mockaton 11.2.6 → 11.3.1

package/src/server/ProxyRelay.js

@@ -3,8 +3,7 @@ import { randomUUID } from 'node:crypto'
 
 import { extFor } from './utils/mime.js'
 import { write, isFile } from './utils/fs.js'
-import { readBody, BodyReaderError } from './utils/http-request.js'
-import { sendUnprocessable, sendBadGateway } from './utils/http-response.js'
+import { readBody, BodyReaderError } from './utils/HttpIncomingMessage.js'
 
 import { config } from './config.js'
 import { makeMockFilename } from './Filename.js'
@@ -23,9 +22,9 @@ export async function proxy(req, response, delay) {
 	}
 	catch (error) { // TESTME
 		if (error instanceof BodyReaderError)
-			sendUnprocessable(response, error.name)
+			response.unprocessable(error.name)
 		else
-			sendBadGateway(response, error)
+			response.badGateway(error)
 		return
 	}
 

package/src/server/StaticDispatcher.js

@@ -4,7 +4,6 @@ import { readFileSync } from 'node:fs'
 import { isFile } from './utils/fs.js'
 import { logger } from './utils/logger.js'
 import { mimeFor } from './utils/mime.js'
-import { sendMockNotFound, sendPartialContent } from './utils/http-response.js'
 
 import { brokerByRoute } from './staticCollection.js'
 import { config, calcDelay } from './config.js'
@@ -16,19 +15,19 @@ export async function dispatchStatic(req, response) {
 
 	setTimeout(async () => {
 		if (!broker || broker.status === 404) {
-			sendMockNotFound(response)
+			response.mockNotFound()
 			return
 		}
 
 		const file = join(config.staticDir, broker.route)
 		if (!isFile(file)) {
-			sendMockNotFound(response)
+			response.mockNotFound()
 			return
 		}
 		
 		logger.accessMock(req.url, 'static200')
 		if (req.headers.range)
-			await sendPartialContent(response, req.headers.range, file)
+			await response.partialContent(req.headers.range, file)
 		else {
 			response.setHeader('Content-Type', mimeFor(file))
 			response.end(readFileSync(file))

package/src/server/Watcher.js

@@ -8,7 +8,6 @@ import {
 } from './ApiConstants.js'
 
 import { config } from './config.js'
-import { sendJSON } from './utils/http-response.js'
 import { isFile, isDirectory } from './utils/fs.js'
 
 import * as staticCollection from './staticCollection.js'
@@ -22,7 +21,6 @@ import * as mockBrokerCollection from './mockBrokersCollection.js'
  * and also renames, which are two events (delete + add).
  */
 const uiSyncVersion = new class extends EventEmitter {
-	delay = Number(process.env.MOCKATON_WATCHER_DEBOUNCE_MS ?? 80)
 	version = 0
 
 	increment = /** @type {function} */ this.#debounce(() => {
@@ -41,7 +39,7 @@ const uiSyncVersion = new class extends EventEmitter {
 		let timer
 		return () => {
 			clearTimeout(timer)
-			timer = setTimeout(fn, this.delay)
+			timer = setTimeout(fn, config.watcherDebounceMs)
 		}
 	}
 }
@@ -101,12 +99,12 @@ export function longPollClientSyncVersion(req, response) {
 	const clientVersion = req.headers[HEADER_SYNC_VERSION]
 	if (clientVersion !== undefined && uiSyncVersion.version !== Number(clientVersion)) {
 		// e.g., tab was hidden while new mocks were added or removed
-		sendJSON(response, uiSyncVersion.version)
+		response.json(uiSyncVersion.version)
 		return
 	}
 	function onARR() {
 		uiSyncVersion.unsubscribe(onARR)
-		sendJSON(response, uiSyncVersion.version)
+		response.json(uiSyncVersion.version)
 	}
 	response.setTimeout(LONG_POLL_SERVER_TIMEOUT, onARR)
 	req.on('error', () => {

package/src/server/WatcherDevClient.js

@@ -1,12 +1,10 @@
 import { join } from 'node:path'
 import { EventEmitter } from 'node:events'
 import { watch, readdirSync } from 'node:fs'
-import { sendJSON, sendNotFound } from './utils/http-response.js'
+import { config } from './config.js'
 import { LONG_POLL_SERVER_TIMEOUT } from './ApiConstants.js'
 
 
-const DEV = process.env.NODE_ENV === 'development'
-
 export const CLIENT_DIR = join(import.meta.dirname, '../client')
 export const DASHBOARD_ASSETS = readdirSync(CLIENT_DIR)
 
@@ -29,18 +27,18 @@ export function watchDevSPA() {
 
 /** Realtime notify Dev UI changes */
 export function longPollDevClientHotReload(req, response) {
-	if (!DEV) {
-		sendNotFound(response)
+	if (!config.hotReload) {
+		response.notFound()
 		return
 	}
 	
 	function onDevChange(file) {
 		devClientWatcher.unsubscribe(onDevChange)
-		sendJSON(response, file)
+		response.json(file)
 	}
 	response.setTimeout(LONG_POLL_SERVER_TIMEOUT, () => {
 		devClientWatcher.unsubscribe(onDevChange)
-		sendJSON(response, '')
+		response.json('')
 	})
 	req.on('error', () => {
 		devClientWatcher.unsubscribe(onDevChange)

package/src/server/config.js

@@ -4,7 +4,7 @@ import { logger } from './utils/logger.js'
 import { isDirectory } from './utils/fs.js'
 import { openInBrowser } from './utils/openInBrowser.js'
 import { optional, is, validate } from './utils/validate.js'
-import { SUPPORTED_METHODS } from './utils/http-request.js'
+import { SUPPORTED_METHODS } from './utils/HttpIncomingMessage.js'
 import { validateCorsAllowedMethods, validateCorsAllowedOrigins } from './utils/http-cors.js'
 
 import { jsToJsonPlugin } from './MockDispatcher.js'
@@ -21,6 +21,7 @@ const schema = {
 	staticDir: [resolve('mockaton-static-mocks'), optional(isDirectory)],
 	ignore: [/(\.DS_Store|~)$/, is(RegExp)],
 	watcherEnabled: [true, is(Boolean)],
+	watcherDebounceMs: [80, ms => Number.isInteger(ms) && ms >= 0],
 
 	host: ['127.0.0.1', is(String)],
 	port: [0, port => Number.isInteger(port) && port >= 0 && port < 2 ** 16], // 0 means auto-assigned
@@ -73,9 +74,6 @@ export const ConfigValidator = Object.freeze(validators)
 
 /** @param {Partial<Config>} opts */
 export function setup(opts) {
-	if (process.env.NODE_ENV !== 'development')
-		opts.hotReload = false
-	
 	if (opts.mocksDir)
 		opts.mocksDir = resolve(opts.mocksDir)
 

package/src/server/utils/{http-request.js → HttpIncomingMessage.js}

@@ -1,4 +1,4 @@
-import { METHODS } from 'node:http'
+import http, { METHODS } from 'node:http'
 
 
 export const SUPPORTED_METHODS = METHODS
@@ -12,6 +12,12 @@ export class BodyReaderError extends Error {
 	}
 }
 
+export class IncomingMessage extends http.IncomingMessage {
+	json() {
+		return readBody(this, JSON.parse)
+	}
+}
+
 export const parseJSON = req => readBody(req, JSON.parse)
 
 export function readBody(req, parser = a => a) {

package/src/server/utils/HttpServerResponse.js

@@ -0,0 +1,117 @@
+import http from 'node:http'
+import fs, { readFileSync } from 'node:fs'
+
+import { logger } from './logger.js'
+import { mimeFor } from './mime.js'
+import { HEADER_502 } from '../ApiConstants.js'
+
+
+export class ServerResponse extends http.ServerResponse {
+	setHeaderList(headers) {
+		for (let i = 0; i < headers.length; i += 2)
+			this.setHeader(headers[i], headers[i + 1])
+	}
+
+	ok() {
+		logger.access(this)
+		this.end()
+	}
+
+	html(html, csp) {
+		logger.access(this)
+		this.setHeader('Content-Type', mimeFor('html'))
+		this.setHeader('Content-Security-Policy', csp)
+		this.end(html)
+	}
+
+	json(payload) {
+		logger.access(this)
+		this.setHeader('Content-Type', 'application/json')
+		this.end(JSON.stringify(payload))
+	}
+
+	file(file) {
+		logger.access(this)
+		this.setHeader('Content-Type', mimeFor(file))
+		this.end(readFileSync(file, 'utf8'))
+	}
+
+	noContent() {
+		this.statusCode = 204
+		logger.access(this)
+		this.end()
+	}
+
+
+	badRequest() {
+		this.statusCode = 400
+		logger.access(this)
+		this.end()
+	}
+
+	notFound() {
+		this.statusCode = 404
+		logger.access(this)
+		this.end()
+	}
+
+	mockNotFound() {
+		this.statusCode = 404
+		logger.accessMock(this.req.url, '404')
+		this.end()
+	}
+
+	uriTooLong() {
+		this.statusCode = 414
+		logger.access(this)
+		this.end()
+	}
+
+	unprocessable(error) {
+		logger.access(this, error)
+		this.statusCode = 422
+		this.end(error)
+	}
+
+
+	internalServerError(error) {
+		logger.error(500, this.req.url, error?.message || error, error?.stack || '')
+		this.statusCode = 500
+		this.end()
+	}
+
+	badGateway(error) {
+		logger.warn('Fallback Proxy Error:', error.cause.message)
+		this.statusCode = 502
+		this.setHeader(HEADER_502, 1)
+		this.end()
+	}
+
+
+	async partialContent(range, file) {
+		const { size } = await fs.promises.lstat(file)
+		let [start, end] = range.replace(/bytes=/, '').split('-').map(n => parseInt(n, 10))
+		if (isNaN(end)) end = size - 1
+		if (isNaN(start)) start = size - end
+
+		if (start < 0 || start > end || start >= size || end >= size) {
+			this.statusCode = 416 // Range Not Satisfiable
+			this.setHeader('Content-Range', `bytes */${size}`)
+			this.end()
+		}
+		else {
+			this.statusCode = 206 // Partial Content
+			this.setHeader('Accept-Ranges', 'bytes')
+			this.setHeader('Content-Range', `bytes ${start}-${end}/${size}`)
+			this.setHeader('Content-Type', mimeFor(file))
+			const reader = fs.createReadStream(file, { start, end })
+			const response = this
+			reader.on('open', function () {
+				this.pipe(response)
+			})
+			reader.on('error', error => {
+				this.internalServerError(error)
+			})
+		}
+	}
+}

package/src/server/utils/http-cors.js

@@ -1,4 +1,4 @@
-import { methodIsSupported } from './http-request.js'
+import { methodIsSupported } from './HttpIncomingMessage.js'
 
 /* https://www.w3.org/TR/2020/SPSD-cors-20200602/#resource-processing-model */
 

package/src/server/utils/http-cors.test.js

@@ -0,0 +1,225 @@
+import { equal } from 'node:assert/strict'
+import { promisify } from 'node:util'
+import { createServer } from 'node:http'
+import { describe, test, after } from 'node:test'
+import { isPreflight, setCorsHeaders, CorsHeader as CH } from './http-cors.js'
+
+
+function headerIs(response, header, value) {
+	equal(response.headers.get(header), value)
+}
+
+const FooDotTest = 'https://foo.test'
+const AllowedDotTest = 'https://allowed.test'
+const NotAllowedDotTest = 'https://not-allowed.test'
+
+await describe('CORS', async () => {
+	let corsConfig = {}
+
+	const server = createServer((req, response) => {
+		setCorsHeaders(req, response, corsConfig)
+		if (isPreflight(req)) {
+			response.statusCode = 204
+			response.end()
+		}
+		else
+			response.end('NON_PREFLIGHT')
+	})
+	await promisify(server.listen).bind(server, 0, '127.0.0.1')()
+	after(() => {
+		server.close()
+	})
+	function preflight(headers, method = 'OPTIONS') {
+		const { address, port } = server.address()
+		return fetch(`http://${address}:${port}/`, { method, headers })
+	}
+	function request(headers, method) {
+		const { address, port } = server.address()
+		return fetch(`http://${address}:${port}/`, { method, headers })
+	}
+
+	await describe('Identifies Preflight Requests', async () => {
+		const requiredRequestHeaders = {
+			[CH.Origin]: 'http://localhost:9999',
+			[CH.AcRequestMethod]: 'POST'
+		}
+
+		await test('Ignores non-OPTIONS requests', async () => {
+			const res = await request(requiredRequestHeaders, 'POST')
+			equal(await res.text(), 'NON_PREFLIGHT')
+		})
+
+		await test(`Ignores non-parseable req ${CH.Origin} header`, async () => {
+			const headers = {
+				...requiredRequestHeaders,
+				[CH.Origin]: 'non-url'
+			}
+			const res = await preflight(headers)
+			equal(await res.text(), 'NON_PREFLIGHT')
+		})
+
+		await test(`Ignores missing method in ${CH.AcRequestMethod} header`, async () => {
+			const headers = { ...requiredRequestHeaders }
+			delete headers[CH.AcRequestMethod]
+			const res = await preflight(headers)
+			equal(await res.text(), 'NON_PREFLIGHT')
+		})
+
+		await test(`Ignores non-standard method in ${CH.AcRequestMethod} header`, async () => {
+			const headers = {
+				...requiredRequestHeaders,
+				[CH.AcRequestMethod]: 'NON_STANDARD'
+			}
+			const res = await preflight(headers)
+			equal(await res.text(), 'NON_PREFLIGHT')
+		})
+
+		await test('204 valid preflights', async () => {
+			const res = await preflight(requiredRequestHeaders)
+			equal(res.status, 204)
+		})
+	})
+
+	await describe('Preflight Response Headers', async () => {
+		await test('no origins allowed', async () => {
+			corsConfig = {
+				corsOrigins: [],
+				corsMethods: ['GET']
+			}
+			const p = await preflight({
+				[CH.Origin]: FooDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, null)
+			headerIs(p, CH.AcAllowMethods, null)
+			headerIs(p, CH.AcAllowCredentials, null)
+			headerIs(p, CH.AcAllowHeaders, null)
+			headerIs(p, CH.AcMaxAge, null)
+		})
+
+		await test('not in allowed origins', async () => {
+			corsConfig = {
+				corsOrigins: [AllowedDotTest],
+				corsMethods: ['GET']
+			}
+			const p = await preflight({
+				[CH.Origin]: NotAllowedDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, null)
+			headerIs(p, CH.AcAllowMethods, null)
+			headerIs(p, CH.AcAllowCredentials, null)
+			headerIs(p, CH.AcAllowHeaders, null)
+		})
+
+		await test('origin and method match', async () => {
+			corsConfig = {
+				corsOrigins: [AllowedDotTest],
+				corsMethods: ['GET']
+			}
+			const p = await preflight({
+				[CH.Origin]: AllowedDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, AllowedDotTest)
+			headerIs(p, CH.AcAllowMethods, 'GET')
+			headerIs(p, CH.AcAllowCredentials, null)
+			headerIs(p, CH.AcAllowHeaders, null)
+		})
+
+		await test('origin matches from multiple', async () => {
+			corsConfig = {
+				corsOrigins: [AllowedDotTest, FooDotTest],
+				corsMethods: ['GET']
+			}
+			const p = await preflight({
+				[CH.Origin]: AllowedDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, AllowedDotTest)
+			headerIs(p, CH.AcAllowMethods, 'GET')
+			headerIs(p, CH.AcAllowCredentials, null)
+			headerIs(p, CH.AcAllowHeaders, null)
+		})
+
+		await test('wildcard origin', async () => {
+			corsConfig = {
+				corsOrigins: ['*'],
+				corsMethods: ['GET']
+			}
+			const p = await preflight({
+				[CH.Origin]: FooDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, FooDotTest)
+			headerIs(p, CH.AcAllowMethods, 'GET')
+			headerIs(p, CH.AcAllowCredentials, null)
+			headerIs(p, CH.AcAllowHeaders, null)
+		})
+
+		await test(`wildcard and credentials`, async () => {
+			corsConfig = {
+				corsOrigins: ['*'],
+				corsMethods: ['GET'],
+				corsCredentials: true
+			}
+			const p = await preflight({
+				[CH.Origin]: FooDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, FooDotTest)
+			headerIs(p, CH.AcAllowMethods, 'GET')
+			headerIs(p, CH.AcAllowCredentials, 'true')
+			headerIs(p, CH.AcAllowHeaders, null)
+		})
+
+		await test(`wildcard, credentials, and headers`, async () => {
+			corsConfig = {
+				corsOrigins: ['*'],
+				corsMethods: ['GET'],
+				corsCredentials: true,
+				corsHeaders: ['content-type', 'my-header']
+			}
+			const p = await preflight({
+				[CH.Origin]: FooDotTest,
+				[CH.AcRequestMethod]: 'GET'
+			})
+			headerIs(p, CH.AcAllowOrigin, FooDotTest)
+			headerIs(p, CH.AcAllowMethods, 'GET')
+			headerIs(p, CH.AcAllowCredentials, 'true')
+			headerIs(p, CH.AcAllowHeaders, 'content-type,my-header')
+		})
+	})
+
+	await describe('Non-Preflight (Actual Response) Headers', async () => {
+		await test('no origins allowed', async () => {
+			corsConfig = {
+				corsOrigins: [],
+				corsMethods: ['GET']
+			}
+			const p = await request({
+				[CH.Origin]: NotAllowedDotTest
+			})
+			equal(p.status, 200)
+			headerIs(p, CH.AcAllowOrigin, null)
+			headerIs(p, CH.AcAllowCredentials, null)
+			headerIs(p, CH.AcExposeHeaders, null)
+		})
+
+		await test('origin allowed', async () => {
+			corsConfig = {
+				corsOrigins: [AllowedDotTest],
+				corsMethods: ['GET'],
+				corsCredentials: true,
+				corsExposedHeaders: ['x-h1', 'x-h2']
+			}
+			const p = await request({
+				[CH.Origin]: AllowedDotTest
+			})
+			equal(p.status, 200)
+			headerIs(p, CH.AcAllowOrigin, AllowedDotTest)
+			headerIs(p, CH.AcAllowCredentials, 'true')
+			headerIs(p, CH.AcExposeHeaders, 'x-h1,x-h2')
+		})
+	})
+})

package/src/server/utils/jwt.js

@@ -9,13 +9,8 @@ export function jwtCookie(cookieName, payload, path = '/') {
 function jwt(payload) {
 	return [
 		'Header_Not_In_Use',
-		toBase64Url(payload),
+		Buffer.from(JSON.stringify(payload), 'utf8').toString('base64url'),
 		'Signature_Not_In_Use'
 	].join('.')
 }
 
-function toBase64Url(obj) {
-	return btoa(JSON.stringify(obj))
-		.replace('+', '-')
-		.replace('/', '_')
-}

package/src/server/utils/logger.js

@@ -1,4 +1,4 @@
-import { decode, reControlAndDelChars } from './http-request.js'
+import { decode, reControlAndDelChars } from './HttpIncomingMessage.js'
 
 
 export const logger = new class {

package/src/server/utils/mime.js

@@ -11,9 +11,13 @@ import { UNKNOWN_MIME_EXT } from '../ApiConstants.js'
 const extToMime = {
 	'3g2': 'video/3gpp2',
 	'3gp': 'video/3gpp',
+	'3mf': 'model/3mf',
 	'7z': 'application/x-7z-compressed',
 	aac: 'audio/aac',
 	abw: 'application/x-abiword',
+	aif: 'audio/aiff',
+	aifc: 'audio/aiff',
+	aiff: 'audio/aiff',
 	apng: 'image/apng',
 	arc: 'application/x-freearc',
 	avi: 'video/x-msvideo',
@@ -28,12 +32,22 @@ const extToMime = {
 	csh: 'application/x-csh',
 	css: 'text/css',
 	csv: 'text/csv',
+	dae: 'model/vnd.collada+xml',
 	doc: 'application/msword',
 	docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+	drc: 'model/vnd.draco',
+	eml: 'message/rfc822',
 	eot: 'application/vnd.ms-fontobject',
 	epub: 'application/epub+zip',
+	exe: 'application/vnd.microsoft.portable-executable',
+	fbx: 'application/octet-stream',
+	flac: 'audio/flac',
 	gif: 'image/gif',
+	glb: 'model/gltf-binary',
+	gltf: 'model/gltf+json',
 	gz: 'application/gzip',
+	heic: 'image/heic',
+	heif: 'image/heif',
 	htm: 'text/html',
 	html: 'text/html',
 	ico: 'image/vnd.microsoft.icon',
@@ -44,13 +58,21 @@ const extToMime = {
 	js: 'application/javascript',
 	json: 'application/json',
 	jsonld: 'application/ld+json',
+	lz: 'application/x-lzip',
+	m4a: 'audio/mp4',
+	map: 'application/json',
+	md: 'text/markdown',
 	mid: 'audio/midi',
 	midi: 'audio/midi',
 	mjs: 'text/javascript',
+	mkv: 'video/x-matroska',
+	mov: 'video/quicktime',
 	mp3: 'audio/mpeg',
 	mp4: 'video/mp4',
 	mpeg: 'video/mpeg',
 	mpkg: 'application/vnd.apple.installer+xml',
+	mtl: 'text/plain',
+	obj: 'text/plain',
 	odp: 'application/vnd.oasis.opendocument.presentation',
 	ods: 'application/vnd.oasis.opendocument.spreadsheet',
 	odt: 'application/vnd.oasis.opendocument.text',
@@ -61,19 +83,24 @@ const extToMime = {
 	otf: 'font/otf',
 	pdf: 'application/pdf',
 	php: 'application/x-httpd-php',
+	ply: 'application/octet-stream',
 	png: 'image/png',
 	ppt: 'application/vnd.ms-powerpoint',
 	pptx: 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
 	rar: 'application/vnd.rar',
 	rtf: 'application/rtf',
 	sh: 'application/x-sh',
+	stl: 'model/stl',
 	svg: 'image/svg+xml',
 	tar: 'application/x-tar',
 	tif: 'image/tiff',
 	ts: 'video/mp2t',
 	ttf: 'font/ttf',
 	txt: 'text/plain',
+	usd: 'model/vnd.usd',
+	usdz: 'model/vnd.usdz+zip',
 	vsd: 'application/vnd.visio',
+	wasm: 'application/wasm',
 	wav: 'audio/wav',
 	weba: 'audio/webm',
 	webm: 'video/webm',
@@ -85,9 +112,11 @@ const extToMime = {
 	xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
 	xml: 'application/xml',
 	xul: 'application/vnd.mozilla.xul+xml',
+	xz: 'application/x-xz',
 	yaml: 'application/yaml',
 	yml: 'application/yaml',
-	zip: 'application/zip'
+	zip: 'application/zip',
+	zst: 'application/zstd'
 }
 
 const mimeToExt = mapMimeToExt(extToMime)
@@ -105,8 +134,8 @@ export function mimeFor(filename) {
 }
 function extname(filename) {
 	const i = filename.lastIndexOf('.')
-	return i === -1 
-		? '' 
+	return i === -1
+		? ''
 		: filename.slice(i + 1)
 }
 

package/src/server/utils/mime.test.js

@@ -0,0 +1,24 @@
+import { test } from 'node:test'
+import { equal } from 'node:assert/strict'
+import { parseMime, extFor, mimeFor } from './mime.js'
+
+
+test('parseMime', () => [
+	'text/html',
+	'TEXT/html',
+	'text/html; charset=utf-8'
+].map(input =>
+	equal(parseMime(input), 'text/html')))
+
+test('extFor', () => [
+	'text/html',
+	'Text/html',
+	'text/Html; charset=UTF-16'
+].map(input =>
+	equal(extFor(input), 'html')))
+
+test('mimeFor', () => [
+	'file.html',
+	'file.HTmL'
+].map(input =>
+	equal(mimeFor(input), 'text/html')))