You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
651 lines
18 KiB
651 lines
18 KiB
/** |
|
* Wrapper for built-in http.js to emulate the browser XMLHttpRequest object. |
|
* |
|
* This can be used with JS designed for browsers to improve reuse of code and |
|
* allow the use of existing libraries. |
|
* |
|
* Usage: include("XMLHttpRequest.js") and use XMLHttpRequest per W3C specs. |
|
* |
|
* @author Dan DeFelippi <dan@driverdan.com> |
|
* @contributor David Ellis <d.f.ellis@ieee.org> |
|
* @license MIT |
|
*/ |
|
|
|
var fs = require('fs'); |
|
var Url = require('url'); |
|
var spawn = require('child_process').spawn; |
|
|
|
/** |
|
* Module exports. |
|
*/ |
|
|
|
module.exports = XMLHttpRequest; |
|
|
|
// backwards-compat |
|
XMLHttpRequest.XMLHttpRequest = XMLHttpRequest; |
|
|
|
/** |
|
* `XMLHttpRequest` constructor. |
|
* |
|
* Supported options for the `opts` object are: |
|
* |
|
* - `agent`: An http.Agent instance; http.globalAgent may be used; if 'undefined', agent usage is disabled |
|
* |
|
* @param {Object} opts optional "options" object |
|
*/ |
|
|
|
function XMLHttpRequest(opts) { |
|
"use strict"; |
|
|
|
opts = opts || {}; |
|
|
|
/** |
|
* Private variables |
|
*/ |
|
var self = this; |
|
var http = require('http'); |
|
var https = require('https'); |
|
|
|
// Holds http.js objects |
|
var request; |
|
var response; |
|
|
|
// Request settings |
|
var settings = {}; |
|
|
|
// Disable header blacklist. |
|
// Not part of XHR specs. |
|
var disableHeaderCheck = false; |
|
|
|
// Set some default headers |
|
var defaultHeaders = { |
|
"User-Agent": "node-XMLHttpRequest", |
|
"Accept": "*/*" |
|
}; |
|
|
|
var headers = Object.assign({}, defaultHeaders); |
|
|
|
// These headers are not user setable. |
|
// The following are allowed but banned in the spec: |
|
// * user-agent |
|
var forbiddenRequestHeaders = [ |
|
"accept-charset", |
|
"accept-encoding", |
|
"access-control-request-headers", |
|
"access-control-request-method", |
|
"connection", |
|
"content-length", |
|
"content-transfer-encoding", |
|
"cookie", |
|
"cookie2", |
|
"date", |
|
"expect", |
|
"host", |
|
"keep-alive", |
|
"origin", |
|
"referer", |
|
"te", |
|
"trailer", |
|
"transfer-encoding", |
|
"upgrade", |
|
"via" |
|
]; |
|
|
|
// These request methods are not allowed |
|
var forbiddenRequestMethods = [ |
|
"TRACE", |
|
"TRACK", |
|
"CONNECT" |
|
]; |
|
|
|
// Send flag |
|
var sendFlag = false; |
|
// Error flag, used when errors occur or abort is called |
|
var errorFlag = false; |
|
|
|
// Event listeners |
|
var listeners = {}; |
|
|
|
/** |
|
* Constants |
|
*/ |
|
|
|
this.UNSENT = 0; |
|
this.OPENED = 1; |
|
this.HEADERS_RECEIVED = 2; |
|
this.LOADING = 3; |
|
this.DONE = 4; |
|
|
|
/** |
|
* Public vars |
|
*/ |
|
|
|
// Current state |
|
this.readyState = this.UNSENT; |
|
|
|
// default ready state change handler in case one is not set or is set late |
|
this.onreadystatechange = null; |
|
|
|
// Result & response |
|
this.responseText = ""; |
|
this.responseXML = ""; |
|
this.status = null; |
|
this.statusText = null; |
|
|
|
/** |
|
* Private methods |
|
*/ |
|
|
|
/** |
|
* Check if the specified header is allowed. |
|
* |
|
* @param string header Header to validate |
|
* @return boolean False if not allowed, otherwise true |
|
*/ |
|
var isAllowedHttpHeader = function(header) { |
|
return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1); |
|
}; |
|
|
|
/** |
|
* Check if the specified method is allowed. |
|
* |
|
* @param string method Request method to validate |
|
* @return boolean False if not allowed, otherwise true |
|
*/ |
|
var isAllowedHttpMethod = function(method) { |
|
return (method && forbiddenRequestMethods.indexOf(method) === -1); |
|
}; |
|
|
|
/** |
|
* Public methods |
|
*/ |
|
|
|
/** |
|
* Open the connection. Currently supports local server requests. |
|
* |
|
* @param string method Connection method (eg GET, POST) |
|
* @param string url URL for the connection. |
|
* @param boolean async Asynchronous connection. Default is true. |
|
* @param string user Username for basic authentication (optional) |
|
* @param string password Password for basic authentication (optional) |
|
*/ |
|
this.open = function(method, url, async, user, password) { |
|
this.abort(); |
|
errorFlag = false; |
|
|
|
// Check for valid request method |
|
if (!isAllowedHttpMethod(method)) { |
|
throw "SecurityError: Request method not allowed"; |
|
} |
|
|
|
settings = { |
|
"method": method, |
|
"url": url.toString(), |
|
"async": (typeof async !== "boolean" ? true : async), |
|
"user": user || null, |
|
"password": password || null |
|
}; |
|
|
|
setState(this.OPENED); |
|
}; |
|
|
|
/** |
|
* Disables or enables isAllowedHttpHeader() check the request. Enabled by default. |
|
* This does not conform to the W3C spec. |
|
* |
|
* @param boolean state Enable or disable header checking. |
|
*/ |
|
this.setDisableHeaderCheck = function(state) { |
|
disableHeaderCheck = state; |
|
}; |
|
|
|
/** |
|
* Sets a header for the request. |
|
* |
|
* @param string header Header name |
|
* @param string value Header value |
|
* @return boolean Header added |
|
*/ |
|
this.setRequestHeader = function(header, value) { |
|
if (this.readyState != this.OPENED) { |
|
throw "INVALID_STATE_ERR: setRequestHeader can only be called when state is OPEN"; |
|
return false; |
|
} |
|
if (!isAllowedHttpHeader(header)) { |
|
console.warn('Refused to set unsafe header "' + header + '"'); |
|
return false; |
|
} |
|
if (sendFlag) { |
|
throw "INVALID_STATE_ERR: send flag is true"; |
|
return false; |
|
} |
|
headers[header] = value; |
|
return true; |
|
}; |
|
|
|
/** |
|
* Gets a header from the server response. |
|
* |
|
* @param string header Name of header to get. |
|
* @return string Text of the header or null if it doesn't exist. |
|
*/ |
|
this.getResponseHeader = function(header) { |
|
if (typeof header === "string" |
|
&& this.readyState > this.OPENED |
|
&& response.headers[header.toLowerCase()] |
|
&& !errorFlag |
|
) { |
|
return response.headers[header.toLowerCase()]; |
|
} |
|
|
|
return null; |
|
}; |
|
|
|
/** |
|
* Gets all the response headers. |
|
* |
|
* @return string A string with all response headers separated by CR+LF |
|
*/ |
|
this.getAllResponseHeaders = function() { |
|
if (this.readyState < this.HEADERS_RECEIVED || errorFlag) { |
|
return ""; |
|
} |
|
var result = ""; |
|
|
|
for (var i in response.headers) { |
|
// Cookie headers are excluded |
|
if (i !== "set-cookie" && i !== "set-cookie2") { |
|
result += i + ": " + response.headers[i] + "\r\n"; |
|
} |
|
} |
|
return result.substr(0, result.length - 2); |
|
}; |
|
|
|
/** |
|
* Gets a request header |
|
* |
|
* @param string name Name of header to get |
|
* @return string Returns the request header or empty string if not set |
|
*/ |
|
this.getRequestHeader = function(name) { |
|
// @TODO Make this case insensitive |
|
if (typeof name === "string" && headers[name]) { |
|
return headers[name]; |
|
} |
|
|
|
return ""; |
|
}; |
|
|
|
/** |
|
* Sends the request to the server. |
|
* |
|
* @param string data Optional data to send as request body. |
|
*/ |
|
this.send = function(data) { |
|
if (this.readyState != this.OPENED) { |
|
throw "INVALID_STATE_ERR: connection must be opened before send() is called"; |
|
} |
|
|
|
if (sendFlag) { |
|
throw "INVALID_STATE_ERR: send has already been called"; |
|
} |
|
|
|
var ssl = false, local = false; |
|
var url = Url.parse(settings.url); |
|
var host; |
|
// Determine the server |
|
switch (url.protocol) { |
|
case 'https:': |
|
ssl = true; |
|
// SSL & non-SSL both need host, no break here. |
|
case 'http:': |
|
host = url.hostname; |
|
break; |
|
|
|
case 'file:': |
|
local = true; |
|
break; |
|
|
|
case undefined: |
|
case '': |
|
host = "localhost"; |
|
break; |
|
|
|
default: |
|
throw "Protocol not supported."; |
|
} |
|
|
|
// Load files off the local filesystem (file://) |
|
if (local) { |
|
if (settings.method !== "GET") { |
|
throw "XMLHttpRequest: Only GET method is supported"; |
|
} |
|
|
|
if (settings.async) { |
|
fs.readFile(url.pathname, 'utf8', function(error, data) { |
|
if (error) { |
|
self.handleError(error); |
|
} else { |
|
self.status = 200; |
|
self.responseText = data; |
|
setState(self.DONE); |
|
} |
|
}); |
|
} else { |
|
try { |
|
this.responseText = fs.readFileSync(url.pathname, 'utf8'); |
|
this.status = 200; |
|
setState(self.DONE); |
|
} catch(e) { |
|
this.handleError(e); |
|
} |
|
} |
|
|
|
return; |
|
} |
|
|
|
// Default to port 80. If accessing localhost on another port be sure |
|
// to use http://localhost:port/path |
|
var port = url.port || (ssl ? 443 : 80); |
|
// Add query string if one is used |
|
var uri = url.pathname + (url.search ? url.search : ''); |
|
|
|
// Set the Host header or the server may reject the request |
|
headers["Host"] = host; |
|
if (!((ssl && port === 443) || port === 80)) { |
|
headers["Host"] += ':' + url.port; |
|
} |
|
|
|
// Set Basic Auth if necessary |
|
if (settings.user) { |
|
if (typeof settings.password == "undefined") { |
|
settings.password = ""; |
|
} |
|
var authBuf = new Buffer(settings.user + ":" + settings.password); |
|
headers["Authorization"] = "Basic " + authBuf.toString("base64"); |
|
} |
|
|
|
// Set content length header |
|
if (settings.method === "GET" || settings.method === "HEAD") { |
|
data = null; |
|
} else if (data) { |
|
headers["Content-Length"] = Buffer.isBuffer(data) ? data.length : Buffer.byteLength(data); |
|
|
|
if (!headers["Content-Type"]) { |
|
headers["Content-Type"] = "text/plain;charset=UTF-8"; |
|
} |
|
} else if (settings.method === "POST") { |
|
// For a post with no data set Content-Length: 0. |
|
// This is required by buggy servers that don't meet the specs. |
|
headers["Content-Length"] = 0; |
|
} |
|
|
|
var agent = opts.agent || false; |
|
var options = { |
|
host: host, |
|
port: port, |
|
path: uri, |
|
method: settings.method, |
|
headers: headers, |
|
agent: agent |
|
}; |
|
|
|
if (ssl) { |
|
options.pfx = opts.pfx; |
|
options.key = opts.key; |
|
options.passphrase = opts.passphrase; |
|
options.cert = opts.cert; |
|
options.ca = opts.ca; |
|
options.ciphers = opts.ciphers; |
|
options.rejectUnauthorized = opts.rejectUnauthorized; |
|
} |
|
|
|
// Reset error flag |
|
errorFlag = false; |
|
|
|
// Handle async requests |
|
if (settings.async) { |
|
// Use the proper protocol |
|
var doRequest = ssl ? https.request : http.request; |
|
|
|
// Request is being sent, set send flag |
|
sendFlag = true; |
|
|
|
// As per spec, this is called here for historical reasons. |
|
self.dispatchEvent("readystatechange"); |
|
|
|
// Handler for the response |
|
var responseHandler = function(resp) { |
|
// Set response var to the response we got back |
|
// This is so it remains accessable outside this scope |
|
response = resp; |
|
// Check for redirect |
|
// @TODO Prevent looped redirects |
|
if (response.statusCode === 302 || response.statusCode === 303 || response.statusCode === 307) { |
|
// Change URL to the redirect location |
|
settings.url = response.headers.location; |
|
var url = Url.parse(settings.url); |
|
// Set host var in case it's used later |
|
host = url.hostname; |
|
// Options for the new request |
|
var newOptions = { |
|
hostname: url.hostname, |
|
port: url.port, |
|
path: url.path, |
|
method: response.statusCode === 303 ? 'GET' : settings.method, |
|
headers: headers |
|
}; |
|
|
|
if (ssl) { |
|
newOptions.pfx = opts.pfx; |
|
newOptions.key = opts.key; |
|
newOptions.passphrase = opts.passphrase; |
|
newOptions.cert = opts.cert; |
|
newOptions.ca = opts.ca; |
|
newOptions.ciphers = opts.ciphers; |
|
newOptions.rejectUnauthorized = opts.rejectUnauthorized; |
|
} |
|
|
|
// Issue the new request |
|
request = doRequest(newOptions, responseHandler).on('error', errorHandler); |
|
request.end(); |
|
// @TODO Check if an XHR event needs to be fired here |
|
return; |
|
} |
|
|
|
if (response && response.setEncoding) { |
|
response.setEncoding("utf8"); |
|
} |
|
|
|
setState(self.HEADERS_RECEIVED); |
|
self.status = response.statusCode; |
|
|
|
response.on('data', function(chunk) { |
|
// Make sure there's some data |
|
if (chunk) { |
|
self.responseText += chunk; |
|
} |
|
// Don't emit state changes if the connection has been aborted. |
|
if (sendFlag) { |
|
setState(self.LOADING); |
|
} |
|
}); |
|
|
|
response.on('end', function() { |
|
if (sendFlag) { |
|
// The sendFlag needs to be set before setState is called. Otherwise if we are chaining callbacks |
|
// there can be a timing issue (the callback is called and a new call is made before the flag is reset). |
|
sendFlag = false; |
|
// Discard the 'end' event if the connection has been aborted |
|
setState(self.DONE); |
|
} |
|
}); |
|
|
|
response.on('error', function(error) { |
|
self.handleError(error); |
|
}); |
|
} |
|
|
|
// Error handler for the request |
|
var errorHandler = function(error) { |
|
self.handleError(error); |
|
} |
|
|
|
// Create the request |
|
request = doRequest(options, responseHandler).on('error', errorHandler); |
|
|
|
// Node 0.4 and later won't accept empty data. Make sure it's needed. |
|
if (data) { |
|
request.write(data); |
|
} |
|
|
|
request.end(); |
|
|
|
self.dispatchEvent("loadstart"); |
|
} else { // Synchronous |
|
// Create a temporary file for communication with the other Node process |
|
var contentFile = ".node-xmlhttprequest-content-" + process.pid; |
|
var syncFile = ".node-xmlhttprequest-sync-" + process.pid; |
|
fs.writeFileSync(syncFile, "", "utf8"); |
|
// The async request the other Node process executes |
|
var execString = "var http = require('http'), https = require('https'), fs = require('fs');" |
|
+ "var doRequest = http" + (ssl ? "s" : "") + ".request;" |
|
+ "var options = " + JSON.stringify(options) + ";" |
|
+ "var responseText = '';" |
|
+ "var req = doRequest(options, function(response) {" |
|
+ "response.setEncoding('utf8');" |
|
+ "response.on('data', function(chunk) {" |
|
+ " responseText += chunk;" |
|
+ "});" |
|
+ "response.on('end', function() {" |
|
+ "fs.writeFileSync('" + contentFile + "', 'NODE-XMLHTTPREQUEST-STATUS:' + response.statusCode + ',' + responseText, 'utf8');" |
|
+ "fs.unlinkSync('" + syncFile + "');" |
|
+ "});" |
|
+ "response.on('error', function(error) {" |
|
+ "fs.writeFileSync('" + contentFile + "', 'NODE-XMLHTTPREQUEST-ERROR:' + JSON.stringify(error), 'utf8');" |
|
+ "fs.unlinkSync('" + syncFile + "');" |
|
+ "});" |
|
+ "}).on('error', function(error) {" |
|
+ "fs.writeFileSync('" + contentFile + "', 'NODE-XMLHTTPREQUEST-ERROR:' + JSON.stringify(error), 'utf8');" |
|
+ "fs.unlinkSync('" + syncFile + "');" |
|
+ "});" |
|
+ (data ? "req.write('" + data.replace(/'/g, "\\'") + "');":"") |
|
+ "req.end();"; |
|
// Start the other Node Process, executing this string |
|
var syncProc = spawn(process.argv[0], ["-e", execString]); |
|
var statusText; |
|
while(fs.existsSync(syncFile)) { |
|
// Wait while the sync file is empty |
|
} |
|
self.responseText = fs.readFileSync(contentFile, 'utf8'); |
|
// Kill the child process once the file has data |
|
syncProc.stdin.end(); |
|
// Remove the temporary file |
|
fs.unlinkSync(contentFile); |
|
if (self.responseText.match(/^NODE-XMLHTTPREQUEST-ERROR:/)) { |
|
// If the file returned an error, handle it |
|
var errorObj = self.responseText.replace(/^NODE-XMLHTTPREQUEST-ERROR:/, ""); |
|
self.handleError(errorObj); |
|
} else { |
|
// If the file returned okay, parse its data and move to the DONE state |
|
self.status = self.responseText.replace(/^NODE-XMLHTTPREQUEST-STATUS:([0-9]*),.*/, "$1"); |
|
self.responseText = self.responseText.replace(/^NODE-XMLHTTPREQUEST-STATUS:[0-9]*,(.*)/, "$1"); |
|
setState(self.DONE); |
|
} |
|
} |
|
}; |
|
|
|
/** |
|
* Called when an error is encountered to deal with it. |
|
*/ |
|
this.handleError = function(error) { |
|
this.status = 503; |
|
this.statusText = error; |
|
this.responseText = error.stack; |
|
errorFlag = true; |
|
setState(this.DONE); |
|
}; |
|
|
|
/** |
|
* Aborts a request. |
|
*/ |
|
this.abort = function() { |
|
if (request) { |
|
request.abort(); |
|
request = null; |
|
} |
|
|
|
headers = Object.assign({}, defaultHeaders); |
|
this.responseText = ""; |
|
this.responseXML = ""; |
|
|
|
errorFlag = true; |
|
|
|
if (this.readyState !== this.UNSENT |
|
&& (this.readyState !== this.OPENED || sendFlag) |
|
&& this.readyState !== this.DONE) { |
|
sendFlag = false; |
|
setState(this.DONE); |
|
} |
|
this.readyState = this.UNSENT; |
|
}; |
|
|
|
/** |
|
* Adds an event listener. Preferred method of binding to events. |
|
*/ |
|
this.addEventListener = function(event, callback) { |
|
if (!(event in listeners)) { |
|
listeners[event] = []; |
|
} |
|
// Currently allows duplicate callbacks. Should it? |
|
listeners[event].push(callback); |
|
}; |
|
|
|
/** |
|
* Remove an event callback that has already been bound. |
|
* Only works on the matching funciton, cannot be a copy. |
|
*/ |
|
this.removeEventListener = function(event, callback) { |
|
if (event in listeners) { |
|
// Filter will return a new array with the callback removed |
|
listeners[event] = listeners[event].filter(function(ev) { |
|
return ev !== callback; |
|
}); |
|
} |
|
}; |
|
|
|
/** |
|
* Dispatch any events, including both "on" methods and events attached using addEventListener. |
|
*/ |
|
this.dispatchEvent = function(event) { |
|
if (typeof self["on" + event] === "function") { |
|
self["on" + event](); |
|
} |
|
if (event in listeners) { |
|
for (var i = 0, len = listeners[event].length; i < len; i++) { |
|
listeners[event][i].call(self); |
|
} |
|
} |
|
}; |
|
|
|
/** |
|
* Changes readyState and calls onreadystatechange. |
|
* |
|
* @param int state New state |
|
*/ |
|
var setState = function(state) { |
|
if (self.readyState !== state) { |
|
self.readyState = state; |
|
|
|
if (settings.async || self.readyState < self.OPENED || self.readyState === self.DONE) { |
|
self.dispatchEvent("readystatechange"); |
|
} |
|
|
|
if (self.readyState === self.DONE && !errorFlag) { |
|
self.dispatchEvent("load"); |
|
// @TODO figure out InspectorInstrumentation::didLoadXHR(cookie) |
|
self.dispatchEvent("loadend"); |
|
} |
|
} |
|
}; |
|
};
|
|
|