1 | /*!
|
2 | * express
|
3 | * Copyright(c) 2009-2013 TJ Holowaychuk
|
4 | * Copyright(c) 2013 Roman Shtylman
|
5 | * Copyright(c) 2014-2015 Douglas Christopher Wilson
|
6 | * MIT Licensed
|
7 | */
|
8 |
|
9 | ;
|
10 |
|
11 | /**
|
12 | * Module dependencies.
|
13 | * @private
|
14 | */
|
15 |
|
16 | var accepts = require('accepts');
|
17 | var deprecate = require('depd')('express');
|
18 | var isIP = require('net').isIP;
|
19 | var typeis = require('type-is');
|
20 | var http = require('http');
|
21 | var fresh = require('fresh');
|
22 | var parseRange = require('range-parser');
|
23 | var parse = require('parseurl');
|
24 | var proxyaddr = require('proxy-addr');
|
25 |
|
26 | /**
|
27 | * Request prototype.
|
28 | * @public
|
29 | */
|
30 |
|
31 | var req = Object.create(http.IncomingMessage.prototype)
|
32 |
|
33 | /**
|
34 | * Module exports.
|
35 | * @public
|
36 | */
|
37 |
|
38 | module.exports = req
|
39 |
|
40 | /**
|
41 | * Return request header.
|
42 | *
|
43 | * The `Referrer` header field is special-cased,
|
44 | * both `Referrer` and `Referer` are interchangeable.
|
45 | *
|
46 | * Examples:
|
47 | *
|
48 | * req.get('Content-Type');
|
49 | * // => "text/plain"
|
50 | *
|
51 | * req.get('content-type');
|
52 | * // => "text/plain"
|
53 | *
|
54 | * req.get('Something');
|
55 | * // => undefined
|
56 | *
|
57 | * Aliased as `req.header()`.
|
58 | *
|
59 | * @param {String} name
|
60 | * @return {String}
|
61 | * @public
|
62 | */
|
63 |
|
64 | req.get =
|
65 | req.header = function header(name) {
|
66 | if (!name) {
|
67 | throw new TypeError('name argument is required to req.get');
|
68 | }
|
69 |
|
70 | if (typeof name !== 'string') {
|
71 | throw new TypeError('name must be a string to req.get');
|
72 | }
|
73 |
|
74 | var lc = name.toLowerCase();
|
75 |
|
76 | switch (lc) {
|
77 | case 'referer':
|
78 | case 'referrer':
|
79 | return this.headers.referrer
|
80 | || this.headers.referer;
|
81 | default:
|
82 | return this.headers[lc];
|
83 | }
|
84 | };
|
85 |
|
86 | /**
|
87 | * To do: update docs.
|
88 | *
|
89 | * Check if the given `type(s)` is acceptable, returning
|
90 | * the best match when true, otherwise `undefined`, in which
|
91 | * case you should respond with 406 "Not Acceptable".
|
92 | *
|
93 | * The `type` value may be a single MIME type string
|
94 | * such as "application/json", an extension name
|
95 | * such as "json", a comma-delimited list such as "json, html, text/plain",
|
96 | * an argument list such as `"json", "html", "text/plain"`,
|
97 | * or an array `["json", "html", "text/plain"]`. When a list
|
98 | * or array is given, the _best_ match, if any is returned.
|
99 | *
|
100 | * Examples:
|
101 | *
|
102 | * // Accept: text/html
|
103 | * req.accepts('html');
|
104 | * // => "html"
|
105 | *
|
106 | * // Accept: text/*, application/json
|
107 | * req.accepts('html');
|
108 | * // => "html"
|
109 | * req.accepts('text/html');
|
110 | * // => "text/html"
|
111 | * req.accepts('json, text');
|
112 | * // => "json"
|
113 | * req.accepts('application/json');
|
114 | * // => "application/json"
|
115 | *
|
116 | * // Accept: text/*, application/json
|
117 | * req.accepts('image/png');
|
118 | * req.accepts('png');
|
119 | * // => undefined
|
120 | *
|
121 | * // Accept: text/*;q=.5, application/json
|
122 | * req.accepts(['html', 'json']);
|
123 | * req.accepts('html', 'json');
|
124 | * req.accepts('html, json');
|
125 | * // => "json"
|
126 | *
|
127 | * @param {String|Array} type(s)
|
128 | * @return {String|Array|Boolean}
|
129 | * @public
|
130 | */
|
131 |
|
132 | req.accepts = function(){
|
133 | var accept = accepts(this);
|
134 | return accept.types.apply(accept, arguments);
|
135 | };
|
136 |
|
137 | /**
|
138 | * Check if the given `encoding`s are accepted.
|
139 | *
|
140 | * @param {String} ...encoding
|
141 | * @return {String|Array}
|
142 | * @public
|
143 | */
|
144 |
|
145 | req.acceptsEncodings = function(){
|
146 | var accept = accepts(this);
|
147 | return accept.encodings.apply(accept, arguments);
|
148 | };
|
149 |
|
150 | req.acceptsEncoding = deprecate.function(req.acceptsEncodings,
|
151 | 'req.acceptsEncoding: Use acceptsEncodings instead');
|
152 |
|
153 | /**
|
154 | * Check if the given `charset`s are acceptable,
|
155 | * otherwise you should respond with 406 "Not Acceptable".
|
156 | *
|
157 | * @param {String} ...charset
|
158 | * @return {String|Array}
|
159 | * @public
|
160 | */
|
161 |
|
162 | req.acceptsCharsets = function(){
|
163 | var accept = accepts(this);
|
164 | return accept.charsets.apply(accept, arguments);
|
165 | };
|
166 |
|
167 | req.acceptsCharset = deprecate.function(req.acceptsCharsets,
|
168 | 'req.acceptsCharset: Use acceptsCharsets instead');
|
169 |
|
170 | /**
|
171 | * Check if the given `lang`s are acceptable,
|
172 | * otherwise you should respond with 406 "Not Acceptable".
|
173 | *
|
174 | * @param {String} ...lang
|
175 | * @return {String|Array}
|
176 | * @public
|
177 | */
|
178 |
|
179 | req.acceptsLanguages = function(){
|
180 | var accept = accepts(this);
|
181 | return accept.languages.apply(accept, arguments);
|
182 | };
|
183 |
|
184 | req.acceptsLanguage = deprecate.function(req.acceptsLanguages,
|
185 | 'req.acceptsLanguage: Use acceptsLanguages instead');
|
186 |
|
187 | /**
|
188 | * Parse Range header field, capping to the given `size`.
|
189 | *
|
190 | * Unspecified ranges such as "0-" require knowledge of your resource length. In
|
191 | * the case of a byte range this is of course the total number of bytes. If the
|
192 | * Range header field is not given `undefined` is returned, `-1` when unsatisfiable,
|
193 | * and `-2` when syntactically invalid.
|
194 | *
|
195 | * When ranges are returned, the array has a "type" property which is the type of
|
196 | * range that is required (most commonly, "bytes"). Each array element is an object
|
197 | * with a "start" and "end" property for the portion of the range.
|
198 | *
|
199 | * The "combine" option can be set to `true` and overlapping & adjacent ranges
|
200 | * will be combined into a single range.
|
201 | *
|
202 | * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3"
|
203 | * should respond with 4 users when available, not 3.
|
204 | *
|
205 | * @param {number} size
|
206 | * @param {object} [options]
|
207 | * @param {boolean} [options.combine=false]
|
208 | * @return {number|array}
|
209 | * @public
|
210 | */
|
211 |
|
212 | req.range = function range(size, options) {
|
213 | var range = this.get('Range');
|
214 | if (!range) return;
|
215 | return parseRange(size, range, options);
|
216 | };
|
217 |
|
218 | /**
|
219 | * Return the value of param `name` when present or `defaultValue`.
|
220 | *
|
221 | * - Checks route placeholders, ex: _/user/:id_
|
222 | * - Checks body params, ex: id=12, {"id":12}
|
223 | * - Checks query string params, ex: ?id=12
|
224 | *
|
225 | * To utilize request bodies, `req.body`
|
226 | * should be an object. This can be done by using
|
227 | * the `bodyParser()` middleware.
|
228 | *
|
229 | * @param {String} name
|
230 | * @param {Mixed} [defaultValue]
|
231 | * @return {String}
|
232 | * @public
|
233 | */
|
234 |
|
235 | req.param = function param(name, defaultValue) {
|
236 | var params = this.params || {};
|
237 | var body = this.body || {};
|
238 | var query = this.query || {};
|
239 |
|
240 | var args = arguments.length === 1
|
241 | ? 'name'
|
242 | : 'name, default';
|
243 | deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead');
|
244 |
|
245 | if (null != params[name] && params.hasOwnProperty(name)) return params[name];
|
246 | if (null != body[name]) return body[name];
|
247 | if (null != query[name]) return query[name];
|
248 |
|
249 | return defaultValue;
|
250 | };
|
251 |
|
252 | /**
|
253 | * Check if the incoming request contains the "Content-Type"
|
254 | * header field, and it contains the give mime `type`.
|
255 | *
|
256 | * Examples:
|
257 | *
|
258 | * // With Content-Type: text/html; charset=utf-8
|
259 | * req.is('html');
|
260 | * req.is('text/html');
|
261 | * req.is('text/*');
|
262 | * // => true
|
263 | *
|
264 | * // When Content-Type is application/json
|
265 | * req.is('json');
|
266 | * req.is('application/json');
|
267 | * req.is('application/*');
|
268 | * // => true
|
269 | *
|
270 | * req.is('html');
|
271 | * // => false
|
272 | *
|
273 | * @param {String|Array} types...
|
274 | * @return {String|false|null}
|
275 | * @public
|
276 | */
|
277 |
|
278 | req.is = function is(types) {
|
279 | var arr = types;
|
280 |
|
281 | // support flattened arguments
|
282 | if (!Array.isArray(types)) {
|
283 | arr = new Array(arguments.length);
|
284 | for (var i = 0; i < arr.length; i++) {
|
285 | arr[i] = arguments[i];
|
286 | }
|
287 | }
|
288 |
|
289 | return typeis(this, arr);
|
290 | };
|
291 |
|
292 | /**
|
293 | * Return the protocol string "http" or "https"
|
294 | * when requested with TLS. When the "trust proxy"
|
295 | * setting trusts the socket address, the
|
296 | * "X-Forwarded-Proto" header field will be trusted
|
297 | * and used if present.
|
298 | *
|
299 | * If you're running behind a reverse proxy that
|
300 | * supplies https for you this may be enabled.
|
301 | *
|
302 | * @return {String}
|
303 | * @public
|
304 | */
|
305 |
|
306 | defineGetter(req, 'protocol', function protocol(){
|
307 | var proto = this.connection.encrypted
|
308 | ? 'https'
|
309 | : 'http';
|
310 | var trust = this.app.get('trust proxy fn');
|
311 |
|
312 | if (!trust(this.connection.remoteAddress, 0)) {
|
313 | return proto;
|
314 | }
|
315 |
|
316 | // Note: X-Forwarded-Proto is normally only ever a
|
317 | // single value, but this is to be safe.
|
318 | proto = this.get('X-Forwarded-Proto') || proto;
|
319 | return proto.split(/\s*,\s*/)[0];
|
320 | });
|
321 |
|
322 | /**
|
323 | * Short-hand for:
|
324 | *
|
325 | * req.protocol === 'https'
|
326 | *
|
327 | * @return {Boolean}
|
328 | * @public
|
329 | */
|
330 |
|
331 | defineGetter(req, 'secure', function secure(){
|
332 | return this.protocol === 'https';
|
333 | });
|
334 |
|
335 | /**
|
336 | * Return the remote address from the trusted proxy.
|
337 | *
|
338 | * The is the remote address on the socket unless
|
339 | * "trust proxy" is set.
|
340 | *
|
341 | * @return {String}
|
342 | * @public
|
343 | */
|
344 |
|
345 | defineGetter(req, 'ip', function ip(){
|
346 | var trust = this.app.get('trust proxy fn');
|
347 | return proxyaddr(this, trust);
|
348 | });
|
349 |
|
350 | /**
|
351 | * When "trust proxy" is set, trusted proxy addresses + client.
|
352 | *
|
353 | * For example if the value were "client, proxy1, proxy2"
|
354 | * you would receive the array `["client", "proxy1", "proxy2"]`
|
355 | * where "proxy2" is the furthest down-stream and "proxy1" and
|
356 | * "proxy2" were trusted.
|
357 | *
|
358 | * @return {Array}
|
359 | * @public
|
360 | */
|
361 |
|
362 | defineGetter(req, 'ips', function ips() {
|
363 | var trust = this.app.get('trust proxy fn');
|
364 | var addrs = proxyaddr.all(this, trust);
|
365 |
|
366 | // reverse the order (to farthest -> closest)
|
367 | // and remove socket address
|
368 | addrs.reverse().pop()
|
369 |
|
370 | return addrs
|
371 | });
|
372 |
|
373 | /**
|
374 | * Return subdomains as an array.
|
375 | *
|
376 | * Subdomains are the dot-separated parts of the host before the main domain of
|
377 | * the app. By default, the domain of the app is assumed to be the last two
|
378 | * parts of the host. This can be changed by setting "subdomain offset".
|
379 | *
|
380 | * For example, if the domain is "tobi.ferrets.example.com":
|
381 | * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
|
382 | * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
|
383 | *
|
384 | * @return {Array}
|
385 | * @public
|
386 | */
|
387 |
|
388 | defineGetter(req, 'subdomains', function subdomains() {
|
389 | var hostname = this.hostname;
|
390 |
|
391 | if (!hostname) return [];
|
392 |
|
393 | var offset = this.app.get('subdomain offset');
|
394 | var subdomains = !isIP(hostname)
|
395 | ? hostname.split('.').reverse()
|
396 | : [hostname];
|
397 |
|
398 | return subdomains.slice(offset);
|
399 | });
|
400 |
|
401 | /**
|
402 | * Short-hand for `url.parse(req.url).pathname`.
|
403 | *
|
404 | * @return {String}
|
405 | * @public
|
406 | */
|
407 |
|
408 | defineGetter(req, 'path', function path() {
|
409 | return parse(this).pathname;
|
410 | });
|
411 |
|
412 | /**
|
413 | * Parse the "Host" header field to a hostname.
|
414 | *
|
415 | * When the "trust proxy" setting trusts the socket
|
416 | * address, the "X-Forwarded-Host" header field will
|
417 | * be trusted.
|
418 | *
|
419 | * @return {String}
|
420 | * @public
|
421 | */
|
422 |
|
423 | defineGetter(req, 'hostname', function hostname(){
|
424 | var trust = this.app.get('trust proxy fn');
|
425 | var host = this.get('X-Forwarded-Host');
|
426 |
|
427 | if (!host || !trust(this.connection.remoteAddress, 0)) {
|
428 | host = this.get('Host');
|
429 | }
|
430 |
|
431 | if (!host) return;
|
432 |
|
433 | // IPv6 literal support
|
434 | var offset = host[0] === '['
|
435 | ? host.indexOf(']') + 1
|
436 | : 0;
|
437 | var index = host.indexOf(':', offset);
|
438 |
|
439 | return index !== -1
|
440 | ? host.substring(0, index)
|
441 | : host;
|
442 | });
|
443 |
|
444 | // TODO: change req.host to return host in next major
|
445 |
|
446 | defineGetter(req, 'host', deprecate.function(function host(){
|
447 | return this.hostname;
|
448 | }, 'req.host: Use req.hostname instead'));
|
449 |
|
450 | /**
|
451 | * Check if the request is fresh, aka
|
452 | * Last-Modified and/or the ETag
|
453 | * still match.
|
454 | *
|
455 | * @return {Boolean}
|
456 | * @public
|
457 | */
|
458 |
|
459 | defineGetter(req, 'fresh', function(){
|
460 | var method = this.method;
|
461 | var res = this.res
|
462 | var status = res.statusCode
|
463 |
|
464 | // GET or HEAD for weak freshness validation only
|
465 | if ('GET' !== method && 'HEAD' !== method) return false;
|
466 |
|
467 | // 2xx or 304 as per rfc2616 14.26
|
468 | if ((status >= 200 && status < 300) || 304 === status) {
|
469 | return fresh(this.headers, {
|
470 | 'etag': res.get('ETag'),
|
471 | 'last-modified': res.get('Last-Modified')
|
472 | })
|
473 | }
|
474 |
|
475 | return false;
|
476 | });
|
477 |
|
478 | /**
|
479 | * Check if the request is stale, aka
|
480 | * "Last-Modified" and / or the "ETag" for the
|
481 | * resource has changed.
|
482 | *
|
483 | * @return {Boolean}
|
484 | * @public
|
485 | */
|
486 |
|
487 | defineGetter(req, 'stale', function stale(){
|
488 | return !this.fresh;
|
489 | });
|
490 |
|
491 | /**
|
492 | * Check if the request was an _XMLHttpRequest_.
|
493 | *
|
494 | * @return {Boolean}
|
495 | * @public
|
496 | */
|
497 |
|
498 | defineGetter(req, 'xhr', function xhr(){
|
499 | var val = this.get('X-Requested-With') || '';
|
500 | return val.toLowerCase() === 'xmlhttprequest';
|
501 | });
|
502 |
|
503 | /**
|
504 | * Helper function for creating a getter on an object.
|
505 | *
|
506 | * @param {Object} obj
|
507 | * @param {String} name
|
508 | * @param {Function} getter
|
509 | * @private
|
510 | */
|
511 | function defineGetter(obj, name, getter) {
|
512 | Object.defineProperty(obj, name, {
|
513 | configurable: true,
|
514 | enumerable: true,
|
515 | get: getter
|
516 | });
|
517 | }
|