braid-http 1.3.98 → 1.3.101
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/braid-http-server.js +52 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -385,6 +385,23 @@ var braidify = require('braid-http').http-server
|
|
|
385
385
|
nbraidify.enable_multiplex = true // or false
|
|
386
386
|
```
|
|
387
387
|
|
|
388
|
+
### How CORS works with Multiplexing
|
|
389
|
+
|
|
390
|
+
When multiplexing is enabled, the library presents the illusion that
|
|
391
|
+
everything is normal HTTP. Behind the scenes, a request/response pair is
|
|
392
|
+
made to `.well-known/multiplexer/<id>` to establish the multiplexer
|
|
393
|
+
channel — CORS is opened on this request. However, this request is hidden
|
|
394
|
+
from client code (it happens inside `braid_fetch`) and the response is
|
|
395
|
+
hidden from server code (it happens inside `braidify`).
|
|
396
|
+
|
|
397
|
+
One might worry that a cross-origin GET without proper CORS could trick the
|
|
398
|
+
server into piping its response through the multiplexer channel — and since
|
|
399
|
+
CORS is opened on the multiplexer channel, the client could read data it
|
|
400
|
+
shouldn't have access to. This doesn't happen, because the browser sends a
|
|
401
|
+
preflight OPTIONS request before the actual GET. If the server doesn't
|
|
402
|
+
return the proper CORS headers for that OPTIONS request, the browser never
|
|
403
|
+
sends the GET, and no data flows through the multiplexer channel.
|
|
404
|
+
|
|
388
405
|
## Testing
|
|
389
406
|
|
|
390
407
|
Run all tests from the command line:
|
package/braid-http-server.js
CHANGED
|
@@ -220,6 +220,43 @@ function parse_content_range (range_string) {
|
|
|
220
220
|
return [unit, range]
|
|
221
221
|
}
|
|
222
222
|
|
|
223
|
+
|
|
224
|
+
// Guard against double-braidification.
|
|
225
|
+
//
|
|
226
|
+
// Libraries (like braid-text &braid-blob) call braidify on the same
|
|
227
|
+
// request/response. We can't let it run twice on the same request. That can
|
|
228
|
+
// cause e.g. duplicate multiplexer request-id errors (409).
|
|
229
|
+
var braidify_version = require('./package.json').version
|
|
230
|
+
var warned_about_braidify_dupe = false
|
|
231
|
+
function warn_braidify_dupe (req) {
|
|
232
|
+
function version_bigger (a, b) {
|
|
233
|
+
var pa = a.split('.').map(Number)
|
|
234
|
+
var pb = b.split('.').map(Number)
|
|
235
|
+
for (var i = 0; i < Math.max(pa.length, pb.length); i++) {
|
|
236
|
+
if ((pa[i] || 0) > (pb[i] || 0)) return true
|
|
237
|
+
if ((pa[i] || 0) < (pb[i] || 0)) return false
|
|
238
|
+
}
|
|
239
|
+
return false
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
if (!warned_about_braidify_dupe) {
|
|
243
|
+
var installed = req._braidified
|
|
244
|
+
var major_mismatch = installed.split('.')[0] !== braidify_version.split('.')[0]
|
|
245
|
+
var dominated = version_bigger(braidify_version, installed)
|
|
246
|
+
|
|
247
|
+
if (major_mismatch || dominated)
|
|
248
|
+
console.warn('braid-http: braidify already applied (v' + installed
|
|
249
|
+
+ '), skipping v' + braidify_version
|
|
250
|
+
+ (major_mismatch
|
|
251
|
+
? ' — major version mismatch, things may break'
|
|
252
|
+
: ' — installed version is older, may lack features'))
|
|
253
|
+
|
|
254
|
+
warned_about_braidify_dupe = true
|
|
255
|
+
}
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
|
|
259
|
+
// The main server function!
|
|
223
260
|
function braidify (req, res, next) {
|
|
224
261
|
if (typeof req === 'function') {
|
|
225
262
|
var handler = req
|
|
@@ -227,6 +264,15 @@ function braidify (req, res, next) {
|
|
|
227
264
|
braidify(req, res, () => handler(req, res, next))
|
|
228
265
|
}
|
|
229
266
|
|
|
267
|
+
|
|
268
|
+
// Guard against double-braidification.
|
|
269
|
+
if (req._braidified) {
|
|
270
|
+
warn_braidify_dupe(req)
|
|
271
|
+
return next?.()
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
req._braidified = braidify_version
|
|
275
|
+
|
|
230
276
|
// console.log('\n## Braidifying', req.method, req.url, req.headers.peer)
|
|
231
277
|
|
|
232
278
|
// Prevent uncaught EPIPE crashes on client disconnect
|
|
@@ -349,6 +395,9 @@ function braidify (req, res, next) {
|
|
|
349
395
|
// find the multiplexer object (contains a response object)
|
|
350
396
|
var m = braidify.multiplexers?.get(multiplexer)
|
|
351
397
|
if (!m) {
|
|
398
|
+
// free cors to multiplexer errors
|
|
399
|
+
free_cors(res)
|
|
400
|
+
|
|
352
401
|
req.is_multiplexer = res.is_multiplexer = true
|
|
353
402
|
res.writeHead(424, 'Multiplexer no exist', {'Bad-Multiplexer': multiplexer})
|
|
354
403
|
return res.end(`multiplexer ${multiplexer} does not exist`)
|
|
@@ -356,6 +405,9 @@ function braidify (req, res, next) {
|
|
|
356
405
|
|
|
357
406
|
// if this request-id already exists, respond with an error
|
|
358
407
|
if (m.requests.has(request)) {
|
|
408
|
+
// free cors to multiplexer errors
|
|
409
|
+
free_cors(res)
|
|
410
|
+
|
|
359
411
|
req.is_multiplexer = res.is_multiplexer = true
|
|
360
412
|
res.writeHead(409, 'Conflict', {'Content-Type': 'application/json'})
|
|
361
413
|
return res.end(JSON.stringify({
|