Hugging Face's logo

Spaces:
dtsky
/
nodejs
Runtime error

App Files Community
nodejs / app.js
dtsky's picture
dtsky
Upload 2 files
97810fa
raw
history blame contribute delete
19.3 kB
// © 2013 - 2016 Rob Wu <rob@robwu.nl>
// Released under the MIT license
'use strict';
var httpProxy = require('http-proxy');
var net = require('net');
var url = require('url');
var getProxyForUrl = require('proxy-from-env').getProxyForUrl;
/**
 * Check whether the specified hostname is valid.
 *
 * @param hostname {string} Host name (excluding port) of requested resource.
 * @return {boolean} Whether the requested resource can be accessed.
 */
function isValidHostName(hostname) {
 return !!(
 hostname.indexOf('.') > 0 ||
 net.isIPv4(hostname) ||
 net.isIPv6(hostname)
 );
}
/**
 * Adds CORS headers to the response headers.
 *
 * @param headers {object} Response headers
 * @param request {ServerRequest}
 */
function withCORS(headers, request) {
 headers['access-control-allow-origin'] = '*';
 var corsMaxAge = request.corsAnywhereRequestState.corsMaxAge;
 if (corsMaxAge) {
 headers['access-control-max-age'] = corsMaxAge;
 }
 if (request.headers['access-control-request-method']) {
 headers['access-control-allow-methods'] = request.headers['access-control-request-method'];
 delete request.headers['access-control-request-method'];
 }
 if (request.headers['access-control-request-headers']) {
 headers['access-control-allow-headers'] = request.headers['access-control-request-headers'];
 delete request.headers['access-control-request-headers'];
 }
headers['access-control-expose-headers'] = Object.keys(headers).join(',');
return headers;
}
/**
 * Performs the actual proxy request.
 *
 * @param req {ServerRequest} Incoming http request
 * @param res {ServerResponse} Outgoing (proxied) http request
 * @param proxy {HttpProxy}
 */
function proxyRequest(req, res, proxy) {
 var location = req.corsAnywhereRequestState.location;
 req.url = location.path;
var proxyOptions = {
 changeOrigin: false,
 prependPath: false,
 target: location,
 headers: {
 host: location.host,
 },
 // HACK: Get hold of the proxyReq object, because we need it later.
 // https://github.com/nodejitsu/node-http-proxy/blob/v1.11.1/lib/http-proxy/passes/web-incoming.js#L144
 buffer: {
 pipe: function (proxyReq) {
 var proxyReqOn = proxyReq.on;
 // Intercepts the handler that connects proxyRes to res.
 // https://github.com/nodejitsu/node-http-proxy/blob/v1.11.1/lib/http-proxy/passes/web-incoming.js#L146-L158
 proxyReq.on = function (eventName, listener) {
 if (eventName !== 'response') {
 return proxyReqOn.call(this, eventName, listener);
 }
 return proxyReqOn.call(this, 'response', function (proxyRes) {
 if (onProxyResponse(proxy, proxyReq, proxyRes, req, res)) {
 try {
 listener(proxyRes);
 } catch (err) {
 // Wrap in try-catch because an error could occur:
 // "RangeError: Invalid status code: 0"
 // https://github.com/Rob--W/cors-anywhere/issues/95
 // https://github.com/nodejitsu/node-http-proxy/issues/1080
// Forward error (will ultimately emit the 'error' event on our proxy object):
 // https://github.com/nodejitsu/node-http-proxy/blob/v1.11.1/lib/http-proxy/passes/web-incoming.js#L134
 proxyReq.emit('error', err);
 }
 }
 });
 };
 return req.pipe(proxyReq);
 },
 },
 };
var proxyThroughUrl = req.corsAnywhereRequestState.getProxyForUrl(location.href);
 if (proxyThroughUrl) {
 proxyOptions.target = proxyThroughUrl;
 proxyOptions.toProxy = true;
 // If a proxy URL was set, req.url must be an absolute URL. Then the request will not be sent
 // directly to the proxied URL, but through another proxy.
 req.url = location.href;
 }
// Start proxying the request
 try {
 proxy.web(req, res, proxyOptions);
 } catch (err) {
 proxy.emit('error', err, req, res);
 }
}
/**
 * This method modifies the response headers of the proxied response.
 * If a redirect is detected, the response is not sent to the client,
 * and a new request is initiated.
 *
 * client (req) -> CORS Anywhere -> (proxyReq) -> other server
 * client (res) <- CORS Anywhere <- (proxyRes) <- other server
 *
 * @param proxy {HttpProxy}
 * @param proxyReq {ClientRequest} The outgoing request to the other server.
 * @param proxyRes {ServerResponse} The response from the other server.
 * @param req {IncomingMessage} Incoming HTTP request, augmented with property corsAnywhereRequestState
 * @param req.corsAnywhereRequestState {object}
 * @param req.corsAnywhereRequestState.location {object} See parseURL
 * @param req.corsAnywhereRequestState.getProxyForUrl {function} See proxyRequest
 * @param req.corsAnywhereRequestState.proxyBaseUrl {string} Base URL of the CORS API endpoint
 * @param req.corsAnywhereRequestState.maxRedirects {number} Maximum number of redirects
 * @param req.corsAnywhereRequestState.redirectCount_ {number} Internally used to count redirects
 * @param res {ServerResponse} Outgoing response to the client that wanted to proxy the HTTP request.
 *
 * @returns {boolean} true if http-proxy should continue to pipe proxyRes to res.
 */
function onProxyResponse(proxy, proxyReq, proxyRes, req, res) {
 var requestState = req.corsAnywhereRequestState;
var statusCode = proxyRes.statusCode;
if (!requestState.redirectCount_) {
 res.setHeader('x-request-url', requestState.location.href);
 }
 // Handle redirects
 if (statusCode === 301 || statusCode === 302 || statusCode === 303 || statusCode === 307 || statusCode === 308) {
 var locationHeader = proxyRes.headers.location;
 var parsedLocation;
 if (locationHeader) {
 locationHeader = url.resolve(requestState.location.href, locationHeader);
 parsedLocation = parseURL(locationHeader);
 }
 if (parsedLocation) {
 if (statusCode === 301 || statusCode === 302 || statusCode === 303) {
 // Exclude 307 & 308, because they are rare, and require preserving the method + request body
 requestState.redirectCount_ = requestState.redirectCount_ + 1 || 1;
 if (requestState.redirectCount_ <= requestState.maxRedirects) {
 // Handle redirects within the server, because some clients (e.g. Android Stock Browser)
 // cancel redirects.
 // Set header for debugging purposes. Do not try to parse it!
 res.setHeader('X-CORS-Redirect-' + requestState.redirectCount_, statusCode + ' ' + locationHeader);
req.method = 'GET';
 req.headers['content-length'] = '0';
 delete req.headers['content-type'];
 requestState.location = parsedLocation;
// Remove all listeners (=reset events to initial state)
 req.removeAllListeners();
// Remove the error listener so that the ECONNRESET "error" that
 // may occur after aborting a request does not propagate to res.
 // https://github.com/nodejitsu/node-http-proxy/blob/v1.11.1/lib/http-proxy/passes/web-incoming.js#L134
 proxyReq.removeAllListeners('error');
 proxyReq.once('error', function catchAndIgnoreError() { });
 proxyReq.abort();
// Initiate a new proxy request.
 proxyRequest(req, res, proxy);
 return false;
 }
 }
 proxyRes.headers.location = requestState.proxyBaseUrl + '/' + locationHeader;
 }
 }
// Strip cookies
 delete proxyRes.headers['set-cookie'];
 delete proxyRes.headers['set-cookie2'];
proxyRes.headers['x-final-url'] = requestState.location.href;
 withCORS(proxyRes.headers, req);
 return true;
}
/**
 * @param req_url {string} The requested URL (scheme is optional).
 * @return {object} URL parsed using url.parse
 */
function parseURL(req_url) {
var host = req_url.slice(0, 8);
if (host.startsWith('/')){
 return null;
 } else if (host.includes("://")) {
} else if (host.includes(':/')) {
 req_url = new URL(req_url).href;
 } else {
 req_url = "http://" + req_url;
 }
return url.parse(req_url);
}
// Request handler factory
function getHandler(options, proxy) {
 var corsAnywhere = {
 getProxyForUrl: getProxyForUrl, // Function that specifies the proxy to use
 maxRedirects: 5, // Maximum number of redirects to be followed.
 keywordBlacklist: [], // Requests from these keywords will be blocked.
 originBlacklist: [], // Requests from these origins will be blocked.
 originWhitelist: [], // If non-empty, requests not from an origin in this list will be blocked.
 checkRateLimit: null, // Function that may enforce a rate-limit by returning a non-empty string.
 redirectSameOrigin: false, // Redirect the client to the requested URL for same-origin requests.
 requireHeader: null, // Require a header to be set?
 removeHeaders: [], // Strip these request headers.
 setHeaders: {}, // Set these request headers.
 corsMaxAge: 0 // If set, an Access-Control-Max-Age header with this value (in seconds) will be added.
 };
Object.keys(corsAnywhere).forEach(function (option) {
 if (Object.prototype.hasOwnProperty.call(options, option)) {
 corsAnywhere[option] = options[option];
 }
 });
// Convert corsAnywhere.requireHeader to an array of lowercase header names, or null.
 if (corsAnywhere.requireHeader) {
 if (typeof corsAnywhere.requireHeader === 'string') {
 corsAnywhere.requireHeader = [corsAnywhere.requireHeader.toLowerCase()];
 } else if (!Array.isArray(corsAnywhere.requireHeader) || corsAnywhere.requireHeader.length === 0) {
 corsAnywhere.requireHeader = null;
 } else {
 corsAnywhere.requireHeader = corsAnywhere.requireHeader.map(function (headerName) {
 return headerName.toLowerCase();
 });
 }
 }
 var hasRequiredHeaders = function (headers) {
 return !corsAnywhere.requireHeader || corsAnywhere.requireHeader.some(function (headerName) {
 return Object.hasOwnProperty.call(headers, headerName);
 });
 };
return function (req, res) {
 req.corsAnywhereRequestState = {
 getProxyForUrl: corsAnywhere.getProxyForUrl,
 maxRedirects: corsAnywhere.maxRedirects,
 corsMaxAge: corsAnywhere.corsMaxAge,
 };
let clientip = req.headers['x-forwarded-for'] || // 判断是否有反向代理 IP
 req.connection.remoteAddress || // 判断 connection 的远程 IP
 req.socket.remoteAddress || // 判断后端的 socket 的 IP
 req.connection.socket.remoteAddress;
console.log(JSON.stringify([
 new Date().toISOString(),
 req.method,
 req.url,
 clientip,
 req.headers["user-agent"]
 ]));
var cors_headers = withCORS({}, req);
 if (req.method === 'OPTIONS') {
 // Pre-flight request. Reply successfully:
 res.writeHead(200, cors_headers);
 res.end();
 return;
 }
//var location = parseURL(decodeURIComponent(req.url.slice(1)));
 try {
 var raw = req.url;
 var idx = raw.indexOf('/', 1);
 var url = raw.slice(idx + 1);
 var location = parseURL(url);
 }catch(err){
 console.log(err.message);
 }
if (!location) {
 // Invalid API call. Show how to correctly use the API
 res.writeHead(200, { 'Content-Type': 'text/plain' });
 res.end('404');
 return;
 }
if (location.host === 'iscorsneeded') {
 // Is CORS needed? This path is provided so that API consumers can test whether it's necessary
 // to use CORS. The server's reply is always No, because if they can read it, then CORS headers
 // are not necessary.
 res.writeHead(200, { 'Content-Type': 'text/plain' });
 res.end('no');
 return;
 }
if (location.port > 65535) {
 // Port is higher than 65535
 res.writeHead(400, 'Invalid port', cors_headers);
 res.end('Port number too large: ' + location.port);
 return;
 }
if (!/^\/https?:/.test(req.url) && !isValidHostName(location.hostname)) {
 // Don't even try to proxy invalid hosts (such as /favicon.ico, /robots.txt)
 res.writeHead(404, 'Invalid host', cors_headers);
 res.end('Invalid host: ' + location.hostname);
 return;
 }
 //location = new URL(location).href;
if (!hasRequiredHeaders(req.headers)) {
 res.writeHead(400, 'Header required', cors_headers);
 res.end('Missing required request header. Must specify one of: ' + corsAnywhere.requireHeader);
 return;
 }
if (corsAnywhere.keywordBlacklist.filter(x => location.href.indexOf(x) >= 0).length > 0) {
 res.writeHead(403, 'Forbidden', cors_headers);
 res.end('The keyword "' + corsAnywhere.keywordBlacklist.join(" ") + '" was blacklisted by the operator of this proxy.');
 return;
 }
if (corsAnywhere.originBlacklist.indexOf(location.hostname) >= 0) {
 res.writeHead(403, 'Forbidden', cors_headers);
 res.end('The origin "' + location.hostname + '" was blacklisted by the operator of this proxy.');
 return;
 }
if (corsAnywhere.originWhitelist.length && corsAnywhere.originWhitelist.indexOf(location.hostname) === -1) {
 res.writeHead(403, 'Forbidden', cors_headers);
 res.end('The origin "' + location.hostname + '" was not whitelisted by the operator of this proxy.');
 return;
 }
var origin = req.headers.origin || '';
if (corsAnywhere.redirectSameOrigin && origin && location.href[origin.length] === '/' &&
 location.href.lastIndexOf(origin, 0) === 0) {
 // Send a permanent redirect to offload the server. Badly coded clients should not waste our resources.
 cors_headers.vary = 'origin';
 cors_headers['cache-control'] = 'private';
 cors_headers.location = location.href;
 res.writeHead(301, 'Please use a direct request', cors_headers);
 res.end();
 return;
 }
var isRequestedOverHttps = req.connection.encrypted || /^\s*https/.test(req.headers['x-forwarded-proto']);
 var proxyBaseUrl = (isRequestedOverHttps ? 'https://' : 'http://') + req.headers.host;
corsAnywhere.removeHeaders.forEach(function (header) {
 delete req.headers[header];
 });
Object.keys(corsAnywhere.setHeaders).forEach(function (header) {
 req.headers[header] = corsAnywhere.setHeaders[header];
 });
var host = raw.slice(1, idx);
 var referer = host.indexOf('.') != -1 ? 'https://' + host : location.href;
 console.log('网址' + location.href + ' 来路' + referer)
 req.headers.referer = referer;
req.corsAnywhereRequestState.location = location;
 req.corsAnywhereRequestState.proxyBaseUrl = proxyBaseUrl;
proxyRequest(req, res, proxy);
 };
}
// Create server with default and given values
// Creator still needs to call .listen()
function createServer(options) {
 options = options || {};
// Default options:
 var httpProxyOptions = {
 xfwd: true, // Append X-Forwarded-* headers
 };
 // Allow user to override defaults and add own options
 if (options.httpProxyOptions) {
 Object.keys(options.httpProxyOptions).forEach(function (option) {
 httpProxyOptions[option] = options.httpProxyOptions[option];
 });
 }
var proxy = httpProxy.createServer(httpProxyOptions);
 var requestHandler = getHandler(options, proxy);
 var server;
 if (options.httpsOptions) {
 server = require('https').createServer(options.httpsOptions, requestHandler);
 } else {
 server = require('http').createServer(requestHandler);
 }
// When the server fails, just show a 404 instead of Internal server error
 proxy.on('error', function (err, req, res) {
 if (res.headersSent) {
 // This could happen when a protocol error occurs when an error occurs
 // after the headers have been received (and forwarded). Do not write
 // the headers because it would generate an error.
 // Prior to Node 13.x, the stream would have ended.
 // As of Node 13.x, we must explicitly close it.
 if (res.writableEnded === false) {
 res.end();
 }
 return;
 }
// When the error occurs after setting headers but before writing the response,
 // then any previously set headers must be removed.
 var headerNames = res.getHeaderNames ? res.getHeaderNames() : Object.keys(res._headers || {});
 headerNames.forEach(function (name) {
 res.removeHeader(name);
 });
res.writeHead(404, { 'Access-Control-Allow-Origin': '*' });
 res.end('Not found because of proxy error: ' + err);
 });
return server;
};
process.on('uncaughtException', function (exception) {
 console.log(exception);
});
// ========================== Start ==========================
// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
var port = process.env.PORT || 3000;
createServer({
 // 移除头部的Key
 removeHeaders: [
 'x-heroku-queue-wait-time',
 'x-heroku-queue-depth',
 'x-heroku-dynos-in-use',
 'x-request-start',
 ],
 keywordBlacklist: [".mpd", ".m4v"],// 阻断的关键字
 originBlacklist: [],// 阻断的名单
 originWhitelist: [],// 如果不为空,只允许白名单
 redirectSameOrigin: true,
 // http-proxy 组件选项配置
 httpProxyOptions: {
 xfwd: false,// 是否添加 X-Forwarded-For 头
 secure: false // ignore ssl
 },
}).listen(port, host, function () {
 console.log(new Date().toISOString() + ' Running CORS Anywhere on ' + host + ':' + port);
});