@rexeus/typeweaver-server 0.10.2 → 0.10.4

package/dist/lib/NodeAdapter.ts

@@ -6,14 +6,50 @@
  */
 
 import {
+  badRequestDefaultError,
   createDefaultErrorBody,
   internalServerErrorDefaultError,
   payloadTooLargeDefaultError,
 } from "@rexeus/typeweaver-core";
-import { PayloadTooLargeError } from "./Errors.js";
+import {
+  createNodeBodyLimitPolicy,
+  isBodySizeOverLimit,
+  markRequestBodyPrevalidated,
+  parseContentLength,
+} from "./BodyLimitPolicy.js";
+import {
+  PayloadTooLargeError,
+  RequestBodyDrainTimeoutError,
+} from "./Errors.js";
+import {
+  getTypeweaverAppErrorReporter,
+  getTypeweaverAppRuntimeContext,
+} from "./TypeweaverInternals.js";
 import type { TypeweaverApp } from "./TypeweaverApp.js";
 import type { IncomingMessage, ServerResponse } from "node:http";
 
+type DrainRequestResult = {
+  readonly exceededLimit: boolean;
+  readonly timedOut: boolean;
+  readonly totalBytes: number;
+};
+
+type DrainRequestOptions = {
+  readonly destroyOnLimitExceeded?: boolean;
+  readonly timeoutMs?: number;
+};
+
+const REQUEST_DRAIN_TIMEOUT_MS = 5_000;
+const ORIGIN_FORM_BASE_URL_PROTOCOL = "http:";
+const AUTHORITY_LIKE_REQUEST_TARGET_PREFIX = /^[\\/]{2}/;
+const ASTERISK_FORM_REQUEST_TARGET = "*";
+
+type ParsedAuthority = {
+  readonly host: string;
+  readonly hostname: string;
+  readonly port: string;
+};
+
 /**
  * Adapts a `TypeweaverApp` to Node.js `http.createServer`.
  *
@@ -29,8 +65,6 @@ import type { IncomingMessage, ServerResponse } from "node:http";
  * createServer(nodeAdapter(app)).listen(3000);
  * ```
  */
-const DEFAULT_MAX_BODY_SIZE = 1_048_576; // 1 MB
-
 export type NodeAdapterOptions = {
   readonly maxBodySize?: number;
 };
@@ -39,9 +73,14 @@ export function nodeAdapter(
   app: TypeweaverApp<any>,
   options?: NodeAdapterOptions
 ): (req: IncomingMessage, res: ServerResponse) => void {
-  const maxBodySize = options?.maxBodySize ?? DEFAULT_MAX_BODY_SIZE;
+  const appRuntimeContext = getTypeweaverAppRuntimeContext(app);
+  const maxBodySize =
+    options?.maxBodySize ?? appRuntimeContext?.bodyLimitPolicy.maxBodySize;
+  const bodyLimitPolicy = createNodeBodyLimitPolicy(maxBodySize);
+  const reportError = getTypeweaverAppErrorReporter(app);
+
   return (req, res) => {
-    void handleRequest(app, req, res, maxBodySize);
+    void handleRequest(app, req, res, bodyLimitPolicy, reportError);
   };
 }
 
@@ -49,20 +88,56 @@ async function handleRequest(
   app: TypeweaverApp<any>,
   req: IncomingMessage,
   res: ServerResponse,
-  maxBodySize: number
+  bodyLimitPolicy: ReturnType<typeof createNodeBodyLimitPolicy>,
+  reportError: (error: unknown) => void
 ): Promise<void> {
   try {
-    const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
-    const isBodyless = req.method === "GET" || req.method === "HEAD";
-    const body = isBodyless ? undefined : await collectBody(req, maxBodySize);
+    const url = createRequestUrl(req);
+    if (url === undefined) {
+      writeBadRequestResponse(req, res, bodyLimitPolicy.maxBodySize);
+      return;
+    }
+    const shouldValidateBody = shouldValidateRequestBody(req.method);
+
+    enforceContentLengthLimit(req, bodyLimitPolicy.maxBodySize);
+
+    if (!shouldValidateBody && hasReadableRequestBody(req)) {
+      const drainResult = await drainRequest(req, bodyLimitPolicy.maxBodySize, {
+        destroyOnLimitExceeded: false,
+      });
+      if (drainResult.exceededLimit) {
+        throw new PayloadTooLargeError(
+          drainResult.totalBytes,
+          bodyLimitPolicy.maxBodySize
+        );
+      }
+      if (drainResult.timedOut) {
+        throw new RequestBodyDrainTimeoutError(
+          bodyLimitPolicy.maxBodySize,
+          REQUEST_DRAIN_TIMEOUT_MS
+        );
+      }
+    }
+
+    const body = !shouldValidateBody
+      ? undefined
+      : await collectBody(req, bodyLimitPolicy.maxBodySize);
 
     const request = new Request(url, {
       method: req.method,
-      headers: req.headers as Record<string, string>,
+      headers: createRequestHeaders(req.headers),
       body,
     });
+    if (shouldValidateBody) {
+      markRequestBodyPrevalidated(request, bodyLimitPolicy);
+    }
 
     const response = await app.fetch(request);
+    const responseBody = await readWritableResponseBody(
+      req.method,
+      response,
+      reportError
+    );
 
     response.headers.forEach((value, key) => {
       if (key.toLowerCase() !== "set-cookie") {
@@ -74,32 +149,445 @@ async function handleRequest(
       res.setHeader("set-cookie", cookies);
     }
     res.writeHead(response.status);
-    res.end(Buffer.from(await response.arrayBuffer()));
+    res.end(responseBody);
   } catch (error) {
-    if (error instanceof PayloadTooLargeError) {
-      if (!res.headersSent) {
-        res.writeHead(payloadTooLargeDefaultError.statusCode, {
-          "content-type": "application/json",
-        });
-      }
-      res.end(
-        JSON.stringify(createDefaultErrorBody(payloadTooLargeDefaultError))
-      );
+    reportError(error);
+
+    if (isRequestBodyLimitError(error)) {
+      writeDefaultErrorResponse(res, payloadTooLargeDefaultError, {
+        method: req.method,
+        onFinished: () => {
+          void drainRequest(req, bodyLimitPolicy.maxBodySize, {
+            destroyOnLimitExceeded: true,
+          });
+        },
+      });
       return;
     }
 
-    console.error(error);
-    if (!res.headersSent) {
-      res.writeHead(internalServerErrorDefaultError.statusCode, {
-        "content-type": "application/json",
-      });
+    writeDefaultErrorResponse(res, internalServerErrorDefaultError, {
+      method: req.method,
+    });
+  }
+}
+
+function createRequestUrl(req: IncomingMessage): URL | undefined {
+  const rawUrl = req.url ?? "/";
+
+  if (rawUrl === ASTERISK_FORM_REQUEST_TARGET) {
+    return createAsteriskFormRequestUrl(req);
+  }
+
+  if (hasAuthorityLikeRequestTargetPrefix(rawUrl)) {
+    return undefined;
+  }
+
+  try {
+    const url = new URL(rawUrl);
+    return isAbsoluteRequestHostAllowed(url, req) ? url : undefined;
+  } catch (error) {
+    if (!(error instanceof TypeError) || !rawUrl.startsWith("/")) {
+      throw error;
+    }
+  }
+
+  const host = parseRequestHostHeader(req, ORIGIN_FORM_BASE_URL_PROTOCOL);
+  if (host === undefined) {
+    return undefined;
+  }
+
+  return new URL(rawUrl, `${ORIGIN_FORM_BASE_URL_PROTOCOL}//${host.host}`);
+}
+
+function createAsteriskFormRequestUrl(req: IncomingMessage): URL | undefined {
+  if (req.method !== "OPTIONS") {
+    return undefined;
+  }
+
+  const host = parseRequestHostHeader(req, ORIGIN_FORM_BASE_URL_PROTOCOL);
+  if (host === undefined) {
+    return undefined;
+  }
+
+  return new URL(
+    ASTERISK_FORM_REQUEST_TARGET,
+    `${ORIGIN_FORM_BASE_URL_PROTOCOL}//${host.host}/`
+  );
+}
+
+function hasAuthorityLikeRequestTargetPrefix(rawUrl: string): boolean {
+  return AUTHORITY_LIKE_REQUEST_TARGET_PREFIX.test(rawUrl);
+}
+
+function isAbsoluteRequestHostAllowed(url: URL, req: IncomingMessage): boolean {
+  const host = parseRequestHostHeader(req, url.protocol);
+  if (host === undefined) {
+    return false;
+  }
+
+  const urlAuthority = getUrlAuthority(url);
+  return (
+    host.hostname.toLowerCase() === urlAuthority.hostname.toLowerCase() &&
+    host.port === urlAuthority.port
+  );
+}
+
+function parseRequestHostHeader(
+  req: IncomingMessage,
+  protocol: string
+): ParsedAuthority | undefined {
+  if (!hasExactlyOneHostHeaderLine(req)) {
+    return undefined;
+  }
+
+  return parseHostHeader(req.headers.host, protocol);
+}
+
+function hasExactlyOneHostHeaderLine(req: IncomingMessage): boolean {
+  const headersDistinctHostCount = getHeadersDistinctHostCount(req);
+  if (
+    headersDistinctHostCount !== undefined &&
+    headersDistinctHostCount !== 1
+  ) {
+    return false;
+  }
+
+  const rawHostHeaderCount = countRawHostHeaderLines(req.rawHeaders);
+  if (rawHostHeaderCount > 0) {
+    return rawHostHeaderCount === 1;
+  }
+
+  return headersDistinctHostCount === 1;
+}
+
+function getHeadersDistinctHostCount(req: IncomingMessage): number | undefined {
+  const hostHeader = req.headersDistinct?.host;
+  if (hostHeader === undefined) {
+    return undefined;
+  }
+
+  return Array.isArray(hostHeader) ? hostHeader.length : 1;
+}
+
+function countRawHostHeaderLines(rawHeaders: readonly string[]): number {
+  let count = 0;
+
+  for (let index = 0; index < rawHeaders.length; index += 2) {
+    if (rawHeaders[index]?.toLowerCase() === "host") {
+      count += 1;
+    }
+  }
+
+  return count;
+}
+
+function parseHostHeader(
+  hostHeader: IncomingMessage["headers"]["host"],
+  protocol: string
+): ParsedAuthority | undefined {
+  if (hostHeader === undefined || Array.isArray(hostHeader)) {
+    return undefined;
+  }
+
+  const host = hostHeader.trim();
+  if (host === "" || host !== hostHeader) {
+    return undefined;
+  }
+
+  try {
+    const parsed = new URL(`${protocol}//${host}`);
+    if (
+      parsed.username !== "" ||
+      parsed.password !== "" ||
+      parsed.pathname !== "/" ||
+      parsed.search !== "" ||
+      parsed.hash !== ""
+    ) {
+      return undefined;
     }
-    res.end(
-      JSON.stringify(createDefaultErrorBody(internalServerErrorDefaultError))
+
+    return getUrlAuthority(parsed);
+  } catch {
+    return undefined;
+  }
+}
+
+function getUrlAuthority(url: URL): ParsedAuthority {
+  return {
+    host: url.host,
+    hostname: url.hostname,
+    port: getEffectivePort(url),
+  };
+}
+
+function getEffectivePort(url: URL): string {
+  return url.port === "" ? getDefaultPort(url.protocol) : url.port;
+}
+
+function getDefaultPort(protocol: string): string {
+  switch (protocol) {
+    case "http:":
+    case "ws:":
+      return "80";
+    case "https:":
+    case "wss:":
+      return "443";
+    case "ftp:":
+      return "21";
+    default:
+      return "";
+  }
+}
+
+function shouldValidateRequestBody(method?: string): boolean {
+  return method !== "GET" && method !== "HEAD";
+}
+
+function shouldWriteResponseBody(
+  method: string | undefined,
+  status: number
+): boolean {
+  return method !== "HEAD" && status !== 204 && status !== 304;
+}
+
+async function readWritableResponseBody(
+  method: string | undefined,
+  response: Response,
+  reportError: (error: unknown) => void
+): Promise<Buffer | undefined> {
+  if (shouldWriteResponseBody(method, response.status)) {
+    return Buffer.from(await response.arrayBuffer());
+  }
+
+  cancelSuppressedResponseBody(response, reportError);
+  return undefined;
+}
+
+function cancelSuppressedResponseBody(
+  response: Response,
+  reportError: (error: unknown) => void
+): void {
+  try {
+    void response.body?.cancel().catch(error => {
+      reportSuppressedResponseBodyCancelError(error, reportError);
+    });
+  } catch (error) {
+    reportSuppressedResponseBodyCancelError(error, reportError);
+  }
+}
+
+function reportSuppressedResponseBodyCancelError(
+  error: unknown,
+  reportError: (error: unknown) => void
+): void {
+  try {
+    reportError(error);
+  } catch (onErrorFailure) {
+    console.error(
+      "TypeweaverApp: onError callback threw while handling error",
+      { onErrorFailure, originalError: error }
     );
   }
 }
 
+function hasReadableRequestBody(req: IncomingMessage): boolean {
+  return (
+    req.headers["content-length"] !== undefined ||
+    req.headers["transfer-encoding"] !== undefined
+  );
+}
+
+function createRequestHeaders(headers: IncomingMessage["headers"]): Headers {
+  const requestHeaders = new Headers();
+
+  for (const [name, value] of Object.entries(headers)) {
+    if (value === undefined) {
+      continue;
+    }
+
+    if (Array.isArray(value)) {
+      if (name.toLowerCase() === "cookie") {
+        requestHeaders.set(name, value.join("; "));
+        continue;
+      }
+
+      for (const item of value) {
+        requestHeaders.append(name, item);
+      }
+      continue;
+    }
+
+    requestHeaders.set(name, value);
+  }
+
+  return requestHeaders;
+}
+
+function isRequestBodyLimitError(
+  error: unknown
+): error is PayloadTooLargeError | RequestBodyDrainTimeoutError {
+  return (
+    error instanceof PayloadTooLargeError ||
+    error instanceof RequestBodyDrainTimeoutError
+  );
+}
+
+function enforceContentLengthLimit(
+  req: IncomingMessage,
+  maxBodySize: number
+): void {
+  const contentLength = parseContentLength(req.headers["content-length"]);
+  if (contentLength === undefined) {
+    return;
+  }
+
+  if (isBodySizeOverLimit(contentLength, maxBodySize)) {
+    throw new PayloadTooLargeError(contentLength, maxBodySize);
+  }
+}
+
+function writeDefaultErrorResponse(
+  res: ServerResponse,
+  error:
+    | typeof badRequestDefaultError
+    | typeof payloadTooLargeDefaultError
+    | typeof internalServerErrorDefaultError,
+  options: {
+    readonly method?: string;
+    readonly onFinished?: () => void;
+  } = {}
+): void {
+  if (!res.headersSent) {
+    res.writeHead(error.statusCode, {
+      "content-type": "application/json",
+    });
+  }
+
+  if (options.onFinished !== undefined) {
+    res.once("finish", options.onFinished);
+  }
+
+  const body = shouldWriteResponseBody(options.method, error.statusCode)
+    ? JSON.stringify(createDefaultErrorBody(error))
+    : undefined;
+  res.end(body);
+}
+
+function writeBadRequestResponse(
+  req: IncomingMessage,
+  res: ServerResponse,
+  maxBodySize: number
+): void {
+  writeDefaultErrorResponse(res, badRequestDefaultError, {
+    method: req.method,
+    onFinished: createRejectedRequestBodyCleanup(req, maxBodySize),
+  });
+}
+
+function createRejectedRequestBodyCleanup(
+  req: IncomingMessage,
+  maxBodySize: number
+): (() => void) | undefined {
+  if (!hasReadableRequestBody(req)) {
+    return undefined;
+  }
+
+  return () => {
+    const contentLength = parseContentLength(req.headers["content-length"]);
+    if (
+      contentLength !== undefined &&
+      isBodySizeOverLimit(contentLength, maxBodySize)
+    ) {
+      req.destroy();
+      return;
+    }
+
+    void drainRequest(req, maxBodySize, { destroyOnLimitExceeded: true });
+  };
+}
+
+async function drainRequest(
+  req: IncomingMessage,
+  maxBodySize: number,
+  options: DrainRequestOptions = {}
+): Promise<DrainRequestResult> {
+  if (req.readableEnded || req.destroyed) {
+    return { exceededLimit: false, timedOut: false, totalBytes: 0 };
+  }
+
+  return await new Promise<DrainRequestResult>(resolve => {
+    const destroyOnLimitExceeded = options.destroyOnLimitExceeded ?? true;
+    const timeoutMs = options.timeoutMs ?? REQUEST_DRAIN_TIMEOUT_MS;
+    let drainedBytes = 0;
+    let isSettled = false;
+
+    const settle = (result: Omit<DrainRequestResult, "totalBytes">): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      resolve({ ...result, totalBytes: drainedBytes });
+    };
+
+    const stopReading = (
+      result: Omit<DrainRequestResult, "totalBytes">
+    ): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      if (destroyOnLimitExceeded) {
+        req.destroy();
+      }
+      resolve({ ...result, totalBytes: drainedBytes });
+    };
+
+    const drainTimeout = setTimeout(() => {
+      stopReading({ exceededLimit: false, timedOut: true });
+    }, timeoutMs);
+    drainTimeout.unref();
+
+    const handleData = (chunk: Buffer | string): void => {
+      drainedBytes +=
+        typeof chunk === "string" ? Buffer.byteLength(chunk) : chunk.byteLength;
+
+      if (isBodySizeOverLimit(drainedBytes, maxBodySize)) {
+        stopReading({ exceededLimit: true, timedOut: false });
+      }
+    };
+
+    const handleEnd = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const handleClose = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const handleAborted = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const handleError = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const cleanup = (): void => {
+      clearTimeout(drainTimeout);
+      req.off("data", handleData);
+      req.off("end", handleEnd);
+      req.off("error", handleError);
+      req.off("aborted", handleAborted);
+      req.off("close", handleClose);
+    };
+
+    req.on("data", handleData);
+    req.on("end", handleEnd);
+    req.on("error", handleError);
+    req.on("aborted", handleAborted);
+    req.on("close", handleClose);
+    req.resume();
+  });
+}
+
 function collectBody(
   req: IncomingMessage,
   maxBodySize: number
@@ -107,26 +595,72 @@ function collectBody(
   return new Promise<ArrayBuffer>((resolve, reject) => {
     const chunks: Buffer[] = [];
     let totalBytes = 0;
+    let isSettled = false;
+
+    const cleanup = (): void => {
+      req.off("data", handleData);
+      req.off("end", handleEnd);
+      req.off("error", handleError);
+      req.off("aborted", handleAborted);
+      req.off("close", handleClose);
+    };
+
+    const rejectOnce = (error: unknown): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      reject(error);
+    };
+
+    const resolveOnce = (body: ArrayBuffer): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      resolve(body);
+    };
+
+    const handleData = (chunk: Buffer): void => {
+      if (isSettled) return;
 
-    req.on("data", (chunk: Buffer) => {
       totalBytes += chunk.byteLength;
-      if (totalBytes > maxBodySize) {
-        req.destroy();
-        reject(new PayloadTooLargeError(totalBytes, maxBodySize));
+      if (isBodySizeOverLimit(totalBytes, maxBodySize)) {
+        req.pause();
+        cleanup();
+        req.resume();
+        rejectOnce(new PayloadTooLargeError(totalBytes, maxBodySize));
         return;
       }
       chunks.push(chunk);
-    });
+    };
 
-    req.on("end", () => {
+    const handleEnd = (): void => {
       const combined = Buffer.concat(chunks, totalBytes);
-      resolve(
+      resolveOnce(
         combined.buffer.slice(
           combined.byteOffset,
           combined.byteOffset + combined.byteLength
         ) as ArrayBuffer
       );
-    });
-    req.on("error", reject);
+    };
+
+    const handleError = (error: Error): void => {
+      rejectOnce(error);
+    };
+
+    const handleAborted = (): void => {
+      rejectOnce(new Error("Request aborted while reading body"));
+    };
+
+    const handleClose = (): void => {
+      if (!req.readableEnded) {
+        rejectOnce(new Error("Request closed before body was fully read"));
+      }
+    };
+
+    req.on("data", handleData);
+    req.on("end", handleEnd);
+    req.on("error", handleError);
+    req.on("aborted", handleAborted);
+    req.on("close", handleClose);
   });
 }