1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 | var debug = require('debug')('send')
|
7 | var deprecate = require('depd')('send')
|
8 | var escapeHtml = require('escape-html')
|
9 | , parseRange = require('range-parser')
|
10 | , Stream = require('stream')
|
11 | , mime = require('mime')
|
12 | , fresh = require('fresh')
|
13 | , path = require('path')
|
14 | , http = require('http')
|
15 | , onFinished = require('finished')
|
16 | , fs = require('fs')
|
17 | , basename = path.basename
|
18 | , normalize = path.normalize
|
19 | , join = path.join
|
20 | , utils = require('./utils');
|
21 | var EventEmitter = require('events').EventEmitter;
|
22 | var ms = require('ms');
|
23 |
|
24 |
|
25 |
|
26 |
|
27 | var maxMaxAge = 60 * 60 * 24 * 365 * 1000;
|
28 | var upPathRegexp = /(?:^|[\\\/])\.\.(?:[\\\/]|$)/;
|
29 |
|
30 |
|
31 |
|
32 |
|
33 |
|
34 | exports = module.exports = send;
|
35 |
|
36 |
|
37 |
|
38 |
|
39 |
|
40 | exports.mime = mime;
|
41 |
|
42 |
|
43 |
|
44 |
|
45 |
|
46 |
|
47 | var listenerCount = EventEmitter.listenerCount
|
48 | || function(emitter, type){ return emitter.listeners(type).length; };
|
49 |
|
50 |
|
51 |
|
52 |
|
53 |
|
54 |
|
55 |
|
56 |
|
57 |
|
58 |
|
59 |
|
60 | function send(req, path, options) {
|
61 | return new SendStream(req, path, options);
|
62 | }
|
63 |
|
64 |
|
65 |
|
66 |
|
67 |
|
68 |
|
69 |
|
70 |
|
71 |
|
72 |
|
73 |
|
74 |
|
75 |
|
76 |
|
77 |
|
78 |
|
79 |
|
80 | function SendStream(req, path, options) {
|
81 | var self = this;
|
82 | options = options || {};
|
83 | this.req = req;
|
84 | this.path = path;
|
85 | this.options = options;
|
86 |
|
87 | this._etag = options.etag !== undefined
|
88 | ? Boolean(options.etag)
|
89 | : true
|
90 |
|
91 | this._hidden = Boolean(options.hidden)
|
92 |
|
93 | this._index = options.index !== undefined
|
94 | ? normalizeIndex(options.index)
|
95 | : ['index.html']
|
96 |
|
97 | this._maxage = options.maxAge || options.maxage
|
98 | this._maxage = typeof this._maxage === 'string'
|
99 | ? ms(this._maxage)
|
100 | : Number(this._maxage)
|
101 | this._maxage = !isNaN(this._maxage)
|
102 | ? Math.min(Math.max(0, this._maxage), maxMaxAge)
|
103 | : 0
|
104 |
|
105 | this._root = options.root
|
106 | ? normalize(options.root)
|
107 | : null
|
108 |
|
109 | if (!this._root && options.from) {
|
110 | this.from(options.from);
|
111 | }
|
112 | }
|
113 |
|
114 |
|
115 |
|
116 |
|
117 |
|
118 | SendStream.prototype.__proto__ = Stream.prototype;
|
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
|
128 | SendStream.prototype.etag = deprecate.function(function etag(val) {
|
129 | val = Boolean(val);
|
130 | debug('etag %s', val);
|
131 | this._etag = val;
|
132 | return this;
|
133 | }, 'send.etag: pass etag as option');
|
134 |
|
135 |
|
136 |
|
137 |
|
138 |
|
139 |
|
140 |
|
141 |
|
142 |
|
143 | SendStream.prototype.hidden = deprecate.function(function hidden(val) {
|
144 | val = Boolean(val);
|
145 | debug('hidden %s', val);
|
146 | this._hidden = val;
|
147 | return this;
|
148 | }, 'send.hidden: pass hidden as option');
|
149 |
|
150 |
|
151 |
|
152 |
|
153 |
|
154 |
|
155 |
|
156 |
|
157 |
|
158 |
|
159 | SendStream.prototype.index = deprecate.function(function index(paths) {
|
160 | var index = !paths ? [] : normalizeIndex(paths);
|
161 | debug('index %o', paths);
|
162 | this._index = index;
|
163 | return this;
|
164 | }, 'send.index: pass index as option');
|
165 |
|
166 |
|
167 |
|
168 |
|
169 |
|
170 |
|
171 |
|
172 |
|
173 |
|
174 | SendStream.prototype.root = function(path){
|
175 | path = String(path);
|
176 | this._root = normalize(path);
|
177 | return this;
|
178 | };
|
179 |
|
180 | SendStream.prototype.from = deprecate.function(SendStream.prototype.root,
|
181 | 'send.from: pass root as option');
|
182 |
|
183 | SendStream.prototype.root = deprecate.function(SendStream.prototype.root,
|
184 | 'send.root: pass root as option');
|
185 |
|
186 |
|
187 |
|
188 |
|
189 |
|
190 |
|
191 |
|
192 |
|
193 |
|
194 | SendStream.prototype.maxage = deprecate.function(function maxage(maxAge) {
|
195 | maxAge = typeof maxAge === 'string'
|
196 | ? ms(maxAge)
|
197 | : Number(maxAge);
|
198 | if (isNaN(maxAge)) maxAge = 0;
|
199 | if (Infinity == maxAge) maxAge = 60 * 60 * 24 * 365 * 1000;
|
200 | debug('max-age %d', maxAge);
|
201 | this._maxage = maxAge;
|
202 | return this;
|
203 | }, 'send.maxage: pass maxAge as option');
|
204 |
|
205 |
|
206 |
|
207 |
|
208 |
|
209 |
|
210 |
|
211 |
|
212 | SendStream.prototype.error = function(status, err){
|
213 | var res = this.res;
|
214 | var msg = http.STATUS_CODES[status];
|
215 |
|
216 | err = err || new Error(msg);
|
217 | err.status = status;
|
218 |
|
219 |
|
220 | if (listenerCount(this, 'error') !== 0) {
|
221 | return this.emit('error', err);
|
222 | }
|
223 |
|
224 |
|
225 | res._headers = undefined;
|
226 |
|
227 | res.statusCode = err.status;
|
228 | res.end(msg);
|
229 | };
|
230 |
|
231 |
|
232 |
|
233 |
|
234 |
|
235 |
|
236 |
|
237 |
|
238 | SendStream.prototype.isMalicious = function(){
|
239 | return !this._root && ~this.path.indexOf('..') && upPathRegexp.test(this.path);
|
240 | };
|
241 |
|
242 |
|
243 |
|
244 |
|
245 |
|
246 |
|
247 |
|
248 |
|
249 | SendStream.prototype.hasTrailingSlash = function(){
|
250 | return '/' == this.path[this.path.length - 1];
|
251 | };
|
252 |
|
253 |
|
254 |
|
255 |
|
256 |
|
257 |
|
258 |
|
259 |
|
260 | SendStream.prototype.hasLeadingDot = function(){
|
261 | return '.' == basename(this.path)[0];
|
262 | };
|
263 |
|
264 |
|
265 |
|
266 |
|
267 |
|
268 |
|
269 |
|
270 |
|
271 | SendStream.prototype.isConditionalGET = function(){
|
272 | return this.req.headers['if-none-match']
|
273 | || this.req.headers['if-modified-since'];
|
274 | };
|
275 |
|
276 |
|
277 |
|
278 |
|
279 |
|
280 |
|
281 |
|
282 | SendStream.prototype.removeContentHeaderFields = function(){
|
283 | var res = this.res;
|
284 | Object.keys(res._headers).forEach(function(field){
|
285 | if (0 == field.indexOf('content')) {
|
286 | res.removeHeader(field);
|
287 | }
|
288 | });
|
289 | };
|
290 |
|
291 |
|
292 |
|
293 |
|
294 |
|
295 |
|
296 |
|
297 | SendStream.prototype.notModified = function(){
|
298 | var res = this.res;
|
299 | debug('not modified');
|
300 | this.removeContentHeaderFields();
|
301 | res.statusCode = 304;
|
302 | res.end();
|
303 | };
|
304 |
|
305 |
|
306 |
|
307 |
|
308 |
|
309 |
|
310 |
|
311 | SendStream.prototype.headersAlreadySent = function headersAlreadySent(){
|
312 | var err = new Error('Can\'t set headers after they are sent.');
|
313 | debug('headers already sent');
|
314 | this.error(500, err);
|
315 | };
|
316 |
|
317 |
|
318 |
|
319 |
|
320 |
|
321 |
|
322 |
|
323 |
|
324 |
|
325 | SendStream.prototype.isCachable = function(){
|
326 | var res = this.res;
|
327 | return (res.statusCode >= 200 && res.statusCode < 300) || 304 == res.statusCode;
|
328 | };
|
329 |
|
330 |
|
331 |
|
332 |
|
333 |
|
334 |
|
335 |
|
336 |
|
337 | SendStream.prototype.onStatError = function(err){
|
338 | var notfound = ['ENOENT', 'ENAMETOOLONG', 'ENOTDIR'];
|
339 | if (~notfound.indexOf(err.code)) return this.error(404, err);
|
340 | this.error(500, err);
|
341 | };
|
342 |
|
343 |
|
344 |
|
345 |
|
346 |
|
347 |
|
348 |
|
349 |
|
350 | SendStream.prototype.isFresh = function(){
|
351 | return fresh(this.req.headers, this.res._headers);
|
352 | };
|
353 |
|
354 |
|
355 |
|
356 |
|
357 |
|
358 |
|
359 |
|
360 |
|
361 | SendStream.prototype.isRangeFresh = function isRangeFresh(){
|
362 | var ifRange = this.req.headers['if-range'];
|
363 |
|
364 | if (!ifRange) return true;
|
365 |
|
366 | return ~ifRange.indexOf('"')
|
367 | ? ~ifRange.indexOf(this.res._headers['etag'])
|
368 | : Date.parse(this.res._headers['last-modified']) <= Date.parse(ifRange);
|
369 | };
|
370 |
|
371 |
|
372 |
|
373 |
|
374 |
|
375 |
|
376 |
|
377 |
|
378 | SendStream.prototype.redirect = function(path){
|
379 | if (listenerCount(this, 'directory') !== 0) {
|
380 | return this.emit('directory');
|
381 | }
|
382 |
|
383 | if (this.hasTrailingSlash()) return this.error(403);
|
384 | var res = this.res;
|
385 | path += '/';
|
386 | res.statusCode = 301;
|
387 | res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
388 | res.setHeader('Location', path);
|
389 | res.end('Redirecting to <a href="' + escapeHtml(path) + '">' + escapeHtml(path) + '</a>\n');
|
390 | };
|
391 |
|
392 |
|
393 |
|
394 |
|
395 |
|
396 |
|
397 |
|
398 |
|
399 |
|
400 | SendStream.prototype.pipe = function(res){
|
401 | var self = this
|
402 | , args = arguments
|
403 | , path = this.path
|
404 | , root = this._root;
|
405 |
|
406 |
|
407 | this.res = res;
|
408 |
|
409 |
|
410 | path = utils.decode(path);
|
411 | if (-1 == path) return this.error(400);
|
412 |
|
413 |
|
414 | if (~path.indexOf('\0')) return this.error(400);
|
415 |
|
416 |
|
417 | if (root) path = normalize(join(this._root, path));
|
418 |
|
419 |
|
420 | if (this.isMalicious()) return this.error(403);
|
421 |
|
422 |
|
423 | if (root && 0 != path.indexOf(root)) return this.error(403);
|
424 |
|
425 |
|
426 | if (!this._hidden && this.hasLeadingDot()) return this.error(404);
|
427 |
|
428 |
|
429 | if (this._index.length && this.hasTrailingSlash()) {
|
430 | this.sendIndex(path);
|
431 | return res;
|
432 | }
|
433 |
|
434 | debug('stat "%s"', path);
|
435 | fs.stat(path, function(err, stat){
|
436 | if (err) return self.onStatError(err);
|
437 | if (stat.isDirectory()) return self.redirect(self.path);
|
438 | self.emit('file', path, stat);
|
439 | self.send(path, stat);
|
440 | });
|
441 |
|
442 | return res;
|
443 | };
|
444 |
|
445 |
|
446 |
|
447 |
|
448 |
|
449 |
|
450 |
|
451 |
|
452 | SendStream.prototype.send = function(path, stat){
|
453 | var options = this.options;
|
454 | var len = stat.size;
|
455 | var res = this.res;
|
456 | var req = this.req;
|
457 | var ranges = req.headers.range;
|
458 | var offset = options.start || 0;
|
459 |
|
460 | if (res._header) {
|
461 |
|
462 | return this.headersAlreadySent();
|
463 | }
|
464 |
|
465 | debug('options %o', options);
|
466 |
|
467 |
|
468 | this.setHeader(path, stat);
|
469 |
|
470 |
|
471 | this.type(path);
|
472 |
|
473 |
|
474 | if (this.isConditionalGET()
|
475 | && this.isCachable()
|
476 | && this.isFresh()) {
|
477 | return this.notModified();
|
478 | }
|
479 |
|
480 |
|
481 | len = Math.max(0, len - offset);
|
482 | if (options.end !== undefined) {
|
483 | var bytes = options.end - offset + 1;
|
484 | if (len > bytes) len = bytes;
|
485 | }
|
486 |
|
487 |
|
488 | if (ranges) {
|
489 | ranges = parseRange(len, ranges);
|
490 |
|
491 |
|
492 | if (!this.isRangeFresh()) {
|
493 | debug('range stale');
|
494 | ranges = -2;
|
495 | }
|
496 |
|
497 |
|
498 | if (-1 == ranges) {
|
499 | debug('range unsatisfiable');
|
500 | res.setHeader('Content-Range', 'bytes */' + stat.size);
|
501 | return this.error(416);
|
502 | }
|
503 |
|
504 |
|
505 | if (-2 != ranges && ranges.length === 1) {
|
506 | debug('range %j', ranges);
|
507 |
|
508 | options.start = offset + ranges[0].start;
|
509 | options.end = offset + ranges[0].end;
|
510 |
|
511 |
|
512 | res.statusCode = 206;
|
513 | res.setHeader('Content-Range', 'bytes '
|
514 | + ranges[0].start
|
515 | + '-'
|
516 | + ranges[0].end
|
517 | + '/'
|
518 | + len);
|
519 | len = options.end - options.start + 1;
|
520 | }
|
521 | }
|
522 |
|
523 |
|
524 | res.setHeader('Content-Length', len);
|
525 |
|
526 |
|
527 | if ('HEAD' == req.method) return res.end();
|
528 |
|
529 | this.stream(path, options);
|
530 | };
|
531 |
|
532 |
|
533 |
|
534 |
|
535 |
|
536 |
|
537 |
|
538 | SendStream.prototype.sendIndex = function sendIndex(path){
|
539 | var i = -1;
|
540 | var self = this;
|
541 |
|
542 | function next(err){
|
543 | if (++i >= self._index.length) {
|
544 | if (err) return self.onStatError(err);
|
545 | return self.error(404);
|
546 | }
|
547 |
|
548 | var p = path + self._index[i];
|
549 |
|
550 | debug('stat "%s"', p);
|
551 | fs.stat(p, function(err, stat){
|
552 | if (err) return next(err);
|
553 | if (stat.isDirectory()) return next();
|
554 | self.emit('file', p, stat);
|
555 | self.send(p, stat);
|
556 | });
|
557 | }
|
558 |
|
559 | if (!this.hasTrailingSlash()) path += '/';
|
560 |
|
561 | next();
|
562 | };
|
563 |
|
564 |
|
565 |
|
566 |
|
567 |
|
568 |
|
569 |
|
570 |
|
571 |
|
572 | SendStream.prototype.stream = function(path, options){
|
573 |
|
574 | var finished = false;
|
575 | var self = this;
|
576 | var res = this.res;
|
577 | var req = this.req;
|
578 |
|
579 |
|
580 | var stream = fs.createReadStream(path, options);
|
581 | this.emit('stream', stream);
|
582 | stream.pipe(res);
|
583 |
|
584 |
|
585 | onFinished(res, function onfinished(){
|
586 | finished = true;
|
587 | stream.destroy();
|
588 | });
|
589 |
|
590 |
|
591 | stream.on('error', function onerror(err){
|
592 |
|
593 | if (finished) return;
|
594 |
|
595 |
|
596 | finished = true;
|
597 | stream.destroy();
|
598 |
|
599 |
|
600 | if (res._header) {
|
601 | console.error(err.stack);
|
602 | req.destroy();
|
603 | return;
|
604 | }
|
605 |
|
606 |
|
607 | self.onStatError(err);
|
608 | });
|
609 |
|
610 |
|
611 | stream.on('end', function onend(){
|
612 | self.emit('end');
|
613 | });
|
614 | };
|
615 |
|
616 |
|
617 |
|
618 |
|
619 |
|
620 |
|
621 |
|
622 |
|
623 |
|
624 | SendStream.prototype.type = function(path){
|
625 | var res = this.res;
|
626 | if (res.getHeader('Content-Type')) return;
|
627 | var type = mime.lookup(path);
|
628 | var charset = mime.charsets.lookup(type);
|
629 | debug('content-type %s', type);
|
630 | res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''));
|
631 | };
|
632 |
|
633 |
|
634 |
|
635 |
|
636 |
|
637 |
|
638 |
|
639 |
|
640 |
|
641 |
|
642 | SendStream.prototype.setHeader = function setHeader(path, stat){
|
643 | var res = this.res;
|
644 |
|
645 | this.emit('headers', res, path, stat);
|
646 |
|
647 | if (!res.getHeader('Accept-Ranges')) res.setHeader('Accept-Ranges', 'bytes');
|
648 | if (!res.getHeader('Date')) res.setHeader('Date', new Date().toUTCString());
|
649 | if (!res.getHeader('Cache-Control')) res.setHeader('Cache-Control', 'public, max-age=' + Math.floor(this._maxage / 1000));
|
650 | if (!res.getHeader('Last-Modified')) res.setHeader('Last-Modified', stat.mtime.toUTCString());
|
651 |
|
652 | if (this._etag && !res.getHeader('ETag')) {
|
653 | var etag = utils.etag(path, stat);
|
654 | debug('etag %s', etag);
|
655 | res.setHeader('ETag', etag);
|
656 | }
|
657 | };
|
658 |
|
659 |
|
660 |
|
661 |
|
662 |
|
663 |
|
664 |
|
665 |
|
666 | function normalizeIndex(val){
|
667 | return [].concat(val || [])
|
668 | }
|