Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
fastify-http-proxy
Advanced tools
Proxy your HTTP requests to another server, with hooks.
This fastify
plugin forwards all requests
received with a given prefix (or none) to an upstream. All Fastify hooks are still applied.
fastify-http-proxy
is built on top of
fastify-reply-from
, which enables single route proxying.
This plugin can be used in a variety of circumstances, for example if you have to proxy an internal domain to an external domain (useful to avoid CORS problems) or to implement your own API gateway for a microservices architecture.
Fastify 3.x. See this branch and related versions for Fastify 1.x compatibility and this tag for Fastify 2.x.
npm i fastify-http-proxy fastify
const Fastify = require('fastify')
const server = Fastify()
server.register(require('fastify-http-proxy'), {
upstream: 'http://my-api.example.com',
prefix: '/api', // optional
http2: false // optional
})
server.listen(3000)
This will proxy any request starting with /api
to http://my-api.example.com
. For instance http://localhost:3000/api/users
will be proxied to http://my-api.example.com/users
.
If you want to have different proxies on different prefixes you can register multiple instances of the plugin as shown in the following snippet:
const Fastify = require('fastify')
const server = Fastify()
const proxy = require('fastify-http-proxy')
// /api/x will be proxied to http://my-api.example.com/x
server.register(proxy, {
upstream: 'http://my-api.example.com',
prefix: '/api', // optional
http2: false // optional
})
// /auth/user will be proxied to http://single-signon.example.com/signon/user
server.register(proxy, {
upstream: 'http://single-signon.example.com',
prefix: '/auth', // optional
rewritePrefix: '/signon', // optional
http2: false // optional
})
server.listen(3000)
Notice that in this case it is important to use the prefix
option to tell the proxy how to properly route the requests across different upstreams.
Also notice paths in upstream
are ignored, so you need to use rewritePrefix
to specify the target base path.
For other examples, see example.js
.
fastify-http-proxy
can track and pipe the request-id
across the upstreams. Using the hyperid
module and the fastify-reply-from
built-in options a fairly simple example would look like this:
const Fastify = require('fastify')
const proxy = require('fastify-http-proxy')
const hyperid = require('hyperid')
const server = Fastify()
const uuid = hyperid()
server.register(proxy, {
upstream: 'http://localhost:4001',
replyOptions: {
rewriteRequestHeaders: (originalReq, headers) => ({...headers, 'request-id': uuid()})
}
})
server.listen(3000);
This fastify
plugin supports all the options of
fastify-reply-from
plus the following.
Note that this plugin is fully encapsulated, and non-JSON payloads will be streamed directly to the destination.
An URL (including protocol) that represents the target server to use for proxying.
The prefix to mount this plugin on. All the requests to the current server starting with the given prefix will be proxied to the provided upstream.
The prefix will be removed from the URL when forwarding the HTTP request.
Rewrite the prefix to the specified string. Default: ''
.
A preHandler
to be applied on all routes. Useful for performing actions before the proxy is executed (e.g. check for authentication).
When this option is false
, you will be able to access the body but it will also disable direct pass through of the payload. As a result, it is left up to the implementation to properly parse and proxy the payload correctly.
For example, if you are expecting a payload of type application/xml
, then you would have to add a parser for it like so:
fastify.addContentTypeParser('application/xml', (req, done) => {
const parsedBody = parsingCode(req)
done(null, parsedBody)
})
An object accessible within the preHandler
via reply.context.config
.
See Config in the Fastify
documentation for information on this option. Note: this is merged with other
configuration passed to the route.
Object with reply options for fastify-reply-from
.
An array that contains the types of the methods. Default: ['DELETE', 'GET', 'HEAD', 'PATCH', 'POST', 'PUT', 'OPTIONS']
.
This module has partial support for forwarding websockets by passing a
websocket
option. All those options are going to be forwarded to
fastify-websocket
.
A few things are missing:
rewriteHeaders
ignoreTrailingSlash
Pull requests are welcome to finish this feature.
The following benchmarks where generated on a dedicated server with an Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz and 64GB of RAM:
Framework | req/sec |
---|---|
express-http-proxy | 2557 |
http-proxy | 9519 |
fastify-http-proxy | 15919 |
The results were gathered on the second run of autocannon -c 100 -d 5 URL
.
MIT
FAQs
`fastify-http-proxy@6.3.0` has been deprecated. Please use `@fastify/http-proxy@7.0.0` instead.
We found that fastify-http-proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.