Open mhf-ir opened 5 years ago
Force to audit fix packages:
sweb@sweb-laptop:/tmp/node-http-proxy$ npm audit fix --force
npm WARN using --force I sure hope you know what you are doing.
+ mocha@6.1.4
+ nyc@14.1.1
+ ws@7.0.0
added 139 packages from 107 contributors, removed 307 packages, updated 13 packages and moved 45 packages in 53.056s
fixed 18 of 18 vulnerabilities in 1550 scanned packages
3 package updates for 17 vulns involved breaking changes
(installed due to `--force` option)
Remove node_modules
sweb@sweb-laptop:/tmp/node-http-proxy$ rm node_modules -rf
sweb@sweb-laptop:/tmp/node-http-proxy$ npm install
added 267 packages from 610 contributors and audited 770 packages in 2.515s
found 0 vulnerabilities
6) lib/http-proxy.js
HTTPS #createProxyServer
HTTPS not allow SSL self signed
should fail with error:
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
at Object.createSecureContext (_tls_common.js:113:17)
at Server (_tls_wrap.js:870:27)
at new Server (https.js:62:14)
at Object.createServer (https.js:85:10)
at Context.<anonymous> (test/lib-https-proxy-test.js:155:28)
ssl key is to small change key size of agent2.cnf
to 2048
and regenerate it via open ssl.
$ cd test/fixtures
$ rm agent2-*
$ openssl genrsa -out ./agent2-key.pem 2048
$ openssl req -config agent2.cnf -new -key agent2-key.pem -out agent2-csr.pem
$ openssl x509 -req -in agent2-csr.pem -signkey agent2-key.pem -out agent2-cert.pem
Signature ok
subject=C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
Getting Private key
Then i run test again:
sweb@sweb-laptop:/tmp/node-http-proxy$ npm run test
> http-proxy@1.17.0 test /tmp/node-http-proxy
> nyc --reporter=text --reporter=lcov npm run mocha
> http-proxy@1.17.0 mocha /tmp/node-http-proxy
> mocha test/*-test.js
http-proxy examples
Before testing examples
- should have installed dependencies
Requiring all the examples
- should have no errors
lib/http-proxy/common.js
#setupOutgoing
✓ should setup the correct headers
✓ should not override agentless upgrade header
✓ should not override agentless connection: contains upgrade
✓ should override agentless connection: contains improper upgrade
✓ should override agentless non-upgrade header to close
✓ should set the agent to false if none is given
✓ set the port according to the protocol
✓ should keep the original target path in the outgoing path
✓ should keep the original forward path in the outgoing path
✓ should properly detect https/wss protocol without the colon
✓ should not prepend the target path to the outgoing path with prependPath = false
✓ should properly join paths
✓ should not modify the query string
✓ should correctly format the toProxy URL
✓ should not replace : to :\ when no https word before
✓ should not replace : to :\ when no http word before
✓ should pass through https client parameters
✓ should handle overriding the `method` of the http request
✓ should not pass null as last arg to #urlJoin
when using ignorePath
✓ should ignore the path of the `req.url` passed in but use the target path
✓ and prependPath: false, it should ignore path of target and incoming request
when using changeOrigin
✓ should correctly set the port to the host when it is a non-standard port using url.parse
✓ should correctly set the port to the host when it is a non-standard port when setting host and port manually (which ignores port)
#setupSocket
✓ should setup a socket
lib/http-proxy/passes/web.js
#deleteLength
✓ should change `content-length` for DELETE requests
✓ should change `content-length` for OPTIONS requests
✓ should remove `transfer-encoding` from empty DELETE requests
#timeout
✓ should set timeout on the socket
#XHeaders
✓ set the correct x-forwarded-* headers
#createProxyServer.web() using own http server
✓ should proxy the request using the web proxy handler
✓ should detect a proxyReq event and modify headers
✓ should proxy the request and handle error via callback
✓ should proxy the request and handle error via event listener
✓ should forward the request and handle error via event listener
✓ should proxy the request and handle timeout error (proxyTimeout) (105ms)
✓ should proxy the request and handle timeout error (108ms)
✓ should proxy the request and provide a proxyRes event with the request and response parameters
✓ should proxy the request and provide and respond to manual user response when using modifyResponse
✓ should proxy the request and handle changeOrigin option
✓ should proxy the request with the Authorization header set
(node:30863) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
✓ should proxy requests to multiple servers with different options
#followRedirects
✓ should proxy the request follow redirects
lib/http-proxy/passes/web-outgoing.js
#setRedirectHostRewrite
rewrites location host with hostRewrite
✓ on 201
✓ on 301
✓ on 302
✓ on 307
✓ on 308
✓ not on 200
✓ not when hostRewrite is unset
✓ takes precedence over autoRewrite
✓ not when the redirected location does not match target host
✓ not when the redirected location does not match target port
rewrites location host with autoRewrite
✓ on 201
✓ on 301
✓ on 302
✓ on 307
✓ on 308
✓ not on 200
✓ not when autoRewrite is unset
✓ not when the redirected location does not match target host
✓ not when the redirected location does not match target port
rewrites location protocol with protocolRewrite
✓ on 201
✓ on 301
✓ on 302
✓ on 307
✓ on 308
✓ not on 200
✓ not when protocolRewrite is unset
✓ works together with hostRewrite
✓ works together with autoRewrite
#setConnection
✓ set the right connection with 1.0 - `close`
✓ set the right connection with 1.0 - req.connection
✓ set the right connection - req.connection
✓ set the right connection - `keep-alive`
✓ don`t set connection with 2.0 if exist
✓ don`t set connection with 2.0 if doesn`t exist
#writeStatusCode
✓ should write status code
#writeHeaders
✓ writes headers
✓ writes raw headers
✓ rewrites path
✓ does not rewrite path
✓ removes path
✓ does not rewrite domain
✓ rewrites domain
✓ removes domain
✓ rewrites headers with advanced configuration
✓ rewrites raw headers with advanced configuration
lib/http-proxy/passes/ws-incoming.js
#checkMethodAndHeader
✓ should drop non-GET connections
✓ should drop connections when no upgrade header
✓ should drop connections when upgrade header is different of `websocket`
✓ should return nothing when all is ok
#XHeaders
✓ return if no forward request
✓ set the correct x-forwarded-* headers from req.connection
✓ set the correct x-forwarded-* headers from req.socket
lib/http-proxy.js
#createProxyServer
- should throw without options
✓ should return an object otherwise
#createProxyServer with forward options and using web-incoming passes
✓ should pipe the request using web-incoming#stream method
#createProxyServer using the web-incoming passes
✓ should proxy sse
✓ should make the request on pipe and finish it
#createProxyServer using the web-incoming passes
✓ should make the request, handle response and finish it
#createProxyServer() method with error response
✓ should make the request and emit the error event
#createProxyServer setting the correct timeout value
✓ should hang up the socket at the timeout
#createProxyServer with xfwd option
✓ should not throw on empty http host header
#createProxyServer using the ws-incoming passes
✓ should proxy the websockets stream
✓ should emit error on proxy error
✓ should close client socket if upstream is closed before upgrade
✓ should proxy a socket.io stream
✓ should emit open and close events when socket.io client connects and disconnects
1) should pass all set-cookie headers to client
2) should detect a proxyReq event and modify headers
✓ should forward frames with single frame payload (including on node 4.x)
✓ should forward continuation frames with big payload (including on node 4.x)
lib/http-proxy.js
HTTPS #createProxyServer
HTTPS to HTTP
✓ should proxy the request en send back the response
HTTP to HTTPS
✓ should proxy the request en send back the response
HTTPS to HTTPS
✓ should proxy the request en send back the response
HTTPS not allow SSL self signed
✓ should fail with error
HTTPS to HTTP using own server
✓ should proxy the request en send back the response
114 passing (3s)
3 pending
2 failing
1) lib/http-proxy.js
#createProxyServer using the ws-incoming passes
should pass all set-cookie headers to client:
Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/tmp/node-http-proxy/test/lib-http-proxy-test.js)
2) lib/http-proxy.js
#createProxyServer using the ws-incoming passes
should detect a proxyReq event and modify headers:
Uncaught TypeError: Cannot read property 'headers' of undefined
at WebSocketServer.<anonymous> (test/lib-http-proxy-test.js:566:34)
at handleUpgrade (node_modules/ws/lib/websocket-server.js:90:18)
at WebSocketServer.completeUpgrade (node_modules/ws/lib/websocket-server.js:321:5)
at WebSocketServer.handleUpgrade (node_modules/ws/lib/websocket-server.js:245:10)
at Server.upgrade (node_modules/ws/lib/websocket-server.js:89:16)
at onParserExecuteCommon (_http_server.js:552:14)
at onParserExecute (_http_server.js:500:3)
events.js:174
throw er; // Unhandled 'error' event
^
Error: socket hang up
at createHangUpError (_http_client.js:323:15)
at Socket.socketOnEnd (_http_client.js:426:23)
at Socket.emit (events.js:194:15)
at endReadableNT (_stream_readable.js:1125:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
Emitted 'error' event at:
at Socket.socketOnEnd (_http_client.js:426:9)
at Socket.emit (events.js:194:15)
at endReadableNT (_stream_readable.js:1125:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! http-proxy@1.17.0 mocha: `mocha test/*-test.js`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the http-proxy@1.17.0 mocha script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/sweb/.npm/_logs/2019-06-02T09_06_55_081Z-debug.log
-----------------------|----------|----------|----------|----------|-------------------|
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s |
-----------------------|----------|----------|----------|----------|-------------------|
All files | 89.02 | 81.79 | 91.53 | 91.4 | |
lib | 100 | 100 | 100 | 100 | |
http-proxy.js | 100 | 100 | 100 | 100 | |
lib/http-proxy | 83.97 | 76.61 | 85.19 | 85.91 | |
common.js | 97.06 | 94.44 | 100 | 97.06 | 54,227 |
index.js | 73.86 | 51.92 | 76.47 | 76.54 |... 78,179,182,184 |
lib/http-proxy/passes | 93.14 | 85.9 | 96.77 | 96.23 | |
web-incoming.js | 95.65 | 82.09 | 100 | 98.33 | 187 |
web-outgoing.js | 98.08 | 96.23 | 100 | 100 | 91,122 |
ws-incoming.js | 85.19 | 77.78 | 90.91 | 89.8 | 90,91,93,132,155 |
-----------------------|----------|----------|----------|----------|-------------------|
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! http-proxy@1.17.0 test: `nyc --reporter=text --reporter=lcov npm run mocha`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the http-proxy@1.17.0 test script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/sweb/.npm/_logs/2019-06-02T09_06_55_239Z-debug.log
Summery:
Is project is under maintain ? Many issue not moderates not answered or etc. Also seems be many pull request is holding up.
yes project is not maintained as it has not been updated since last year :)
is there any good alternative ? nodejs or programmable (other language)
@mhf-ir what u need depends on that :)
@shirshak55 Build custom api proxy and stuff, good support and better maintain.
Maye this question is already asked by many developers use this packages about 1.7 millions packages depend on unmaintained repo.
Prefer nodejs. HTTP/HTTPS good enough not require WS.
use nginx as a proxy for those api proxy? Nginx support ws too.
Yea this is legacy app so many project will depend on it and seems like there is no other good choice still :) I can make a new one with promise support but cannot due to financial burden.
If u need dedicated proxy then u can try sozu but it is written in rust so it may be odd programming language to u and sozu is the best proxy i have ever seen in my entire life :)
@shirshak55 nginx, varnish, sozu or any reverse proxy it's config base and not programmable, i prefer like this one, could be custom via script not config.
hmm any reason?
Look this simple solution.
Sample DDOS protection like cloud flare: When system healthy everything is good but in any reason we got DDOS attack we can protect backends from bot attempts.
let ddosProtectioMode = false;
const checkDdos = () => {
ddosProtectioMode = checkForReason();
setTimeout(() => {
checkDdos();
}, 1000);
};
checkDdos();
var server = http.createServer(function(req, res) {
if (ddosProtectioMode && !request.headers.cookie.ddos) {
res.writeHead(302, {
'Location': '/check_ddos_captcha_page',
});
res.end();
} else {
proxy.web(req, res, {
target: 'http://127.0.0.1:5060'
});
}
});
And many much more example. Condition for path, cookies, encrypted and decrypted cookies or headers and etc.. Depend on host or any request parameters also internally check for 3rd party resource we can choose different behavior and we need scripting language for that, performance is second problem not first one.
all these can be done via nginx?
nope
I have forked this library and published a version w/ npm audit fix --force
. Github here: https://github.com/TGRstack/node-http-proxy
npm i -S @tgrx/http-proxy
Installation faild:
Audit problem: