maven-proxy 1.0.2 → 1.1.0

package/README.md

@@ -433,6 +433,8 @@ org.gradle.jvmargs=-Djavax.net.ssl.trustStore=/Users/yize/projects/maven-proxy/d
 ./gradlew --refresh-dependencies dependencies
 ```
 
+Note: always set `trustStorePassword` together with `trustStore`. If you use `systemProp.javax.net.ssl.trustStore`, also set `systemProp.javax.net.ssl.trustStorePassword`.
+
 ### 9.2 npm: Proxy + SSL behavior
 
 For local troubleshooting only, you can disable strict SSL temporarily. Recommended long-term approach is to import Root CA and keep strict SSL enabled.

package/bin/maven-proxy.js

@@ -44,7 +44,8 @@ function resolveEffectiveMode(options) {
     return forced;
   }
 
-  return isProjectWorkspace(process.cwd()) ? "development" : "user";
+  // CLI defaults to user mode to load ~/maven-proxy/config unless explicitly overridden.
+  return "user";
 }
 
 function printHelp() {
@@ -213,9 +214,7 @@ async function startServer(options) {
 }
 
 function applyConfigOverrides(options) {
-  if (options.mode) {
-    process.env.MAVEN_PROXY_CONFIG_MODE = options.mode;
-  }
+  process.env.MAVEN_PROXY_CONFIG_MODE = resolveEffectiveMode(options);
 
   if (options.configPath) {
     process.env.MAVEN_PROXY_CONFIG_FILE = resolvePath(options.configPath);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "maven-proxy",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Maven proxy with cache, HTTPS MITM for selected domains, and local repo publishing",
   "main": "src/index.js",
   "bin": {

package/src/cache/cache-path.js

@@ -12,6 +12,54 @@ function safeDecode(pathname) {
   }
 }
 
+function looksLikeMavenVersionSegment(segment) {
+  return /^\d[0-9A-Za-z._-]*$/.test(String(segment || ""));
+}
+
+function isLikelyMavenFilePath(parts, normalizedPath) {
+  if (normalizedPath.endsWith("/") || parts.length === 0) {
+    return false;
+  }
+
+  const last = String(parts[parts.length - 1] || "").toLowerCase();
+  if (!last) {
+    return false;
+  }
+
+  if (last.startsWith("maven-metadata.")) {
+    return true;
+  }
+
+  const knownSuffixes = [
+    ".pom",
+    ".jar",
+    ".aar",
+    ".war",
+    ".zip",
+    ".module",
+    ".xml",
+    ".sha1",
+    ".md5",
+    ".sha256",
+    ".sha512",
+    ".asc",
+    ".json",
+    ".toml",
+    ".klib",
+  ];
+
+  if (knownSuffixes.some((suffix) => last.endsWith(suffix))) {
+    return true;
+  }
+
+  const secondLast = String(parts[parts.length - 2] || "").toLowerCase();
+  if (looksLikeMavenVersionSegment(secondLast)) {
+    return true;
+  }
+
+  return false;
+}
+
 export function getCacheFilePath(cacheDir, urlObj, options = {}) {
   const ecosystem = sanitizeSegment(String(options.ecosystem || "generic").toLowerCase());
   const includeHost = options.includeHost ?? ecosystem !== "maven";
@@ -35,6 +83,10 @@ export function getCacheFilePath(cacheDir, urlObj, options = {}) {
     safeParts.unshift(sanitizeSegment(String(urlObj.hostname || "unknown").toLowerCase()));
   }
 
+  if (ecosystem === "maven" && !isLikelyMavenFilePath(parts, normalized)) {
+    safeParts.push("__dir__.json");
+  }
+
   const npmTarballPath = /\/-\/.+\.tgz$/i.test(lowerNormalized);
   if (ecosystem === "npm" && !npmTarballPath) {
     safeParts.push("__meta__.json");

package/src/cache/downloader.js

@@ -7,6 +7,31 @@ import { DownloadLogWriter } from "../common/download-log-writer.js";
 
 const REDIRECT_STATUS = new Set([301, 302, 303, 307, 308]);
 const MAX_REDIRECTS = 5;
+const LOCAL_FS_ERROR_CODES = new Set([
+  "EACCES",
+  "EPERM",
+  "ENOSPC",
+  "EROFS",
+  "ENOTDIR",
+  "EISDIR",
+  "EINVAL",
+  "EMFILE",
+  "ENFILE",
+  "EEXIST",
+]);
+
+function isLocalFsWriteError(error) {
+  if (!error || typeof error !== "object") {
+    return false;
+  }
+
+  if (LOCAL_FS_ERROR_CODES.has(error.code)) {
+    return true;
+  }
+
+  const message = String(error.message || "").toLowerCase();
+  return message.includes("enotdir") || message.includes("read-only file system");
+}
 
 function pickClient(protocol) {
   return protocol === "https:" ? https : http;
@@ -236,6 +261,27 @@ async function removeIfExists(filePath) {
   }
 }
 
+function toHost(urlObj) {
+  if (!urlObj || typeof urlObj !== "object") {
+    return "";
+  }
+
+  return String(urlObj.hostname || "");
+}
+
+function toBodyPreview(value, maxLength = 512) {
+  const text = String(value || "").replace(/\s+/g, " ").trim();
+  if (!text) {
+    return "";
+  }
+
+  if (text.length <= maxLength) {
+    return text;
+  }
+
+  return `${text.slice(0, maxLength)}...(truncated)`;
+}
+
 export class Downloader {
   constructor(config, domainMatcher, upstreamProxyManager = null) {
     this.config = config;
@@ -343,6 +389,29 @@ export class Downloader {
       await verifyFileSize(tempPath, metadata.contentLength);
       await fs.promises.rename(tempPath, finalPath);
     } catch (error) {
+      if (isLocalFsWriteError(error)) {
+        if (!error.statusCode) {
+          error.statusCode = 500;
+        }
+
+        this.logDownload("local cache write failed", urlObj, {
+          code: error.code || "UNKNOWN",
+          targetPath: finalPath,
+          tempPath,
+          message: error.message,
+        });
+      }
+
+      this.logDownload("download failed", urlObj, {
+        host: toHost(urlObj),
+        code: error.code || "UNKNOWN",
+        statusCode: error.statusCode || 0,
+        targetPath: finalPath,
+        tempPath,
+        message: error.message,
+        upstreamBodyPreview: toBodyPreview(error.upstreamBody),
+      });
+
       await removeIfExists(tempPath);
       throw error;
     }

package/src/proxy/proxy-http-handler.js

@@ -5,6 +5,32 @@ import path from "node:path";
 import { getCacheFilePath } from "../cache/cache-path.js";
 import { detectPackageEcosystem } from "../common/ecosystem.js";
 
+const LOCAL_FS_ERROR_CODES = new Set([
+  "EACCES",
+  "EPERM",
+  "ENOSPC",
+  "EROFS",
+  "ENOTDIR",
+  "EISDIR",
+  "EINVAL",
+  "EMFILE",
+  "ENFILE",
+  "EEXIST",
+]);
+
+function isLocalFsWriteError(error) {
+  if (!error || typeof error !== "object") {
+    return false;
+  }
+
+  if (LOCAL_FS_ERROR_CODES.has(error.code)) {
+    return true;
+  }
+
+  const message = String(error.message || "").toLowerCase();
+  return message.includes("enotdir") || message.includes("read-only file system");
+}
+
 function pickClient(protocol) {
   return protocol === "https:" ? https : http;
 }
@@ -48,6 +74,11 @@ function sendText(res, statusCode, message) {
   res.end(message);
 }
 
+function sendErrorText(res, statusCode, message, context = "proxy") {
+  console.error(`[${context}] response error status=${statusCode} message=${message}`);
+  sendText(res, statusCode, message);
+}
+
 function buildUrl(req, forcedProtocol = null) {
   const raw = req.url || "/";
   if (/^https?:\/\//i.test(raw)) {
@@ -117,7 +148,8 @@ function forwardDirectRequest(req, res, urlObj, timeoutMs, upstreamProxyManager
 
   upstreamReq.on("error", (error) => {
     if (!res.headersSent) {
-      sendText(res, 502, `Proxy forward failed: ${error.message}`);
+      const message = `Proxy forward failed: ${error.message}`;
+      sendErrorText(res, 502, message, "proxy");
     } else {
       res.destroy(error);
     }
@@ -132,7 +164,8 @@ export function createHttpRequestHandler({ config, downloader, upstreamProxyMana
     try {
       urlObj = buildUrl(req, forcedProtocol);
     } catch (error) {
-      sendText(res, 400, `Bad request: ${error.message}`);
+      const message = `Bad request: ${error.message}`;
+      sendErrorText(res, 400, message, "proxy");
       return;
     }
 
@@ -150,7 +183,8 @@ export function createHttpRequestHandler({ config, downloader, upstreamProxyMana
         includeHost: ecosystem !== "maven",
       });
     } catch (error) {
-      sendText(res, 400, `Invalid cache path: ${error.message}`);
+      const message = `Invalid cache path: ${error.message}`;
+      sendErrorText(res, 400, message, "proxy");
       return;
     }
 
@@ -166,8 +200,26 @@ export function createHttpRequestHandler({ config, downloader, upstreamProxyMana
       res.setHeader("x-cache", "MISS");
       await serveFile(res, req, cachePath);
     } catch (error) {
+      if (isLocalFsWriteError(error)) {
+        if (!error.statusCode) {
+          error.statusCode = 500;
+        }
+
+        if (typeof downloader?.logDownload === "function") {
+          downloader.logDownload("local cache write failed", urlObj, {
+            code: error.code || "UNKNOWN",
+            cachePath,
+            message: error.message,
+          });
+        }
+
+        console.error(`[proxy] local cache write failed cachePath=${cachePath} code=${error.code || "UNKNOWN"} message=${error.message}`);
+      }
+
       const statusCode = error.statusCode || 502;
-      sendText(res, statusCode, `Download failed: ${error.message}`);
+      const label = statusCode === 500 ? "Local cache write failed" : "Download failed";
+      const message = `${label}: ${error.message}`;
+      sendErrorText(res, statusCode, message, "proxy");
     }
   };
 }
@@ -175,7 +227,8 @@ export function createHttpRequestHandler({ config, downloader, upstreamProxyMana
 export function createMitmHttpServer(handleHttpRequestPath) {
   const server = http.createServer((req, res) => {
     handleHttpRequestPath(req, res, "https:").catch((error) => {
-      sendText(res, 500, `MITM request failed: ${error.message}`);
+      const message = `MITM request failed: ${error.message}`;
+      sendErrorText(res, 500, message, "proxy-mitm");
     });
   });
 

package/src/proxy/proxy-server.js

@@ -7,6 +7,11 @@ function sendText(res, statusCode, message) {
   res.end(message);
 }
 
+function sendErrorText(res, statusCode, message) {
+  console.error(`[proxy] response error status=${statusCode} message=${message}`);
+  sendText(res, statusCode, message);
+}
+
 export function startProxyServer(config, certManager, downloader, matchesDomain, upstreamProxyManager = null) {
   const handleHttpRequestPath = createHttpRequestHandler({
     config,
@@ -18,7 +23,8 @@ export function startProxyServer(config, certManager, downloader, matchesDomain,
 
   const server = http.createServer((req, res) => {
     handleHttpRequestPath(req, res, null).catch((error) => {
-      sendText(res, 500, `Proxy request failed: ${error.message}`);
+      const message = `Proxy request failed: ${error.message}`;
+      sendErrorText(res, 500, message);
     });
   });
 

package/src/proxy/upstream-proxy.js

@@ -118,7 +118,13 @@ export class UpstreamProxyManager {
 
     const cacheKey = `${proxyUrl}`;
     if (!this.agentCache.has(cacheKey)) {
-      this.agentCache.set(cacheKey, new ProxyAgent(proxyUrl));
+      // proxy-agent v6 expects resolver-style options for deterministic proxy routing.
+      this.agentCache.set(
+        cacheKey,
+        new ProxyAgent({
+          getProxyForUrl: () => proxyUrl,
+        }),
+      );
     }
 
     return this.agentCache.get(cacheKey);

package/src/repo/repo-server.js

@@ -110,8 +110,10 @@ export function startRepoServer(config, downloader = null) {
       fs.createReadStream(filePath).pipe(res);
     } catch (error) {
       const statusCode = error.statusCode && error.statusCode >= 400 ? 502 : 500;
+      const message = `Repo server error: ${error.message}`;
+      console.error(`[repo] response error status=${statusCode} message=${message}`);
       res.writeHead(statusCode, { "content-type": "text/plain; charset=utf-8" });
-      res.end(`Repo server error: ${error.message}`);
+      res.end(message);
     }
   });