npm - com.jimuwd.xian.registry-proxy - Versions diffs - 1.0.85 → 1.0.87 - Mend

com.jimuwd.xian.registry-proxy 1.0.85 → 1.0.87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +30 -25
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -143,10 +143,16 @@ async function fetchFromRegistry(registry, targetUrl, reqFromDownstreamClient, l
     try {
         logger.info(`Fetching from upstream: ${targetUrl}`);
         const headersFromDownstreamClient = reqFromDownstreamClient.headers;
-        const headers = registry.token ? { Authorization: `Bearer ${registry.token}` } : {};
-        // 合并 headersFromDownstreamClient 和 headers
-        const mergedHeaders = { ...headersFromDownstreamClient, ...headers, };
+        const authorizationHeaders = registry.token ? { Authorization: `Bearer ${registry.token}` } : {};
+        // 合并 headersFromDownstreamClient 和 authorizationHeaders
+        const mergedHeaders = { ...headersFromDownstreamClient, ...authorizationHeaders, };
         // (mergedHeaders as any).connection = "keep-alive"; 不允许私自添加 connection: keep-alive header，应当最终下游客户端自己的选择
+        // 替换“Host”头为upstream的host
+        const upstreamHost = new URL(registry.normalizedRegistryUrl).host;
+        if (mergedHeaders.host) {
+            logger.info(`Replace 'Host=${mergedHeaders.host}' header in downstream request to upstream 'Host=${upstreamHost}' header when proxying to upstream ${targetUrl}.`);
+            mergedHeaders.host = upstreamHost;
+        }
         const response = await fetch(targetUrl, { headers: mergedHeaders });
         logger.info(`Response from upstream ${targetUrl}: ${response.status} ${response.statusText} content-type=${response.headers.get('content-type')} content-length=${response.headers.get('content-length')} transfer-encoding=${response.headers.get('transfer-encoding')}`);
         return response.ok ? response : null;
@@ -169,30 +175,17 @@ async function fetchFromRegistry(registry, targetUrl, reqFromDownstreamClient, l
 function resetHeaderContentLengthIfTransferEncodingIsAbsent(safeHeaders, targetUrl, bodyData) {
     if (!safeHeaders["transfer-encoding"]) {
         logger.info(`Transfer-Encoding header is absent, then set the content-length header, upstream url is ${targetUrl}`);
-        safeHeaders["content-length"] = bodyData.length;
+        safeHeaders["content-length"] = Buffer.byteLength(bodyData);
     }
 }
 async function writeResponseToDownstreamClient(registryInfo, targetUrl, resToDownstreamClient, upstreamResponse, reqFromDownstreamClient, proxyInfo, proxyPort, registryInfos) {
     if (!upstreamResponse.ok)
         throw new Error("Only 2xx upstream response is supported");
     try {
-        // 准备通用响应头信息
-        const safeHeaders = {};
-        // 复制所有可能需要的头信息（不包含安全相关的敏感头信息，如access-control-allow-origin、set-cookie、server、strict-transport-security等，这意味着代理服务器向下游客户端屏蔽了这些认证等安全数据）
-        // 也不能包含cf-cache-status、cf-ray（Cloudflare 特有字段）可能干扰客户端解析。
-        const headersToCopy = ['cache-control', 'connection', 'content-type', 'content-encoding', 'content-length', 'date', 'etag', 'last-modified', 'transfer-encoding', 'vary',];
-        headersToCopy.forEach(header => {
-            const value = upstreamResponse.headers.get(header);
-            if (value)
-                safeHeaders[header] = value;
-        });
-        if (!safeHeaders['content-type'])
-            safeHeaders['content-type'] = 'application/octet-stream';
-        const contentType = safeHeaders['content-type'];
-        if (contentType.includes('application/json')) {
-            // JSON 处理逻辑
+        const contentType = upstreamResponse.headers.get("content-type") || "application/octet-stream";
+        if (contentType.includes('application/json')) { // JSON 处理逻辑
             const data = await upstreamResponse.json();
-            if (data.versions) {
+            if (data.versions) { // 处理node依赖包元数据
                 const host = reqFromDownstreamClient.headers.host || `localhost:${proxyPort}`;
                 const baseUrl = `${proxyInfo.https ? 'https' : 'http'}://${host}${proxyInfo.basePath === '/' ? '' : proxyInfo.basePath}`;
                 for (const versionKey in data.versions) {
@@ -206,12 +199,24 @@ async function writeResponseToDownstreamClient(registryInfo, targetUrl, resToDow
                 }
             }
             const bodyData = JSON.stringify(data);
-            resetHeaderContentLengthIfTransferEncodingIsAbsent(safeHeaders, targetUrl, bodyData);
+            const safeHeaders = { 'content-type': 'application/json', 'content-length': Buffer.byteLength(bodyData) };
             logger.info(`Response to downstream client headers`, JSON.stringify(safeHeaders), targetUrl);
-            resToDownstreamClient.writeHead(upstreamResponse.status, safeHeaders /*{'content-type': 'application/json'}*/).end(bodyData);
+            resToDownstreamClient.writeHead(upstreamResponse.status, { 'content-type': 'application/json' }).end(bodyData);
         }
-        else if (contentType.includes('application/octet-stream')) {
-            // 二进制流处理
+        else if (contentType.includes('application/octet-stream')) { // 二进制流处理
+            // 准备通用响应头信息
+            const safeHeaders = {};
+            // 复制所有可能需要的头信息（不包含安全相关的敏感头信息，如access-control-allow-origin、set-cookie、server、strict-transport-security等，这意味着代理服务器向下游客户端屏蔽了这些认证等安全数据）
+            // 也不能包含cf-cache-status、cf-ray（Cloudflare 特有字段）可能干扰客户端解析。
+            const headersToCopy = ['cache-control', 'connection', 'content-type', 'content-encoding', 'content-length', 'date', 'etag', 'last-modified', 'transfer-encoding', 'vary',];
+            headersToCopy.forEach(header => {
+                const value = upstreamResponse.headers.get(header);
+                if (value)
+                    safeHeaders[header] = value;
+            });
+            if (!safeHeaders['content-type'])
+                safeHeaders['content-type'] = 'application/octet-stream';
+            const contentType = safeHeaders['content-type'];
             if (!upstreamResponse.body) {
                 logger.error(`Empty response body from upstream ${targetUrl}`);
                 resToDownstreamClient.writeHead(502).end('Empty Upstream Response');
@@ -259,7 +264,7 @@ async function writeResponseToDownstreamClient(registryInfo, targetUrl, resToDow
         else {
             logger.warn(`Unsupported response content-type from upstream ${targetUrl}`);
             const bodyData = await upstreamResponse.text();
-            resetHeaderContentLengthIfTransferEncodingIsAbsent(safeHeaders, targetUrl, bodyData);
+            const safeHeaders = { 'content-type': contentType, 'content-length': Buffer.byteLength(bodyData) };
             logger.info(`Response to downstream client headers`, JSON.stringify(safeHeaders), targetUrl);
             resToDownstreamClient.writeHead(upstreamResponse.status, safeHeaders).end(bodyData);
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "com.jimuwd.xian.registry-proxy",
-  "version": "1.0.85",
+  "version": "1.0.87",
   "description": "A lightweight npm registry proxy with fallback support",
   "type": "module",
   "main": "dist/index.js",