Additional fixes to url escapes decoding

- Do not allow escaped slashes `/` in uri path
- Decode/ unqoute query param names/ keys
- Move find_all utility func. to `strings.mojo` module

Author: izo0x90

lightbug_http/strings.mojo

@@ -150,3 +150,12 @@ fn to_string(owned bytes: Bytes) -> String:
     if bytes[-1] != 0:
         bytes.append(0)
     return String(bytes^)
+
+
+fn find_all(s: String, sub_str: String) -> List[Int]:
+    match_idxs = List[Int]()
+    var current_idx: Int = s.find(sub_str)
+    while current_idx > -1:
+        match_idxs.append(current_idx)
+        current_idx = s.find(sub_str, start=current_idx + 1)
+    return match_idxs^

lightbug_http/uri.mojo

@@ -2,6 +2,7 @@ from collections import Dict
 from utils import Variant
 from lightbug_http.io.bytes import Bytes, bytes
 from lightbug_http.strings import (
+    find_all,
     strSlash,
     strHttp11,
     strHttp10,
@@ -12,16 +13,11 @@ from lightbug_http.strings import (
 )
 
 
-fn find_all(s: String, sub_str: String) -> List[Int]:
-    match_idxs = List[Int]()
-    var current_idx: Int = s.find(sub_str)
-    while current_idx > -1:
-        match_idxs.append(current_idx)
-        current_idx = s.find(sub_str, start=current_idx + 1)
-    return match_idxs^
-
-
-fn unquote[expand_plus: Bool = False](input_str: String) -> String:
+fn unquote[
+    expand_plus: Bool = False
+](
+    input_str: String, disallowed_escapes: List[String] = List[String]()
+) -> String:
     var encoded_str = input_str.replace(
         QueryDelimiters.PLUS_ESCAPED_SPACE, " "
     ) if expand_plus else input_str
@@ -70,7 +66,12 @@ fn unquote[expand_plus: Bool = False](input_str: String) -> String:
 
         if len(str_bytes) > 0:
             str_bytes.append(0x00)
-            sub_strings.append(String(str_bytes))
+            var sub_str_from_bytes = String(str_bytes)
+            for disallowed in disallowed_escapes:
+                sub_str_from_bytes = sub_str_from_bytes.replace(
+                    disallowed[], ""
+                )
+            sub_strings.append(sub_str_from_bytes)
             str_bytes.clear()
 
         slice_start = current_offset
@@ -152,10 +153,14 @@ struct URI(Writable, Stringable, Representable):
         var original_path: String
         var query_string: String
         if n >= 0:
-            original_path = unquote(request_uri[:n])
+            original_path = unquote(
+                request_uri[:n], disallowed_escapes=List(str("/"))
+            )
             query_string = request_uri[n + 1 :]
         else:
-            original_path = unquote(request_uri)
+            original_path = unquote(
+                request_uri, disallowed_escapes=List(str("/"))
+            )
             query_string = ""
 
         var queries = QueryMap()
@@ -164,13 +169,12 @@ struct URI(Writable, Stringable, Representable):
 
             for item in query_items:
                 var key_val = item[].split(QueryDelimiters.ITEM_ASSIGN, 1)
+                var key = unquote[expand_plus=True](key_val[0])
 
-                if key_val[0]:
-                    queries[key_val[0]] = ""
+                if key:
+                    queries[key] = ""
                     if len(key_val) == 2:
-                        queries[key_val[0]] = unquote[expand_plus=True](
-                            key_val[1]
-                        )
+                        queries[key] = unquote[expand_plus=True](key_val[1])
 
         return URI(
             _original_path=original_path,

tests/lightbug_http/test_uri.mojo

@@ -60,6 +60,16 @@ def test_uri_parse_https_with_path():
     testing.assert_equal(uri.query_string, empty_string)
 
 
+def test_uri_parse_path_with_encoding():
+    var uri = URI.parse("https://example.com/test%20test/index.html")
+    testing.assert_equal(uri.path, "/test test/index.html")
+
+
+def test_uri_parse_path_with_encoding_ignore_slashes():
+    var uri = URI.parse("https://example.com/trying_to%2F_be_clever/42.html")
+    testing.assert_equal(uri.path, "/trying_to_be_clever/42.html")
+
+
 def test_uri_parse_http_basic():
     var uri = URI.parse("http://example.com")
     testing.assert_equal(uri.scheme, "http")
@@ -102,13 +112,14 @@ def test_uri_parse_multiple_query_parameters():
     testing.assert_equal(uri.request_uri, "/search?q=python&page=1&limit=20")
 
 def test_uri_parse_query_with_special_characters():
-    var uri = URI.parse("https://example.com/path?name=John+Doe&email=john%40example.com")
+    var uri = URI.parse("https://example.com/path?name=John+Doe&email=john%40example.com&escaped%40%20name=42")
     testing.assert_equal(uri.scheme, "https")
     testing.assert_equal(uri.host, "example.com")
     testing.assert_equal(uri.path, "/path")
-    testing.assert_equal(uri.query_string, "name=John+Doe&email=john%40example.com")
+    testing.assert_equal(uri.query_string, "name=John+Doe&email=john%40example.com&escaped%40%20name=42")
     testing.assert_equal(uri.queries["name"], "John Doe")
     testing.assert_equal(uri.queries["email"], "john@example.com")
+    testing.assert_equal(uri.queries["escaped@ name"], "42")
 
 def test_uri_parse_empty_query_values():
     var uri = URI.parse("http://example.com/api?key=&token=&empty")