pixl-server-web 1.2.4 → 1.3.2

package/README.md

@@ -1,6 +1,6 @@
 # Overview
 
-This module is a component for use in [pixl-server](https://www.npmjs.com/package/pixl-server).  It implements a simple web server with support for both HTTP and HTTPS, serving static files, and hooks for adding custom URI handlers.
+This module is a component for use in [pixl-server](https://www.github.com/jhuckaby/pixl-server).  It implements a simple web server with support for both HTTP and HTTPS, serving static files, and hooks for adding custom URI handlers.
 
 # Table of Contents
 
@@ -25,6 +25,7 @@ This module is a component for use in [pixl-server](https://www.npmjs.com/packag
 		+ [request](#request)
 		+ [close](#close)
 	* [http_keep_alive_timeout](#http_keep_alive_timeout)
+	* [http_socket_prelim_timeout](#http_socket_prelim_timeout)
 	* [http_max_requests_per_connection](#http_max_requests_per_connection)
 	* [http_gzip_opts](#http_gzip_opts)
 	* [http_enable_brotli](#http_enable_brotli)
@@ -136,7 +137,7 @@ server.startup( function() {
 } );
 ```
 
-Notice how we are loading the [pixl-server](https://www.npmjs.com/package/pixl-server) parent module, and then specifying [pixl-server-web](https://www.npmjs.com/package/pixl-server-web) as a component:
+Notice how we are loading the [pixl-server](https://www.github.com/jhuckaby/pixl-server) parent module, and then specifying [pixl-server-web](https://www.github.com/jhuckaby/pixl-server-web) as a component:
 
 ```js
 components: [
@@ -212,7 +213,7 @@ This param allows you to send back any additional custom HTTP headers with each
 
 ```js
 {
-	http_response_headers: {
+	"http_response_headers": {
 		"X-My-Custom-Header": "12345",
 		"X-Another-Header": "Hello"
 	}
@@ -223,6 +224,20 @@ This param allows you to send back any additional custom HTTP headers with each
 
 This sets the idle socket timeout for all incoming HTTP requests.  If omitted, the Node.js default is 2 minutes.  Please specify your value in seconds.
 
+This only applies to reading from sockets when data is expected.  It is an *idle read timeout* on the socket itself, and doesn't apply to request handlers.
+
+## http_request_timeout
+
+This property sets an actual hard request timeout for all incoming requests.  If the total combined request processing, handling and response time exceeds this value, specified in seconds, then the request is aborted and a `HTTP 408 Request Timeout` response is sent back to the client.  This defaults to `0` (disabled).  Example use:
+
+```js
+{
+	"http_request_timeout": 300
+}
+```
+
+Note that this includes request processing time (e.g. receiving uploaded data from a HTTP POST).
+
 ## http_keep_alives
 
 This controls the [HTTP Keep-Alive](https://en.wikipedia.org/wiki/HTTP_persistent_connection) behavior in the web server.  There are three possible settings, which should be specified as a string:
@@ -269,6 +284,20 @@ This sets the HTTP Keep-Alive idle timeout for all sockets.  If omitted, the Nod
 
 This feature was introduced in Node.js version 8.  Prior to that, the [http_timeout](#http_timeout) was used as the Keep-Alive timeout.
 
+## http_socket_prelim_timeout
+
+This sets a special preliminary timeout for brand new sockets when they are first connected.  If an HTTP request doesn't come over the socket within this timeout (specified in seconds), then the socket is hard closed.  This timeout should always be set lower than the [http_timeout](#http_timeout) if used.  This defaults to `0` (disabled).  Example use:
+
+```js
+{
+	"http_socket_prelim_timeout": 3
+}
+```
+
+The idea here is to prevent certain DDoS-style attacks, where an attacker opens a large amount of TCP connections without sending any requests over them.
+
+**Note:** Do not enable this feature if you attach a WebSocket server such as [ws](https://github.com/websockets/ws).
+
 ## http_max_requests_per_connection
 
 This allows you to set a maximum number of requests to allow per Keep-Alive connection.  It defaults to `0` which means unlimited.  If set, and the maximum is reached, a `Connection: close` header is returned, politely asking the client to close the connection.  It does not actually hard-close the socket.  Example:
@@ -508,7 +537,7 @@ server.WebServer.addURIHandler( /^\/custom\/match\/$/i, 'Custom2', function(args
 
 Your handler function is passed exactly two arguments.  First, an `args` object containing all kinds of useful information about the request (see [args](#args) below), and a callback function that you must call when the request is complete and you want to send a response.
 
-If you specified a regular expression with paren groups for the URI, the matches array will be included in the `args` object as `args.matches`.  Using this you can extract your matched groups from the URI, for e.g. `/^\/api\/(\w+)/`.
+If you specified a regular expression with parenthesis groups for the URI, the matches array will be included in the `args` object as `args.matches`.  Using this you can extract your matched groups from the URI, for e.g. `/^\/api\/(\w+)/`.
 
 Note that by default, URIs are only matched on their path portion (i.e. sans query string).  To include the query string in URI matches, set the [http_full_uri_match](#http_full_uri_match) configuration property to `true`.
 
@@ -776,12 +805,16 @@ var session_id = args.cookies['session_id'];
 
 ### args.perf
 
-This is a reference to a [pixl-perf](https://www.npmjs.com/package/pixl-perf) object, which is used internally by the web server to track performance metrics for the request.  The metrics may be logged at the end of each request (see [Logging](#logging) below) and included in the stats (see [Stats](#stats) below).
+This is a reference to a [pixl-perf](https://www.github.com/jhuckaby/pixl-perf) object, which is used internally by the web server to track performance metrics for the request.  The metrics may be logged at the end of each request (see [Logging](#logging) below) and included in the stats (see [Stats](#stats) below).
 
 ### args.server
 
 This is a reference to the pixl-server object which handled the request.
 
+### args.id
+
+This is an internal ID string used by the server to track and log individual requests.
+
 ## Request Filters
 
 Filters allow you to preprocess a request, before any handlers get their hands on it.  They can pass data through, manipulate it, or even interrupt and abort requests.  Filters are attached to particular URIs or URI patterns, and multiple may be applied to one request, depending on your rules.  They can be asynchronous, and can also pass data between one another if desired.
@@ -885,7 +918,7 @@ Here are descriptions of the data JSON properties:
 | `host` | The hostname from the request URL. |
 | `perf` | Performance metrics, see below. |
 
-The `perf` object contains performance metrics for the request, as returned from the [pixl-perf](https://www.npmjs.com/package/pixl-perf) module.  It includes a `scale` property denoting that all the metrics are displayed in milliseconds (i.e. `1000`).  The metrics themselves are in the `perf` object, and counters such as the number of bytes in/out are in the `counters` object.
+The `perf` object contains performance metrics for the request, as returned from the [pixl-perf](https://www.github.com/jhuckaby/pixl-perf) module.  It includes a `scale` property denoting that all the metrics are displayed in milliseconds (i.e. `1000`).  The metrics themselves are in the `perf` object, and counters such as the number of bytes in/out are in the `counters` object.
 
 If you only want to log *some* requests, but not all of them, you can specify a regular expression in the [http_regex_log](#http_regex_log) configuration property, which is matched against the incoming request URIs.  Example:
 
@@ -1099,7 +1132,7 @@ The `recent` array is a sorted list of the last 10 completed requests (most rece
 | `host` | String | The hostname from the request URL. |
 | `ips` | Array | The array of client IPs, including proxy IPs. |
 | `ua` | String | The client's `User-Agent` string. |
-| `perf` | Object | A [pixl-perf](https://www.npmjs.com/package/pixl-perf) performance metrics object containing stats for the request. |
+| `perf` | Object | A [pixl-perf](https://www.github.com/jhuckaby/pixl-perf) performance metrics object containing stats for the request. |
 
 If you would like more than 10 requests, set the [http_recent_requests](#http_recent_requests) configuration property to the number you want.
 
@@ -1114,7 +1147,7 @@ The `queue` object contains information about the request queue.  This includes
 
 ## Including Custom Stats
 
-To include your own application-level metrics in the `getStats()` output, a [pixl-perf](https://www.npmjs.com/package/pixl-perf) performance tracker is made available to your URI handler code via `args.perf`.  you can call `begin()` and `end()` on this object directly, to measure your own operations:
+To include your own application-level metrics in the `getStats()` output, a [pixl-perf](https://www.github.com/jhuckaby/pixl-perf) performance tracker is made available to your URI handler code via `args.perf`.  you can call `begin()` and `end()` on this object directly, to measure your own operations:
 
 ```js
 server.WebServer.addURIHandler( '/my/custom/uri', 'Custom Name', function(args, callback) {
@@ -1135,7 +1168,7 @@ server.WebServer.addURIHandler( '/my/custom/uri', 'Custom Name', function(args,
 
 Please do not call `begin()` or `end()` without arguments, as that will mess up the existing performance tracking.  Also, make sure you prefix your perf keys so you don't collide with the built-in ones.
 
-Alternatively, you can use your own private [pixl-perf](https://www.npmjs.com/package/pixl-perf) object, and then "import" it into the `args.perf` object at the very end of your handler code, just before you fire the callback.  Example:
+Alternatively, you can use your own private [pixl-perf](https://www.github.com/jhuckaby/pixl-perf) object, and then "import" it into the `args.perf` object at the very end of your handler code, just before you fire the callback.  Example:
 
 ```js
 my_perf.end();
@@ -1144,7 +1177,7 @@ args.perf.import( my_perf, "app_" );
 
 This would import all your metrics and prefix the keys with `app_`.
 
-See the [pixl-perf](https://www.npmjs.com/package/pixl-perf) documentation for more details on how to use the tracker.
+See the [pixl-perf](https://www.github.com/jhuckaby/pixl-perf) documentation for more details on how to use the tracker.
 
 ## Stats URI Handler
 
@@ -1281,7 +1314,7 @@ Certbot produces its own log file here: `/var/log/letsencrypt/letsencrypt.log`
 
 **The MIT License (MIT)**
 
-*Copyright (c) 2015 - 2019 Joseph Huckaby.*
+*Copyright (c) 2015 - 2021 Joseph Huckaby.*
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/lib/http.js

@@ -14,11 +14,17 @@ module.exports = class HTTP {
 		var port = this.config.get('http_port');
 		var bind_addr = this.config.get('http_bind_address') || '';
 		var max_conns = this.config.get('http_max_connections') || 0;
+		var https_force = self.config.get('https_force') || false;
+		var socket_prelim_timeout = self.config.get('http_socket_prelim_timeout') || 0;
 		
 		this.logDebug(2, "Starting HTTP server on port: " + port, bind_addr);
 		
 		var handler = function(request, response) {
-			if (self.config.get('https_force')) {
+			if (socket_prelim_timeout && request.socket._pixl_data.prelim_timer) {
+				clearTimeout( request.socket._pixl_data.prelim_timer );
+				delete request.socket._pixl_data.prelim_timer;
+			}
+			if (https_force) {
 				self.logDebug(6, "Forcing redirect to HTTPS (SSL)");
 				request.headers.ssl = 1; // force SSL url
 				
@@ -87,6 +93,31 @@ module.exports = class HTTP {
 				bytes_out: 0
 			};
 			
+			// optional preliminary socket timeout for first request
+			if (socket_prelim_timeout) {
+				socket._pixl_data.prelim_timer = setTimeout( function() {
+					delete socket._pixl_data.prelim_timer;
+					var msg = "Socket preliminary timeout waiting for initial request (" + socket_prelim_timeout + " seconds)";
+					var err_args = {
+						ip: ip,
+						pending: self.queue.length(),
+						active: self.queue.running(),
+						sockets: self.numConns
+					};
+					if (self.config.get('http_log_socket_errors')) {
+						self.logError('socket', "Socket error: " + socket._pixl_data.id + ": " + msg, err_args);
+					}
+					else {
+						self.logDebug(5, "Socket error: " + socket._pixl_data.id + ": " + msg, err_args);
+					}
+					
+					socket._pixl_data.aborted = true;
+					socket.end();
+					socket.unref();
+					socket.destroy(); // hard close
+				}, socket_prelim_timeout * 1000 );
+			} // socket_prelim_timeout
+			
 			self.emit('socket', socket);
 			
 			socket.on('error', function(err) {
@@ -116,6 +147,10 @@ module.exports = class HTTP {
 			
 			socket.on('close', function() {
 				// socket has closed
+				if (socket._pixl_data.prelim_timer) {
+					clearTimeout( socket._pixl_data.prelim_timer );
+					delete socket._pixl_data.prelim_timer;
+				}
 				var now = (new Date()).getTime();
 				self.logDebug(8, "HTTP connection has closed: " + id, {
 					ip: ip,
@@ -126,6 +161,7 @@ module.exports = class HTTP {
 				});
 				delete self.conns[ id ];
 				self.numConns--;
+				socket._pixl_data.aborted = true;
 			} );
 		} );
 		
@@ -140,6 +176,7 @@ module.exports = class HTTP {
 			}
 			
 			var err_args = {
+				id: args.id,
 				ip: socket.remoteAddress,
 				ips: args.ips,
 				state: args.state,

package/lib/https.js

@@ -24,10 +24,16 @@ module.exports = class HTTP2 {
 		var port = this.config.get('https_port');
 		var bind_addr = this.config.get('https_bind_address') || this.config.get('http_bind_address') || '';
 		var max_conns = this.config.get('https_max_connections') || this.config.get('http_max_connections') || 0;
+		var socket_prelim_timeout = self.config.get('https_socket_prelim_timeout') || self.config.get('http_socket_prelim_timeout') || 0;
 		
 		this.logDebug(2, "Starting HTTPS (SSL) server on port: " + port, bind_addr );
 		
 		var handler = function(request, response) {
+			if (socket_prelim_timeout && request.socket._pixl_data.prelim_timer) {
+				clearTimeout( request.socket._pixl_data.prelim_timer );
+				delete request.socket._pixl_data.prelim_timer;
+			}
+			
 			// add a flag in headers for downstream code to detect
 			request.headers['ssl'] = 1;
 			request.headers['https'] = 1;
@@ -85,6 +91,31 @@ module.exports = class HTTP2 {
 				bytes_out: 0
 			};
 			
+			// optional preliminary socket timeout for first request
+			if (socket_prelim_timeout) {
+				socket._pixl_data.prelim_timer = setTimeout( function() {
+					delete socket._pixl_data.prelim_timer;
+					var msg = "Socket preliminary timeout waiting for initial request (" + socket_prelim_timeout + " seconds)";
+					var err_args = {
+						ip: ip,
+						pending: self.queue.length(),
+						active: self.queue.running(),
+						sockets: self.numConns
+					};
+					if (self.config.get('http_log_socket_errors')) {
+						self.logError('socket', "Socket error: " + socket._pixl_data.id + ": " + msg, err_args);
+					}
+					else {
+						self.logDebug(5, "Socket error: " + socket._pixl_data.id + ": " + msg, err_args);
+					}
+					
+					socket._pixl_data.aborted = true;
+					socket.end();
+					socket.unref();
+					socket.destroy(); // hard close
+				}, socket_prelim_timeout * 1000 );
+			} // socket_prelim_timeout
+			
 			self.emit('socket', socket);
 			
 			socket.on('error', function(err) {
@@ -114,6 +145,10 @@ module.exports = class HTTP2 {
 			
 			socket.on('close', function() {
 				// socket has closed
+				if (socket._pixl_data.prelim_timer) {
+					clearTimeout( socket._pixl_data.prelim_timer );
+					delete socket._pixl_data.prelim_timer;
+				}
 				var now = (new Date()).getTime();
 				self.logDebug(8, "HTTPS (SSL) connection has closed: " + id, {
 					ip: ip,
@@ -124,6 +159,7 @@ module.exports = class HTTP2 {
 				});
 				delete self.conns[ id ];
 				self.numConns--;
+				socket._pixl_data.aborted = true;
 			} );
 		} );
 		
@@ -138,6 +174,7 @@ module.exports = class HTTP2 {
 			}
 			
 			var err_args = {
+				id: args.id,
 				ip: socket.remoteAddress,
 				ips: args.ips,
 				state: args.state,

package/lib/request.js

@@ -13,6 +13,8 @@ module.exports = class Request {
 	enqueueHTTPRequest(request, response) {
 		// enqueue request for handling as soon as concurrency limits allow
 		var args = {
+			id: this.getNextId('r'),
+			date: Date.now() / 1000,
 			request: request,
 			response: response
 		};
@@ -23,7 +25,7 @@ module.exports = class Request {
 			var ip = args.ip = this.getPublicIP(ips);
 			
 			this.logError(503, "Server is shutting down, denying request from: " + ip, 
-				{ ips: ips, uri: request.url, headers: request.headers }
+				{ id: args.id, ips: ips, uri: request.url, headers: request.headers }
 			);
 			
 			args.perf = new Perf();
@@ -35,6 +37,7 @@ module.exports = class Request {
 		// allow special URIs to skip the line
 		if (this.queueSkipMatch && request.url.match(this.queueSkipMatch)) {
 			this.logDebug(8, "Bumping request to front of queue: " + request.url);
+			this.requests[ args.id ] = args;
 			this.queue.unshift(args);
 			return;
 		}
@@ -45,6 +48,7 @@ module.exports = class Request {
 			var ip = args.ip = this.getPublicIP(ips);
 			
 			this.logError(429, "Queue is maxed out (" + this.queue.running() + " active reqs), denying new request from: " + ip, { 
+				id: args.id,
 				ips: ips, 
 				uri: request.url, 
 				headers: request.headers,
@@ -65,6 +69,7 @@ module.exports = class Request {
 			var ip = args.ip = this.getPublicIP(ips);
 			
 			this.logError(429, "Queue is maxed out (" + this.queue.length() + " pending reqs), denying new request from: " + ip, { 
+				id: args.id,
 				ips: ips, 
 				uri: request.url, 
 				headers: request.headers,
@@ -79,15 +84,47 @@ module.exports = class Request {
 			return;
 		}
 		
+		this.requests[ args.id ] = args;
 		this.queue.push(args);
 	}
 	
 	parseHTTPRequest(args, callback) {
 		// handle raw http request
+		// (async dequeue handler function)
 		var self = this;
 		var request = args.request;
 		var response = args.response;
-		args.callback = callback;
+		
+		// all requests will end up in this callback here
+		args.callback = function() {
+			if (args.timer) { clearTimeout(args.timer); delete args.timer; }
+			delete self.requests[ args.id ];
+			callback();
+		};
+		
+		// add timer for request timeout
+		if (this.config.get('http_request_timeout')) {
+			args.timer = setTimeout( function() {
+				// request took too long
+				delete args.timer;
+				
+				self.logError(408, "Request timed out: " + self.config.get('http_request_timeout') + " seconds", {
+					id: args.id,
+					socket: request.socket._pixl_data.id,
+					ips: args.ips,
+					url: self.getSelfURL(args.request, request.url) || request.url,
+					state: args.state
+				});
+				
+				self.sendHTTPResponse( args, 
+					"408 Request Timeout", 
+					{ 'Content-Type': "text/html" }, 
+					"408 Request Timeout: " + self.config.get('http_request_timeout') + " seconds.\n"
+				);
+				
+				self.deleteUploadTempFiles(args);
+			}, this.config.get('http_request_timeout') * 1000 );
+		}
 		
 		// check for early abort (client error)
 		if (request.socket._pixl_data.aborted) {
@@ -102,6 +139,7 @@ module.exports = class Request {
 		var ip = this.getPublicIP(ips);
 		
 		this.logDebug(8, "New HTTP request: " + request.method + " " + request.url + " (" + ips.join(', ') + ")", {
+			id: args.id,
 			socket: request.socket._pixl_data.id,
 			version: request.httpVersion
 		});
@@ -156,7 +194,7 @@ module.exports = class Request {
 		if (this.server.shut) {
 			// server is shutting down, deny new requests
 			this.logError(503, "Server is shutting down, denying request from: " + ip, 
-				{ ips: ips, uri: request.url, headers: request.headers }
+				{ id: args.id, ips: ips, uri: request.url, headers: request.headers }
 			);
 			this.sendHTTPResponse( args, "503 Service Unavailable", {}, "503 Service Unavailable (server shutting down)" );
 			return;
@@ -200,7 +238,7 @@ module.exports = class Request {
 					args.perf.end('read');
 					if (err) {
 						self.logError(400, "Error processing data from: " + ip + ": " + request.url + ": " + err, 
-							{ ips: ips, uri: request.url, headers: request.headers }
+							{ id: args.id, ips: ips, uri: request.url, headers: request.headers }
 						);
 						self.sendHTTPResponse( args, "400 Bad Request", {}, "400 Bad Request" );
 						return;
@@ -230,7 +268,7 @@ module.exports = class Request {
 					});
 					if (total_bytes > bytesMax) {
 						self.logError(413, "Error processing data from: " + ip + ": " + request.url + ": Max data size exceeded", 
-							{ ips: ips, uri: request.url, headers: request.headers }
+							{ id: args.id, ips: ips, uri: request.url, headers: request.headers }
 						);
 						request.socket.end();
 						
@@ -253,7 +291,7 @@ module.exports = class Request {
 						}
 						catch (e) {
 							self.logError(400, "Error processing data from: " + ip + ": " + request.url + ": Failed to parse JSON: " + e, 
-								{ ips: ips, uri: request.url, headers: request.headers, body: body.toString() }
+								{ id: args.id, ips: ips, uri: request.url, headers: request.headers, body: body.toString() }
 							);
 							self.sendHTTPResponse( args, "400 Bad Request", {}, "400 Bad Request" );
 							return;
@@ -300,7 +338,7 @@ module.exports = class Request {
 		// use async to allow filters to run in sequence
 		async.eachSeries( filters,
 			function(filter, callback) {
-				self.logDebug(8, "Invoking filter for request: " + args.request.method + ' ' + uri + ": " + filter.name);
+				self.logDebug(8, "Invoking filter for request: " + args.request.method + ' ' + uri + ": " + filter.name, { id: args.id });
 				
 				args.perf.begin('filter');
 				filter.callback( args, function() {
@@ -381,7 +419,7 @@ module.exports = class Request {
 		}
 		
 		if (handler) {
-			this.logDebug(6, "Invoking handler for request: " + args.request.method + ' ' + uri + ": " + handler.name);
+			this.logDebug(6, "Invoking handler for request: " + args.request.method + ' ' + uri + ": " + handler.name, { id: args.id });
 			
 			// Check ACL here
 			if (handler.acl) {
@@ -392,6 +430,7 @@ module.exports = class Request {
 				else {
 					// nope
 					this.logError(403, "Forbidden: IP addresses rejected by ACL: " + args.ips.join(', '), {
+						id: args.id,
 						acl: handler.acl.toString(),
 						useragent: args.request.headers['user-agent'] || '',
 						referrer: args.request.headers['referer'] || '',

package/lib/response.js

@@ -28,6 +28,7 @@ module.exports = class Response {
 			socket_data.total_elapsed = (new Date()).getTime() - socket_data.time_start;
 			socket_data.url = this.getSelfURL(request, request.url) || request.url;
 			socket_data.ips = args.ips;
+			socket_data.req_id = args.id;
 			if (this.config.get('http_log_socket_errors')) {
 				this.logError('socket', "Socket closed unexpectedly: " + socket_data.id, socket_data);
 			}
@@ -98,7 +99,7 @@ module.exports = class Response {
 		
 		response.on('finish', function() {
 			// response actually completed writing
-			self.logDebug(9, "Response finished writing to socket");
+			self.logDebug(9, "Response finished writing to socket", { id: args.id });
 			
 			// guess number of bytes in response header, minus data payload
 			args.perf.count('bytes_out', ("HTTP " + args.http_code + " OK\r\n").length);
@@ -120,6 +121,7 @@ module.exports = class Response {
 				// socket closed during active response
 				if (self.config.get('http_log_socket_errors')) {
 					self.logError('socket', "Socket connection terminated unexpectedly during response", {
+						id: args.id,
 						ips: args.ips,
 						useragent: request.headers['user-agent'] || '',
 						referrer: request.headers['referer'] || '',
@@ -136,6 +138,7 @@ module.exports = class Response {
 		if (is_stream) {
 			body.on('error', function(err) {
 				self.logError('stream', "Stream error serving response: " + request.url + ": " + err.message, {
+					id: args.id,
 					ips: args.ips,
 					useragent: request.headers['user-agent'] || '',
 					referrer: request.headers['referer'] || '',
@@ -260,7 +263,7 @@ module.exports = class Response {
 					response.end();
 				}
 			}
-			this.logDebug(9, "Request complete");
+			this.logDebug(9, "Request complete", { id: args.id });
 		}
 	}
 	
@@ -301,6 +304,7 @@ module.exports = class Response {
 		// write to access log
 		if (this.logRequests && args.request.url.match(this.regexLogRequests)) {
 			this.logTransaction( 'HTTP ' + args.http_code + ' ' + args.http_status, args.request.url, {
+				id: args.id,
 				proto: args.request.headers['ssl'] ? 'https' : socket_data.proto,
 				ips: args.ips,
 				host: args.request.headers['host'] || '',
@@ -312,6 +316,7 @@ module.exports = class Response {
 		// keep a list of the most recent N requests
 		if (this.keepRecentRequests) {
 			this.recent.unshift({
+				id: args.id,
 				when: (new Date()).getTime() / 1000,
 				proto: args.request.headers['ssl'] ? 'https' : socket_data.proto,
 				port: socket_data.port,

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "pixl-server-web",
-	"version": "1.2.4",
+	"version": "1.3.2",
 	"description": "A web server component for the pixl-server framework.",
 	"author": "Joseph Huckaby <jhuckaby@gmail.com>",
 	"homepage": "https://github.com/jhuckaby/pixl-server-web",

package/test/test.js

@@ -2,9 +2,8 @@
 // Copyright (c) 2017 - 2019 Joseph Huckaby
 // Released under the MIT License
 
-var os = require('os');
 var fs = require('fs');
-var path = require('path');
+var net = require('net');
 var crypto = require('crypto');
 var async = require('async');
 
@@ -41,6 +40,7 @@ var server = new PixlServer({
 			"http_compress_text": 1,
 			"http_enable_brotli": 1,
 			"http_timeout": 5,
+			"http_socket_prelim_timeout": 2,
 			"http_response_headers": {
 				"Via": "WebServerTest 1.0"
 			},
@@ -707,6 +707,22 @@ module.exports = {
 			);
 		},
 		
+		// Error (Back-end Timeout)
+		function testBackEndTimeout(test) {
+			var self = this;
+			var web = this.web_server;
+			web.config.set('http_request_timeout', 0.5); // 500ms
+			
+			request.get( 'http://127.0.0.1:3020/sleep?ms=750', {},
+				function(err, resp, data, perf) {
+					web.config.set('http_request_timeout', 0); // reset timeout
+					test.ok( !err, "Unexpected error from PixlRequest: " + err );
+					test.ok( resp.statusCode == 408, "Unexpected HTTP response code: " + resp.statusCode );
+					test.done();
+				} 
+			);
+		},
+		
 		// static file get
 		// check ttl, check gzip
 		function testStaticTextRequest(test) {
@@ -1022,6 +1038,25 @@ module.exports = {
 			);
 		},
 		
+		// socket prelim timeout
+		function testSocketPrelimTimeout(test) {
+			var connected_time = 0;
+			var client = net.connect({ port: 3020 }, function() {
+				test.debug("Connected to port 3020 (raw socket)");
+				connected_time = Date.now() / 1000;
+			});
+			client.on('data', function(data) {
+				test.ok( false, "Should NOT have received any data from socket! " + data );
+			});
+			client.on('end', function() {
+				test.debug("Raw socket disconnected");
+				var now = Date.now() / 1000;
+				var elapsed = now - connected_time;
+				test.ok( Math.abs(elapsed - 2.0) < 1.0, "Incorrect time elapsed for socket prelim timeout: " + elapsed );
+				test.done();
+			});
+		},
+		
 		function waitForAllSockets(test) {
 			// wait for all sockets to close for next test (requires clean slate)
 			var self = this;

package/web_server.js

@@ -56,7 +56,8 @@ module.exports = Class({
 		http_queue_skip_uri_match: false,
 		http_clean_headers: false,
 		http_log_socket_errors: true,
-		http_full_uri_match: false
+		http_full_uri_match: false,
+		http_request_timeout: 0
 	},
 	
 	conns: null,
@@ -82,6 +83,7 @@ class WebServer extends Component {
 		
 		// setup connections and handlers
 		this.conns = {};
+		this.requests = {};
 		this.uriFilters = [];
 		this.uriHandlers = [];
 		this.methodHandlers = [];
@@ -354,13 +356,31 @@ class WebServer extends Component {
 		if (this.http) {
 			this.logDebug(2, "Shutting down HTTP server");
 			
+			for (var id in this.requests) {
+				var args = this.requests[id];
+				this.logDebug(4, "Request still active: " + args.id, {
+					id: args.id,
+					ips: args.ips,
+					uri: args.request ? args.request.url : '',
+					headers: args.request ? args.request.headers : {},
+					socket: (args.request && args.request.socket && args.request.socket._pixl_data) ? args.request.socket._pixl_data.id : '',
+					stats: args.state,
+					date: args.date,
+					age: (Date.now() / 1000) - args.date
+				});
+				if (args.callback) {
+					args.callback();
+					delete args.callback;
+				}
+			} // foreach req
+			
 			for (var id in this.conns) {
-				this.logDebug(9, "Closing HTTP connection: " + id);
+				this.logDebug(4, "Closing HTTP connection: " + id);
 				// this.conns[id].destroy();
 				this.conns[id].end();
 				this.conns[id].unref();
 				this.numConns--;
-			}
+			} // foreach conn
 			
 			this.http.close( function() { self.logDebug(3, "HTTP server has shut down."); } );
 			
@@ -369,6 +389,7 @@ class WebServer extends Component {
 			}
 			// delete this.http;
 			
+			this.requests = {};
 			this.queue.kill();
 		}