@abtnode/router-provider 1.16.33-beta-20241024-064549-2c1ad302 → 1.16.33-beta-20241028-164124-17cf3c21

package/lib/default/daemon.js

@@ -162,50 +162,6 @@ const onError = (err, req, res) => {
   }
 };
 
-const corsHandler = (host, req, res) => {
-  if (req.method === 'OPTIONS') {
-    const domain = toSlotDomain(host);
-    const site = config.sites.find((x) => x.domain === domain);
-    if (!site) {
-      return true;
-    }
-
-    const allowedOrigins = site.corsAllowedOrigins;
-    const currentOrigin = req.headers.origin;
-    if (allowedOrigins.includes('*')) {
-      res.writeHead(204, {
-        Vary: 'Origin',
-        // TODO: @zhanghan 需要优先读取应用代码透传的 header
-        'Access-Control-Allow-Origin': '*',
-        'Access-Control-Allow-Credentials': false,
-        'Access-Control-Allow-Methods': 'POST, GET, HEAD, PUT, DELETE, OPTIONS',
-        'Access-Control-Allow-Headers':
-          'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,$http_access_control_request_headers',
-        'Access-Control-Max-Age': 1800,
-      });
-      res.end();
-      return false;
-    }
-
-    if (allowedOrigins.some((x) => checkDomainMatch(x, currentOrigin))) {
-      res.writeHead(204, {
-        Vary: 'Origin',
-        // TODO: @zhanghan 需要优先读取应用代码透传的 header
-        'Access-Control-Allow-Origin': currentOrigin,
-        'Access-Control-Allow-Credentials': false,
-        'Access-Control-Allow-Methods': 'POST, GET, HEAD, PUT, DELETE, OPTIONS',
-        'Access-Control-Allow-Headers':
-          'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,$http_access_control_request_headers',
-        'Access-Control-Max-Age': 1800,
-      });
-      res.end();
-      return false;
-    }
-  }
-
-  return true;
-};
-
 // internal servers
 const internalServers = {};
 const ensureInternalServer = (port) => {
@@ -213,7 +169,7 @@ const ensureInternalServer = (port) => {
     return;
   }
 
-  const server = new ProxyServer({ xfwd: false, internal: true, port, headers: config.headers, onError, corsHandler });
+  const server = new ProxyServer({ xfwd: false, internal: true, port, headers: config.headers, onError });
   server.addResolver(sharedResolver);
   internalServers[port] = server;
   logger.info('internal server ready on port', { port });
@@ -295,7 +251,6 @@ const defaultCert = config.certs.find((x) => x.domain.endsWith(DEFAULT_IP_DOMAIN
 const main = new ProxyServer({
   xfwd: true,
   onError,
-  corsHandler,
   port: httpPort,
   headers: config.headers,
   ssl: {

package/lib/default/proxy.js

@@ -59,9 +59,6 @@ module.exports = class ReverseProxy {
     if (!this.opts.onError) {
       this.opts.onError = (err) => console.error(err);
     }
-    if (!this.opts.corsHandler) {
-      this.opts.corsHandler = () => true;
-    }
 
     const websocketUpgrade = (req, socket, head) => {
       socket.on('error', (err) => logger.error('WebSockets error', { error: err }));
@@ -105,7 +102,6 @@ module.exports = class ReverseProxy {
 
     // @link: https://github.com/http-party/node-http-proxy/issues/1401
     this.proxy.on('proxyRes', (proxyRes) => {
-      delete proxyRes.headers['x-powered-by'];
       this.opts.headers.forEach((x) => {
         proxyRes.headers[x.key] = x.value;
       });
@@ -133,9 +129,6 @@ module.exports = class ReverseProxy {
   setupHttpProxy(proxy, websocketUpgrade, opts) {
     const server = http.createServer((req, res) => {
       const src = this._getSource(req);
-      if (this.opts.corsHandler(req, res) === false) {
-        return;
-      }
 
       this._getTarget(src, req, res).then((target) => {
         if (target) {
@@ -198,9 +191,6 @@ module.exports = class ReverseProxy {
 
     this.httpsServer = https.createServer(ssl, (req, res) => {
       const src = this._getSource(req);
-      if (this.opts.corsHandler(req, res) === false) {
-        return;
-      }
 
       const httpProxyOpts = Object.assign({}, this.opts.httpProxy);
       this._getTarget(src, req, res).then((target) => {

package/lib/nginx/includes/proxy

@@ -5,7 +5,6 @@
 # proxy_hide_header Vary;
 # proxy_hide_header Access-Control-Allow-Origin;
 # proxy_hide_header Access-Control-Allow-Methods;
-proxy_hide_header X-Powered-By;
 
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;

package/lib/nginx/index.js

@@ -12,7 +12,6 @@ const camelCase = require('lodash/camelCase');
 const isEmpty = require('lodash/isEmpty');
 const formatBackSlash = require('@abtnode/util/lib/format-back-slash');
 const {
-  DOMAIN_FOR_DEFAULT_SITE,
   ROUTING_RULE_TYPES,
   CONFIG_FOLDER_NAME,
   SLOT_FOR_IP_DNS_SITE,
@@ -21,7 +20,6 @@ const {
   LOG_RETAIN_IN_DAYS,
   ROUTER_CACHE_GROUPS,
 } = require('@abtnode/constant');
-const md5 = require('@abtnode/util/lib/md5');
 
 const promiseRetry = require('promise-retry');
 
@@ -186,9 +184,8 @@ class NginxProvider extends BaseProvider {
         conf.on('flushed', () => resolve());
         conf.live(this.configPath);
 
-        const { sites, cacheGroups, configs: siteCorsConfigs } = formatRoutingTable(routingTable);
+        const { sites, cacheGroups } = formatRoutingTable(routingTable);
 
-        this._addCorsMap(conf, siteCorsConfigs);
         if (this.cacheEnabled) {
           this._addCacheGroups(conf, cacheGroups);
         }
@@ -477,7 +474,6 @@ class NginxProvider extends BaseProvider {
     suffix,
     did,
     componentId,
-    corsAllowedOrigins,
     target,
     targetPrefix, // used to strip prefix from target
     ruleId,
@@ -490,9 +486,6 @@ class NginxProvider extends BaseProvider {
 
     const location = this._getLastLocation(server);
 
-    // Note: 下面这段代码比较 tricky，不要在这段代码之前添加任何 add_header, proxy_set_header, proxy_hide_header 的语句，否则 nginx 配置可能无法按预期工作
-    this._addCors({ location, corsAllowedOrigins });
-
     this._addCommonResHeaders(location, commonHeaders);
     if (!cacheGroup && !suffix) {
       this._addTailSlashRedirection(location, prefix); // Note: 末尾 "/" 的重定向要放在 CORS(OPTIONS) 响应之后, 这样不会影响 OPTIONS 的响应
@@ -559,13 +552,11 @@ class NginxProvider extends BaseProvider {
     location._add('proxy_pass', `http://${getUpstreamName(port)}`);
   }
 
-  _addRedirectTypeLocation({ server, url, redirectCode, prefix, suffix, corsAllowedOrigins }) {
+  _addRedirectTypeLocation({ server, url, redirectCode, prefix, suffix }) {
     const cleanUrl = trimEndSlash(url);
     server._add('location', `${concatPath(prefix, suffix)}`);
     const location = this._getLastLocation(server);
 
-    this._addCors({ location, corsAllowedOrigins });
-
     location._add('set $abt_query_string', '""');
     location._addVerbatimBlock('if ($query_string)', 'set $abt_query_string "?$query_string";');
 
@@ -582,10 +573,9 @@ class NginxProvider extends BaseProvider {
     }
   }
 
-  _addRewriteTypeLocation({ server, url, prefix, suffix, corsAllowedOrigins }) {
+  _addRewriteTypeLocation({ server, url, prefix, suffix }) {
     server._add('location', concatPath(prefix, suffix));
     const location = this._getLastLocation(server);
-    this._addCors({ location, corsAllowedOrigins });
     location._add('rewrite', `^${prefix}(.*) ${url}$1 last`);
   }
 
@@ -896,46 +886,6 @@ class NginxProvider extends BaseProvider {
     });
   }
 
-  _addCorsMap(conf, siteCorsConfigs) {
-    siteCorsConfigs.forEach((corsConfig) => {
-      if (Array.isArray(corsConfig.corsAllowedOrigins) && corsConfig.corsAllowedOrigins.length > 0) {
-        const allowedOrigins = corsConfig.corsAllowedOrigins.map((x) => {
-          const y = parseServerName(x);
-          if (y.startsWith('~')) {
-            return `${y} $http_origin;`;
-          }
-
-          return `~${y} $http_origin;`;
-        });
-
-        allowedOrigins.push('default "";');
-        conf.nginx.http._addVerbatimBlock(
-          `map $http_origin $allow_origin_${md5(parseServerName(corsConfig.domain))}`,
-          allowedOrigins.join(' ')
-        );
-      }
-    });
-  }
-
-  _addCors({ location, corsAllowedOrigins }) {
-    if (!isEmpty(corsAllowedOrigins)) {
-      if (corsAllowedOrigins.includes(DOMAIN_FOR_DEFAULT_SITE)) {
-        location._add('include', 'includes/cors-loose');
-        location._add('include', 'includes/security');
-      } else {
-        // TODO: @zhanghan 此处是否需要变更默认的值，如果在逻辑代码中有指定的 Access-Control-Allow-Origin，则应该优先遵守逻辑代码中的配置
-        // location._add('add_header', `Access-Control-Allow-Origin $allow_origin_${md5(serverName)} always`); // TODO: zhenqiang 下面去掉了 OPTIONS 请求逻辑，这里也不应该处理 Access-Control-Allow-Origin
-        location._add('include', 'includes/cors-strict');
-        location._add('include', 'includes/security');
-      }
-
-      // TODO: @zhanghan 统一登录需要自行处理 options 请求的逻辑
-      // location._addVerbatimBlock('if ($request_method = "OPTIONS")', 'return 204;');
-    } else {
-      location._add('include', 'includes/security');
-    }
-  }
-
   addGlobalReqLimit(block, limit) {
     const key = limit.ipHeader ? `$http_${limit.ipHeader}` : '$binary_remote_addr';
     block._add('limit_req_zone', `${key} zone=ip_limit:20m rate=${limit.rate || 5}r/s`);

package/lib/nginx/util.js

@@ -60,7 +60,6 @@ const addTestServer = ({ configPath, port, upstreamPort }) =>
         listen ${port};
 
         location / {
-          if ($uri = /admin/did-connect) {include includes/cors-strict; include includes/security;}
           return 200 'Hello Blocklet Server!';
         }
     `

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@abtnode/router-provider",
-  "version": "1.16.33-beta-20241024-064549-2c1ad302",
+  "version": "1.16.33-beta-20241028-164124-17cf3c21",
   "description": "Routing engine implementations for abt node",
   "author": "polunzh <polunzh@gmail.com>",
   "homepage": "https://github.com/ArcBlock/blocklet-server#readme",
@@ -32,10 +32,10 @@
     "url": "https://github.com/ArcBlock/blocklet-server/issues"
   },
   "dependencies": {
-    "@abtnode/constant": "1.16.33-beta-20241024-064549-2c1ad302",
-    "@abtnode/logger": "1.16.33-beta-20241024-064549-2c1ad302",
-    "@abtnode/router-templates": "1.16.33-beta-20241024-064549-2c1ad302",
-    "@abtnode/util": "1.16.33-beta-20241024-064549-2c1ad302",
+    "@abtnode/constant": "1.16.33-beta-20241028-164124-17cf3c21",
+    "@abtnode/logger": "1.16.33-beta-20241028-164124-17cf3c21",
+    "@abtnode/router-templates": "1.16.33-beta-20241028-164124-17cf3c21",
+    "@abtnode/util": "1.16.33-beta-20241028-164124-17cf3c21",
     "@arcblock/http-proxy": "^1.19.1",
     "@arcblock/is-valid-domain": "^1.0.5",
     "axios": "^1.7.5",
@@ -59,5 +59,5 @@
     "bluebird": "^3.7.2",
     "fs-extra": "^11.2.0"
   },
-  "gitHead": "3b0da27501ff0c115335cbf46364c37a754fefdc"
+  "gitHead": "df5cccba1192375274247a8770fe07f9dc248994"
 }

package/lib/nginx/includes/cors-loose

@@ -1,8 +0,0 @@
-# TODO: 需要优先读取应用代码透传的 header
-# add_header Access-Control-Allow-Credentials false always;
-add_header Vary Origin always;
-add_header Access-Control-Allow-Methods "POST, GET, HEAD, PUT, DELETE, OPTIONS" always;
-add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,$http_access_control_request_headers";
-# TODO: 需要优先读取应用代码透传的 header
-# add_header Access-Control-Allow-Origin * always;
-add_header Access-Control-Max-Age 1800;

package/lib/nginx/includes/cors-strict

@@ -1,6 +0,0 @@
-# TODO: 需要优先读取应用代码透传的 header
-# add_header Access-Control-Allow-Credentials false always;
-add_header Vary Origin always;
-add_header Access-Control-Allow-Methods "POST, GET, HEAD, PUT, DELETE, OPTIONS"  always;
-add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,$http_access_control_request_headers";
-add_header Access-Control-Max-Age 1800;

package/lib/nginx/includes/security

@@ -1,3 +0,0 @@
-add_header Strict-Transport-Security  "max-age=63072000; includeSubdomains";
-add_header X-Content-Type-Options      nosniff;
-add_header X-XSS-Protection            "1; mode=block";