/**
* Wrapper for built-in http.js to emulate the browser XMLHttpRequest object.
*
* This can be used with JS designed for browsers to improve reuse of code and
* allow the use of existing libraries.
*
* Usage: include("XMLHttpRequest.js") and use XMLHttpRequest per W3C specs.
*
* @author Dan DeFelippi <dan@driverdan.com>
* @contributor David Ellis <d.f.ellis@ieee.org>
* @license MIT
*/
var fs = require('fs');
var Url = require('url');
var spawn = require('child_process').spawn;
/**
* Module exports.
*/
module.exports = XMLHttpRequest;
// backwards-compat
XMLHttpRequest.XMLHttpRequest = XMLHttpRequest;
/**
* `XMLHttpRequest` constructor.
*
* Supported options for the `opts` object are:
*
* - `agent`: An http.Agent instance; http.globalAgent may be used; if 'undefined', agent usage is disabled
*
* @param {Object} opts optional "options" object
*/
function XMLHttpRequest(opts) {
"use strict";
opts = opts || {};
/**
* Private variables
*/
var self = this;
var http = require('http');
var https = require('https');
// Holds http.js objects
var request;
var response;
// Request settings
var settings = {};
// Disable header blacklist.
// Not part of XHR specs.
var disableHeaderCheck = false;
// Set some default headers
var defaultHeaders = {
"User-Agent": "node-XMLHttpRequest",
"Accept": "*/*"
};
var headers = Object.assign({}, defaultHeaders);
// These headers are not user setable.
// The following are allowed but banned in the spec:
// * user-agent
var forbiddenRequestHeaders = [
"accept-charset",
"accept-encoding",
"access-control-request-headers",
"access-control-request-method",
"connection",
"content-length",
"content-transfer-encoding",
"cookie",
"cookie2",
"date",
"expect",
"host",
"keep-alive",
"origin",
"referer",
"te",
"trailer",
"transfer-encoding",
"upgrade",
"via"
];
// These request methods are not allowed
var forbiddenRequestMethods = [
"TRACE",
"TRACK",
"CONNECT"
];
// Send flag
var sendFlag = false;
// Error flag, used when errors occur or abort is called
var errorFlag = false;
// Event listeners
var listeners = {};
/**
* Constants
*/
this.UNSENT = 0;
this.OPENED = 1;
this.HEADERS_RECEIVED = 2;
this.LOADING = 3;
this.DONE = 4;
/**
* Public vars
*/
// Current state
this.readyState = this.UNSENT;
// default ready state change handler in case one is not set or is set late
this.onreadystatechange = null;
// Result & response
this.responseText = "";
this.responseXML = "";
this.status = null;
this.statusText = null;
/**
* Private methods
*/
/**
* Check if the specified header is allowed.
*
* @param string header Header to validate
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpHeader = function(header) {
return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
};
/**
* Check if the specified method is allowed.
*
* @param string method Request method to validate
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpMethod = function(method) {
return (method && forbiddenRequestMethods.indexOf(method) === -1);
};
/**
* Public methods
*/
/**
* Open the connection. Currently supports local server requests.
*
* @param string method Connection method (eg GET, POST)
* @param string url URL for the connection.
* @param boolean async Asynchronous connection. Default is true.
* @param string user Username for basic authentication (optional)
* @param string password Password for basic authentication (optional)
*/
this.open = function(method, url, async, user, password) {
this.abort();
errorFlag = false;
// Check for valid request method
if (!isAllowedHttpMethod(method)) {
throw "SecurityError: Request method not allowed";
}
settings = {
"method": method,
"url": url.toString(),
"async": (typeof async !== "boolean" ? true : async),
"user": user || null,
"password": password || null
};
setState(this.OPENED);
};
/**
* Disables or enables isAllowedHttpHeader() check the request. Enabled by default.
* This does not conform to the W3C spec.
*
* @param boolean state Enable or disable header checking.
*/
this.setDisableHeaderCheck = function(state) {
disableHeaderCheck = state;
};
/**
* Sets a header for the request.
*
* @param string header Header name
* @param string value Header value
* @return boolean Header added
*/
this.setRequestHeader = function(header, value) {
if (this.readyState != this.OPENED) {
throw "INVALID_STATE_ERR: setRequestHeader can only be called when state is OPEN";
return false;
}
if (!isAllowedHttpHeader(header)) {
console.warn('Refused to set unsafe header "' + header + '"');
return false;
}
if (sendFlag) {
throw "INVALID_STATE_ERR: send flag is true";
return false;
}
headers[header] = value;
return true;
};
/**
* Gets a header from the server response.
*
* @param string header Name of header to get.
* @return string Text of the header or null if it doesn't exist.
*/
this.getResponseHeader = function(header) {
if (typeof header === "string"
&& this.readyState > this.OPENED
&& response.headers[header.toLowerCase()]
&& !errorFlag
) {
return response.headers[header.toLowerCase()];
}
return null;
};
/**
* Gets all the response headers.
*
* @return string A string with all response headers separated by CR+LF
*/
this.getAllResponseHeaders = function() {
if (this.readyState < this.HEADERS_RECEIVED || errorFlag) {
return "";
}
var result = "";
for (var i in response.headers) {
// Cookie headers are excluded
if (i !== "set-cookie" && i !== "set-cookie2") {
result += i + ": " + response.headers[i] + "\r\n";
}
}
return result.substr(0, result.length - 2);
};
/**
* Gets a request header
*
* @param string name Name of header to get
* @return string Returns the request header or empty string if not set
*/
this.getRequestHeader = function(name) {
// @TODO Make this case insensitive
if (typeof name === "string" && headers[name]) {
return headers[name];
}
return "";
};
/**
* Sends the request to the server.
*
* @param string data Optional data to send as request body.
*/
this.send = function(data) {
if (this.readyState != this.OPENED) {
throw "INVALID_STATE_ERR: connection must be opened before send() is called";
}
if (sendFlag) {
throw "INVALID_STATE_ERR: send has already been called";
}
var ssl = false, local = false;
var url = Url.parse(settings.url);
var host;
// Determine the server
switch (url.protocol) {
case 'https:':
ssl = true;
// SSL & non-SSL both need host, no break here.
case 'http:':
host = url.hostname;
break;
case 'file:':
local = true;
break;
case undefined:
case '':
host = "localhost";
break;
default:
throw "Protocol not supported.";
}
// Load files off the local filesystem (file://)
if (local) {
if (settings.method !== "GET") {
throw "XMLHttpRequest: Only GET method is supported";
}
if (settings.async) {
fs.readFile(url.pathname, 'utf8', function(error, data) {
if (error) {
self.handleError(error);
} else {
self.status = 200;
self.responseText = data;
setState(self.DONE);
}
});
} else {
try {
this.responseText = fs.readFileSync(url.pathname, 'utf8');
this.status = 200;
setState(self.DONE);
} catch(e) {
this.handleError(e);
}
}
return;
}
// Default to port 80. If accessing localhost on another port be sure
// to use http://localhost:port/path
var port = url.port || (ssl ? 443 : 80);
// Add query string if one is used
var uri = url.pathname + (url.search ? url.search : '');
// Set the Host header or the server may reject the request
headers["Host"] = host;
if (!((ssl && port === 443) || port === 80)) {
headers["Host"] += ':' + url.port;
}
// Set Basic Auth if necessary
if (settings.user) {
if (typeof settings.password == "undefined") {
settings.password = "";
}
var authBuf = new Buffer(settings.user + ":" + settings.password);
headers["Authorization"] = "Basic " + authBuf.toString("base64");
}
// Set content length header
if (settings.method === "GET" || settings.method === "HEAD") {
data = null;
} else if (data) {
headers["Content-Length"] = Buffer.isBuffer(data) ? data.length : Buffer.byteLength(data);
if (!headers["Content-Type"]) {
headers["Content-Type"] = "text/plain;charset=UTF-8";
}
} else if (settings.method === "POST") {
// For a post with no data set Content-Length: 0.
// This is required by buggy servers that don't meet the specs.
headers["Content-Length"] = 0;
}
var agent = opts.agent || false;
var options = {
host: host,
port: port,
path: uri,
method: settings.method,
headers: headers,
agent: agent
};
if (ssl) {
options.pfx = opts.pfx;
options.key = opts.key;
options.passphrase = opts.passphrase;
options.cert = opts.cert;
options.ca = opts.ca;
options.ciphers = opts.ciphers;
options.rejectUnauthorized = opts.rejectUnauthorized;
}
// Reset error flag
errorFlag = false;
// Handle async requests
if (settings.async) {
// Use the proper protocol
var doRequest = ssl ? https.request : http.request;
// Request is being sent, set send flag
sendFlag = true;
// As per spec, this is called here for historical reasons.
self.dispatchEvent("readystatechange");
// Handler for the response
var responseHandler = function(resp) {
// Set response var to the response we got back
// This is so it remains accessable outside this scope
response = resp;
// Check for redirect
// @TODO Prevent looped redirects
if (response.statusCode === 302 || response.statusCode === 303 || response.statusCode === 307) {
// Change URL to the redirect location
settings.url = response.headers.location;
var url = Url.parse(settings.url);
// Set host var in case it's used later
host = url.hostname;
// Options for the new request
var newOptions = {
hostname: url.hostname,
port: url.port,
path: url.path,
method: response.statusCode === 303 ? 'GET' : settings.method,
headers: headers
};
if (ssl) {
newOptions.pfx = opts.pfx;
newOptions.key = opts.key;
newOptions.passphrase = opts.passphrase;
newOptions.cert = opts.cert;
newOptions.ca = opts.ca;
newOptions.ciphers = opts.ciphers;
newOptions.rejectUnauthorized = opts.rejectUnauthorized;
}
// Issue the new request
request = doRequest(newOptions, responseHandler).on('error', errorHandler);
request.end();
// @TODO Check if an XHR event needs to be fired here
return;
}
if (response && response.setEncoding) {
response.setEncoding("utf8");
}
setState(self.HEADERS_RECEIVED);
self.status = response.statusCode;
response.on('data', function(chunk) {
// Make sure there's some data
if (chunk) {
self.responseText += chunk;
}
// Don't emit state changes if the connection has been aborted.
if (sendFlag) {
setState(self.LOADING);
}
});
response.on('end', function() {
if (sendFlag) {
// The sendFlag needs to be set before setState is called. Otherwise if we are chaining callbacks
// there can be a timing issue (the callback is called and a new call is made before the flag is reset).
sendFlag = false;
// Discard the 'end' event if the connection has been aborted
setState(self.DONE);
}
});
response.on('error', function(error) {
self.handleError(error);
});
}
// Error handler for the request
var errorHandler = function(error) {
self.handleError(error);
}
// Create the request
request = doRequest(options, responseHandler).on('error', errorHandler);
// Node 0.4 and later won't accept empty data. Make sure it's needed.
if (data) {
request.write(data);
}
request.end();
self.dispatchEvent("loadstart");
} else { // Synchronous
// Create a temporary file for communication with the other Node process
var contentFile = ".node-xmlhttprequest-content-" + process.pid;
var syncFile = ".node-xmlhttprequest-sync-" + process.pid;
fs.writeFileSync(syncFile, "", "utf8");
// The async request the other Node process executes
var execString = "var http = require('http'), https = require('https'), fs = require('fs');"
+ "var doRequest = http" + (ssl ? "s" : "") + ".request;"
+ "var options = " + JSON.stringify(options) + ";"
+ "var responseText = '';"
+ "var req = doRequest(options, function(response) {"
+ "response.setEncoding('utf8');"
+ "response.on('data', function(chunk) {"
+ " responseText += chunk;"
+ "});"
+ "response.on('end', function() {"
+ "fs.writeFileSync('" + contentFile + "', 'NODE-XMLHTTPREQUEST-STATUS:' + response.statusCode + ',' + responseText, 'utf8');"
+ "fs.unlinkSync('" + syncFile + "');"
+ "});"
+ "response.on('error', function(error) {"
+ "fs.writeFileSync('" + contentFile + "', 'NODE-XMLHTTPREQUEST-ERROR:' + JSON.stringify(error), 'utf8');"
+ "fs.unlinkSync('" + syncFile + "');"
+ "});"
+ "}).on('error', function(error) {"
+ "fs.writeFileSync('" + contentFile + "', 'NODE-XMLHTTPREQUEST-ERROR:' + JSON.stringify(error), 'utf8');"
+ "fs.unlinkSync('" + syncFile + "');"
+ "});"
+ (data ? "req.write('" + data.replace(/'/g, "\\'") + "');":"")
+ "req.end();";
// Start the other Node Process, executing this string
var syncProc = spawn(process.argv[0], ["-e", execString]);
var statusText;
while(fs.existsSync(syncFile)) {
// Wait while the sync file is empty
}
self.responseText = fs.readFileSync(contentFile, 'utf8');
// Kill the child process once the file has data
syncProc.stdin.end();
// Remove the temporary file
fs.unlinkSync(contentFile);
if (self.responseText.match(/^NODE-XMLHTTPREQUEST-ERROR:/)) {
// If the file returned an error, handle it
var errorObj = self.responseText.replace(/^NODE-XMLHTTPREQUEST-ERROR:/, "");
self.handleError(errorObj);
} else {
// If the file returned okay, parse its data and move to the DONE state
self.status = self.responseText.replace(/^NODE-XMLHTTPREQUEST-STATUS:([0-9]*),.*/, "$1");
self.responseText = self.responseText.replace(/^NODE-XMLHTTPREQUEST-STATUS:[0-9]*,(.*)/, "$1");
setState(self.DONE);
}
}
};
/**
* Called when an error is encountered to deal with it.
*/
this.handleError = function(error) {
this.status = 503;
this.statusText = error;
this.responseText = error.stack;
errorFlag = true;
setState(this.DONE);
};
/**
* Aborts a request.
*/
this.abort = function() {
if (request) {
request.abort();
request = null;
}
headers = Object.assign({}, defaultHeaders);
this.responseText = "";
this.responseXML = "";
errorFlag = true;
if (this.readyState !== this.UNSENT
&& (this.readyState !== this.OPENED || sendFlag)
&& this.readyState !== this.DONE) {
sendFlag = false;
setState(this.DONE);
}
this.readyState = this.UNSENT;
};
/**
* Adds an event listener. Preferred method of binding to events.
*/
this.addEventListener = function(event, callback) {
if (!(event in listeners)) {
listeners[event] = [];
}
// Currently allows duplicate callbacks. Should it?
listeners[event].push(callback);
};
/**
* Remove an event callback that has already been bound.
* Only works on the matching funciton, cannot be a copy.
*/
this.removeEventListener = function(event, callback) {
if (event in listeners) {
// Filter will return a new array with the callback removed
listeners[event] = listeners[event].filter(function(ev) {
return ev !== callback;
});
}
};
/**
* Dispatch any events, including both "on" methods and events attached using addEventListener.
*/
this.dispatchEvent = function(event) {
if (typeof self["on" + event] === "function") {
self["on" + event]();
}
if (event in listeners) {
for (var i = 0, len = listeners[event].length; i < len; i++) {
listeners[event][i].call(self);
}
}
};
/**
* Changes readyState and calls onreadystatechange.
*
* @param int state New state
*/
var setState = function(state) {
if (self.readyState !== state) {
self.readyState = state;
if (settings.async || self.readyState < self.OPENED || self.readyState === self.DONE) {
self.dispatchEvent("readystatechange");
}
if (self.readyState === self.DONE && !errorFlag) {
self.dispatchEvent("load");
// @TODO figure out InspectorInstrumentation::didLoadXHR(cookie)
self.dispatchEvent("loadend");
}
}
};
};