cookie ready

2026-05-13 22:34:11 +02:00
parent 8c4e664ca8
commit 1b53c1c199
16 changed files with 798 additions and 146 deletions
@@ -0,0 +1,81 @@
+package handlers
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/labstack/echo/v4"
+
+	appmiddleware "git.ma-al.com/goc_marek/ps_shop/internal/http/middleware"
+	pscookie "git.ma-al.com/goc_marek/ps_shop/internal/prestashop/cookie"
+)
+
+type cookieDecodeResponse struct {
+	Source      string               `json:"source"`
+	CookieName  string               `json:"cookie_name,omitempty"`
+	RawCookie   string               `json:"raw_cookie,omitempty"`
+	Plaintext   string               `json:"plaintext,omitempty"`
+	ParseStatus pscookie.ParseStatus `json:"parse_status"`
+	IsLoggedIn  bool                 `json:"is_logged_in"`
+	CustomerID  *int64               `json:"customer_id,omitempty"`
+	CartID      *int64               `json:"cart_id,omitempty"`
+	LanguageID  *int64               `json:"language_id,omitempty"`
+	CurrencyID  *int64               `json:"currency_id,omitempty"`
+	ShopID      *int64               `json:"shop_id,omitempty"`
+	GuestID     *int64               `json:"guest_id,omitempty"`
+	OrderedKeys []string             `json:"ordered_keys,omitempty"`
+	Values      map[string]string    `json:"values"`
+}
+
+func DecodeCookie(codec pscookie.Codec) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		raw := strings.TrimSpace(c.FormValue("value"))
+		if raw == "" {
+			raw = strings.TrimSpace(c.FormValue("cookie"))
+		}
+
+		source := "request-session"
+		if raw != "" {
+			source = "request-parameter"
+			session, err := codec.Decode(raw)
+			if err != nil {
+				return echo.NewHTTPError(http.StatusBadRequest, "prestashop cookie decode failed: "+err.Error())
+			}
+			session.RawCookie = raw
+			return c.JSON(http.StatusOK, newCookieDecodeResponse(source, session))
+		}
+
+		session := appmiddleware.GetSession(c)
+		if session.RawCookie == "" && session.Plaintext == "" && len(session.Values) == 0 {
+			return echo.NewHTTPError(http.StatusBadRequest, "missing prestashop cookie; pass ?value=<cookie> or send the cookie in the request")
+		}
+		return c.JSON(http.StatusOK, newCookieDecodeResponse(source, session))
+	}
+}
+
+func newCookieDecodeResponse(source string, session *pscookie.SessionContext) cookieDecodeResponse {
+	if session == nil {
+		session = &pscookie.SessionContext{Values: map[string]string{}}
+	}
+	values := session.Values
+	if values == nil {
+		values = map[string]string{}
+	}
+
+	return cookieDecodeResponse{
+		Source:      source,
+		CookieName:  session.CookieName,
+		RawCookie:   session.RawCookie,
+		Plaintext:   session.Plaintext,
+		ParseStatus: session.ParseStatus,
+		IsLoggedIn:  session.IsLoggedIn,
+		CustomerID:  session.CustomerID,
+		CartID:      session.CartID,
+		LanguageID:  session.LanguageID,
+		CurrencyID:  session.CurrencyID,
+		ShopID:      session.ShopID,
+		GuestID:     session.GuestID,
+		OrderedKeys: session.OrderedKeys,
+		Values:      values,
+	}
+}
@@ -0,0 +1,96 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	appmiddleware "git.ma-al.com/goc_marek/ps_shop/internal/http/middleware"
+	pscookie "git.ma-al.com/goc_marek/ps_shop/internal/prestashop/cookie"
+
+	"github.com/labstack/echo/v4"
+)
+
+const (
+	testCookieKey = "def000008bf3d70e7012b7493c382d561e193218d0c74ab162fb0ea8029ce20e926531b4bcf0aaec9381152e6c161f198e06918b2d1aad67cc7cf40819a51ee328c63830"
+	testCookie    = "def5020099dce5cd9ecf197adb5532a74e3db2ed9cba3d59b98f365353099b710bd562efa48b6bad1ad0a12b2ee54de0fbfcc6baa0545a8234141b03bfc1fbbbb9061af5011764b9c4dfd9c0ddcad767a453e0cc24d6b4a7c524e6c49aabd66ecc390e1a964b6e81a051b171051c829542facbb36cf64fcfebf069906dcc95476578be3fe59aaae466cf70bd9c877d301d908ec3aa4f55366567f460dfefac1684ce381293e8d4138382a42716d6aaecdcc7"
+)
+
+func TestDecodeCookieFromQueryParameter(t *testing.T) {
+	codec, err := pscookie.NewCodec(pscookie.Config{
+		CookieName: "PrestaShop-test",
+		CookieKey:  testCookieKey,
+	})
+	if err != nil {
+		t.Fatalf("NewCodec() error = %v", err)
+	}
+
+	e := echo.New()
+	req := httptest.NewRequest(http.MethodGet, "/debug/cookie/decode?value="+testCookie, nil)
+	rec := httptest.NewRecorder()
+	c := e.NewContext(req, rec)
+
+	if err := DecodeCookie(codec)(c); err != nil {
+		t.Fatalf("DecodeCookie() error = %v", err)
+	}
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
+	}
+
+	var response cookieDecodeResponse
+	if err := json.Unmarshal(rec.Body.Bytes(), &response); err != nil {
+		t.Fatalf("json.Unmarshal() error = %v", err)
+	}
+
+	if response.Source != "request-parameter" {
+		t.Fatalf("source = %q, want request-parameter", response.Source)
+	}
+	if response.Values["id_lang"] != "1" {
+		t.Fatalf("id_lang = %q, want 1", response.Values["id_lang"])
+	}
+}
+
+func TestDecodeCookieFromSession(t *testing.T) {
+	codec, err := pscookie.NewCodec(pscookie.Config{
+		CookieName: "PrestaShop-test",
+		CookieKey:  testCookieKey,
+	})
+	if err != nil {
+		t.Fatalf("NewCodec() error = %v", err)
+	}
+
+	session, err := codec.Decode(testCookie)
+	if err != nil {
+		t.Fatalf("Decode() error = %v", err)
+	}
+	session.CookieName = "PrestaShop-test"
+
+	e := echo.New()
+	req := httptest.NewRequest(http.MethodGet, "/debug/cookie/decode", nil)
+	rec := httptest.NewRecorder()
+	c := e.NewContext(req, rec)
+	appmiddleware.SetSession(c, session)
+
+	if err := DecodeCookie(codec)(c); err != nil {
+		t.Fatalf("DecodeCookie() error = %v", err)
+	}
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
+	}
+
+	var response cookieDecodeResponse
+	if err := json.Unmarshal(rec.Body.Bytes(), &response); err != nil {
+		t.Fatalf("json.Unmarshal() error = %v", err)
+	}
+
+	if response.Source != "request-session" {
+		t.Fatalf("source = %q, want request-session", response.Source)
+	}
+	if response.CookieName != "PrestaShop-test" {
+		t.Fatalf("cookie_name = %q, want PrestaShop-test", response.CookieName)
+	}
+	if response.Values["id_currency"] != "1" {
+		t.Fatalf("id_currency = %q, want 1", response.Values["id_currency"])
+	}
+}
@@ -32,7 +32,7 @@ func TestApplyRequestMarketUsesSelectedCountryCurrency(t *testing.T) {
 		t.Fatalf("iso_code_country = %q, want %q", got, "PL")
 	}
 	if _, ok := session.Values["id_country"]; ok {
-		t.Fatalf("id_country should not be persisted in anonymous market cookie")
+		t.Fatalf("id_country should not be added by Go market rewrite")
 	}
 	if got := session.Values["id_currency"]; got != "6" {
 		t.Fatalf("id_currency = %q, want %q", got, "6")
@@ -40,13 +40,13 @@ func TestApplyRequestMarketUsesSelectedCountryCurrency(t *testing.T) {
 	if session.CurrencyID == nil || *session.CurrencyID != 6 {
 		t.Fatalf("CurrencyID = %v, want 6", session.CurrencyID)
 	}
-	if _, ok := session.Values["id_shop"]; ok {
-		t.Fatalf("id_shop should not be persisted in anonymous market cookie")
+	if got := session.Values["id_shop"]; got != "1" {
+		t.Fatalf("id_shop = %q, want %q", got, "1")
 	}
-	if _, ok := session.Values["id_cart"]; ok {
-		t.Fatalf("id_cart should not be persisted in anonymous market cookie")
+	if got := session.Values["id_cart"]; got != "55" {
+		t.Fatalf("id_cart = %q, want %q", got, "55")
 	}
-	wantOrder := []string{"date_add", "id_lang", "id_language", "iso_code_country", "id_currency", "id_guest", "id_connections", "checksum"}
+	wantOrder := []string{"date_add", "id_lang", "id_language", "id_currency", "id_guest", "id_connections", "id_shop", "id_cart", "iso_code_country", "checksum"}
 	for i, key := range wantOrder {
 		if i >= len(session.OrderedKeys) || session.OrderedKeys[i] != key {
 			t.Fatalf("OrderedKeys[%d] = %q, want %q; full=%v", i, session.OrderedKeys[i], key, session.OrderedKeys)
@@ -3,7 +3,6 @@ package middleware
 import (
 	"context"
 	"fmt"
-	"hash/crc32"
 	"net/http"
 	"strconv"
 	"strings"
@@ -26,6 +25,10 @@ type SessionCookieNameResolver interface {
 	ResolveCookieName(ctx context.Context, req *http.Request) (string, error)
 }

+type SessionCookiePathResolver interface {
+	ResolveCookiePath(ctx context.Context, req *http.Request) (string, error)
+}
+
 type LanguageResolver interface {
 	ResolveLanguageID(ctx context.Context, req *http.Request, fallback int64) int64
 }
@@ -38,6 +41,7 @@ func Session(cfg psconfig.Config, codec pscookie.Codec, initializer AnonymousSes
 	ownership := cfg.ParseRouteOwnership()
 	expiryRefresher, _ := initializer.(SessionExpiryRefresher)
 	cookieNameResolver, _ := initializer.(SessionCookieNameResolver)
+	cookiePathResolver, _ := initializer.(SessionCookiePathResolver)

 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
@@ -82,6 +86,16 @@ func Session(cfg psconfig.Config, codec pscookie.Codec, initializer AnonymousSes
 				applyRequestMarket(session, requestMarketSelection(c.Request()))
 			}
 			if ownedRoute && shouldSetSessionCookie(rawCookie, session) {
+				cookiePath := "/"
+				if cookiePathResolver != nil {
+					resolvedCookiePath, err := cookiePathResolver.ResolveCookiePath(c.Request().Context(), c.Request())
+					if err != nil {
+						return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("prestashop cookie path resolution failed: %v", err))
+					}
+					if strings.TrimSpace(resolvedCookiePath) != "" {
+						cookiePath = resolvedCookiePath
+					}
+				}
 				if expiryRefresher != nil {
 					if err := expiryRefresher.RefreshExpiry(c.Request().Context(), session); err != nil {
 						return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("prestashop session expiry refresh failed: %v", err))
@@ -92,7 +106,7 @@ func Session(cfg psconfig.Config, codec pscookie.Codec, initializer AnonymousSes
 					return echo.NewHTTPError(http.StatusInternalServerError, "prestashop cookie encode failed")
 				}
 				session.RawCookie = encoded
-				setPrestaShopCookie(c.Request(), c.Response(), session, cookieName, encoded)
+				setPrestaShopCookie(c.Request(), c.Response(), session, cookieName, encoded, cookiePath)
 				if redirectURL, ok := clearMarketSelectionURL(c.Request()); ok {
 					return c.Redirect(http.StatusSeeOther, redirectURL)
 				}
@@ -153,20 +167,7 @@ func cookiePrefix(configuredName string) string {
 }

 func shouldBootstrapAnonymousSession(rawCookie string, session *pscookie.SessionContext) bool {
-	if session == nil {
-		return true
-	}
-	if rawCookie == "" {
-		return true
-	}
-	if session.IsLoggedIn {
-		return false
-	}
-	return session.GuestID == nil ||
-		session.CurrencyID == nil ||
-		session.LanguageID == nil ||
-		session.Values["id_connections"] == "" ||
-		session.Values["iso_code_country"] == ""
+	return session == nil || rawCookie == ""
 }

 func shouldSetSessionCookie(rawCookie string, session *pscookie.SessionContext) bool {
@@ -195,15 +196,9 @@ func applyRequestLanguage(session *pscookie.SessionContext, languageID int64) {
 	session.LanguageID = int64Ptr(languageID)
 	session.Values["id_lang"] = value
 	session.Values["id_language"] = value
-	session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_lang", 1)
-	session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_language", 3)
-
-	if !session.IsLoggedIn {
-		if checksum := anonymousSessionChecksum(session, languageID); checksum != "" {
-			session.Values["checksum"] = checksum
-			session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "checksum", len(session.OrderedKeys))
-		}
-	}
+	session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "id_lang")
+	session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "id_language")
+	session.OrderedKeys = moveOrderedKeyToEnd(session.OrderedKeys, "checksum")

 	session.Plaintext = ""
 	session.RawCookie = ""
@@ -235,18 +230,9 @@ func applyRequestMarket(session *pscookie.SessionContext, selection marketSelect
 	session.CurrencyID = int64Ptr(selection.CurrencyID)
 	session.Values["iso_code_country"] = selection.CountryISO
 	session.Values["id_currency"] = strconv.FormatInt(selection.CurrencyID, 10)
-	delete(session.Values, "id_country")
-	session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "iso_code_country", 4)
-	session.OrderedKeys = removeOrderedKey(session.OrderedKeys, "id_country")
-	session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_currency", 5)
-
-	if !session.IsLoggedIn {
-		trimAnonymousCookieValues(session)
-		session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_guest", 6)
-		session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "id_connections", 7)
-		session.OrderedKeys = removeOrderedKey(session.OrderedKeys, "checksum")
-		session.OrderedKeys = ensureOrderedKey(session.OrderedKeys, "checksum", len(session.OrderedKeys))
-	}
+	session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "iso_code_country")
+	session.OrderedKeys = appendOrderedKeyIfMissing(session.OrderedKeys, "id_currency")
+	session.OrderedKeys = moveOrderedKeyToEnd(session.OrderedKeys, "checksum")

 	session.Plaintext = ""
 	session.RawCookie = ""
@@ -259,91 +245,28 @@ func sessionLanguageID(session *pscookie.SessionContext) int64 {
 	return *session.LanguageID
 }

-func anonymousSessionChecksum(session *pscookie.SessionContext, languageID int64) string {
-	if session == nil || session.Values == nil {
-		return ""
-	}
-	guestID, _ := strconv.ParseInt(session.Values["id_guest"], 10, 64)
-	connectionID, _ := strconv.ParseInt(session.Values["id_connections"], 10, 64)
-	currencyID, _ := strconv.ParseInt(session.Values["id_currency"], 10, 64)
-	shopID, _ := strconv.ParseInt(session.Values["id_shop"], 10, 64)
-	if guestID == 0 || connectionID == 0 || currencyID == 0 {
-		return ""
-	}
-
-	buf := make([]byte, 0, 32)
-	for _, value := range []int64{guestID, connectionID, languageID, currencyID, shopID} {
-		buf = strconv.AppendInt(buf, value, 10)
-		buf = append(buf, '|')
-	}
-	return strconv.FormatUint(uint64(crc32.ChecksumIEEE(buf)), 10)
-}
-
-func ensureOrderedKey(keys []string, key string, index int) []string {
+func appendOrderedKeyIfMissing(keys []string, key string) []string {
 	for i, existing := range keys {
 		if existing != key {
 			continue
 		}
-		if i == index || index >= len(keys) {
+		if i >= 0 {
 			return keys
 		}
-		keys = append(keys[:i], keys[i+1:]...)
-		break
 	}
-
-	if index < 0 {
-		index = 0
-	}
-	if index >= len(keys) {
-		return append(keys, key)
-	}
-
-	keys = append(keys, "")
-	copy(keys[index+1:], keys[index:])
-	keys[index] = key
-	return keys
+	return append(keys, key)
 }

-func removeOrderedKey(keys []string, key string) []string {
+func moveOrderedKeyToEnd(keys []string, key string) []string {
 	for i, existing := range keys {
 		if existing == key {
-			return append(keys[:i], keys[i+1:]...)
+			keys = append(keys[:i], keys[i+1:]...)
+			return append(keys, key)
 		}
 	}
 	return keys
 }

-func trimAnonymousCookieValues(session *pscookie.SessionContext) {
-	if session == nil || session.Values == nil {
-		return
-	}
-
-	allowed := map[string]struct{}{
-		"date_add":         {},
-		"id_lang":          {},
-		"id_language":      {},
-		"iso_code_country": {},
-		"id_currency":      {},
-		"id_guest":         {},
-		"id_connections":   {},
-		"checksum":         {},
-	}
-
-	for key := range session.Values {
-		if _, ok := allowed[key]; !ok {
-			delete(session.Values, key)
-		}
-	}
-
-	filtered := make([]string, 0, len(session.OrderedKeys))
-	for _, key := range session.OrderedKeys {
-		if _, ok := allowed[key]; ok {
-			filtered = append(filtered, key)
-		}
-	}
-	session.OrderedKeys = filtered
-}
-
 func int64Ptr(value int64) *int64 {
 	if value == 0 {
 		return nil
@@ -413,13 +336,16 @@ func clearMarketSelectionURL(req *http.Request) (string, bool) {
 	return cleanPath, true
 }

-func setPrestaShopCookie(req *http.Request, res *echo.Response, session *pscookie.SessionContext, name, value string) {
+func setPrestaShopCookie(req *http.Request, res *echo.Response, session *pscookie.SessionContext, name, value, path string) {
 	maxAge := 1
 	if session != nil && session.ExpiresAt != nil {
 		maxAge = int(session.ExpiresAt.UTC().Unix())
 	}
+	if strings.TrimSpace(path) == "" {
+		path = "/"
+	}

-	header := fmt.Sprintf("%s=%s; path=/; max-age=%d; HttpOnly; SameSite=Lax", name, value, maxAge)
+	header := fmt.Sprintf("%s=%s; path=%s; max-age=%d; HttpOnly; SameSite=Lax", name, value, path, maxAge)
 	if requestCookieSecure(req) {
 		header += "; Secure"
 	}
@@ -12,6 +12,54 @@ import (
 	pscookie "git.ma-al.com/goc_marek/ps_shop/internal/prestashop/cookie"
 )

+func TestShouldBootstrapAnonymousSession(t *testing.T) {
+	tests := []struct {
+		name      string
+		rawCookie string
+		session   *pscookie.SessionContext
+		want      bool
+	}{
+		{
+			name:      "missing cookie bootstraps",
+			rawCookie: "",
+			session:   &pscookie.SessionContext{},
+			want:      true,
+		},
+		{
+			name:      "nil session bootstraps",
+			rawCookie: "cookie",
+			session:   nil,
+			want:      true,
+		},
+		{
+			name:      "incomplete anonymous cookie does not bootstrap",
+			rawCookie: "cookie",
+			session: &pscookie.SessionContext{
+				Values: map[string]string{
+					"id_lang": "5",
+				},
+			},
+			want: false,
+		},
+		{
+			name:      "logged in cookie does not bootstrap",
+			rawCookie: "cookie",
+			session: &pscookie.SessionContext{
+				IsLoggedIn: true,
+			},
+			want: false,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := shouldBootstrapAnonymousSession(tc.rawCookie, tc.session); got != tc.want {
+				t.Fatalf("shouldBootstrapAnonymousSession() = %v, want %v", got, tc.want)
+			}
+		})
+	}
+}
+
 func TestSetPrestaShopCookiePersistsExpiry(t *testing.T) {
 	e := echo.New()
 	req := httptest.NewRequest(http.MethodGet, "https://shop.example.com/product/test", nil)
@@ -21,7 +69,7 @@ func TestSetPrestaShopCookiePersistsExpiry(t *testing.T) {

 	setPrestaShopCookie(req, res, &pscookie.SessionContext{
 		ExpiresAt: &expiresAt,
-	}, "PrestaShop-test", "value")
+	}, "PrestaShop-test", "value", "/")

 	setCookie := rec.Header().Get("Set-Cookie")
 	if !strings.Contains(setCookie, "max-age=") {