cloudcms-server 0.9.270 → 0.9.271

package/temp/node-http-proxy/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "http-proxy",
+  "version": "1.18.1",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/http-party/node-http-proxy.git"
+  },
+  "description": "HTTP proxying for the masses",
+  "author": "Charlie Robbins <charlie.robbins@gmail.com>",
+  "maintainers": [
+    "jcrugzz <jcrugzz@gmail.com>"
+  ],
+  "main": "lib/index.js",
+  "dependencies": {
+    "eventemitter3": "^4.0.0",
+    "follow-redirects": "^1.0.0",
+    "requires-port": "^1.0.0"
+  },
+  "devDependencies": {
+    "@types/follow-redirects": "^1.14.1",
+    "@types/node": "^18.0.0",
+    "@typescript-eslint/eslint-plugin": "^5.31.0",
+    "@typescript-eslint/parser": "^5.31.0",
+    "async": "^3.0.0",
+    "concat-stream": "^2.0.0",
+    "eslint": "^8.21.0",
+    "eslint-config-prettier": "^8.5.0",
+    "prettier": "^2.7.1",
+    "semver": "^7.0.0",
+    "socket.io": "^4.0.0",
+    "socket.io-client": "^4.0.0",
+    "sse": "0.0.8",
+    "typescript": "^4.8.2",
+    "vitest": "^0.20.3",
+    "ws": "^8.0.0"
+  },
+  "scripts": {
+    "build": "npx tsc -p ./tsconfig.build.json",
+    "format": "prettier --write ./lib",
+    "lint": "eslint --fix ./lib",
+    "test": "vitest run"
+  },
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "license": "MIT"
+}

package/temp/node-http-proxy/tsconfig.build.json

@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "include": ["lib"]
+}

package/temp/node-http-proxy/tsconfig.json

@@ -0,0 +1,115 @@
+{
+  "compilerOptions": {
+    /* Visit https://aka.ms/tsconfig to read more about this file */
+
+    /* Projects */
+    // "incremental": true,                              /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
+    // "composite": true,                                /* Enable constraints that allow a TypeScript project to be used with project references. */
+    // "tsBuildInfoFile": "./.tsbuildinfo",              /* Specify the path to .tsbuildinfo incremental compilation file. */
+    // "disableSourceOfProjectReferenceRedirect": true,  /* Disable preferring source files instead of declaration files when referencing composite projects. */
+    // "disableSolutionSearching": true,                 /* Opt a project out of multi-project reference checking when editing. */
+    // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
+
+    /* Language and Environment */
+    "target": "es2020",
+    /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
+    "lib": [
+      "es2020"
+    ],
+    /* Specify a set of bundled library declaration files that describe the target runtime environment. */
+    // "jsx": "preserve",                                /* Specify what JSX code is generated. */
+    // "experimentalDecorators": true,                   /* Enable experimental support for TC39 stage 2 draft decorators. */
+    // "emitDecoratorMetadata": true,                    /* Emit design-type metadata for decorated declarations in source files. */
+    // "jsxFactory": "",                                 /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
+    // "jsxFragmentFactory": "",                         /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
+    // "jsxImportSource": "",                            /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
+    // "reactNamespace": "",                             /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
+    // "noLib": true,                                    /* Disable including any library files, including the default lib.d.ts. */
+    // "useDefineForClassFields": true,                  /* Emit ECMAScript-standard-compliant class fields. */
+    // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
+
+    /* Modules */
+    "module": "commonjs",
+    /* Specify what module code is generated. */
+    // "rootDir": "./",                                  /* Specify the root folder within your source files. */
+    // "moduleResolution": "node",                       /* Specify how TypeScript looks up a file from a given module specifier. */
+    // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
+    // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
+    // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
+    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
+    // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
+    // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
+    // "resolveJsonModule": true,                        /* Enable importing .json files. */
+    // "noResolve": true,                                /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
+
+    /* JavaScript Support */
+     "allowJs": true,                                  /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
+    // "checkJs": true,                                  /* Enable error reporting in type-checked JavaScript files. */
+    // "maxNodeModuleJsDepth": 1,                        /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
+
+    /* Emit */
+    // "declaration": true,                              /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
+    // "declarationMap": true,                           /* Create sourcemaps for d.ts files. */
+     "emitDeclarationOnly": false,                      /* Only output d.ts files and not JavaScript files. */
+    // "sourceMap": true,
+    /* Create source map files for emitted JavaScript files. */
+    // "outFile": "./",                                  /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
+     "outDir": "./dist",                                   /* Specify an output folder for all emitted files. */
+    // "removeComments": true,                           /* Disable emitting comments. */
+     "noEmit": false,                                   /* Disable emitting files from a compilation. */
+    // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
+    // "importsNotUsedAsValues": "remove",               /* Specify emit/checking behavior for imports that are only used for types. */
+    // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
+    // "sourceRoot": "",                                 /* Specify the root path for debuggers to find the reference source code. */
+    // "mapRoot": "",                                    /* Specify the location where debugger should locate map files instead of generated locations. */
+    // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
+    // "inlineSources": true,                            /* Include source code in the sourcemaps inside the emitted JavaScript. */
+    // "emitBOM": true,                                  /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
+    // "newLine": "crlf",                                /* Set the newline character for emitting files. */
+    // "stripInternal": true,                            /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
+    // "noEmitHelpers": true,                            /* Disable generating custom helper functions like '__extends' in compiled output. */
+    // "noEmitOnError": true,                            /* Disable emitting files if any type checking errors are reported. */
+    // "preserveConstEnums": true,                       /* Disable erasing 'const enum' declarations in generated code. */
+    // "declarationDir": "./",                           /* Specify the output directory for generated declaration files. */
+    // "preserveValueImports": true,                     /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */
+
+    /* Interop Constraints */
+     "isolatedModules": true,                          /* Ensure that each file can be safely transpiled without relying on other imports. */
+    // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
+    "esModuleInterop": true,
+    /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
+    // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
+    "forceConsistentCasingInFileNames": true,
+    /* Ensure that casing is correct in imports. */
+
+    /* Type Checking */
+    "strict": true,
+    /* Enable all strict type-checking options. */
+    // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
+    // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
+    // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
+    // "strictBindCallApply": true,                      /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
+    // "strictPropertyInitialization": true,             /* Check for class properties that are declared but not set in the constructor. */
+    // "noImplicitThis": true,                           /* Enable error reporting when 'this' is given the type 'any'. */
+    // "useUnknownInCatchVariables": true,               /* Default catch clause variables as 'unknown' instead of 'any'. */
+    // "alwaysStrict": true,                             /* Ensure 'use strict' is always emitted. */
+    // "noUnusedLocals": true,                           /* Enable error reporting when local variables aren't read. */
+    // "noUnusedParameters": true,                       /* Raise an error when a function parameter isn't read. */
+    // "exactOptionalPropertyTypes": true,               /* Interpret optional property types as written, rather than adding 'undefined'. */
+    // "noImplicitReturns": true,                        /* Enable error reporting for codepaths that do not explicitly return in a function. */
+    // "noFallthroughCasesInSwitch": true,               /* Enable error reporting for fallthrough cases in switch statements. */
+    // "noUncheckedIndexedAccess": true,                 /* Add 'undefined' to a type when accessed using an index. */
+    // "noImplicitOverride": true,                       /* Ensure overriding members in derived classes are marked with an override modifier. */
+    // "noPropertyAccessFromIndexSignature": true,       /* Enforces using indexed accessors for keys declared using an indexed type. */
+    // "allowUnusedLabels": true,                        /* Disable error reporting for unused labels. */
+    // "allowUnreachableCode": true,                     /* Disable error reporting for unreachable code. */
+
+    /* Completeness */
+    // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
+    "skipLibCheck": true
+    /* Skip type checking all .d.ts files. */
+  },
+  "exclude": ["node_modules", "benchmark", "dist"],
+  "include": ["examples", "lib", "test"]
+}

package/temp/node-http-proxy/vitest.config.ts

@@ -0,0 +1,9 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: false,
+    include: ['**/test/*-test.js'],
+    testTimeout: 2500,
+  },
+});

package/util/proxy-factory.js

@@ -73,7 +73,10 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
     // This must appear at the top of the app.js file (ahead of config) for things to work
     //
     ////////////////////////////////////////////////////////////////////////////
-
+    
+    // parse the target to get host
+    var proxyHost = urlTool.parse(proxyTarget).host;
+    
     // NOTE: changeOrigin must be true because of the way that we set host to host:port
     // in http-proxy's common.js line 102, the host is only properly set up if changeOrigin is set to true
     // this sets the "host" header and it has to match what is set at the network/transport level in a way
@@ -84,21 +87,25 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
         "agent": http.globalAgent,
         "xfwd": false,
         "proxyTimeout": process.defaultHttpTimeoutMs,
-        "changeOrigin": true
+        //"changeOrigin": true
+        "headers": {
+            "host": proxyHost
+        },
+        "cookieDomainRewrite": true
     };
 
     // use https?
     if (util.isHttps(proxyTarget))
     {
-        // parse the target to get host
-        var proxyHost = urlTool.parse(proxyTarget).host;
-
         proxyConfig = {
             "target": proxyTarget,
             "agent": https.globalAgent,
+            "xfwd": false,
+            "proxyTimeout": process.defaultHttpTimeoutMs,
             "headers": {
                 "host": proxyHost
-            }
+            },
+            "cookieDomainRewrite": true
         };
     }
 
@@ -129,7 +136,9 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
     // and if we hear it, we automatically invalidate the SSO chain so that the next request
     // will continue to work
     proxyServer.on("proxyRes", function (proxyRes, req, res) {
-
+        
+        console.log("proxyRes.1");
+        
         if (req.gitana_user)
         {
             var chunks = [];
@@ -140,6 +149,8 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
             });
 
             proxyRes.on("end", function () {
+    
+                console.log("proxyRes.end, code: " + proxyRes.statusCode);
 
                 if (proxyRes.statusCode === 401)
                 {
@@ -195,6 +206,15 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
 
     var proxyHandlerServer = http.createServer(function(req, res) {
 
+        console.log("proxy.1: " + req.url);
+        if (req.headers)
+        {
+            for (var k in req.headers)
+            {
+                console.log("proxy.2 header " + k + " = " + req.headers[k]);
+            }
+        }
+
         // used to auto-assign the client header for /oauth/token requests
         oauth2.autoProxy(req);
 
@@ -253,130 +273,10 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
 
         // set x-cloudcms-server-version header
         req.headers["x-cloudcms-server-version"] = process.env.CLOUDCMS_APPSERVER_PACKAGE_VERSION;
-
-        // determine the domain to set the "host" header on the proxied call
-        // this is what we pass to the API server
-        var cookieDomain = req.domainHost;
-
-        // if the incoming request is coming off of a CNAME entry that is maintained elsewhere (and they're just
-        // forwarding the CNAME request to our machine), then we try to detect this...
-        //
-        // our algorithm here is pretty weak but suffices for the moment.
-        // if the req.headers["x-forwarded-host"] first entry is in the req.headers["referer"] then we consider
-        // things to have been CNAME forwarded
-        // and so we write cookies back to the req.headers["x-forwarded-host"] first entry domain
-        /*
-        var xForwardedHost = req.headers["x-forwarded-host"];
-        if (xForwardedHost)
-        {
-            xForwardedHost = xForwardedHost.split(",");
-            if (xForwardedHost.length > 0)
-            {
-                var cnameCandidate = xForwardedHost[0];
-
-                var referer = req.headers["referer"];
-                if (referer && referer.indexOf("://" + cnameCandidate) > -1)
-                {
-                    req.log("Detected CNAME: " + cnameCandidate);
-
-                    proxyHostHeader = cnameCandidate;
-                }
-            }
-        }
-        */
-
-        // we fall back to using http-node-proxy's xfwd support
-        // thus, spoof header here on request so that "x-forwarded-host" is set properly
-        //req.headers["host"] = proxyHostHeader;
-
+    
         // keep alive
         req.headers["connection"] = "keep-alive";
 
-        // allow forced cookie domains
-        var forcedCookieDomain = req.headers["cloudcmscookiedomain"];
-        if (!forcedCookieDomain)
-        {
-            if (process.env.CLOUDCMS_FORCE_COOKIE_DOMAIN)
-            {
-                forcedCookieDomain = process.env.CLOUDCMS_FORCE_COOKIE_DOMAIN;
-            }
-        }
-        if (forcedCookieDomain)
-        {
-            cookieDomain = forcedCookieDomain;
-        }
-
-        var updateSetCookieValue = function(value)
-        {
-            // replace the domain with the host
-            var i = value.toLowerCase().indexOf("domain=");
-            if (i > -1)
-            {
-                var j = value.indexOf(";", i);
-                if (j === -1)
-                {
-                    value = value.substring(0, i);
-                }
-                else
-                {
-                    value = value.substring(0, i) + value.substring(j);
-                }
-            }
-
-            // if the originating request isn't secure, strip out "secure" from cookie
-            if (!util.isSecure(req))
-            {
-                var i = value.toLowerCase().indexOf("; secure");
-                if (i > -1)
-                {
-                    value = value.substring(0, i);
-                }
-            }
-
-            // if the original request is secure, ensure cookies have "secure" set
-            if (util.isSecure(req))
-            {
-                var i = value.toLowerCase().indexOf("; secure");
-                var j = value.toLowerCase().indexOf(";secure");
-                if (i === -1 && j === -1)
-                {
-                    value += ";secure";
-                }
-            }
-
-            return value;
-        };
-
-        // handles the setting of response headers
-        // we filter off stuff we do not care about
-        // we ensure proper domain on set-cookie (TODO: is this needed anymore?)
-        var _setHeader = res.setHeader;
-        res.setHeader = function(key, value)
-        {
-            var _key = key.toLowerCase();
-
-            if (_key.indexOf("access-control-") === 0)
-            {
-                // skip any access control headers
-            }
-            else
-            {
-                if (_key === "set-cookie")
-                {
-                    for (var x in value)
-                    {
-                        value[x] = updateSetCookieValue(value[x]);
-                    }
-                }
-
-                var existing = this.getHeader(key);
-                if (!existing)
-                {
-                    _setHeader.call(this, key, value);
-                }
-            }
-        };
-
         // if the incoming request didn't have an "Authorization" header
         // and we have a logged in Gitana User via Auth, then set authorization header to Bearer Access Token
         if (!req.headers["authorization"])
@@ -394,8 +294,19 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
         if (pathPrefix) {
             req.url = path.join(pathPrefix, req.url);
         }
+    
+        console.log("proxy.4: " + req.url);
+        if (req.headers)
+        {
+            for (var k in req.headers)
+            {
+                console.log("proxy.4 header " + k + " = " + req.headers[k]);
+            }
+        }
 
         proxyServer.web(req, res);
+        
+        console.log("proxy.5");
     });
 
     return proxyHandlerServer.listeners('request')[0];