"use strict"; const path = require("path"); const mime = require("mime-types"); const onFinishedStream = require("on-finished"); const getFilenameFromUrl = require("./utils/getFilenameFromUrl"); const { setStatusCode, getStatusCode, getRequestHeader, getRequestMethod, getRequestURL, getResponseHeader, setResponseHeader, removeResponseHeader, getResponseHeaders, getHeadersSent, send, finish, pipe, createReadStreamOrReadFileSync, getOutgoing, initState, setState, getReadyReadableStreamState } = require("./utils/compatibleAPI"); const ready = require("./utils/ready"); const parseTokenList = require("./utils/parseTokenList"); const memorize = require("./utils/memorize"); /** @typedef {import("./index.js").NextFunction} NextFunction */ /** @typedef {import("./index.js").IncomingMessage} IncomingMessage */ /** @typedef {import("./index.js").ServerResponse} ServerResponse */ /** @typedef {import("./index.js").NormalizedHeaders} NormalizedHeaders */ /** @typedef {import("fs").ReadStream} ReadStream */ const BYTES_RANGE_REGEXP = /^ *bytes/i; /** * @param {string} type * @param {number} size * @param {import("range-parser").Range} [range] * @returns {string} */ function getValueContentRangeHeader(type, size, range) { return `${type} ${range ? `${range.start}-${range.end}` : "*"}/${size}`; } /** * Parse an HTTP Date into a number. * * @param {string} date * @returns {number} */ function parseHttpDate(date) { const timestamp = date && Date.parse(date); // istanbul ignore next: guard against date.js Date.parse patching return typeof timestamp === "number" ? timestamp : NaN; } const CACHE_CONTROL_NO_CACHE_REGEXP = /(?:^|,)\s*?no-cache\s*?(?:,|$)/; /** * @param {import("fs").ReadStream} stream stream * @param {boolean} suppress do need suppress? * @returns {void} */ function destroyStream(stream, suppress) { if (typeof stream.destroy === "function") { stream.destroy(); } if (typeof stream.close === "function") { // Node.js core bug workaround stream.on("open", /** * @this {import("fs").ReadStream} */ function onOpenClose() { // @ts-ignore if (typeof this.fd === "number") { // actually close down the fd this.close(); } }); } if (typeof stream.addListener === "function" && suppress) { stream.removeAllListeners("error"); stream.addListener("error", () => {}); } } /** @type {Record} */ const statuses = { 400: "Bad Request", 403: "Forbidden", 404: "Not Found", 416: "Range Not Satisfiable", 500: "Internal Server Error" }; const parseRangeHeaders = memorize( /** * @param {string} value * @returns {import("range-parser").Result | import("range-parser").Ranges} */ value => { const [len, rangeHeader] = value.split("|"); // eslint-disable-next-line global-require return require("range-parser")(Number(len), rangeHeader, { combine: true }); }); const MAX_MAX_AGE = 31536000000; /** * @template {IncomingMessage} Request * @template {ServerResponse} Response * @typedef {Object} SendErrorOptions send error options * @property {Record=} headers headers * @property {import("./index").ModifyResponseData=} modifyResponseData modify response data callback */ /** * @template {IncomingMessage} Request * @template {ServerResponse} Response * @param {import("./index.js").FilledContext} context * @return {import("./index.js").Middleware} */ function wrapper(context) { return async function middleware(req, res, next) { const acceptedMethods = context.options.methods || ["GET", "HEAD"]; initState(res); async function goNext() { if (!context.options.serverSideRender) { return next(); } return new Promise(resolve => { ready(context, () => { setState(res, "webpack", { devMiddleware: context }); resolve(next()); }, req); }); } const method = getRequestMethod(req); if (method && !acceptedMethods.includes(method)) { await goNext(); return; } /** * @param {number} status status * @param {Partial>=} options options * @returns {void} */ function sendError(status, options) { // eslint-disable-next-line global-require const escapeHtml = require("./utils/escapeHtml"); const content = statuses[status] || String(status); let document = Buffer.from(` Error 
${escapeHtml(content)}
`, "utf-8"); // Clear existing headers const headers = getResponseHeaders(res); for (let i = 0; i < headers.length; i++) { removeResponseHeader(res, headers[i]); } if (options && options.headers) { const keys = Object.keys(options.headers); for (let i = 0; i < keys.length; i++) { const key = keys[i]; const value = options.headers[key]; if (typeof value !== "undefined") { setResponseHeader(res, key, value); } } } // Send basic response setStatusCode(res, status); setResponseHeader(res, "Content-Type", "text/html; charset=utf-8"); setResponseHeader(res, "Content-Security-Policy", "default-src 'none'"); setResponseHeader(res, "X-Content-Type-Options", "nosniff"); let byteLength = Buffer.byteLength(document); if (options && options.modifyResponseData) { ({ data: document, byteLength } = /** @type {{ data: Buffer, byteLength: number }} */ options.modifyResponseData(req, res, document, byteLength)); } setResponseHeader(res, "Content-Length", byteLength); finish(res, document); } /** * @param {NodeJS.ErrnoException} error */ function errorHandler(error) { switch (error.code) { case "ENAMETOOLONG": case "ENOENT": case "ENOTDIR": sendError(404, { modifyResponseData: context.options.modifyResponseData }); break; default: sendError(500, { modifyResponseData: context.options.modifyResponseData }); break; } } function isConditionalGET() { return getRequestHeader(req, "if-match") || getRequestHeader(req, "if-unmodified-since") || getRequestHeader(req, "if-none-match") || getRequestHeader(req, "if-modified-since"); } function isPreconditionFailure() { // if-match const ifMatch = /** @type {string} */getRequestHeader(req, "if-match"); // A recipient MUST ignore If-Unmodified-Since if the request contains // an If-Match header field; the condition in If-Match is considered to // be a more accurate replacement for the condition in // If-Unmodified-Since, and the two are only combined for the sake of // interoperating with older intermediaries that might not implement If-Match. if (ifMatch) { const etag = getResponseHeader(res, "ETag"); return !etag || ifMatch !== "*" && parseTokenList(ifMatch).every(match => match !== etag && match !== `W/${etag}` && `W/${match}` !== etag); } // if-unmodified-since const ifUnmodifiedSince = /** @type {string} */ getRequestHeader(req, "if-unmodified-since"); if (ifUnmodifiedSince) { const unmodifiedSince = parseHttpDate(ifUnmodifiedSince); // A recipient MUST ignore the If-Unmodified-Since header field if the // received field-value is not a valid HTTP-date. if (!isNaN(unmodifiedSince)) { const lastModified = parseHttpDate( /** @type {string} */getResponseHeader(res, "Last-Modified")); return isNaN(lastModified) || lastModified > unmodifiedSince; } } return false; } /** * @returns {boolean} is cachable */ function isCachable() { const statusCode = getStatusCode(res); return statusCode >= 200 && statusCode < 300 || statusCode === 304 || // For Koa and Hono, because by default status code is 404, but we already found a file statusCode === 404; } /** * @param {import("http").OutgoingHttpHeaders} resHeaders * @returns {boolean} */ function isFresh(resHeaders) { // Always return stale when Cache-Control: no-cache to support end-to-end reload requests // https://tools.ietf.org/html/rfc2616#section-14.9.4 const cacheControl = /** @type {string} */ getRequestHeader(req, "cache-control"); if (cacheControl && CACHE_CONTROL_NO_CACHE_REGEXP.test(cacheControl)) { return false; } // fields const noneMatch = /** @type {string} */ getRequestHeader(req, "if-none-match"); const modifiedSince = /** @type {string} */ getRequestHeader(req, "if-modified-since"); // unconditional request if (!noneMatch && !modifiedSince) { return false; } // if-none-match if (noneMatch && noneMatch !== "*") { if (!resHeaders.etag) { return false; } const matches = parseTokenList(noneMatch); let etagStale = true; for (let i = 0; i < matches.length; i++) { const match = matches[i]; if (match === resHeaders.etag || match === `W/${resHeaders.etag}` || `W/${match}` === resHeaders.etag) { etagStale = false; break; } } if (etagStale) { return false; } } // A recipient MUST ignore If-Modified-Since if the request contains an If-None-Match header field; // the condition in If-None-Match is considered to be a more accurate replacement for the condition in If-Modified-Since, // and the two are only combined for the sake of interoperating with older intermediaries that might not implement If-None-Match. if (noneMatch) { return true; } // if-modified-since if (modifiedSince) { const lastModified = resHeaders["last-modified"]; // A recipient MUST ignore the If-Modified-Since header field if the // received field-value is not a valid HTTP-date, or if the request // method is neither GET nor HEAD. const modifiedStale = !lastModified || !(parseHttpDate(lastModified) <= parseHttpDate(modifiedSince)); if (modifiedStale) { return false; } } return true; } function isRangeFresh() { const ifRange = /** @type {string | undefined} */ getRequestHeader(req, "if-range"); if (!ifRange) { return true; } // if-range as etag if (ifRange.indexOf('"') !== -1) { const etag = /** @type {string | undefined} */ getResponseHeader(res, "ETag"); if (!etag) { return true; } return Boolean(etag && ifRange.indexOf(etag) !== -1); } // if-range as modified date const lastModified = /** @type {string | undefined} */ getResponseHeader(res, "Last-Modified"); if (!lastModified) { return true; } return parseHttpDate(lastModified) <= parseHttpDate(ifRange); } /** * @returns {string | undefined} */ function getRangeHeader() { const range = /** @type {string} */getRequestHeader(req, "range"); if (range && BYTES_RANGE_REGEXP.test(range)) { return range; } // eslint-disable-next-line no-undefined return undefined; } /** * @param {import("range-parser").Range} range * @returns {[number, number]} */ function getOffsetAndLenFromRange(range) { const offset = range.start; const len = range.end - range.start + 1; return [offset, len]; } /** * @param {number} offset * @param {number} len * @returns {[number, number]} */ function calcStartAndEnd(offset, len) { const start = offset; const end = Math.max(offset, offset + len - 1); return [start, end]; } async function processRequest() { // Pipe and SendFile /** @type {import("./utils/getFilenameFromUrl").Extra} */ const extra = {}; const filename = getFilenameFromUrl(context, /** @type {string} */getRequestURL(req), extra); if (extra.errorCode) { if (extra.errorCode === 403) { context.logger.error(`Malicious path "${filename}".`); } sendError(extra.errorCode, { modifyResponseData: context.options.modifyResponseData }); await goNext(); return; } if (!filename) { await goNext(); return; } if (getHeadersSent(res)) { await goNext(); return; } const { size } = /** @type {import("fs").Stats} */extra.stats; let len = size; let offset = 0; // Send logic if (context.options.headers) { let { headers } = context.options; if (typeof headers === "function") { headers = /** @type {NormalizedHeaders} */ headers(req, res, context); } /** * @type {{key: string, value: string | number}[]} */ const allHeaders = []; if (typeof headers !== "undefined") { if (!Array.isArray(headers)) { // eslint-disable-next-line guard-for-in for (const name in headers) { allHeaders.push({ key: name, value: headers[name] }); } headers = allHeaders; } for (const { key, value } of headers) { setResponseHeader(res, key, value); } } } if (!getResponseHeader(res, "Accept-Ranges")) { setResponseHeader(res, "Accept-Ranges", "bytes"); } if (!getResponseHeader(res, "Cache-Control")) { // TODO enable the `cacheImmutable` by default for the next major release const cacheControl = context.options.cacheImmutable && extra.immutable ? { immutable: true } : context.options.cacheControl; if (cacheControl) { let cacheControlValue; if (typeof cacheControl === "boolean") { cacheControlValue = "public, max-age=31536000"; } else if (typeof cacheControl === "number") { const maxAge = Math.floor(Math.min(Math.max(0, cacheControl), MAX_MAX_AGE) / 1000); cacheControlValue = `public, max-age=${maxAge}`; } else if (typeof cacheControl === "string") { cacheControlValue = cacheControl; } else { const maxAge = cacheControl.maxAge ? Math.floor(Math.min(Math.max(0, cacheControl.maxAge), MAX_MAX_AGE) / 1000) : MAX_MAX_AGE / 1000; cacheControlValue = `public, max-age=${maxAge}`; if (cacheControl.immutable) { cacheControlValue += ", immutable"; } } setResponseHeader(res, "Cache-Control", cacheControlValue); } } if (context.options.lastModified && !getResponseHeader(res, "Last-Modified")) { const modified = /** @type {import("fs").Stats} */ extra.stats.mtime.toUTCString(); setResponseHeader(res, "Last-Modified", modified); } /** @type {number} */ let start; /** @type {number} */ let end; /** @type {undefined | Buffer | ReadStream} */ let bufferOrStream; /** @type {number | undefined} */ let byteLength; const rangeHeader = getRangeHeader(); if (context.options.etag && !getResponseHeader(res, "ETag")) { /** @type {import("fs").Stats | Buffer | ReadStream | undefined} */ let value; // TODO cache etag generation? if (context.options.etag === "weak") { value = /** @type {import("fs").Stats} */extra.stats; } else { if (rangeHeader) { const parsedRanges = /** @type {import("range-parser").Ranges | import("range-parser").Result} */ parseRangeHeaders(`${size}|${rangeHeader}`); if (parsedRanges !== -2 && parsedRanges !== -1 && parsedRanges.length === 1) { [offset, len] = getOffsetAndLenFromRange(parsedRanges[0]); } } [start, end] = calcStartAndEnd(offset, len); try { const result = createReadStreamOrReadFileSync(filename, context.outputFileSystem, start, end); value = result.bufferOrStream; ({ bufferOrStream, byteLength } = result); } catch (error) { errorHandler( /** @type {NodeJS.ErrnoException} */error); await goNext(); return; } } if (value) { // eslint-disable-next-line global-require const result = await require("./utils/etag")(value); // Because we already read stream, we can cache buffer to avoid extra read from fs if (result.buffer) { bufferOrStream = result.buffer; } setResponseHeader(res, "ETag", result.hash); } } if (!getResponseHeader(res, "Content-Type") || getStatusCode(res) === 404) { removeResponseHeader(res, "Content-Type"); // content-type name(like application/javascript; charset=utf-8) or false const contentType = mime.contentType(path.extname(filename)); // Only set content-type header if media type is known // https://tools.ietf.org/html/rfc7231#section-3.1.1.5 if (contentType) { setResponseHeader(res, "Content-Type", contentType); } else if (context.options.mimeTypeDefault) { setResponseHeader(res, "Content-Type", context.options.mimeTypeDefault); } } // Conditional GET support if (isConditionalGET()) { if (isPreconditionFailure()) { sendError(412, { modifyResponseData: context.options.modifyResponseData }); await goNext(); return; } if (isCachable() && isFresh({ etag: ( /** @type {string | undefined} */ getResponseHeader(res, "ETag")), "last-modified": ( /** @type {string | undefined} */ getResponseHeader(res, "Last-Modified")) })) { setStatusCode(res, 304); // Remove content header fields removeResponseHeader(res, "Content-Encoding"); removeResponseHeader(res, "Content-Language"); removeResponseHeader(res, "Content-Length"); removeResponseHeader(res, "Content-Range"); removeResponseHeader(res, "Content-Type"); finish(res); await goNext(); return; } } let isPartialContent = false; if (rangeHeader) { let parsedRanges = /** @type {import("range-parser").Ranges | import("range-parser").Result | []} */ parseRangeHeaders(`${size}|${rangeHeader}`); // If-Range support if (!isRangeFresh()) { parsedRanges = []; } if (parsedRanges === -1) { context.logger.error("Unsatisfiable range for 'Range' header."); setResponseHeader(res, "Content-Range", getValueContentRangeHeader("bytes", size)); sendError(416, { headers: { "Content-Range": getResponseHeader(res, "Content-Range") }, modifyResponseData: context.options.modifyResponseData }); await goNext(); return; } else if (parsedRanges === -2) { context.logger.error("A malformed 'Range' header was provided. A regular response will be sent for this request."); } else if (parsedRanges.length > 1) { context.logger.error("A 'Range' header with multiple ranges was provided. Multiple ranges are not supported, so a regular response will be sent for this request."); } if (parsedRanges !== -2 && parsedRanges.length === 1) { // Content-Range setStatusCode(res, 206); setResponseHeader(res, "Content-Range", getValueContentRangeHeader("bytes", size, /** @type {import("range-parser").Ranges} */parsedRanges[0])); isPartialContent = true; [offset, len] = getOffsetAndLenFromRange(parsedRanges[0]); } } // When strong Etag generation is enabled we already read file, so we can skip extra fs call if (!bufferOrStream) { [start, end] = calcStartAndEnd(offset, len); try { ({ bufferOrStream, byteLength } = createReadStreamOrReadFileSync(filename, context.outputFileSystem, start, end)); } catch (error) { errorHandler( /** @type {NodeJS.ErrnoException} */error); await goNext(); return; } } if (context.options.modifyResponseData) { ({ data: bufferOrStream, byteLength } = context.options.modifyResponseData(req, res, bufferOrStream, /** @type {number} */ byteLength)); } setResponseHeader(res, "Content-Length", /** @type {number} */ byteLength); if (method === "HEAD") { if (!isPartialContent) { setStatusCode(res, 200); } finish(res); await goNext(); return; } if (!isPartialContent) { setStatusCode(res, 200); } const isPipeSupports = typeof ( /** @type {import("fs").ReadStream} */bufferOrStream.pipe) === "function"; if (!isPipeSupports) { send(res, /** @type {Buffer} */bufferOrStream); await goNext(); return; } // Cleanup const cleanup = () => { destroyStream( /** @type {import("fs").ReadStream} */bufferOrStream, true); }; // Error handling /** @type {import("fs").ReadStream} */ bufferOrStream.on("error", error => { // clean up stream early cleanup(); errorHandler(error); goNext(); }).on(getReadyReadableStreamState(res), () => { goNext(); }); pipe(res, /** @type {ReadStream} */bufferOrStream); const outgoing = getOutgoing(res); if (outgoing) { // Response finished, cleanup onFinishedStream(outgoing, cleanup); } } ready(context, processRequest, req); }; } module.exports = wrapper;