cloudcms-server 0.9.301 → 3.2.280

package/util/proxy-factory.js

@@ -2,20 +2,20 @@ var http = require("http");
 var https = require("https");
 var path = require("path");
 
-var httpProxy = require("http-proxy");
-
 var auth = require("./auth");
 var util = require("./util");
 
 var oauth2 = require("./oauth2")();
 
 var urlTool = require("url");
+const finalhandler = require("finalhandler");
 
 var exports = module.exports;
 
 var _LOCK = function(lockIdentifiers, workFunction)
 {
-    process.locks.lock(lockIdentifiers.join("_"), workFunction);
+    var name = lockIdentifiers.join("_");
+    process.locks.lock(name, workFunction);
 };
 
 var NAMED_PROXY_HANDLERS_CACHE = require("lru-cache")({
@@ -34,9 +34,15 @@ var acquireProxyHandler = exports.acquireProxyHandler = function(proxyTarget, pa
     {
         return callback(null, _cachedHandler);
     }
-
+    
     // take out a thread lock
-    _LOCK(["acquireProxyHandler", name], function(releaseLockFn) {
+    _LOCK(["acquireProxyHandler", name], function(err, releaseLockFn) {
+        
+        if (err)
+        {
+            // failed to acquire lock
+            return callback(err);
+        }
 
         // second check to make sure another thread didn't create the handler in the meantime
         _cachedHandler = NAMED_PROXY_HANDLERS_CACHE[name];
@@ -48,7 +54,7 @@ var acquireProxyHandler = exports.acquireProxyHandler = function(proxyTarget, pa
 
         // create the proxy handler and cache it into LRU cache
         _cachedHandler = createProxyHandler(proxyTarget, pathPrefix);
-
+    
         // store back into LRU cache
         NAMED_PROXY_HANDLERS_CACHE[name] = _cachedHandler;
 
@@ -57,134 +63,74 @@ var acquireProxyHandler = exports.acquireProxyHandler = function(proxyTarget, pa
     });
 };
 
-var createProxyHandler = function(proxyTarget, pathPrefix)
-{
-    ////////////////////////////////////////////////////////////////////////////
-    //
-    // HTTP/HTTPS Proxy Server to Cloud CMS
-    // Facilitates Cross-Domain communication between Browser and Cloud Server
-    // This must appear at the top of the app.js file (ahead of config) for things to work
-    //
-    ////////////////////////////////////////////////////////////////////////////
-
-    // NOTE: changeOrigin must be true because of the way that we set host to host:port
-    // in http-proxy's common.js line 102, the host is only properly set up if changeOrigin is set to true
-    // this sets the "host" header and it has to match what is set at the network/transport level in a way
-    // (inner workings of Node http request)
-    //
-    var proxyConfig = {
-        "target": proxyTarget,
-        "agent": http.globalAgent,
-        "xfwd": false,
-        "proxyTimeout": process.defaultHttpTimeoutMs,
-        "changeOrigin": true
-    };
-
-    // use https?
-    if (util.isHttps(proxyTarget))
-    {
-        // parse the target to get host
-        var proxyHost = urlTool.parse(proxyTarget).host;
-
-        proxyConfig = {
-            "target": proxyTarget,
-            "agent": https.globalAgent,
-            "headers": {
-                "host": proxyHost
-            }
-        };
-    }
 
-    // create proxy server instance
-    var proxyServer = new httpProxy.createProxyServer(proxyConfig);
 
-    // error handling
-    proxyServer.on("error", function(err, req, res) {
-        process.log(err);
-        res.writeHead(500, {
-            'Content-Type': 'text/plain'
-        });
-
-        res.end('Something went wrong while proxying the request.');
-    });
 
-    // if we're using auth credentials that are picked up in SSO chain, then we listen for a 401
-    // and if we hear it, we automatically invalidate the SSO chain so that the next request
-    // will continue to work
-    proxyServer.on("proxyRes", function (proxyRes, req, res) {
-
-        if (req.gitana_user)
+var createProxyHandler = function(proxyTarget, pathPrefix)
+{
+    const proxy = require("http2-proxy");
+    const finalhandler = require('finalhandler')
+    
+    const defaultWebHandler = function(err, req, res) {
+        if (err)
         {
-            var chunks = [];
-            // triggers on data receive
-            proxyRes.on('data', function(chunk) {
-                // add received chunk to chunks array
-                chunks.push(chunk);
-            });
-
-            proxyRes.on("end", function () {
-
-                if (proxyRes.statusCode === 401)
-                {
-                    var text = "" + Buffer.concat(chunks);
-                    if (text && (text.indexOf("invalid_token") > -1) || (text.indexOf("invalid_grant") > -1))
-                    {
-                        var identifier = req.identity_properties.provider_id + "/" + req.identity_properties.user_identifier;
-
-                        _LOCK([identifier], function(releaseLockFn) {
-
-                            var cleanup = function (full)
-                            {
-                                delete Gitana.APPS[req.identity_properties.token];
-                                delete Gitana.PLATFORM_CACHE[req.identity_properties.token];
-
-                                if (full) {
-                                    auth.removeUserCacheEntry(identifier);
-                                }
-                            };
-
-                            // null out the access token
-                            // this will force the refresh token to be used to get a new one on the next request
-                            req.gitana_user.getDriver().http.refresh(function (err) {
-
-                                if (err) {
-                                    cleanup(true);
-                                    req.log("Invalidated auth state for gitana user: " + req.identity_properties.token);
-                                    releaseLockFn();
-                                    return;
-                                }
-
-                                req.gitana_user.getDriver().reloadAuthInfo(function () {
-                                    cleanup(true);
-                                    req.log("Refreshed token for gitana user: " + req.identity_properties.token);
-                                    releaseLockFn();
-                                });
-                            });
-                        });
-                    }
-
-                }
-            });
+            console.log("A web proxy error was caught, path: " + req.path + ", err: ", err);
+            try { res.status(500); } catch (e) { }
+            try { res.end('Something went wrong while proxying the request.'); } catch (e) { }
         }
-    });
-
-    var proxyHandlerServer = http.createServer(function(req, res) {
+    
+        finalhandler(req, res)(err);
+    };
+    
+    // const defaultWsHandler = function(err, req, socket, head) {
+    //     if (err) {
+    //         console.error('proxy error (ws)', err);
+    //         socket.destroy();
+    //     }
+    // };
+    
+    //console.log("Proxy Target: " + proxyTarget);
+    
+    var hostname = urlTool.parse(proxyTarget).hostname;
+    var port = urlTool.parse(proxyTarget).port;
+    var protocol = urlTool.parse(proxyTarget).protocol;
+    
+    // web
+    var webConfig = {};
+    webConfig.hostname = hostname;
+    webConfig.port = port;
+    webConfig.protocol = protocol;
+    //webConfig.path = null;
+    webConfig.proxyTimeout = 120000;
+    webConfig.proxyName = "Cloud CMS UI Proxy";
+    webConfig.onReq = function(req, options) {
+
+        if (!options.headers) {
+            options.headers = {};
+        }
+        var headers = options.headers;
 
+        if (options.path && options.path.startsWith("/proxy")) {
+            options.path = options.path.substring(6);
+        }
+    
+        if (pathPrefix) {
+            options.path = path.join(pathPrefix, options.path);
+        }
+        
         // used to auto-assign the client header for /oauth/token requests
         oauth2.autoProxy(req);
-
+    
         // copy domain host into "x-cloudcms-domainhost"
-        if (req.domainHost)
-        {
-            req.headers["x-cloudcms-domainhost"] = req.domainHost; // this could be "localhost"
+        if (req.domainHost) {
+            headers["x-cloudcms-domainhost"] = req.domainHost; // this could be "localhost"
         }
-
+    
         // copy virtual host into "x-cloudcms-virtualhost"
-        if (req.virtualHost)
-        {
-            req.headers["x-cloudcms-virtualhost"] = req.virtualHost; // this could be "root.cloudcms.net" or "abc.cloudcms.net"
+        if (req.virtualHost) {
+            headers["x-cloudcms-virtualhost"] = req.virtualHost; // this could be "root.cloudcms.net" or "abc.cloudcms.net"
         }
-
+    
         // copy deployment descriptor info
         if (req.descriptor)
         {
@@ -192,29 +138,29 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
             {
                 if (req.descriptor.tenant.id)
                 {
-                    req.headers["x-cloudcms-tenant-id"] = req.descriptor.tenant.id;
+                    headers["x-cloudcms-tenant-id"] = req.descriptor.tenant.id;
                 }
-
+            
                 if (req.descriptor.tenant.title)
                 {
-                    req.headers["x-cloudcms-tenant-title"] = req.descriptor.tenant.title;
+                    headers["x-cloudcms-tenant-title"] = req.descriptor.tenant.title;
                 }
             }
-
+        
             if (req.descriptor.application)
             {
                 if (req.descriptor.application.id)
                 {
-                    req.headers["x-cloudcms-application-id"] = req.descriptor.application.id;
+                    headers["x-cloudcms-application-id"] = req.descriptor.application.id;
                 }
-
+            
                 if (req.descriptor.application.title)
                 {
-                    req.headers["x-cloudcms-application-title"] = req.descriptor.application.title;
+                    headers["x-cloudcms-application-title"] = req.descriptor.application.title;
                 }
             }
         }
-
+    
         // set optional "x-cloudcms-origin" header
         var cloudcmsOrigin = null;
         if (req.virtualHost)
@@ -223,155 +169,179 @@ var createProxyHandler = function(proxyTarget, pathPrefix)
         }
         if (cloudcmsOrigin)
         {
-            req.headers["x-cloudcms-origin"] = cloudcmsOrigin;
+            headers["x-cloudcms-origin"] = cloudcmsOrigin;
         }
-
+    
         // set x-cloudcms-server-version header
-        req.headers["x-cloudcms-server-version"] = process.env.CLOUDCMS_APPSERVER_PACKAGE_VERSION;
-
-        // determine the domain to set the "host" header on the proxied call
-        // this is what we pass to the API server
-        var cookieDomain = req.domainHost;
-
-        // if the incoming request is coming off of a CNAME entry that is maintained elsewhere (and they're just
-        // forwarding the CNAME request to our machine), then we try to detect this...
-        //
-        // our algorithm here is pretty weak but suffices for the moment.
-        // if the req.headers["x-forwarded-host"] first entry is in the req.headers["referer"] then we consider
-        // things to have been CNAME forwarded
-        // and so we write cookies back to the req.headers["x-forwarded-host"] first entry domain
-        /*
-        var xForwardedHost = req.headers["x-forwarded-host"];
-        if (xForwardedHost)
+        headers["x-cloudcms-server-version"] = process.env.CLOUDCMS_APPSERVER_PACKAGE_VERSION;
+    
+        // keep alive
+        //req.headers["connection"] = "keep-alive";
+    
+        // if the incoming request didn't have an "Authorization" header
+        // and we have a logged in Gitana User via Auth, then set authorization header to Bearer Access Token
+        if (!req.headers["authorization"])
         {
-            xForwardedHost = xForwardedHost.split(",");
-            if (xForwardedHost.length > 0)
+            if (req.gitana_user)
             {
-                var cnameCandidate = xForwardedHost[0];
-
-                var referer = req.headers["referer"];
-                if (referer && referer.indexOf("://" + cnameCandidate) > -1)
-                {
-                    req.log("Detected CNAME: " + cnameCandidate);
-
-                    proxyHostHeader = cnameCandidate;
-                }
+                headers["authorization"] = "Bearer " + req.gitana_user.getDriver().http.accessToken();
             }
-        }
-        */
-
-        // we fall back to using http-node-proxy's xfwd support
-        // thus, spoof header here on request so that "x-forwarded-host" is set properly
-        //req.headers["host"] = proxyHostHeader;
-
-        // keep alive
-        req.headers["connection"] = "keep-alive";
-
-        // allow forced cookie domains
-        var forcedCookieDomain = req.headers["cloudcmscookiedomain"];
-        if (!forcedCookieDomain)
-        {
-            if (process.env.CLOUDCMS_FORCE_COOKIE_DOMAIN)
+            else if (req.gitana_proxy_access_token)
             {
-                forcedCookieDomain = process.env.CLOUDCMS_FORCE_COOKIE_DOMAIN;
+                headers["authorization"] = "Bearer " + req.gitana_proxy_access_token;
             }
         }
-        if (forcedCookieDomain)
+    };
+    webConfig.onRes = function(req, res, proxyRes) {
+    
+        if (req.gitana_user)
         {
-            cookieDomain = forcedCookieDomain;
-        }
+            var chunks = [];
+            
+            // triggers on data receive
+            proxyRes.on('data', function(chunk) {
+                // add received chunk to chunks array
+                chunks.push(chunk);
+            });
 
-        var updateSetCookieValue = function(value)
-        {
-            // replace the domain with the host
-            var i = value.toLowerCase().indexOf("domain=");
-            if (i > -1)
-            {
-                var j = value.indexOf(";", i);
-                if (j === -1)
-                {
-                    value = value.substring(0, i);
-                }
-                else
-                {
-                    value = value.substring(0, i) + value.substring(j);
-                }
-            }
+            proxyRes.on("end", function () {
 
-            // if the originating request isn't secure, strip out "secure" from cookie
-            if (!util.isSecure(req))
-            {
-                var i = value.toLowerCase().indexOf("; secure");
-                if (i > -1)
+                if (proxyRes.statusCode === 401)
                 {
-                    value = value.substring(0, i);
-                }
-            }
+                    var text = "" + Buffer.concat(chunks);
+                    if (text && (text.indexOf("invalid_token") > -1) || (text.indexOf("invalid_grant") > -1))
+                    {
+                        var identifier = req.identity_properties.provider_id + "/" + req.identity_properties.user_identifier;
 
-            // if the original request is secure, ensure cookies have "secure" set
-            if (util.isSecure(req))
-            {
-                var i = value.toLowerCase().indexOf("; secure");
-                var j = value.toLowerCase().indexOf(";secure");
-                if (i === -1 && j === -1)
-                {
-                    value += ";secure";
-                }
-            }
+                        _LOCK([identifier], function(err, releaseLockFn) {
 
-            return value;
-        };
+                            if (err)
+                            {
+                                // failed to acquire lock
+                                console.log("FAILED TO ACQUIRE LOCK", err);
+                                req.log("FAILED TO ACQUIRE LOCK", err);
+                                try { releaseLockFn(); } catch (e) { }
+                                return;
+                            }
 
-        // handles the setting of response headers
-        // we filter off stuff we do not care about
-        // we ensure proper domain on set-cookie (TODO: is this needed anymore?)
-        var _setHeader = res.setHeader;
-        res.setHeader = function(key, value)
-        {
-            var _key = key.toLowerCase();
+                            var cleanup = function (full)
+                            {
+                                delete Gitana.APPS[req.identity_properties.token];
+                                delete Gitana.PLATFORM_CACHE[req.identity_properties.token];
 
-            if (_key.indexOf("access-control-") === 0)
-            {
-                // skip any access control headers
-            }
-            else
-            {
-                if (_key === "set-cookie")
-                {
-                    for (var x in value)
-                    {
-                        value[x] = updateSetCookieValue(value[x]);
-                    }
-                }
+                                if (full) {
+                                    auth.removeUserCacheEntry(identifier);
+                                }
+                            };
 
-                var existing = this.getHeader(key);
-                if (!existing)
-                {
-                    _setHeader.call(this, key, value);
-                }
-            }
-        };
+                            // null out the access token
+                            // this will force the refresh token to be used to get a new one on the next request
+                            req.gitana_user.getDriver().http.refresh(function (err) {
 
-        // if the incoming request didn't have an "Authorization" header
-        // and we have a logged in Gitana User via Auth, then set authorization header to Bearer Access Token
-        if (!req.headers["authorization"])
-        {
-            if (req.gitana_user)
-            {
-                req.headers["authorization"] = "Bearer " + req.gitana_user.getDriver().http.accessToken();
-            }
-            else if (req.gitana_proxy_access_token)
-            {
-                req.headers["authorization"] = "Bearer " + req.gitana_proxy_access_token;
-            }
-        }
+                                if (err) {
+                                    cleanup(true);
+                                    req.log("Invalidated auth state for gitana user: " + req.identity_properties.token);
+                                    return releaseLockFn();
+                                }
 
-        if (pathPrefix) {
-            req.url = path.join(pathPrefix, req.url);
-        }
+                                req.gitana_user.getDriver().reloadAuthInfo(function () {
+                                    cleanup(true);
+                                    req.log("Refreshed token for gitana user: " + req.identity_properties.token);
+                                    releaseLockFn();
+                                });
+                            });
+                        });
+                    }
 
-        proxyServer.web(req, res);
-    });
+                }
+            });
+        }
+        
+        //res.setHeader('x-powered-by', 'cloudcms');
+        res.writeHead(proxyRes.statusCode, proxyRes.headers)
+        proxyRes.pipe(res)
+    };
+    
+    var proxyRequestHandler = function(req, res) {
+        proxy.web(req, res, webConfig, function(err, req, res) {
+            defaultWebHandler(err, req, res);
+        });
+    };
+    
+    
+    // cookie domain rewrite?
+    
+    // // if we're using auth credentials that are picked up in SSO chain, then we listen for a 401
+    // // and if we hear it, we automatically invalidate the SSO chain so that the next request
+    // // will continue to work
+    // proxyServer.on("proxyRes", function (proxyRes, req, res) {
+    //
+    //     console.log("proxyRes.1");
+    //
+    //     if (req.gitana_user)
+    //     {
+    //         var chunks = [];
+    //         // triggers on data receive
+    //         proxyRes.on('data', function(chunk) {
+    //             // add received chunk to chunks array
+    //             chunks.push(chunk);
+    //         });
+    //
+    //         proxyRes.on("end", function () {
+    //
+    //             console.log("proxyRes.end, code: " + proxyRes.statusCode);
+    //
+    //             if (proxyRes.statusCode === 401)
+    //             {
+    //                 var text = "" + Buffer.concat(chunks);
+    //                 if (text && (text.indexOf("invalid_token") > -1) || (text.indexOf("invalid_grant") > -1))
+    //                 {
+    //                     var identifier = req.identity_properties.provider_id + "/" + req.identity_properties.user_identifier;
+    //
+    //                     _LOCK([identifier], function(err, releaseLockFn) {
+    //
+    //                         if (err)
+    //                         {
+    //                             // failed to acquire lock
+    //                             console.log("FAILED TO ACQUIRE LOCK", err);
+    //                             req.log("FAILED TO ACQUIRE LOCK", err);
+    //                             return;
+    //                         }
+    //
+    //                         var cleanup = function (full)
+    //                         {
+    //                             delete Gitana.APPS[req.identity_properties.token];
+    //                             delete Gitana.PLATFORM_CACHE[req.identity_properties.token];
+    //
+    //                             if (full) {
+    //                                 auth.removeUserCacheEntry(identifier);
+    //                             }
+    //                         };
+    //
+    //                         // null out the access token
+    //                         // this will force the refresh token to be used to get a new one on the next request
+    //                         req.gitana_user.getDriver().http.refresh(function (err) {
+    //
+    //                             if (err) {
+    //                                 cleanup(true);
+    //                                 req.log("Invalidated auth state for gitana user: " + req.identity_properties.token);
+    //                                 releaseLockFn();
+    //                                 return;
+    //                             }
+    //
+    //                             req.gitana_user.getDriver().reloadAuthInfo(function () {
+    //                                 cleanup(true);
+    //                                 req.log("Refreshed token for gitana user: " + req.identity_properties.token);
+    //                                 releaseLockFn();
+    //                             });
+    //                         });
+    //                     });
+    //                 }
+    //
+    //             }
+    //         });
+    //     }
+    // });
 
-    return proxyHandlerServer.listeners('request')[0];
+    return proxyRequestHandler;
 };