Startsida Utforska Hjälp
Logga in
heckyel
/
ematrix
spegling av https://c.hgit.ga/software/ematrix.git
Bevaka 1
Stjärnmärk 0
Fork 0
Filer
Gren: master
Grenar Taggar
ematrix
/
js
/
cookies.js

cookies.js 12 KB
Permalänk Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415 
  1. /*******************************************************************************
    2. 

  2. 

  3.     ηMatrix - a browser extension to black/white list requests.
    4. 

  4.     Copyright (C) 2013-2019 Raymond Hill
    5. 

  5.     Copyright (C) 2019-2022 Alessio Vanni
    6. 

  6. 

  7.     This program is free software: you can redistribute it and/or modify
    8. 

  8.     it under the terms of the GNU General Public License as published by
    9. 

  9.     the Free Software Foundation, either version 3 of the License, or
    10. 

  10.     (at your option) any later version.
    11. 

  11. 

  12.     This program is distributed in the hope that it will be useful,
    13. 

  13.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.     GNU General Public License for more details.
    16. 

  16. 

  17.     You should have received a copy of the GNU General Public License
    18. 

  18.     along with this program.  If not, see {http://www.gnu.org/licenses/}.
    19. 

  19. 

  20.     Home: https://gitlab.com/vannilla/ematrix
    21. 

  21.     uMatrix Home: https://github.com/gorhill/uMatrix
    22. 

  22. */
    23. 

  23. 

  24. // rhill 2013-12-14: the whole cookie management has been rewritten so as
    25. 

  25. // to avoid having to call chrome API whenever a single cookie changes, and
    26. 

  26. // to record cookie for a web page *only* when its value changes.
    27. 

  27. // https://github.com/gorhill/httpswitchboard/issues/79
    28. 

  28. 

  29. "use strict";
    30. 

  30. 

  31. // Isolate from global namespace
    32. 

  32. 

  33. // Use cached-context approach rather than object-based approach, as details
    34. 

  34. // of the implementation do not need to be visible
    35. 

  35. 

  36. ηMatrix.cookieHunter = (function () {
    37. 

  37.     Cu.import('chrome://ematrix/content/lib/UriTools.jsm');
    38. 

  38.     Cu.import('chrome://ematrix/content/lib/CookieCache.jsm');
    39. 

  39. 

  40.     let ηm = ηMatrix;
    41. 

  41. 

  42.     let recordPageCookiesQueue = new Map();
    43. 

  43.     let removePageCookiesQueue = new Map();
    44. 

  44.     let removeCookieQueue = new Set();
    45. 

  45.     let processRemoveQueuePeriod = 2 * 60 * 1000;
    46. 

  46.     let processCleanPeriod = 10 * 60 * 1000;
    47. 

  47.     let processPageRecordQueueTimer = null;
    48. 

  48.     let processPageRemoveQueueTimer = null;
    49. 

  49. 

  50.     // Look for cookies to record for a specific web page
    51. 

  51. 

  52.     let recordPageCookiesAsync = function (pageStats) {
    53. 

  53. 	// Store the page stats objects so that it doesn't go away
    54. 

  54. 	// before we handle the job.
    55. 

  55. 	// rhill 2013-10-19: pageStats could be nil, for example, this can
    56. 

  56. 	// happens if a file:// ... makes an xmlHttpRequest
    57. 

  57. 	if (!pageStats) {
    58. 

  58.             return;
    59. 

  59. 	}
    60. 

  60. 	recordPageCookiesQueue.set(pageStats.pageUrl, pageStats);
    61. 

  61. 	if (processPageRecordQueueTimer === null) {
    62. 

  62.             processPageRecordQueueTimer =
    63. 

  63. 		vAPI.setTimeout(processPageRecordQueue, 1000);
    64. 

  64. 	}
    65. 

  65.     };
    66. 

  66. 

  67.     let cookieLogEntryBuilder = [
    68. 

  68. 	'',
    69. 

  69. 	'{',
    70. 

  70. 	'',
    71. 

  71. 	'-cookie:',
    72. 

  72. 	'',
    73. 

  73. 	'}'
    74. 

  74.     ];
    75. 

  75. 

  76.     let recordPageCookie = function (pageStore, key) {
    77. 

  77. 	if (vAPI.isBehindTheSceneTabId(pageStore.tabId)) {
    78. 

  78. 	    return;
    79. 

  79. 	}
    80. 

  80. 

  81. 	let entry = CookieCache.get(key);
    82. 

  82. 	let pageHostname = pageStore.pageHostname;
    83. 

  83. 	let block = ηm.mustBlock(pageHostname, entry.hostname, 'cookie');
    84. 

  84. 

  85. 	cookieLogEntryBuilder[0] = CookieUtils.urlFromEntry(entry);
    86. 

  86. 	cookieLogEntryBuilder[2] = entry.session ? 'session' : 'persistent';
    87. 

  87. 	cookieLogEntryBuilder[4] = encodeURIComponent(entry.name);
    88. 

  88. 

  89. 	let cookieURL = cookieLogEntryBuilder.join('');
    90. 

  90. 

  91. 	// rhill 2013-11-20:
    92. 

  92. 	// https://github.com/gorhill/httpswitchboard/issues/60
    93. 

  93. 	// Need to URL-encode cookie name
    94. 

  94. 	pageStore.recordRequest('cookie', cookieURL, block);
    95. 

  95. 	ηm.logger.writeOne(pageStore.tabId, 'net',
    96. 

  96. 			   pageHostname, cookieURL, 'cookie', block);
    97. 

  97. 

  98. 	entry.usedOn.add(pageHostname);
    99. 

  99. 

  100. 	// rhill 2013-11-21:
    101. 

  101. 	// https://github.com/gorhill/httpswitchboard/issues/65
    102. 

  102. 	// Leave alone cookies from behind-the-scene requests if
    103. 

  103. 	// behind-the-scene processing is disabled.
    104. 

  104. 	if (!block) {
    105. 

  105.             return;
    106. 

  106. 	}
    107. 

  107. 	if (!ηm.userSettings.deleteCookies) {
    108. 

  108.             return;
    109. 

  109. 	}
    110. 

  110. 	removeCookieAsync(key);
    111. 

  111.     };
    112. 

  112. 

  113.     // Look for cookies to potentially remove for a specific web page
    114. 

  114. 

  115.     let removePageCookiesAsync = function (pageStats) {
    116. 

  116. 	// Hold onto pageStats objects so that it doesn't go away
    117. 

  117. 	// before we handle the job.
    118. 

  118. 	// rhill 2013-10-19: pageStats could be nil, for example, this can
    119. 

  119. 	// happens if a file:// ... makes an xmlHttpRequest
    120. 

  120. 	if (!pageStats) {
    121. 

  121.             return;
    122. 

  122. 	}
    123. 

  123. 	removePageCookiesQueue.set(pageStats.pageUrl, pageStats);
    124. 

  124. 	if (processPageRemoveQueueTimer === null) {
    125. 

  125.             processPageRemoveQueueTimer =
    126. 

  126. 		vAPI.setTimeout(processPageRemoveQueue, 15 * 1000);
    127. 

  127. 	}
    128. 

  128.     };
    129. 

  129. 

  130.     // Candidate for removal
    131. 

  131. 

  132.     let removeCookieAsync = function (key) {
    133. 

  133. 	removeCookieQueue.add(key);
    134. 

  134.     };
    135. 

  135. 

  136.     let chromeCookieRemove = function (entry, name) {
    137. 

  137. 	let url = CookieUtils.urlFromEntry(entry);
    138. 

  138. 	if (url === '') {
    139. 

  139.             return;
    140. 

  140. 	}
    141. 

  141. 	let sessionKey = CookieUtils.keyFromURL(UriTools.set(url),
    142. 

  142. 						'session', name);
    143. 

  143. 	let persistKey = CookieUtils.keyFromURL(UriTools.set(url),
    144. 

  144. 						'persistent', name);
    145. 

  145. 

  146. 	let callback = function(details) {
    147. 

  147.             let success = !!details;
    148. 

  148.             let template = success ?
    149. 

  149. 		i18nCookieDeleteSuccess :
    150. 

  150. 		i18nCookieDeleteFailure;
    151. 

  151. 

  152.             if (CookieCache.remove(sessionKey)) {
    153. 

  153. 		if (success) {
    154. 

  154.                     ηm.cookieRemovedCounter += 1;
    155. 

  155. 		}
    156. 

  156. 		ηm.logger.writeOne('', 'info', 'cookie',
    157. 

  157. 				   template.replace('{{value}}',
    158. 

  158. 						    sessionKey));
    159. 

  159.             }
    160. 

  160.             if (CookieCache.remove(persistKey)) {
    161. 

  161. 		if (success) {
    162. 

  162.                     ηm.cookieRemovedCounter += 1;
    163. 

  163. 		}
    164. 

  164. 		ηm.logger.writeOne('', 'info', 'cookie',
    165. 

  165. 				   template.replace('{{value}}',
    166. 

  166. 						    persistKey));
    167. 

  167.             }
    168. 

  168. 	};
    169. 

  169. 

  170. 	vAPI.cookies.remove({
    171. 

  171. 	    url: url, name: name
    172. 

  172. 	}, callback);
    173. 

  173.     };
    174. 

  174. 

  175.     let i18nCookieDeleteSuccess = vAPI.i18n('loggerEntryCookieDeleted');
    176. 

  176.     let i18nCookieDeleteFailure = vAPI.i18n('loggerEntryDeleteCookieError');
    177. 

  177. 

  178.     let processPageRecordQueue = function () {
    179. 

  179. 	processPageRecordQueueTimer = null;
    180. 

  180. 

  181. 	for (let pageStore of recordPageCookiesQueue.values()) {
    182. 

  182.             findAndRecordPageCookies(pageStore);
    183. 

  183. 	}
    184. 

  184. 	recordPageCookiesQueue.clear();
    185. 

  185.     };
    186. 

  186. 

  187.     let processPageRemoveQueue = function () {
    188. 

  188. 	processPageRemoveQueueTimer = null;
    189. 

  189. 

  190. 	for (let pageStore of removePageCookiesQueue.values()) {
    191. 

  191.             findAndRemovePageCookies(pageStore);
    192. 

  192. 	}
    193. 

  193. 	removePageCookiesQueue.clear();
    194. 

  194.     };
    195. 

  195. 

  196.     // Effectively remove cookies.
    197. 

  197. 

  198.     let processRemoveQueue = function () {
    199. 

  199. 	let userSettings = ηm.userSettings;
    200. 

  200. 	let deleteCookies = userSettings.deleteCookies;
    201. 

  201. 

  202. 	// Session cookies which timestamp is *after* tstampObsolete will
    203. 

  203. 	// be left untouched
    204. 

  204. 	// https://github.com/gorhill/httpswitchboard/issues/257
    205. 

  205. 	let dusc = userSettings.deleteUnusedSessionCookies;
    206. 

  206. 	let dusca = userSettings.deleteUnusedSessionCookiesAfter;
    207. 

  207. 	let tstampObsolete = dusc ?
    208. 

  208. 	    Date.now() - dusca * 60 * 1000 :
    209. 

  209.             0;
    210. 

  210. 

  211. 	let srcHostnames;
    212. 

  212. 	let entry;
    213. 

  213. 

  214. 	for (let key of removeCookieQueue) {
    215. 

  215.             // rhill 2014-05-12: Apparently this can happen. I have to
    216. 

  216.             // investigate how (A session cookie has same name as a
    217. 

  217.             // persistent cookie?)
    218. 

  218.             entry = CookieCache.get(key);
    219. 

  219.             if (entry === undefined) {
    220. 

  220. 		continue;
    221. 

  221. 	    }
    222. 

  222. 

  223.             // Delete obsolete session cookies: enabled.
    224. 

  224.             if (tstampObsolete !== 0 && entry.session) {
    225. 

  225. 		if (entry.tstamp < tstampObsolete) {
    226. 

  226.                     chromeCookieRemove(entry, entry.name);
    227. 

  227.                     continue;
    228. 

  228. 		}
    229. 

  229.             }
    230. 

  230. 

  231.             // Delete all blocked cookies: disabled.
    232. 

  232.             if (deleteCookies === false) {
    233. 

  233. 		continue;
    234. 

  234.             }
    235. 

  235. 

  236.             // Query scopes only if we are going to use them
    237. 

  237.             if (srcHostnames === undefined) {
    238. 

  238. 		srcHostnames = ηm.tMatrix.extractAllSourceHostnames();
    239. 

  239.             }
    240. 

  240. 

  241.             // Ensure cookie is not allowed on ALL current web pages: It can
    242. 

  242.             // happen that a cookie is blacklisted on one web page while
    243. 

  243.             // being whitelisted on another (because of per-page permissions).
    244. 

  244.             if (canRemoveCookie(key, srcHostnames)) {
    245. 

  245. 		chromeCookieRemove(entry, entry.name);
    246. 

  246.             }
    247. 

  247. 	}
    248. 

  248. 

  249. 	removeCookieQueue.clear();
    250. 

  250. 

  251. 	vAPI.setTimeout(processRemoveQueue, processRemoveQueuePeriod);
    252. 

  252.     };
    253. 

  253. 

  254.     // Once in a while, we go ahead and clean everything that might have been
    255. 

  255.     // left behind.
    256. 

  256. 

  257.     // Remove only some of the cookies which are candidate for removal: who knows,
    258. 

  258.     // maybe a user has 1000s of cookies sitting in his browser...
    259. 

  259. 

  260.     let processClean = function () {
    261. 

  261. 	let us = ηm.userSettings;
    262. 

  262. 

  263. 	if (us.deleteCookies || us.deleteUnusedSessionCookies) {
    264. 

  264.             let keys = Array.from(CookieCache.keys());
    265. 

  265. 	    let len = keys.length;
    266. 

  266. 	    let step, offset, n;
    267. 

  267. 

  268.             if (len > 25) {
    269. 

  269. 		step = len / 25;
    270. 

  270. 		offset = Math.floor(Math.random() * len);
    271. 

  271. 		n = 25;
    272. 

  272.             } else {
    273. 

  273. 		step = 1;
    274. 

  274. 		offset = 0;
    275. 

  275. 		n = len;
    276. 

  276.             }
    277. 

  277. 

  278.             let i = offset;
    279. 

  279.             while (n--) {
    280. 

  280. 		removeCookieAsync(keys[Math.floor(i % len)]);
    281. 

  281. 		i += step;
    282. 

  282.             }
    283. 

  283. 	}
    284. 

  284. 

  285. 	vAPI.setTimeout(processClean, processCleanPeriod);
    286. 

  286.     };
    287. 

  287. 

  288.     let findAndRecordPageCookies = function (pageStore) {
    289. 

  289. 	for (let key of CookieCache.keys()) {
    290. 

  290.             if (CookieUtils.matchDomains(key, pageStore.allHostnamesString)) {
    291. 

  291. 		recordPageCookie(pageStore, key);
    292. 

  292.             }
    293. 

  293. 	}
    294. 

  294.     };
    295. 

  295. 

  296.     let findAndRemovePageCookies = function (pageStore) {
    297. 

  297. 	for (let key of CookieCache.keys()) {
    298. 

  298.             if (CookieUtils.matchDomains(key, pageStore.allHostnamesString)) {
    299. 

  299. 		removeCookieAsync(key);
    300. 

  300.             }
    301. 

  301. 	}
    302. 

  302.     };
    303. 

  303. 

  304.     let canRemoveCookie = function (key, srcHostnames) {
    305. 

  305. 	let entry = CookieCache.get(key);
    306. 

  306. 	if (entry === undefined) {
    307. 

  307. 	    return false;
    308. 

  308. 	}
    309. 

  309. 

  310. 	let cookieHostname = entry.hostname;
    311. 

  311. 	let srcHostname;
    312. 

  312. 

  313. 	for (srcHostname of entry.usedOn) {
    314. 

  314.             if (ηm.mustAllow(srcHostname, cookieHostname, 'cookie')) {
    315. 

  315. 		return false;
    316. 

  316.             }
    317. 

  317. 	}
    318. 

  318. 

  319. 	// Maybe there is a scope in which the cookie is 1st-party-allowed.
    320. 

  320. 	// For example, if I am logged in into `github.com`, I do not want to be
    321. 

  321. 	// logged out just because I did not yet open a `github.com` page after
    322. 

  322. 	// re-starting the browser.
    323. 

  323. 	srcHostname = cookieHostname;
    324. 

  324. 

  325. 	let pos;
    326. 

  326. 

  327. 	for (;;) {
    328. 

  328.             if (srcHostnames.has(srcHostname)) {
    329. 

  329. 		if (ηm.mustAllow(srcHostname, cookieHostname, 'cookie')) {
    330. 

  330.                     return false;
    331. 

  331. 		}
    332. 

  332.             }
    333. 

  333.             if (srcHostname === entry.domain) {
    334. 

  334. 		break;
    335. 

  335.             }
    336. 

  336.             pos = srcHostname.indexOf('.');
    337. 

  337.             if (pos === -1) {
    338. 

  338. 		break;
    339. 

  339.             }
    340. 

  340.             srcHostname = srcHostname.slice(pos + 1);
    341. 

  341. 	}
    342. 

  342. 	return true;
    343. 

  343.     };
    344. 

  344. 

  345.     // Listen to any change in cookieland, we will update page stats accordingly.
    346. 

  346. 

  347.     vAPI.cookies.onChanged = function (cookie) {
    348. 

  348. 	// rhill 2013-12-11: If cookie value didn't change, no need to record.
    349. 

  349. 	// https://github.com/gorhill/httpswitchboard/issues/79
    350. 

  350. 	let key = CookieUtils.keyFromCookie(cookie);
    351. 

  351. 	let entry = CookieCache.get(key);
    352. 

  352. 

  353. 	if (entry === undefined) {
    354. 

  354.             entry = CookieCache.add(cookie);
    355. 

  355. 	} else {
    356. 

  356.             entry.tstamp = Date.now();
    357. 

  357.             if (cookie.value === entry.value) {
    358. 

  358. 		return;
    359. 

  359. 	    }
    360. 

  360.             entry.value = cookie.value;
    361. 

  361. 	}
    362. 

  362. 

  363. 	// Go through all pages and update if needed, as one cookie can be used
    364. 

  364. 	// by many web pages, so they need to be recorded for all these pages.
    365. 

  365. 	let pageStores = ηm.pageStores;
    366. 

  366. 	let pageStore;
    367. 

  367. 	for (let tabId in pageStores) {
    368. 

  368.             if (pageStores.hasOwnProperty(tabId) === false) {
    369. 

  369. 		continue;
    370. 

  370.             }
    371. 

  371.             pageStore = pageStores[tabId];
    372. 

  372.             if (!CookieUtils.matchDomains(key, pageStore.allHostnamesString)) {
    373. 

  373. 		continue;
    374. 

  374.             }
    375. 

  375.             recordPageCookie(pageStore, key);
    376. 

  376. 	}
    377. 

  377.     };
    378. 

  378. 

  379.     // Listen to any change in cookieland, we will update page stats accordingly.
    380. 

  380. 

  381.     vAPI.cookies.onRemoved = function (cookie) {
    382. 

  382. 	let key = CookieUtils.keyFromCookie(cookie);
    383. 

  383. 	if (CookieCache.remove(key)) {
    384. 

  384.             ηm.logger.writeOne('', 'info', 'cookie',
    385. 

  385. 			       i18nCookieDeleteSuccess.replace('{{value}}',
    386. 

  386. 							       key));
    387. 

  387. 	}
    388. 

  388.     };
    389. 

  389. 

  390.     // Listen to any change in cookieland, we will update page stats accordingly.
    391. 

  391. 

  392.     vAPI.cookies.onAllRemoved = function () {
    393. 

  393. 	for (let key of CookieCache.keys()) {
    394. 

  394.             if (CookieCache.remove(key)) {
    395. 

  395. 		ηm.logger.writeOne('', 'info', 'cookie',
    396. 

  396. 				   i18nCookieDeleteSuccess.replace('{{value}}',
    397. 

  397. 								   key));
    398. 

  398.             }
    399. 

  399. 	}
    400. 

  400.     };
    401. 

  401. 

  402.     vAPI.cookies.getAll(CookieCache.addVector);
    403. 

  403.     vAPI.cookies.start();
    404. 

  404. 

  405.     vAPI.setTimeout(processRemoveQueue, processRemoveQueuePeriod);
    406. 

  406.     vAPI.setTimeout(processClean, processCleanPeriod);
    407. 

  407. 

  408.     // Expose only what is necessary
    409. 

  409. 

  410.     return {
    411. 

  411. 	recordPageCookies: recordPageCookiesAsync,
    412. 

  412. 	removePageCookies: removePageCookiesAsync
    413. 

  413.     };
    414. 

  414. })();
    415. 

  415.