‎src/Cookie.php
Lines changed: 218 additions & 0 deletions
diff --git a/‎src/MessageUtil.php
Lines changed: 61 additions & 3 deletions b/‎src/MessageUtil.php
Lines changed: 61 additions & 3 deletions
@@ -0,0 +1,218 @@
+<?php
+/**
+ * Class Cookie
+ *
+ * @created      27.02.2024
+ * @author       smiley <smiley@chillerlan.net>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+
+namespace chillerlan\HTTP\Utils;
+
+use DateInterval, DateTime, DateTimeInterface, DateTimeZone, InvalidArgumentException, RuntimeException;
+use function idn_to_ascii, implode, in_array, mb_strtolower, rawurlencode, sprintf, str_replace, strtolower, trim;
+
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1
+ */
+class Cookie{
+
+	public const RESERVED_CHARACTERS = ["\t", "\n", "\v", "\f", "\r", "\x0E", ' ', ',', ';', '='];
+
+	protected string                 $name;
+	protected string                 $value;
+	protected DateTimeInterface|null $expiry   = null;
+	protected int                    $maxAge   = 0;
+	protected string|null            $domain   = null;
+	protected string|null            $path     = null;
+	protected bool                   $secure   = false;
+	protected bool                   $httpOnly = false;
+	protected string|null            $sameSite = null;
+
+	/**
+	 *
+	 */
+	public function __construct(string $name, string|null $value = null){
+		$this->withNameAndValue($name, ($value ?? ''));
+	}
+
+	/**
+	 *
+	 */
+	public function __toString():string{
+		$cookie = [sprintf('%s=%s', $this->name, $this->value)];
+
+		if($this->expiry !== null){
+
+			if($this->value === ''){
+				// set a date in the past to delete the cookie
+				$this->withExpiry(0);
+			}
+
+			$cookie[] = sprintf('Expires=%s; Max-Age=%s', $this->expiry->format(DateTimeInterface::COOKIE), $this->maxAge);
+		}
+
+		if($this->domain !== null){
+			$cookie[] = sprintf('Domain=%s', $this->domain);
+		}
+
+		if($this->path !== null){
+			$cookie[] = sprintf('Path=%s', $this->path);
+		}
+
+		if($this->secure === true){
+			$cookie[] = 'Secure';
+		}
+
+		if($this->httpOnly === true){
+			$cookie[] = 'HttpOnly';
+		}
+
+		if($this->sameSite !== null){
+
+			if($this->sameSite === 'none' && !$this->secure){
+				throw new InvalidArgumentException('The same site attribute can only be "none" when secure is set to true');
+			}
+
+			$cookie[] = sprintf('SameSite=%s', $this->sameSite);
+		}
+
+		return implode('; ', $cookie);
+	}
+
+	/**
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
+	 * @see https://github.com/symfony/symfony/blob/de93ccde2a1be2a46dbc6e10d5541a0f07e22e33/src/Symfony/Component/HttpFoundation/Cookie.php#L100-L102
+	 */
+	public function withNameAndValue(string $name, string $value):static{
+		$name = trim($name);
+
+		if($name === ''){
+			throw new InvalidArgumentException('The cookie name cannot be empty.');
+		}
+
+		if(str_replace(static::RESERVED_CHARACTERS, '', $name) !== $name){
+			throw new InvalidArgumentException('The cookie name contains invalid (reserved) characters.');
+		}
+
+		$this->name  = $name;
+		$this->value = rawurlencode(trim($value));
+
+		return $this;
+	}
+
+	/**
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.1
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.2
+	 */
+	public function withExpiry(DateTimeInterface|DateInterval|int|null $expiry):static{
+
+		if($expiry === null){
+			$this->expiry = null;
+			$this->maxAge = 0;
+
+			return $this;
+		}
+
+		$dt  = (new DateTime)->setTimezone(new DateTimeZone('GMT'));
+		$now = $dt->getTimestamp();
+
+		$this->expiry = match(true){
+			$expiry instanceof DateTimeInterface => $expiry,
+			$expiry instanceof DateInterval      => $dt->add($expiry),
+			// 0 is supposed to delete the cookie, set a magic number: 01-Jan-1970 12:34:56
+			$expiry === 0                        => $dt->setTimestamp(45296),
+			// assuming a relative time interval
+			$expiry < $now                       => $dt->setTimestamp($now + $expiry),
+			// timestamp in the future (incl. now, which will delete the cookie)
+			$expiry >= $now                      => $dt->setTimestamp($expiry),
+		};
+
+		$this->maxAge = ($this->expiry->getTimestamp() - $now);
+
+		if($this->maxAge < 0){
+			$this->maxAge = 0;
+		}
+
+		return $this;
+	}
+
+	/**
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.3
+	 */
+	public function withDomain(string|null $domain, bool|null $punycode = null):static{
+
+		if($domain !== null){
+			$domain = mb_strtolower(trim($domain));
+
+			// take care of multibyte domain names (IDN)
+			if($punycode === true){
+				$domain = idn_to_ascii($domain);
+
+				if($domain === false){
+					throw new RuntimeException('Could not convert the given domain to IDN'); // @codeCoverageIgnore
+				}
+			}
+		}
+
+		$this->domain = $domain;
+
+		return $this;
+	}
+
+	/**
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.4
+	 */
+	public function withPath(string|null $path):static{
+
+		if($path !== null){
+			$path = trim($path);
+
+			if($path === ''){
+				$path = '/';
+			}
+		}
+
+		$this->path = $path;
+
+		return $this;
+	}
+
+	/**
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.5
+	 */
+	public function withSecure(bool $secure):static{
+		$this->secure = $secure;
+
+		return $this;
+	}
+
+	/**
+	 * @see https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.6
+	 */
+	public function withHttpOnly(bool $httpOnly):static{
+		$this->httpOnly = $httpOnly;
+
+		return $this;
+	}
+
+	/**
+	 * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
+	 */
+	public function withSameSite(string|null $sameSite):static{
+
+		if($sameSite !== null){
+			$sameSite = strtolower(trim($sameSite));
+
+			if(!in_array($sameSite, ['lax', 'strict', 'none'])){
+				throw new InvalidArgumentException('The same site attribute must be "lax", "strict" or "none"');
+			}
+		}
+
+		$this->sameSite = $sameSite;
+
+		return $this;
+	}
+
+}
@@ -13,9 +13,9 @@
 namespace chillerlan\HTTP\Utils;
 
 use Psr\Http\Message\{MessageInterface, RequestInterface, ResponseInterface, ServerRequestInterface};
-use RuntimeException, Throwable;
-use function call_user_func, extension_loaded, function_exists, gzdecode, gzinflate, gzuncompress, implode,
-	in_array, json_decode, json_encode, simplexml_load_string, sprintf, strtolower, trim;
+use DateInterval, DateTimeInterface, RuntimeException, Throwable;
+use function array_map, explode, extension_loaded, function_exists, gzdecode, gzinflate, gzuncompress, implode,
+	in_array, json_decode, json_encode, rawurldecode, simplexml_load_string, sprintf, strtolower, trim;
 use const JSON_THROW_ON_ERROR;
 
 /**
@@ -181,4 +181,62 @@ public static function setContentTypeHeader(
 		return $message->withHeader('Content-Type', $mime);
 	}
 
+	/**
+	 * Adds a Set-Cookie header to a ResponseInterface (convenience)
+	 *
+	 * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
+	 */
+	public static function setCookie(
+		ResponseInterface                       $message,
+		string                                  $name,
+		string|null                             $value = null,
+		DateTimeInterface|DateInterval|int|null $expiry = null,
+		string|null                             $domain = null,
+		string|null                             $path = null,
+		bool                                    $secure = false,
+		bool                                    $httpOnly = false,
+		string|null                             $sameSite = null,
+	):ResponseInterface{
+
+		$cookie = (new Cookie($name, $value))
+			->withExpiry($expiry)
+			->withDomain($domain)
+			->withPath($path)
+			->withSecure($secure)
+			->withHttpOnly($httpOnly)
+			->withSameSite($sameSite)
+		;
+
+		return $message->withAddedHeader('Set-Cookie', (string)$cookie);
+	}
+
+	/**
+	 * Attempts to extract and parse a cookie from a "Cookie" (user-agent) header
+	 *
+	 * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie
+	 */
+	public static function getCookiesFromHeader(MessageInterface $message):array|null{
+
+		if(!$message->hasHeader('Cookie')){
+			return null;
+		}
+
+		$header = trim($message->getHeaderLine('Cookie'));
+
+		if(empty($header)){
+			return null;
+		}
+
+		$cookies = [];
+
+		// some people apparently use regular expressions for this (:
+		foreach(array_map('trim', explode(';', $header)) as $kv){
+			[$name, $value] = array_map('trim', explode('=', $kv, 2));
+
+			$cookies[$name] = rawurldecode($value);
+		}
+
+		return $cookies;
+	}
+
 }