672 lines
20 KiB
JavaScript
672 lines
20 KiB
JavaScript
var url = require("url");
|
||
var URL = url.URL;
|
||
var http = require("http");
|
||
var https = require("https");
|
||
var Writable = require("stream").Writable;
|
||
var assert = require("assert");
|
||
var debug = require("./debug");
|
||
|
||
// Whether to use the native URL object or the legacy url module
|
||
var useNativeURL = false;
|
||
try {
|
||
assert(new URL());
|
||
}
|
||
catch (error) {
|
||
useNativeURL = error.code === "ERR_INVALID_URL";
|
||
}
|
||
|
||
// URL fields to preserve in copy operations
|
||
var preservedUrlFields = [
|
||
"auth",
|
||
"host",
|
||
"hostname",
|
||
"href",
|
||
"path",
|
||
"pathname",
|
||
"port",
|
||
"protocol",
|
||
"query",
|
||
"search",
|
||
];
|
||
|
||
// Create handlers that pass events from native requests
|
||
var events = ["abort", "aborted", "connect", "error", "socket", "timeout"];
|
||
var eventHandlers = Object.create(null);
|
||
events.forEach(function (event) {
|
||
eventHandlers[event] = function (arg1, arg2, arg3) {
|
||
this._redirectable.emit(event, arg1, arg2, arg3);
|
||
};
|
||
});
|
||
|
||
// Error types with codes
|
||
var InvalidUrlError = createErrorType(
|
||
"ERR_INVALID_URL",
|
||
"Invalid URL",
|
||
TypeError
|
||
);
|
||
var RedirectionError = createErrorType(
|
||
"ERR_FR_REDIRECTION_FAILURE",
|
||
"Redirected request failed"
|
||
);
|
||
var TooManyRedirectsError = createErrorType(
|
||
"ERR_FR_TOO_MANY_REDIRECTS",
|
||
"Maximum number of redirects exceeded",
|
||
RedirectionError
|
||
);
|
||
var MaxBodyLengthExceededError = createErrorType(
|
||
"ERR_FR_MAX_BODY_LENGTH_EXCEEDED",
|
||
"Request body larger than maxBodyLength limit"
|
||
);
|
||
var WriteAfterEndError = createErrorType(
|
||
"ERR_STREAM_WRITE_AFTER_END",
|
||
"write after end"
|
||
);
|
||
|
||
// istanbul ignore next
|
||
var destroy = Writable.prototype.destroy || noop;
|
||
|
||
// An HTTP(S) request that can be redirected
|
||
function RedirectableRequest(options, responseCallback) {
|
||
// Initialize the request
|
||
Writable.call(this);
|
||
this._sanitizeOptions(options);
|
||
this._options = options;
|
||
this._ended = false;
|
||
this._ending = false;
|
||
this._redirectCount = 0;
|
||
this._redirects = [];
|
||
this._requestBodyLength = 0;
|
||
this._requestBodyBuffers = [];
|
||
|
||
// Attach a callback if passed
|
||
if (responseCallback) {
|
||
this.on("response", responseCallback);
|
||
}
|
||
|
||
// React to responses of native requests
|
||
var self = this;
|
||
this._onNativeResponse = function (response) {
|
||
try {
|
||
self._processResponse(response);
|
||
}
|
||
catch (cause) {
|
||
self.emit("error", cause instanceof RedirectionError ?
|
||
cause : new RedirectionError({ cause: cause }));
|
||
}
|
||
};
|
||
|
||
// Perform the first request
|
||
this._performRequest();
|
||
}
|
||
RedirectableRequest.prototype = Object.create(Writable.prototype);
|
||
|
||
RedirectableRequest.prototype.abort = function () {
|
||
destroyRequest(this._currentRequest);
|
||
this._currentRequest.abort();
|
||
this.emit("abort");
|
||
};
|
||
|
||
RedirectableRequest.prototype.destroy = function (error) {
|
||
destroyRequest(this._currentRequest, error);
|
||
destroy.call(this, error);
|
||
return this;
|
||
};
|
||
|
||
// Writes buffered data to the current native request
|
||
RedirectableRequest.prototype.write = function (data, encoding, callback) {
|
||
// Writing is not allowed if end has been called
|
||
if (this._ending) {
|
||
throw new WriteAfterEndError();
|
||
}
|
||
|
||
// Validate input and shift parameters if necessary
|
||
if (!isString(data) && !isBuffer(data)) {
|
||
throw new TypeError("data should be a string, Buffer or Uint8Array");
|
||
}
|
||
if (isFunction(encoding)) {
|
||
callback = encoding;
|
||
encoding = null;
|
||
}
|
||
|
||
// Ignore empty buffers, since writing them doesn't invoke the callback
|
||
// https://github.com/nodejs/node/issues/22066
|
||
if (data.length === 0) {
|
||
if (callback) {
|
||
callback();
|
||
}
|
||
return;
|
||
}
|
||
// Only write when we don't exceed the maximum body length
|
||
if (this._requestBodyLength + data.length <= this._options.maxBodyLength) {
|
||
this._requestBodyLength += data.length;
|
||
this._requestBodyBuffers.push({ data: data, encoding: encoding });
|
||
this._currentRequest.write(data, encoding, callback);
|
||
}
|
||
// Error when we exceed the maximum body length
|
||
else {
|
||
this.emit("error", new MaxBodyLengthExceededError());
|
||
this.abort();
|
||
}
|
||
};
|
||
|
||
// Ends the current native request
|
||
RedirectableRequest.prototype.end = function (data, encoding, callback) {
|
||
// Shift parameters if necessary
|
||
if (isFunction(data)) {
|
||
callback = data;
|
||
data = encoding = null;
|
||
}
|
||
else if (isFunction(encoding)) {
|
||
callback = encoding;
|
||
encoding = null;
|
||
}
|
||
|
||
// Write data if needed and end
|
||
if (!data) {
|
||
this._ended = this._ending = true;
|
||
this._currentRequest.end(null, null, callback);
|
||
}
|
||
else {
|
||
var self = this;
|
||
var currentRequest = this._currentRequest;
|
||
this.write(data, encoding, function () {
|
||
self._ended = true;
|
||
currentRequest.end(null, null, callback);
|
||
});
|
||
this._ending = true;
|
||
}
|
||
};
|
||
|
||
// Sets a header value on the current native request
|
||
RedirectableRequest.prototype.setHeader = function (name, value) {
|
||
this._options.headers[name] = value;
|
||
this._currentRequest.setHeader(name, value);
|
||
};
|
||
|
||
// Clears a header value on the current native request
|
||
RedirectableRequest.prototype.removeHeader = function (name) {
|
||
delete this._options.headers[name];
|
||
this._currentRequest.removeHeader(name);
|
||
};
|
||
|
||
// Global timeout for all underlying requests
|
||
RedirectableRequest.prototype.setTimeout = function (msecs, callback) {
|
||
var self = this;
|
||
|
||
// Destroys the socket on timeout
|
||
function destroyOnTimeout(socket) {
|
||
socket.setTimeout(msecs);
|
||
socket.removeListener("timeout", socket.destroy);
|
||
socket.addListener("timeout", socket.destroy);
|
||
}
|
||
|
||
// Sets up a timer to trigger a timeout event
|
||
function startTimer(socket) {
|
||
if (self._timeout) {
|
||
clearTimeout(self._timeout);
|
||
}
|
||
self._timeout = setTimeout(function () {
|
||
self.emit("timeout");
|
||
clearTimer();
|
||
}, msecs);
|
||
destroyOnTimeout(socket);
|
||
}
|
||
|
||
// Stops a timeout from triggering
|
||
function clearTimer() {
|
||
// Clear the timeout
|
||
if (self._timeout) {
|
||
clearTimeout(self._timeout);
|
||
self._timeout = null;
|
||
}
|
||
|
||
// Clean up all attached listeners
|
||
self.removeListener("abort", clearTimer);
|
||
self.removeListener("error", clearTimer);
|
||
self.removeListener("response", clearTimer);
|
||
self.removeListener("close", clearTimer);
|
||
if (callback) {
|
||
self.removeListener("timeout", callback);
|
||
}
|
||
if (!self.socket) {
|
||
self._currentRequest.removeListener("socket", startTimer);
|
||
}
|
||
}
|
||
|
||
// Attach callback if passed
|
||
if (callback) {
|
||
this.on("timeout", callback);
|
||
}
|
||
|
||
// Start the timer if or when the socket is opened
|
||
if (this.socket) {
|
||
startTimer(this.socket);
|
||
}
|
||
else {
|
||
this._currentRequest.once("socket", startTimer);
|
||
}
|
||
|
||
// Clean up on events
|
||
this.on("socket", destroyOnTimeout);
|
||
this.on("abort", clearTimer);
|
||
this.on("error", clearTimer);
|
||
this.on("response", clearTimer);
|
||
this.on("close", clearTimer);
|
||
|
||
return this;
|
||
};
|
||
|
||
// Proxy all other public ClientRequest methods
|
||
[
|
||
"flushHeaders", "getHeader",
|
||
"setNoDelay", "setSocketKeepAlive",
|
||
].forEach(function (method) {
|
||
RedirectableRequest.prototype[method] = function (a, b) {
|
||
return this._currentRequest[method](a, b);
|
||
};
|
||
});
|
||
|
||
// Proxy all public ClientRequest properties
|
||
["aborted", "connection", "socket"].forEach(function (property) {
|
||
Object.defineProperty(RedirectableRequest.prototype, property, {
|
||
get: function () { return this._currentRequest[property]; },
|
||
});
|
||
});
|
||
|
||
RedirectableRequest.prototype._sanitizeOptions = function (options) {
|
||
// Ensure headers are always present
|
||
if (!options.headers) {
|
||
options.headers = {};
|
||
}
|
||
|
||
// Since http.request treats host as an alias of hostname,
|
||
// but the url module interprets host as hostname plus port,
|
||
// eliminate the host property to avoid confusion.
|
||
if (options.host) {
|
||
// Use hostname if set, because it has precedence
|
||
if (!options.hostname) {
|
||
options.hostname = options.host;
|
||
}
|
||
delete options.host;
|
||
}
|
||
|
||
// Complete the URL object when necessary
|
||
if (!options.pathname && options.path) {
|
||
var searchPos = options.path.indexOf("?");
|
||
if (searchPos < 0) {
|
||
options.pathname = options.path;
|
||
}
|
||
else {
|
||
options.pathname = options.path.substring(0, searchPos);
|
||
options.search = options.path.substring(searchPos);
|
||
}
|
||
}
|
||
};
|
||
|
||
|
||
// Executes the next native request (initial or redirect)
|
||
RedirectableRequest.prototype._performRequest = function () {
|
||
// Load the native protocol
|
||
var protocol = this._options.protocol;
|
||
var nativeProtocol = this._options.nativeProtocols[protocol];
|
||
if (!nativeProtocol) {
|
||
throw new TypeError("Unsupported protocol " + protocol);
|
||
}
|
||
|
||
// If specified, use the agent corresponding to the protocol
|
||
// (HTTP and HTTPS use different types of agents)
|
||
if (this._options.agents) {
|
||
var scheme = protocol.slice(0, -1);
|
||
this._options.agent = this._options.agents[scheme];
|
||
}
|
||
|
||
// Create the native request and set up its event handlers
|
||
var request = this._currentRequest =
|
||
nativeProtocol.request(this._options, this._onNativeResponse);
|
||
request._redirectable = this;
|
||
for (var event of events) {
|
||
request.on(event, eventHandlers[event]);
|
||
}
|
||
|
||
// RFC7230§5.3.1: When making a request directly to an origin server, […]
|
||
// a client MUST send only the absolute path […] as the request-target.
|
||
this._currentUrl = /^\//.test(this._options.path) ?
|
||
url.format(this._options) :
|
||
// When making a request to a proxy, […]
|
||
// a client MUST send the target URI in absolute-form […].
|
||
this._options.path;
|
||
|
||
// End a redirected request
|
||
// (The first request must be ended explicitly with RedirectableRequest#end)
|
||
if (this._isRedirect) {
|
||
// Write the request entity and end
|
||
var i = 0;
|
||
var self = this;
|
||
var buffers = this._requestBodyBuffers;
|
||
(function writeNext(error) {
|
||
// Only write if this request has not been redirected yet
|
||
/* istanbul ignore else */
|
||
if (request === self._currentRequest) {
|
||
// Report any write errors
|
||
/* istanbul ignore if */
|
||
if (error) {
|
||
self.emit("error", error);
|
||
}
|
||
// Write the next buffer if there are still left
|
||
else if (i < buffers.length) {
|
||
var buffer = buffers[i++];
|
||
/* istanbul ignore else */
|
||
if (!request.finished) {
|
||
request.write(buffer.data, buffer.encoding, writeNext);
|
||
}
|
||
}
|
||
// End the request if `end` has been called on us
|
||
else if (self._ended) {
|
||
request.end();
|
||
}
|
||
}
|
||
}());
|
||
}
|
||
};
|
||
|
||
// Processes a response from the current native request
|
||
RedirectableRequest.prototype._processResponse = function (response) {
|
||
// Store the redirected response
|
||
var statusCode = response.statusCode;
|
||
if (this._options.trackRedirects) {
|
||
this._redirects.push({
|
||
url: this._currentUrl,
|
||
headers: response.headers,
|
||
statusCode: statusCode,
|
||
});
|
||
}
|
||
|
||
// RFC7231§6.4: The 3xx (Redirection) class of status code indicates
|
||
// that further action needs to be taken by the user agent in order to
|
||
// fulfill the request. If a Location header field is provided,
|
||
// the user agent MAY automatically redirect its request to the URI
|
||
// referenced by the Location field value,
|
||
// even if the specific status code is not understood.
|
||
|
||
// If the response is not a redirect; return it as-is
|
||
var location = response.headers.location;
|
||
if (!location || this._options.followRedirects === false ||
|
||
statusCode < 300 || statusCode >= 400) {
|
||
response.responseUrl = this._currentUrl;
|
||
response.redirects = this._redirects;
|
||
this.emit("response", response);
|
||
|
||
// Clean up
|
||
this._requestBodyBuffers = [];
|
||
return;
|
||
}
|
||
|
||
// The response is a redirect, so abort the current request
|
||
destroyRequest(this._currentRequest);
|
||
// Discard the remainder of the response to avoid waiting for data
|
||
response.destroy();
|
||
|
||
// RFC7231§6.4: A client SHOULD detect and intervene
|
||
// in cyclical redirections (i.e., "infinite" redirection loops).
|
||
if (++this._redirectCount > this._options.maxRedirects) {
|
||
throw new TooManyRedirectsError();
|
||
}
|
||
|
||
// Store the request headers if applicable
|
||
var requestHeaders;
|
||
var beforeRedirect = this._options.beforeRedirect;
|
||
if (beforeRedirect) {
|
||
requestHeaders = Object.assign({
|
||
// The Host header was set by nativeProtocol.request
|
||
Host: response.req.getHeader("host"),
|
||
}, this._options.headers);
|
||
}
|
||
|
||
// RFC7231§6.4: Automatic redirection needs to done with
|
||
// care for methods not known to be safe, […]
|
||
// RFC7231§6.4.2–3: For historical reasons, a user agent MAY change
|
||
// the request method from POST to GET for the subsequent request.
|
||
var method = this._options.method;
|
||
if ((statusCode === 301 || statusCode === 302) && this._options.method === "POST" ||
|
||
// RFC7231§6.4.4: The 303 (See Other) status code indicates that
|
||
// the server is redirecting the user agent to a different resource […]
|
||
// A user agent can perform a retrieval request targeting that URI
|
||
// (a GET or HEAD request if using HTTP) […]
|
||
(statusCode === 303) && !/^(?:GET|HEAD)$/.test(this._options.method)) {
|
||
this._options.method = "GET";
|
||
// Drop a possible entity and headers related to it
|
||
this._requestBodyBuffers = [];
|
||
removeMatchingHeaders(/^content-/i, this._options.headers);
|
||
}
|
||
|
||
// Drop the Host header, as the redirect might lead to a different host
|
||
var currentHostHeader = removeMatchingHeaders(/^host$/i, this._options.headers);
|
||
|
||
// If the redirect is relative, carry over the host of the last request
|
||
var currentUrlParts = parseUrl(this._currentUrl);
|
||
var currentHost = currentHostHeader || currentUrlParts.host;
|
||
var currentUrl = /^\w+:/.test(location) ? this._currentUrl :
|
||
url.format(Object.assign(currentUrlParts, { host: currentHost }));
|
||
|
||
// Create the redirected request
|
||
var redirectUrl = resolveUrl(location, currentUrl);
|
||
debug("redirecting to", redirectUrl.href);
|
||
this._isRedirect = true;
|
||
spreadUrlObject(redirectUrl, this._options);
|
||
|
||
// Drop confidential headers when redirecting to a less secure protocol
|
||
// or to a different domain that is not a superdomain
|
||
if (redirectUrl.protocol !== currentUrlParts.protocol &&
|
||
redirectUrl.protocol !== "https:" ||
|
||
redirectUrl.host !== currentHost &&
|
||
!isSubdomain(redirectUrl.host, currentHost)) {
|
||
removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
|
||
}
|
||
|
||
// Evaluate the beforeRedirect callback
|
||
if (isFunction(beforeRedirect)) {
|
||
var responseDetails = {
|
||
headers: response.headers,
|
||
statusCode: statusCode,
|
||
};
|
||
var requestDetails = {
|
||
url: currentUrl,
|
||
method: method,
|
||
headers: requestHeaders,
|
||
};
|
||
beforeRedirect(this._options, responseDetails, requestDetails);
|
||
this._sanitizeOptions(this._options);
|
||
}
|
||
|
||
// Perform the redirected request
|
||
this._performRequest();
|
||
};
|
||
|
||
// Wraps the key/value object of protocols with redirect functionality
|
||
function wrap(protocols) {
|
||
// Default settings
|
||
var exports = {
|
||
maxRedirects: 21,
|
||
maxBodyLength: 10 * 1024 * 1024,
|
||
};
|
||
|
||
// Wrap each protocol
|
||
var nativeProtocols = {};
|
||
Object.keys(protocols).forEach(function (scheme) {
|
||
var protocol = scheme + ":";
|
||
var nativeProtocol = nativeProtocols[protocol] = protocols[scheme];
|
||
var wrappedProtocol = exports[scheme] = Object.create(nativeProtocol);
|
||
|
||
// Executes a request, following redirects
|
||
function request(input, options, callback) {
|
||
// Parse parameters, ensuring that input is an object
|
||
if (isURL(input)) {
|
||
input = spreadUrlObject(input);
|
||
}
|
||
else if (isString(input)) {
|
||
input = spreadUrlObject(parseUrl(input));
|
||
}
|
||
else {
|
||
callback = options;
|
||
options = validateUrl(input);
|
||
input = { protocol: protocol };
|
||
}
|
||
if (isFunction(options)) {
|
||
callback = options;
|
||
options = null;
|
||
}
|
||
|
||
// Set defaults
|
||
options = Object.assign({
|
||
maxRedirects: exports.maxRedirects,
|
||
maxBodyLength: exports.maxBodyLength,
|
||
}, input, options);
|
||
options.nativeProtocols = nativeProtocols;
|
||
if (!isString(options.host) && !isString(options.hostname)) {
|
||
options.hostname = "::1";
|
||
}
|
||
|
||
assert.equal(options.protocol, protocol, "protocol mismatch");
|
||
debug("options", options);
|
||
return new RedirectableRequest(options, callback);
|
||
}
|
||
|
||
// Executes a GET request, following redirects
|
||
function get(input, options, callback) {
|
||
var wrappedRequest = wrappedProtocol.request(input, options, callback);
|
||
wrappedRequest.end();
|
||
return wrappedRequest;
|
||
}
|
||
|
||
// Expose the properties on the wrapped protocol
|
||
Object.defineProperties(wrappedProtocol, {
|
||
request: { value: request, configurable: true, enumerable: true, writable: true },
|
||
get: { value: get, configurable: true, enumerable: true, writable: true },
|
||
});
|
||
});
|
||
return exports;
|
||
}
|
||
|
||
function noop() { /* empty */ }
|
||
|
||
function parseUrl(input) {
|
||
var parsed;
|
||
/* istanbul ignore else */
|
||
if (useNativeURL) {
|
||
parsed = new URL(input);
|
||
}
|
||
else {
|
||
// Ensure the URL is valid and absolute
|
||
parsed = validateUrl(url.parse(input));
|
||
if (!isString(parsed.protocol)) {
|
||
throw new InvalidUrlError({ input });
|
||
}
|
||
}
|
||
return parsed;
|
||
}
|
||
|
||
function resolveUrl(relative, base) {
|
||
/* istanbul ignore next */
|
||
return useNativeURL ? new URL(relative, base) : parseUrl(url.resolve(base, relative));
|
||
}
|
||
|
||
function validateUrl(input) {
|
||
if (/^\[/.test(input.hostname) && !/^\[[:0-9a-f]+\]$/i.test(input.hostname)) {
|
||
throw new InvalidUrlError({ input: input.href || input });
|
||
}
|
||
if (/^\[/.test(input.host) && !/^\[[:0-9a-f]+\](:\d+)?$/i.test(input.host)) {
|
||
throw new InvalidUrlError({ input: input.href || input });
|
||
}
|
||
return input;
|
||
}
|
||
|
||
function spreadUrlObject(urlObject, target) {
|
||
var spread = target || {};
|
||
for (var key of preservedUrlFields) {
|
||
spread[key] = urlObject[key];
|
||
}
|
||
|
||
// Fix IPv6 hostname
|
||
if (spread.hostname.startsWith("[")) {
|
||
spread.hostname = spread.hostname.slice(1, -1);
|
||
}
|
||
// Ensure port is a number
|
||
if (spread.port !== "") {
|
||
spread.port = Number(spread.port);
|
||
}
|
||
// Concatenate path
|
||
spread.path = spread.search ? spread.pathname + spread.search : spread.pathname;
|
||
|
||
return spread;
|
||
}
|
||
|
||
function removeMatchingHeaders(regex, headers) {
|
||
var lastValue;
|
||
for (var header in headers) {
|
||
if (regex.test(header)) {
|
||
lastValue = headers[header];
|
||
delete headers[header];
|
||
}
|
||
}
|
||
return (lastValue === null || typeof lastValue === "undefined") ?
|
||
undefined : String(lastValue).trim();
|
||
}
|
||
|
||
function createErrorType(code, message, baseClass) {
|
||
// Create constructor
|
||
function CustomError(properties) {
|
||
Error.captureStackTrace(this, this.constructor);
|
||
Object.assign(this, properties || {});
|
||
this.code = code;
|
||
this.message = this.cause ? message + ": " + this.cause.message : message;
|
||
}
|
||
|
||
// Attach constructor and set default properties
|
||
CustomError.prototype = new (baseClass || Error)();
|
||
Object.defineProperties(CustomError.prototype, {
|
||
constructor: {
|
||
value: CustomError,
|
||
enumerable: false,
|
||
},
|
||
name: {
|
||
value: "Error [" + code + "]",
|
||
enumerable: false,
|
||
},
|
||
});
|
||
return CustomError;
|
||
}
|
||
|
||
function destroyRequest(request, error) {
|
||
for (var event of events) {
|
||
request.removeListener(event, eventHandlers[event]);
|
||
}
|
||
request.on("error", noop);
|
||
request.destroy(error);
|
||
}
|
||
|
||
function isSubdomain(subdomain, domain) {
|
||
assert(isString(subdomain) && isString(domain));
|
||
var dot = subdomain.length - domain.length - 1;
|
||
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
|
||
}
|
||
|
||
function isString(value) {
|
||
return typeof value === "string" || value instanceof String;
|
||
}
|
||
|
||
function isFunction(value) {
|
||
return typeof value === "function";
|
||
}
|
||
|
||
function isBuffer(value) {
|
||
return typeof value === "object" && ("length" in value);
|
||
}
|
||
|
||
function isURL(value) {
|
||
return URL && value instanceof URL;
|
||
}
|
||
|
||
// Exports
|
||
module.exports = wrap({ http: http, https: https });
|
||
module.exports.wrap = wrap;
|