1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 | var debug = require('debug')('send')
|
7 | , parseRange = require('range-parser')
|
8 | , Stream = require('stream')
|
9 | , mime = require('mime')
|
10 | , fresh = require('fresh')
|
11 | , path = require('path')
|
12 | , http = require('http')
|
13 | , fs = require('fs')
|
14 | , basename = path.basename
|
15 | , normalize = path.normalize
|
16 | , join = path.join
|
17 | , utils = require('./utils');
|
18 |
|
19 |
|
20 |
|
21 |
|
22 |
|
23 | exports = module.exports = send;
|
24 |
|
25 |
|
26 |
|
27 |
|
28 |
|
29 | exports.mime = mime;
|
30 |
|
31 |
|
32 |
|
33 |
|
34 |
|
35 |
|
36 |
|
37 |
|
38 |
|
39 |
|
40 |
|
41 | function send(req, path, options) {
|
42 | return new SendStream(req, path, options);
|
43 | }
|
44 |
|
45 |
|
46 |
|
47 |
|
48 |
|
49 |
|
50 |
|
51 |
|
52 |
|
53 |
|
54 |
|
55 |
|
56 |
|
57 |
|
58 |
|
59 |
|
60 |
|
61 | function SendStream(req, path, options) {
|
62 | var self = this;
|
63 | this.req = req;
|
64 | this.path = path;
|
65 | this.options = options || {};
|
66 | this.maxage(0);
|
67 | this.hidden(false);
|
68 | this.index('index.html');
|
69 | }
|
70 |
|
71 |
|
72 |
|
73 |
|
74 |
|
75 | SendStream.prototype.__proto__ = Stream.prototype;
|
76 |
|
77 |
|
78 |
|
79 |
|
80 |
|
81 |
|
82 |
|
83 |
|
84 |
|
85 | SendStream.prototype.hidden = function(val){
|
86 | debug('hidden %s', val);
|
87 | this._hidden = val;
|
88 | return this;
|
89 | };
|
90 |
|
91 |
|
92 |
|
93 |
|
94 |
|
95 |
|
96 |
|
97 |
|
98 |
|
99 |
|
100 | SendStream.prototype.index = function(path){
|
101 | debug('index %s', path);
|
102 | this._index = path;
|
103 | return this;
|
104 | };
|
105 |
|
106 |
|
107 |
|
108 |
|
109 |
|
110 |
|
111 |
|
112 |
|
113 |
|
114 | SendStream.prototype.root =
|
115 | SendStream.prototype.from = function(path){
|
116 | this._root = normalize(path);
|
117 | return this;
|
118 | };
|
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
|
128 | SendStream.prototype.maxage = function(ms){
|
129 | if (Infinity == ms) ms = 60 * 60 * 24 * 365 * 1000;
|
130 | debug('max-age %d', ms);
|
131 | this._maxage = ms;
|
132 | return this;
|
133 | };
|
134 |
|
135 |
|
136 |
|
137 |
|
138 |
|
139 |
|
140 |
|
141 |
|
142 | SendStream.prototype.error = function(status, err){
|
143 | var res = this.res;
|
144 | var msg = http.STATUS_CODES[status];
|
145 | err = err || new Error(msg);
|
146 | err.status = status;
|
147 | if (this.listeners('error').length) return this.emit('error', err);
|
148 | res.statusCode = err.status;
|
149 | res.end(msg);
|
150 | };
|
151 |
|
152 |
|
153 |
|
154 |
|
155 |
|
156 |
|
157 |
|
158 |
|
159 | SendStream.prototype.isMalicious = function(){
|
160 | return !this._root && ~this.path.indexOf('..');
|
161 | };
|
162 |
|
163 |
|
164 |
|
165 |
|
166 |
|
167 |
|
168 |
|
169 |
|
170 | SendStream.prototype.hasTrailingSlash = function(){
|
171 | return '/' == this.path[this.path.length - 1];
|
172 | };
|
173 |
|
174 |
|
175 |
|
176 |
|
177 |
|
178 |
|
179 |
|
180 |
|
181 | SendStream.prototype.hasLeadingDot = function(){
|
182 | return '.' == basename(this.path)[0];
|
183 | };
|
184 |
|
185 |
|
186 |
|
187 |
|
188 |
|
189 |
|
190 |
|
191 |
|
192 | SendStream.prototype.isConditionalGET = function(){
|
193 | return this.req.headers['if-none-match']
|
194 | || this.req.headers['if-modified-since'];
|
195 | };
|
196 |
|
197 |
|
198 |
|
199 |
|
200 |
|
201 |
|
202 |
|
203 | SendStream.prototype.removeContentHeaderFields = function(){
|
204 | var res = this.res;
|
205 | Object.keys(res._headers).forEach(function(field){
|
206 | if (0 == field.indexOf('content')) {
|
207 | res.removeHeader(field);
|
208 | }
|
209 | });
|
210 | };
|
211 |
|
212 |
|
213 |
|
214 |
|
215 |
|
216 |
|
217 |
|
218 | SendStream.prototype.notModified = function(){
|
219 | var res = this.res;
|
220 | debug('not modified');
|
221 | this.removeContentHeaderFields();
|
222 | res.statusCode = 304;
|
223 | res.end();
|
224 | };
|
225 |
|
226 |
|
227 |
|
228 |
|
229 |
|
230 |
|
231 |
|
232 |
|
233 |
|
234 | SendStream.prototype.isCachable = function(){
|
235 | var res = this.res;
|
236 | return (res.statusCode >= 200 && res.statusCode < 300) || 304 == res.statusCode;
|
237 | };
|
238 |
|
239 |
|
240 |
|
241 |
|
242 |
|
243 |
|
244 |
|
245 |
|
246 | SendStream.prototype.onStatError = function(err){
|
247 | var notfound = ['ENOENT', 'ENAMETOOLONG', 'ENOTDIR'];
|
248 | if (~notfound.indexOf(err.code)) return this.error(404, err);
|
249 | this.error(500, err);
|
250 | };
|
251 |
|
252 |
|
253 |
|
254 |
|
255 |
|
256 |
|
257 |
|
258 |
|
259 | SendStream.prototype.isFresh = function(){
|
260 | return fresh(this.req.headers, this.res._headers);
|
261 | };
|
262 |
|
263 |
|
264 |
|
265 |
|
266 |
|
267 |
|
268 |
|
269 |
|
270 | SendStream.prototype.redirect = function(path){
|
271 | if (this.listeners('directory').length) return this.emit('directory');
|
272 | var res = this.res;
|
273 | path += '/';
|
274 | res.statusCode = 301;
|
275 | res.setHeader('Location', path);
|
276 | res.end('Redirecting to ' + utils.escape(path));
|
277 | };
|
278 |
|
279 |
|
280 |
|
281 |
|
282 |
|
283 |
|
284 |
|
285 |
|
286 |
|
287 | SendStream.prototype.pipe = function(res){
|
288 | var self = this
|
289 | , args = arguments
|
290 | , path = this.path
|
291 | , root = this._root;
|
292 |
|
293 |
|
294 | this.res = res;
|
295 |
|
296 |
|
297 | path = utils.decode(path);
|
298 | if (-1 == path) return this.error(400);
|
299 |
|
300 |
|
301 | if (~path.indexOf('\0')) return this.error(400);
|
302 |
|
303 |
|
304 | if (root) path = normalize(join(this._root, path));
|
305 |
|
306 |
|
307 | if (this.isMalicious()) return this.error(403);
|
308 |
|
309 |
|
310 | if (root && 0 != path.indexOf(root)) return this.error(403);
|
311 |
|
312 |
|
313 | if (!this._hidden && this.hasLeadingDot()) return this.error(404);
|
314 |
|
315 |
|
316 | if (this._index && this.hasTrailingSlash()) path += this._index;
|
317 |
|
318 | debug('stat "%s"', path);
|
319 | fs.stat(path, function(err, stat){
|
320 | if (err) return self.onStatError(err);
|
321 | if (!(self.req.socket && self.req.socket._handle)) {
|
322 | self.emit('error', new Error("Connection closed"));
|
323 | return;
|
324 | }
|
325 | if (stat.isDirectory()) return self.redirect(self.path);
|
326 | self.emit('file', path, stat);
|
327 | self.send(path, stat);
|
328 | });
|
329 |
|
330 | return res;
|
331 | };
|
332 |
|
333 |
|
334 |
|
335 |
|
336 |
|
337 |
|
338 |
|
339 |
|
340 | SendStream.prototype.send = function(path, stat){
|
341 | var options = this.options;
|
342 | var len = stat.size;
|
343 | var res = this.res;
|
344 | var req = this.req;
|
345 | var ranges = req.headers.range;
|
346 | var offset = options.start || 0;
|
347 |
|
348 |
|
349 | this.setHeader(stat);
|
350 |
|
351 |
|
352 | this.type(path);
|
353 |
|
354 |
|
355 | if (this.isConditionalGET()
|
356 | && this.isCachable()
|
357 | && this.isFresh()) {
|
358 | return this.notModified();
|
359 | }
|
360 |
|
361 |
|
362 | len = Math.max(0, len - offset);
|
363 | if (options.end !== undefined) {
|
364 | var bytes = options.end - offset + 1;
|
365 | if (len > bytes) len = bytes;
|
366 | }
|
367 |
|
368 |
|
369 | if (ranges) {
|
370 | ranges = parseRange(len, ranges);
|
371 |
|
372 |
|
373 | if (-1 == ranges) {
|
374 | res.setHeader('Content-Range', 'bytes */' + stat.size);
|
375 | return this.error(416);
|
376 | }
|
377 |
|
378 |
|
379 | if (-2 != ranges) {
|
380 | options.start = offset + ranges[0].start;
|
381 | options.end = offset + ranges[0].end;
|
382 |
|
383 |
|
384 | res.statusCode = 206;
|
385 | res.setHeader('Content-Range', 'bytes '
|
386 | + ranges[0].start
|
387 | + '-'
|
388 | + ranges[0].end
|
389 | + '/'
|
390 | + len);
|
391 | len = options.end - options.start + 1;
|
392 | }
|
393 | }
|
394 |
|
395 |
|
396 | res.setHeader('Content-Length', len);
|
397 |
|
398 |
|
399 | if ('HEAD' == req.method) return res.end();
|
400 |
|
401 | this.stream(path, options);
|
402 | };
|
403 |
|
404 |
|
405 |
|
406 |
|
407 |
|
408 |
|
409 |
|
410 |
|
411 |
|
412 | SendStream.prototype.stream = function(path, options){
|
413 |
|
414 | var self = this;
|
415 | var res = this.res;
|
416 | var req = this.req;
|
417 |
|
418 |
|
419 | var stream = fs.createReadStream(path, options);
|
420 | this.emit('stream', stream);
|
421 | stream.pipe(res);
|
422 |
|
423 |
|
424 | req.on('close', stream.destroy.bind(stream));
|
425 |
|
426 |
|
427 | stream.on('error', function(err){
|
428 |
|
429 | if (res._header) {
|
430 | console.error(err.stack);
|
431 | req.destroy();
|
432 | return;
|
433 | }
|
434 |
|
435 |
|
436 | err.status = 500;
|
437 | self.emit('error', err);
|
438 | });
|
439 |
|
440 |
|
441 | stream.on('end', function(){
|
442 | self.emit('end');
|
443 | });
|
444 | };
|
445 |
|
446 |
|
447 |
|
448 |
|
449 |
|
450 |
|
451 |
|
452 |
|
453 |
|
454 | SendStream.prototype.type = function(path){
|
455 | var res = this.res;
|
456 | if (res.getHeader('Content-Type')) return;
|
457 | var type = mime.lookup(path);
|
458 | var charset = mime.charsets.lookup(type);
|
459 | debug('content-type %s', type);
|
460 | res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''));
|
461 | };
|
462 |
|
463 |
|
464 |
|
465 |
|
466 |
|
467 |
|
468 |
|
469 |
|
470 |
|
471 | SendStream.prototype.setHeader = function(stat){
|
472 | var res = this.res;
|
473 | if (!res.getHeader('Accept-Ranges')) res.setHeader('Accept-Ranges', 'bytes');
|
474 | if (!res.getHeader('ETag')) res.setHeader('ETag', utils.etag(stat));
|
475 | if (!res.getHeader('Date')) res.setHeader('Date', new Date().toUTCString());
|
476 | if (!res.getHeader('Cache-Control')) res.setHeader('Cache-Control', 'public, max-age=' + (this._maxage / 1000));
|
477 | if (!res.getHeader('Last-Modified')) res.setHeader('Last-Modified', stat.mtime.toUTCString());
|
478 | };
|