X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fdingus.js;h=d8eed919a6fd992b463f2fc154edc034ff7dfdb2;hb=a90b9c1b279773c225560aa3ae5f5f21424ec420;hp=343283974d7c723a6cbb8eb85fc3e3b942230fff;hpb=842a9b1e5b62aa642a53269a8466fd1e021e4ff2;p=squeep-api-dingus

diff --git a/lib/dingus.js b/lib/dingus.js
index 3432839..d8eed91 100644
--- a/lib/dingus.js
+++ b/lib/dingus.js
@@ -27,6 +27,7 @@ const defaultOptions = {
   strictAccept: true,
   selfBaseUrl: '',
   staticMetadata: true,
+  staticPath: undefined, // No reasonable default
   trustProxy: true,
   querystring,
 };
@@ -59,7 +60,6 @@ class Dingus {
     ];
 
     this.logger = logger;
-    common.ensureLoggerLevels(this.logger);
   }
 
 
@@ -138,9 +138,9 @@ class Dingus {
    */
   _getAddress(req) {
     // TODO: RFC7239 Forwarded support
-    const address = (this.trustProxy && req && req.getHeader(Enum.Header.XForwardedFor)) ||
-      (this.trustProxy && req && req.getHeader(Enum.Header.XRealIP)) ||
-      (req && req.connection && req.connection.remoteAddress) ||
+    const address = (this.trustProxy && req?.getHeader(Enum.Header.XForwardedFor)) ||
+      (this.trustProxy && req?.getHeader(Enum.Header.XRealIP)) ||
+      (req?.connection?.remoteAddress) ||
       '';
     return address.split(/\s*,\s*/u)[0];
   }
@@ -152,8 +152,8 @@ class Dingus {
    */
   _getProtocol(req) {
     // TODO: RFC7239 Forwarded support
-    const protocol = (this.trustProxy && req && req.getHeader(Enum.Header.XForwardedProto)) ||
-      ((req && req.connection && req.connection.encrypted) ? 'https' : 'http');
+    const protocol = (this.trustProxy && req?.getHeader(Enum.Header.XForwardedProto)) ||
+      ((req?.connection?.encrypted) ? 'https' : 'http');
     return protocol.split(/\s*,\s*/u)[0];
   }
 
@@ -225,11 +225,13 @@ class Dingus {
   /**
    * Intercept writes for head requests, do not send to client,
    * but send length, and make body available in context.
+   * N.B. If persisted, ctx.responseBody will be a raw buffer, be aware when logging.
    * @param {http.ClientRequest} req 
    * @param {http.ServerResponse} res 
    * @param {object} ctx 
+   * @param {Boolean} persistResponseBody
    */
-  static setHeadHandler(req, res, ctx) {
+  static setHeadHandler(req, res, ctx, persistResponseBody = false) {
     if (req.method === 'HEAD') {
       const origEnd = res.end.bind(res);
       const chunks = [];
@@ -239,8 +241,11 @@ class Dingus {
       };
       res.end = function (data, encoding, ...rest) {
         Dingus.pushBufChunk(chunks, data, encoding);
-        ctx.responseBody = Buffer.concat(chunks);
-        res.setHeader(Enum.Header.ContentLength, Buffer.byteLength(ctx.responseBody));
+        const responseBody = Buffer.concat(chunks);
+        res.setHeader(Enum.Header.ContentLength, Buffer.byteLength(responseBody));
+        if (persistResponseBody) {
+          ctx.responseBody = responseBody;
+        }
         return origEnd(undefined, encoding, ...rest);
       };
     }
@@ -305,21 +310,27 @@ class Dingus {
 
 
   /**
-   * Parse rawBody from ctx as contentType into parsedBody.
-   * @param {string} contentType 
-   * @param {object} ctx 
-   */
-  parseBody(contentType, ctx) {
+   * Parse rawBody as contentType into ctx.parsedBody.
+   * @param {string} contentType
+   * @param {object} ctx
+   * @param {string|buffer}
+  */
+  parseBody(contentType, ctx, rawBody) {
     const _scope = _fileScope('parseBody');
 
+    if (!rawBody) {
+      // 1.2.4 and earlier expected rawBody on context
+      rawBody = ctx.rawBody;
+    }
+
     switch (contentType) {
       case Enum.ContentType.ApplicationForm:
-        ctx.parsedBody = this.querystring.parse(ctx.rawBody);
+        ctx.parsedBody = this.querystring.parse(rawBody);
         break;
 
       case Enum.ContentType.ApplicationJson:
         try {
-          ctx.parsedBody = JSON.parse(ctx.rawBody);
+          ctx.parsedBody = JSON.parse(rawBody);
         } catch (e) {
           this.logger.debug(_scope, 'JSON parse failed', { requestId: ctx.requestId, error: e });
           throw new ResponseError(Enum.ErrorResponse.BadRequest, e.message);
@@ -336,13 +347,26 @@ class Dingus {
   /**
    * Return all body data from a request.
    * @param {http.ClientRequest} req
+   * @param {Number=} maximumBodySize
+   * @param {Boolean=} toString
    */
-  async bodyData(req) {
+  async bodyData(req, maximumBodySize, toString = true) {
     const _scope = _fileScope('bodyData');
     return new Promise((resolve, reject) => {
       const body = [];
-      req.on('data', (chunk) => body.push(chunk));
-      req.on('end', () => resolve(Buffer.concat(body).toString()));
+      let length = 0;
+      req.on('data', (chunk) => {
+        body.push(chunk);
+        length += Buffer.byteLength(chunk);
+        if (maximumBodySize && length > maximumBodySize) {
+          this.logger.debug(_scope, 'body data exceeded limit', { length, maximumBodySize });
+          reject(new ResponseError(Enum.ErrorResponse.RequestEntityTooLarge));
+        }
+      });
+      req.on('end', () => {
+        const bodyBuffer = Buffer.concat(body);
+        resolve(toString ? bodyBuffer.toString() : bodyBuffer);
+      });
       req.on('error', (e) => {
         this.logger.error(_scope, 'failed', { error: e });
         reject(e);
@@ -356,11 +380,19 @@ class Dingus {
    * @param {http.ClientRequest} req
    * @param {http.ServerResponse} res
    * @param {object} ctx
-   */
-  async ingestBody(req, res, ctx) {
-    ctx.rawBody = await this.bodyData(req);
-    const contentType = Dingus.getRequestContentType(req);
-    this.parseBody(contentType, ctx);
+   * @param {object}
+   * @param {Boolean} .parseEmptyBody
+   * @param {Boolean} .persistRawBody
+   */
+  async ingestBody(req, res, ctx, { parseEmptyBody = true, persistRawBody = false, maximumBodySize } = {}) {
+    const rawBody = await this.bodyData(req, maximumBodySize);
+    if (persistRawBody) {
+      ctx.rawBody = rawBody;
+    }
+    if (rawBody || parseEmptyBody) {
+      const contentType = Dingus.getRequestContentType(req);
+      this.parseBody(contentType, ctx, rawBody);
+    }
   }
 
 
@@ -492,7 +524,13 @@ class Dingus {
    */
   async serveFile(req, res, ctx, directory, fileName) {
     const _scope = _fileScope('serveFile');
-    this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+    this.logger.debug(_scope, 'called', { req, ctx });
+
+    // Require a directory field.
+    if (!directory) {
+      this.logger.debug(_scope, 'rejected unset directory', { fileName });
+      return this.handlerNotFound(req, res, ctx);
+    }
 
     // Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
     fileName = path.normalize(fileName);
@@ -500,7 +538,7 @@ class Dingus {
     // We will not deal with any subdirs, nor any dot-files.
     // (Note that we could not deal with subdirs even if we wanted, due to simple router matching scheme.)
     if (fileName.indexOf(path.sep) >= 0
-    ||  fileName.charAt(0) === '.') {
+    ||  fileName.startsWith('.')) {
       this.logger.debug(_scope, 'rejected filename', { fileName });
       return this.handlerNotFound(req, res, ctx);
     }
@@ -526,18 +564,20 @@ class Dingus {
         break;
       }
       const suffix = Enum.EncodingTypeSuffix[encoding];
-      if (suffix) {
-        const encodedFilePath = `${filePath}${suffix}`;
-        const [ encodedStat, encodedData ] = await this._readFileInfo(encodedFilePath);
-        if (encodedStat) {
-          ([ stat, data ] = [ encodedStat, encodedData ]);
-          ctx.selectedEncoding = encoding;
-          Dingus.addEncodingHeader(res, encoding);
-          res.setHeader(Enum.Header.Vary, Enum.Header.AcceptEncoding);
-          this.logger.debug(_scope, 'serving encoded version', { ctx, encodedFilePath });
-        }
-        break;
+      if (!suffix) {
+        this.logger.error(_scope, 'supported encoding missing mapped suffix', { ctx, encoding });
+        continue;
+      }
+      const encodedFilePath = `${filePath}${suffix}`;
+      const [ encodedStat, encodedData ] = await this._readFileInfo(encodedFilePath);
+      if (encodedStat) {
+        ([ stat, data ] = [ encodedStat, encodedData ]);
+        ctx.selectedEncoding = encoding;
+        Dingus.addEncodingHeader(res, encoding);
+        res.setHeader(Enum.Header.Vary, Enum.Header.AcceptEncoding);
+        this.logger.debug(_scope, 'serving encoded version', { ctx, encodedFilePath });
       }
+      break;
     }
 
     const lastModifiedDate = new Date(stat.mtimeMs);
@@ -611,14 +651,14 @@ class Dingus {
       res.setHeader(Enum.Header.ContentType, Enum.ContentType.TextPlain);
     }
 
-    if (err && err.statusCode) {
+    if (err?.statusCode) {
       res.statusCode = err.statusCode;
       body = this.renderError(res.getHeader(Enum.Header.ContentType), err);
-      this.logger.debug(_scope, 'handler error', { err, ...common.handlerLogData(req, res, ctx) });
+      this.logger.debug(_scope, 'handler error', { err, req, res, ctx });
     } else {
       res.statusCode = 500;
       body = this.renderError(res.getHeader(Enum.Header.ContentType), Enum.ErrorResponse.InternalServerError);
-      this.logger.error(_scope, 'handler exception', { err, ...common.handlerLogData(req, res, ctx) });
+      this.logger.error(_scope, 'handler exception', { err, req, res, ctx });
     }
     res.end(body);
   }