logjs4 0.0.1-security → 6.9.1

package/lib/clustering.js

@@ -0,0 +1,105 @@
+const debug = require('debug')('log4js:clustering');
+const LoggingEvent = require('./LoggingEvent');
+const configuration = require('./configuration');
+
+let disabled = false;
+let cluster = null;
+try {
+  // eslint-disable-next-line global-require
+  cluster = require('cluster');
+} catch (e) {
+  debug('cluster module not present');
+  disabled = true;
+}
+
+const listeners = [];
+
+let pm2 = false;
+let pm2InstanceVar = 'NODE_APP_INSTANCE';
+
+const isPM2Master = () => pm2 && process.env[pm2InstanceVar] === '0';
+const isMaster = () =>
+  disabled || (cluster && cluster.isMaster) || isPM2Master();
+
+const sendToListeners = (logEvent) => {
+  listeners.forEach((l) => l(logEvent));
+};
+
+// in a multi-process node environment, worker loggers will use
+// process.send
+const receiver = (worker, message) => {
+  // prior to node v6, the worker parameter was not passed (args were message, handle)
+  debug('cluster message received from worker ', worker, ': ', message);
+  if (worker.topic && worker.data) {
+    message = worker;
+    worker = undefined;
+  }
+  if (message && message.topic && message.topic === 'log4js:message') {
+    debug('received message: ', message.data);
+    const logEvent = LoggingEvent.deserialise(message.data);
+    sendToListeners(logEvent);
+  }
+};
+
+if (!disabled) {
+  configuration.addListener((config) => {
+    // clear out the listeners, because configure has been called.
+    listeners.length = 0;
+
+    ({
+      pm2,
+      disableClustering: disabled,
+      pm2InstanceVar = 'NODE_APP_INSTANCE',
+    } = config);
+
+    debug(`clustering disabled ? ${disabled}`);
+    debug(`cluster.isMaster ? ${cluster && cluster.isMaster}`);
+    debug(`pm2 enabled ? ${pm2}`);
+    debug(`pm2InstanceVar = ${pm2InstanceVar}`);
+    debug(`process.env[${pm2InstanceVar}] = ${process.env[pm2InstanceVar]}`);
+
+    // just in case configure is called after shutdown
+    if (pm2) {
+      process.removeListener('message', receiver);
+    }
+    if (cluster && cluster.removeListener) {
+      cluster.removeListener('message', receiver);
+    }
+
+    if (disabled || config.disableClustering) {
+      debug('Not listening for cluster messages, because clustering disabled.');
+    } else if (isPM2Master()) {
+      // PM2 cluster support
+      // PM2 runs everything as workers - install pm2-intercom for this to work.
+      // we only want one of the app instances to write logs
+      debug('listening for PM2 broadcast messages');
+      process.on('message', receiver);
+    } else if (cluster && cluster.isMaster) {
+      debug('listening for cluster messages');
+      cluster.on('message', receiver);
+    } else {
+      debug('not listening for messages, because we are not a master process');
+    }
+  });
+}
+
+module.exports = {
+  onlyOnMaster: (fn, notMaster) => (isMaster() ? fn() : notMaster),
+  isMaster,
+  send: (msg) => {
+    if (isMaster()) {
+      sendToListeners(msg);
+    } else {
+      if (!pm2) {
+        msg.cluster = {
+          workerId: cluster.worker.id,
+          worker: process.pid,
+        };
+      }
+      process.send({ topic: 'log4js:message', data: msg.serialise() });
+    }
+  },
+  onMessage: (listener) => {
+    listeners.push(listener);
+  },
+};

package/lib/clusteringBrowser.js

@@ -0,0 +1,19 @@
+/* istanbul ignore file */
+// This is used in browsers only and is designed to allow the rest of
+// log4js to continue as if `clustering.js` is in use.
+const isMaster = () => true;
+
+const listeners = [];
+
+const sendToListeners = (logEvent) => {
+  listeners.forEach((l) => l(logEvent));
+};
+
+module.exports = {
+  onlyOnMaster: (fn, notMaster) => (isMaster() ? fn() : notMaster),
+  isMaster,
+  send: sendToListeners,
+  onMessage: (listener) => {
+    listeners.push(listener);
+  },
+};

package/lib/configuration.js

@@ -0,0 +1,64 @@
+const util = require('util');
+const debug = require('debug')('log4js:configuration');
+
+const preProcessingListeners = [];
+const listeners = [];
+
+const not = (thing) => !thing;
+
+const anObject = (thing) =>
+  thing && typeof thing === 'object' && !Array.isArray(thing);
+
+const validIdentifier = (thing) => /^[A-Za-z][A-Za-z0-9_]*$/g.test(thing);
+
+const anInteger = (thing) =>
+  thing && typeof thing === 'number' && Number.isInteger(thing);
+
+const addListener = (fn) => {
+  listeners.push(fn);
+  debug(`Added listener, now ${listeners.length} listeners`);
+};
+
+const addPreProcessingListener = (fn) => {
+  preProcessingListeners.push(fn);
+  debug(
+    `Added pre-processing listener, now ${preProcessingListeners.length} listeners`
+  );
+};
+
+const throwExceptionIf = (config, checks, message) => {
+  const tests = Array.isArray(checks) ? checks : [checks];
+  tests.forEach((test) => {
+    if (test) {
+      throw new Error(
+        `Problem with log4js configuration: (${util.inspect(config, {
+          depth: 5,
+        })}) - ${message}`
+      );
+    }
+  });
+};
+
+const configure = (candidate) => {
+  debug('New configuration to be validated: ', candidate);
+  throwExceptionIf(candidate, not(anObject(candidate)), 'must be an object.');
+
+  debug(`Calling pre-processing listeners (${preProcessingListeners.length})`);
+  preProcessingListeners.forEach((listener) => listener(candidate));
+  debug('Configuration pre-processing finished.');
+
+  debug(`Calling configuration listeners (${listeners.length})`);
+  listeners.forEach((listener) => listener(candidate));
+  debug('Configuration finished.');
+};
+
+module.exports = {
+  configure,
+  addListener,
+  addPreProcessingListener,
+  throwExceptionIf,
+  anObject,
+  anInteger,
+  validIdentifier,
+  not,
+};

package/lib/connect-logger.js

@@ -0,0 +1,323 @@
+/* eslint no-underscore-dangle: ["error", { "allow": ["__statusCode", "_remoteAddress", "__headers", "_logging"] }] */
+
+const levels = require('./levels');
+
+const DEFAULT_FORMAT =
+  ':remote-addr - -' +
+  ' ":method :url HTTP/:http-version"' +
+  ' :status :content-length ":referrer"' +
+  ' ":user-agent"';
+
+/**
+ * Return request url path,
+ * adding this function prevents the Cyclomatic Complexity,
+ * for the assemble_tokens function at low, to pass the tests.
+ *
+ * @param  {IncomingMessage} req
+ * @return {string}
+ * @api private
+ */
+function getUrl(req) {
+  return req.originalUrl || req.url;
+}
+
+/**
+ * Adds custom {token, replacement} objects to defaults,
+ * overwriting the defaults if any tokens clash
+ *
+ * @param  {IncomingMessage} req
+ * @param  {ServerResponse} res
+ * @param  {Array} customTokens
+ *    [{ token: string-or-regexp, replacement: string-or-replace-function }]
+ * @return {Array}
+ */
+function assembleTokens(req, res, customTokens) {
+  const arrayUniqueTokens = (array) => {
+    const a = array.concat();
+    for (let i = 0; i < a.length; ++i) {
+      for (let j = i + 1; j < a.length; ++j) {
+        // not === because token can be regexp object
+        // eslint-disable-next-line eqeqeq
+        if (a[i].token == a[j].token) {
+          a.splice(j--, 1); // eslint-disable-line no-plusplus
+        }
+      }
+    }
+    return a;
+  };
+
+  const defaultTokens = [];
+  defaultTokens.push({ token: ':url', replacement: getUrl(req) });
+  defaultTokens.push({ token: ':protocol', replacement: req.protocol });
+  defaultTokens.push({ token: ':hostname', replacement: req.hostname });
+  defaultTokens.push({ token: ':method', replacement: req.method });
+  defaultTokens.push({
+    token: ':status',
+    replacement: res.__statusCode || res.statusCode,
+  });
+  defaultTokens.push({
+    token: ':response-time',
+    replacement: res.responseTime,
+  });
+  defaultTokens.push({ token: ':date', replacement: new Date().toUTCString() });
+  defaultTokens.push({
+    token: ':referrer',
+    replacement: req.headers.referer || req.headers.referrer || '',
+  });
+  defaultTokens.push({
+    token: ':http-version',
+    replacement: `${req.httpVersionMajor}.${req.httpVersionMinor}`,
+  });
+  defaultTokens.push({
+    token: ':remote-addr',
+    replacement:
+      req.headers['x-forwarded-for'] ||
+      req.ip ||
+      req._remoteAddress ||
+      (req.socket &&
+        (req.socket.remoteAddress ||
+          (req.socket.socket && req.socket.socket.remoteAddress))),
+  });
+  defaultTokens.push({
+    token: ':user-agent',
+    replacement: req.headers['user-agent'],
+  });
+  defaultTokens.push({
+    token: ':content-length',
+    replacement:
+      res.getHeader('content-length') ||
+      (res.__headers && res.__headers['Content-Length']) ||
+      '-',
+  });
+  defaultTokens.push({
+    token: /:req\[([^\]]+)]/g,
+    replacement(_, field) {
+      return req.headers[field.toLowerCase()];
+    },
+  });
+  defaultTokens.push({
+    token: /:res\[([^\]]+)]/g,
+    replacement(_, field) {
+      return (
+        res.getHeader(field.toLowerCase()) ||
+        (res.__headers && res.__headers[field])
+      );
+    },
+  });
+
+  return arrayUniqueTokens(customTokens.concat(defaultTokens));
+}
+
+/**
+ * Return formatted log line.
+ *
+ * @param  {string} str
+ * @param {Array} tokens
+ * @return {string}
+ * @api private
+ */
+function format(str, tokens) {
+  for (let i = 0; i < tokens.length; i++) {
+    str = str.replace(tokens[i].token, tokens[i].replacement);
+  }
+  return str;
+}
+
+/**
+ * Return RegExp Object about nolog
+ *
+ * @param  {(string|Array)} nolog
+ * @return {RegExp}
+ * @api private
+ *
+ * syntax
+ *  1. String
+ *   1.1 "\\.gif"
+ *         NOT LOGGING http://example.com/hoge.gif and http://example.com/hoge.gif?fuga
+ *         LOGGING http://example.com/hoge.agif
+ *   1.2 in "\\.gif|\\.jpg$"
+ *         NOT LOGGING http://example.com/hoge.gif and
+ *           http://example.com/hoge.gif?fuga and http://example.com/hoge.jpg?fuga
+ *         LOGGING http://example.com/hoge.agif,
+ *           http://example.com/hoge.ajpg and http://example.com/hoge.jpg?hoge
+ *   1.3 in "\\.(gif|jpe?g|png)$"
+ *         NOT LOGGING http://example.com/hoge.gif and http://example.com/hoge.jpeg
+ *         LOGGING http://example.com/hoge.gif?uid=2 and http://example.com/hoge.jpg?pid=3
+ *  2. RegExp
+ *   2.1 in /\.(gif|jpe?g|png)$/
+ *         SAME AS 1.3
+ *  3. Array
+ *   3.1 ["\\.jpg$", "\\.png", "\\.gif"]
+ *         SAME AS "\\.jpg|\\.png|\\.gif"
+ */
+function createNoLogCondition(nolog) {
+  let regexp = null;
+
+  if (nolog instanceof RegExp) {
+    regexp = nolog;
+  }
+
+  if (typeof nolog === 'string') {
+    regexp = new RegExp(nolog);
+  }
+
+  if (Array.isArray(nolog)) {
+    // convert to strings
+    const regexpsAsStrings = nolog.map((reg) =>
+      reg.source ? reg.source : reg
+    );
+    regexp = new RegExp(regexpsAsStrings.join('|'));
+  }
+
+  return regexp;
+}
+
+/**
+ * Allows users to define rules around status codes to assign them to a specific
+ * logging level.
+ * There are two types of rules:
+ *   - RANGE: matches a code within a certain range
+ *     E.g. { 'from': 200, 'to': 299, 'level': 'info' }
+ *   - CONTAINS: matches a code to a set of expected codes
+ *     E.g. { 'codes': [200, 203], 'level': 'debug' }
+ * Note*: Rules are respected only in order of prescendence.
+ *
+ * @param {Number} statusCode
+ * @param {Level} currentLevel
+ * @param {Object} ruleSet
+ * @return {Level}
+ * @api private
+ */
+function matchRules(statusCode, currentLevel, ruleSet) {
+  let level = currentLevel;
+
+  if (ruleSet) {
+    const matchedRule = ruleSet.find((rule) => {
+      let ruleMatched = false;
+      if (rule.from && rule.to) {
+        ruleMatched = statusCode >= rule.from && statusCode <= rule.to;
+      } else {
+        ruleMatched = rule.codes.indexOf(statusCode) !== -1;
+      }
+      return ruleMatched;
+    });
+    if (matchedRule) {
+      level = levels.getLevel(matchedRule.level, level);
+    }
+  }
+  return level;
+}
+
+/**
+ * Log requests with the given `options` or a `format` string.
+ *
+ * Options:
+ *
+ *   - `format`        Format string, see below for tokens
+ *   - `level`         A log4js levels instance. Supports also 'auto'
+ *   - `nolog`         A string or RegExp to exclude target logs or function(req, res): boolean
+ *   - `statusRules`   A array of rules for setting specific logging levels base on status codes
+ *   - `context`       Whether to add a response of express to the context
+ *
+ * Tokens:
+ *
+ *   - `:req[header]` ex: `:req[Accept]`
+ *   - `:res[header]` ex: `:res[Content-Length]`
+ *   - `:http-version`
+ *   - `:response-time`
+ *   - `:remote-addr`
+ *   - `:date`
+ *   - `:method`
+ *   - `:url`
+ *   - `:referrer`
+ *   - `:user-agent`
+ *   - `:status`
+ *
+ * @return {Function}
+ * @param logger4js
+ * @param options
+ * @api public
+ */
+module.exports = function getLogger(logger4js, options) {
+  if (typeof options === 'string' || typeof options === 'function') {
+    options = { format: options };
+  } else {
+    options = options || {};
+  }
+
+  const thisLogger = logger4js;
+  let level = levels.getLevel(options.level, levels.INFO);
+  const fmt = options.format || DEFAULT_FORMAT;
+
+  return (req, res, next) => {
+    // mount safety
+    if (typeof req._logging !== 'undefined') return next();
+
+    // nologs
+    if (typeof options.nolog !== 'function') {
+      const nolog = createNoLogCondition(options.nolog);
+      if (nolog && nolog.test(req.originalUrl)) return next();
+    }
+
+    if (thisLogger.isLevelEnabled(level) || options.level === 'auto') {
+      const start = new Date();
+      const { writeHead } = res;
+
+      // flag as logging
+      req._logging = true;
+
+      // proxy for statusCode.
+      res.writeHead = (code, headers) => {
+        res.writeHead = writeHead;
+        res.writeHead(code, headers);
+
+        res.__statusCode = code;
+        res.__headers = headers || {};
+      };
+
+      // hook on end request to emit the log entry of the HTTP request.
+      let finished = false;
+      const handler = () => {
+        if (finished) {
+          return;
+        }
+        finished = true;
+
+        // nologs
+        if (typeof options.nolog === 'function') {
+          if (options.nolog(req, res) === true) {
+            req._logging = false;
+            return;
+          }
+        }
+
+        res.responseTime = new Date() - start;
+        // status code response level handling
+        if (res.statusCode && options.level === 'auto') {
+          level = levels.INFO;
+          if (res.statusCode >= 300) level = levels.WARN;
+          if (res.statusCode >= 400) level = levels.ERROR;
+        }
+        level = matchRules(res.statusCode, level, options.statusRules);
+
+        const combinedTokens = assembleTokens(req, res, options.tokens || []);
+
+        if (options.context) thisLogger.addContext('res', res);
+        if (typeof fmt === 'function') {
+          const line = fmt(req, res, (str) => format(str, combinedTokens));
+          if (line) thisLogger.log(level, line);
+        } else {
+          thisLogger.log(level, format(fmt, combinedTokens));
+        }
+        if (options.context) thisLogger.removeContext('res');
+      };
+      res.on('end', handler);
+      res.on('finish', handler);
+      res.on('error', handler);
+      res.on('close', handler);
+    }
+
+    // ensure next gets always called
+    return next();
+  };
+};