index.js
6.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
/**
* Module dependencies.
*/
var net = require('net');
var tls = require('tls');
var url = require('url');
var assert = require('assert');
var Agent = require('agent-base');
var inherits = require('util').inherits;
var debug = require('debug')('https-proxy-agent');
/**
* Module exports.
*/
module.exports = HttpsProxyAgent;
/**
* The `HttpsProxyAgent` implements an HTTP Agent subclass that connects to the
* specified "HTTP(s) proxy server" in order to proxy HTTPS requests.
*
* @api public
*/
function HttpsProxyAgent(opts) {
if (!(this instanceof HttpsProxyAgent)) return new HttpsProxyAgent(opts);
if ('string' == typeof opts) opts = url.parse(opts);
if (!opts)
throw new Error(
'an HTTP(S) proxy server `host` and `port` must be specified!'
);
debug('creating new HttpsProxyAgent instance: %o', opts);
Agent.call(this, opts);
var proxy = Object.assign({}, opts);
// if `true`, then connect to the proxy server over TLS. defaults to `false`.
this.secureProxy = proxy.protocol
? /^https:?$/i.test(proxy.protocol)
: false;
// prefer `hostname` over `host`, and set the `port` if needed
proxy.host = proxy.hostname || proxy.host;
proxy.port = +proxy.port || (this.secureProxy ? 443 : 80);
// ALPN is supported by Node.js >= v5.
// attempt to negotiate http/1.1 for proxy servers that support http/2
if (this.secureProxy && !('ALPNProtocols' in proxy)) {
proxy.ALPNProtocols = ['http 1.1'];
}
if (proxy.host && proxy.path) {
// if both a `host` and `path` are specified then it's most likely the
// result of a `url.parse()` call... we need to remove the `path` portion so
// that `net.connect()` doesn't attempt to open that as a unix socket file.
delete proxy.path;
delete proxy.pathname;
}
this.proxy = proxy;
this.defaultPort = 443;
}
inherits(HttpsProxyAgent, Agent);
/**
* Called when the node-core HTTP client library is creating a new HTTP request.
*
* @api public
*/
HttpsProxyAgent.prototype.callback = function connect(req, opts, fn) {
var proxy = this.proxy;
// create a socket connection to the proxy server
var socket;
if (this.secureProxy) {
socket = tls.connect(proxy);
} else {
socket = net.connect(proxy);
}
// we need to buffer any HTTP traffic that happens with the proxy before we get
// the CONNECT response, so that if the response is anything other than an "200"
// response code, then we can re-play the "data" events on the socket once the
// HTTP parser is hooked up...
var buffers = [];
var buffersLength = 0;
function read() {
var b = socket.read();
if (b) ondata(b);
else socket.once('readable', read);
}
function cleanup() {
socket.removeListener('end', onend);
socket.removeListener('error', onerror);
socket.removeListener('close', onclose);
socket.removeListener('readable', read);
}
function onclose(err) {
debug('onclose had error %o', err);
}
function onend() {
debug('onend');
}
function onerror(err) {
cleanup();
fn(err);
}
function ondata(b) {
buffers.push(b);
buffersLength += b.length;
var buffered = Buffer.concat(buffers, buffersLength);
var str = buffered.toString('ascii');
if (!~str.indexOf('\r\n\r\n')) {
// keep buffering
debug('have not received end of HTTP headers yet...');
read();
return;
}
var firstLine = str.substring(0, str.indexOf('\r\n'));
var statusCode = +firstLine.split(' ')[1];
debug('got proxy server response: %o', firstLine);
if (200 == statusCode) {
// 200 Connected status code!
var sock = socket;
// nullify the buffered data since we won't be needing it
buffers = buffered = null;
if (opts.secureEndpoint) {
// since the proxy is connecting to an SSL server, we have
// to upgrade this socket connection to an SSL connection
debug(
'upgrading proxy-connected socket to TLS connection: %o',
opts.host
);
opts.socket = socket;
opts.servername = opts.servername || opts.host;
opts.host = null;
opts.hostname = null;
opts.port = null;
sock = tls.connect(opts);
}
cleanup();
req.once('socket', resume);
fn(null, sock);
} else {
// some other status code that's not 200... need to re-play the HTTP header
// "data" events onto the socket once the HTTP machinery is attached so
// that the node core `http` can parse and handle the error status code
cleanup();
// the original socket is closed, and a new closed socket is
// returned instead, so that the proxy doesn't get the HTTP request
// written to it (which may contain `Authorization` headers or other
// sensitive data).
//
// See: https://hackerone.com/reports/541502
socket.destroy();
socket = new net.Socket();
socket.readable = true;
// save a reference to the concat'd Buffer for the `onsocket` callback
buffers = buffered;
// need to wait for the "socket" event to re-play the "data" events
req.once('socket', onsocket);
fn(null, socket);
}
}
function onsocket(socket) {
debug('replaying proxy buffer for failed request');
assert(socket.listenerCount('data') > 0);
// replay the "buffers" Buffer onto the `socket`, since at this point
// the HTTP module machinery has been hooked up for the user
socket.push(buffers);
// nullify the cached Buffer instance
buffers = null;
}
socket.on('error', onerror);
socket.on('close', onclose);
socket.on('end', onend);
read();
var hostname = opts.host + ':' + opts.port;
var msg = 'CONNECT ' + hostname + ' HTTP/1.1\r\n';
var headers = Object.assign({}, proxy.headers);
if (proxy.auth) {
headers['Proxy-Authorization'] =
'Basic ' + Buffer.from(proxy.auth).toString('base64');
}
// the Host header should only include the port
// number when it is a non-standard port
var host = opts.host;
if (!isDefaultPort(opts.port, opts.secureEndpoint)) {
host += ':' + opts.port;
}
headers['Host'] = host;
headers['Connection'] = 'close';
Object.keys(headers).forEach(function(name) {
msg += name + ': ' + headers[name] + '\r\n';
});
socket.write(msg + '\r\n');
};
/**
* Resumes a socket.
*
* @param {(net.Socket|tls.Socket)} socket The socket to resume
* @api public
*/
function resume(socket) {
socket.resume();
}
function isDefaultPort(port, secure) {
return Boolean((!secure && port === 80) || (secure && port === 443));
}