net.urllib: use option instead of pointer for the Userinfo field (fix #24650) (#25401)

Delta456 · web-flow · commit a4035dd6d90d · 2025-09-28T04:06:53.000+03:00
diff --git a/vlib/net/http/http_proxy.v b/vlib/net/http/http_proxy.v
@@ -31,6 +31,8 @@ pub fn new_http_proxy(raw_url string) !&HttpProxy {
 	url.raw_path = ''
 	url.raw_query = ''
 	url.fragment = ''
+	mut username := ''
+	mut password := ''
 
 	str_url := url.str()
 
@@ -50,10 +52,15 @@ pub fn new_http_proxy(raw_url string) !&HttpProxy {
 		return error('Unknown port')
 	}
 
+	if u := url.user {
+		username = u.username
+		password = u.password
+	}
+
 	return &HttpProxy{
 		scheme:   scheme
-		username: url.user.username
-		password: url.user.password
+		username: username
+		password: password
 		host:     host
 		hostname: url.hostname()
 		port:     port
diff --git a/vlib/net/urllib/urllib.v b/vlib/net/urllib/urllib.v
@@ -317,14 +317,14 @@ fn escape(s string, mode EncodingMode) string {
 pub struct URL {
 pub mut:
 	scheme      string
-	opaque      string // encoded opaque data
-	user        &Userinfo = unsafe { nil } // username and password information
-	host        string // host or host:port
-	path        string // path (relative paths may omit leading slash)
-	raw_path    string // encoded path hint (see escaped_path method)
-	force_query bool   // append a query ('?') even if raw_query is empty
-	raw_query   string // encoded query values, without '?'
-	fragment    string // fragment for references, without '#'
+	opaque      string    // encoded opaque data
+	user        ?Userinfo // username and password information
+	host        string    // host or host:port
+	path        string    // path (relative paths may omit leading slash)
+	raw_path    string    // encoded path hint (see escaped_path method)
+	force_query bool      // append a query ('?') even if raw_query is empty
+	raw_query   string    // encoded query values, without '?'
+	fragment    string    // fragment for references, without '#'
 }
 
 // debug returns a string representation of *ALL* the fields of the given URL
@@ -334,8 +334,8 @@ pub fn (url &URL) debug() string {
 
 // user returns a Userinfo containing the provided username
 // and no password set.
-pub fn user(username string) &Userinfo {
-	return &Userinfo{
+pub fn user(username string) Userinfo {
+	return Userinfo{
 		username:     username
 		password:     ''
 		password_set: false
@@ -350,8 +350,8 @@ pub fn user(username string) &Userinfo {
 // ``is NOT RECOMMENDED, because the passing of authentication
 // information in clear text (such as URI) has proven to be a
 // security risk in almost every case where it has been used.''
-fn user_password(username string, password string) &Userinfo {
-	return &Userinfo{username, password, true}
+fn user_password(username string, password string) Userinfo {
+	return Userinfo{username, password, true}
 }
 
 // The Userinfo type is an immutable encapsulation of username and
@@ -365,13 +365,13 @@ pub:
 	password_set bool
 }
 
-fn (u &Userinfo) empty() bool {
-	return isnil(u) || (u.username == '' && u.password == '')
+fn (u Userinfo) empty() bool {
+	return u.username == '' && u.password == ''
 }
 
 // string returns the encoded userinfo information in the standard form
 // of 'username[:password]'.
-fn (u &Userinfo) str() string {
+fn (u Userinfo) str() string {
 	if u.empty() {
 		return ''
 	}
@@ -471,7 +471,7 @@ fn parse_url(rawurl string, via_request bool) !URL {
 		return error(error_msg('parse_url: empty URL', rawurl))
 	}
 	mut url := URL{
-		user: unsafe { nil }
+		user: none
 	}
 	if rawurl == '*' {
 		url.path = '*'
@@ -533,7 +533,7 @@ fn parse_url(rawurl string, via_request bool) !URL {
 }
 
 struct ParseAuthorityRes {
-	user &Userinfo
+	user ?Userinfo
 	host string
 }
 
@@ -697,7 +697,7 @@ fn valid_optional_port(port string) bool {
 //
 // In the second form, the following rules apply:
 // - if u.scheme is empty, scheme: is omitted.
-// - if u.user is nil, userinfo@ is omitted.
+// - if u.user is none, userinfo@ is omitted.
 // - if u.host is empty, host/ is omitted.
 // - if u.scheme and u.host are empty and u.user is nil,
 // the entire scheme://userinfo@host/ is omitted.
@@ -714,12 +714,13 @@ pub fn (u URL) str() string {
 	if u.opaque != '' {
 		buf.write_string(u.opaque)
 	} else {
-		if u.scheme != '' || u.host != '' || !u.user.empty() {
-			if u.host != '' || u.path != '' || !u.user.empty() {
+		user := u.user or { Userinfo{} }
+		if u.scheme != '' || u.host != '' || !user.empty() {
+			if u.host != '' || u.path != '' || !user.empty() {
 				buf.write_string('//')
 			}
-			if !u.user.empty() {
-				buf.write_string(u.user.str())
+			if !user.empty() {
+				buf.write_string(user.str())
 				buf.write_string('@')
 			}
 			if u.host != '' {
@@ -921,7 +922,8 @@ pub fn (u &URL) resolve_reference(ref &URL) !URL {
 	if ref.scheme == '' {
 		url.scheme = u.scheme
 	}
-	if ref.scheme != '' || ref.host != '' || !ref.user.empty() {
+	ref_user := ref.user or { Userinfo{} }
+	if ref.scheme != '' || ref.host != '' || !ref_user.empty() {
 		// The 'absoluteURI' or 'net_path' cases.
 		// We can ignore the error from set_path since we know we provided a
 		// validly-escaped path.
diff --git a/vlib/net/urllib/urllib_test.v b/vlib/net/urllib/urllib_test.v
@@ -75,7 +75,7 @@ fn test_parse_empty_query_one() {
 	assert query_str == query_encode
 }
 
-// testing the case where the query as empity value
+// testing the case where the query as empty value
 // e.g https://www.vlang.dev?
 fn test_parse_empty_query_two() {
 	query_str := ''
@@ -112,9 +112,11 @@ fn test_parse() {
 
 	test_url := 'https://joe:pass@www.mydomain.com:8080/som/url?param1=test1&param2=test2&foo=bar#testfragment'
 	u := urllib.parse(test_url)!
-	assert u.scheme == 'https' && u.hostname() == 'www.mydomain.com' && u.port() == '8080'
-		&& u.path == '/som/url' && u.fragment == 'testfragment' && u.user.username == 'joe'
-		&& u.user.password == 'pass'
+	if user := u.user {
+		assert u.scheme == 'https' && u.hostname() == 'www.mydomain.com' && u.port() == '8080'
+			&& u.path == '/som/url' && u.fragment == 'testfragment' && user.username == 'joe'
+			&& user.password == 'pass'
+	}
 
 	v := urllib.parse('https://vip.ffzy-online4.com/20230205/6094_d2720761/index.m3u8')!.resolve_reference(urllib.parse('2000k/hls/mixed.m3u8')!)!
 	assert v.str() == 'https://vip.ffzy-online4.com/20230205/6094_d2720761/2000k/hls/mixed.m3u8'
@@ -129,8 +131,10 @@ fn test_parse_authority() {
 
 	for url, expected in test_urls {
 		u := urllib.parse(url)!
-		assert u.user.username == expected[0]
-		assert u.user.password == expected[1]
+		if user := u.user {
+			assert user.username == expected[0]
+			assert user.password == expected[1]
+		}
 	}
 }
 
