@isomorphic-git/cors-proxy
Advanced tools
Comparing version 2.3.0 to 2.4.0
@@ -1,5 +0,3 @@ | ||
const url = require('url') | ||
function isPreflight (req, u) { | ||
return req.method === 'OPTIONS' | ||
function isPreflightInfoRefs (req, u) { | ||
return req.method === 'OPTIONS' && u.pathname.endsWith('/info/refs') && (u.query.service === 'git-upload-pack' || u.query.service === 'git-receive-pack') | ||
} | ||
@@ -11,2 +9,6 @@ | ||
function isPreflightPull (req, u) { | ||
return req.method === 'OPTIONS' && req.headers['access-control-request-headers'].includes('content-type') && u.pathname.endsWith('git-upload-pack') | ||
} | ||
function isPull (req, u) { | ||
@@ -16,2 +18,6 @@ return req.method === 'POST' && req.headers['content-type'] === 'application/x-git-upload-pack-request' && u.pathname.endsWith('git-upload-pack') | ||
function isPreflightPush (req, u) { | ||
return req.method === 'OPTIONS' && req.headers['access-control-request-headers'].includes('content-type') && u.pathname.endsWith('git-receive-pack') | ||
} | ||
function isPush (req, u) { | ||
@@ -22,3 +28,10 @@ return req.method === 'POST' && req.headers['content-type'] === 'application/x-git-receive-pack-request' && u.pathname.endsWith('git-receive-pack') | ||
module.exports = function allow (req, u) { | ||
return (isPreflight(req, u) || isInfoRefs(req, u) || isPull(req, u) || isPush(req, u)) | ||
return ( | ||
isPreflightInfoRefs(req, u) || | ||
isInfoRefs(req, u) || | ||
isPreflightPull(req, u) || | ||
isPull(req, u) || | ||
isPreflightPush(req, u) || | ||
isPush(req, u) | ||
) | ||
} |
139
index.js
@@ -7,123 +7,40 @@ 'use strict' | ||
const insecure_origins = (process.env.INSECURE_HTTP_ORIGINS || '').split(',') | ||
const allowHeaders = [ | ||
'accept-encoding', | ||
'accept-language', | ||
'accept', | ||
'access-control-allow-origin', | ||
'authorization', | ||
'cache-control', | ||
'connection', | ||
'content-length', | ||
'content-type', | ||
'dnt', | ||
'pragma', | ||
'range', | ||
'referer', | ||
'user-agent', | ||
'x-http-method-override', | ||
'x-requested-with', | ||
] | ||
const exposeHeaders = [ | ||
'accept-ranges', | ||
'age', | ||
'cache-control', | ||
'content-length', | ||
'content-language', | ||
'content-type', | ||
'date', | ||
'etag', | ||
'expires', | ||
'last-modified', | ||
'pragma', | ||
'server', | ||
'transfer-encoding', | ||
'vary', | ||
'x-github-request-id', | ||
] | ||
const allowMethods = [ | ||
'POST', | ||
'GET', | ||
'OPTIONS' | ||
] | ||
const fetch = require('node-fetch') | ||
const cors = require('./micro-cors.js')({ | ||
allowHeaders, | ||
exposeHeaders, | ||
allowMethods, | ||
allowCredentials: false, | ||
origin | ||
}) | ||
const allow = require('./allow-request.js') | ||
const middleware = require('./middleware.js')({ origin, insecure_origins }) | ||
async function service (req, res) { | ||
let u = url.parse(req.url, true) | ||
middleware(req, res, () => { | ||
let u = url.parse(req.url, true) | ||
if (u.pathname === '/') { | ||
res.setHeader('content-type', 'text/html') | ||
let html = `<!DOCTYPE html> | ||
<html> | ||
<title>@isomorphic-git/cors-proxy</title> | ||
<h1>@isomorphic-git/cors-proxy</h1> | ||
<p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a> | ||
– a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>) | ||
for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p> | ||
<p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p> | ||
<p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p> | ||
if (u.pathname === '/') { | ||
res.setHeader('content-type', 'text/html') | ||
let html = `<!DOCTYPE html> | ||
<html> | ||
<title>@isomorphic-git/cors-proxy</title> | ||
<h1>@isomorphic-git/cors-proxy</h1> | ||
<p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a> | ||
– a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>) | ||
for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p> | ||
<p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p> | ||
<p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p> | ||
<h2>Terms of Use</h2> | ||
<p><b>This free service is provided to you AS IS with no guarantees. | ||
By using this free service, you promise not to use excessive amounts of bandwidth. | ||
</b></p> | ||
<h2>Terms of Use</h2> | ||
<p><b>This free service is provided to you AS IS with no guarantees. | ||
By using this free service, you promise not to use excessive amounts of bandwidth. | ||
</b></p> | ||
<p><b>If you are cloning or pushing large amounts of data your IP address may be banned. | ||
Please run your own instance of the software if you need to make heavy use this service.</b></p> | ||
<p><b>If you are cloning or pushing large amounts of data your IP address may be banned. | ||
Please run your own instance of the software if you need to make heavy use this service.</b></p> | ||
<h2>Allowed Origins</h2> | ||
This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code> | ||
</html> | ||
` | ||
return send(res, 400, html) | ||
} | ||
<h2>Allowed Origins</h2> | ||
This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code> | ||
</html> | ||
` | ||
return send(res, 400, html) | ||
} | ||
if (!allow(req, u)) { | ||
// Don't waste my precious bandwidth | ||
return send(res, 403, '') | ||
} | ||
// Handle CORS preflight request | ||
if (req.method === 'OPTIONS') { | ||
return send(res, 200, '') | ||
} | ||
let headers = {} | ||
for (let h of allowHeaders) { | ||
if (req.headers[h]) { | ||
headers[h] = req.headers[h] | ||
} | ||
} | ||
let p = u.path | ||
let parts = p.match(/\/([^\/]*)\/(.*)/) | ||
let pathdomain = parts[1] | ||
let remainingpath = parts[2] | ||
let protocol = insecure_origins.includes(pathdomain) ? 'http' : 'https' | ||
console.log(`${protocol}://${pathdomain}/${remainingpath}`) | ||
let f = await fetch( | ||
`${protocol}://${pathdomain}/${remainingpath}`, | ||
{ | ||
method: req.method, | ||
headers, | ||
body: (req.method !== 'GET' && req.method !== 'HEAD') ? req : undefined | ||
} | ||
) | ||
res.statusCode = f.status | ||
for (let h of exposeHeaders) { | ||
if (h === 'content-length') continue | ||
if (f.headers.has(h)) { | ||
res.setHeader(h, f.headers.get(h)) | ||
} | ||
} | ||
f.body.pipe(res) | ||
}) | ||
} | ||
module.exports = cors(service) | ||
module.exports = service |
{ | ||
"name": "@isomorphic-git/cors-proxy", | ||
"version": "2.3.0", | ||
"version": "2.4.0", | ||
"description": "Proxy clone and push requests for the browser", | ||
@@ -24,2 +24,3 @@ "main": "index.js", | ||
"micro": "^9.3.3", | ||
"micro-cors": "0.1.1", | ||
"minimisted": "^2.0.0", | ||
@@ -26,0 +27,0 @@ "node-fetch": "^2.3.0", |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
12246
7
243
3
+ Addedmicro-cors@0.1.1
+ Addedmicro-cors@0.1.1(transitive)