rekwest 7.1.1 → 7.2.1

package/README.md

@@ -48,9 +48,8 @@ const res = await rekwest(url, {
   body: { celestial: 'payload' },
   headers: {
     [HTTP2_HEADER_AUTHORIZATION]: 'Bearer [token]',
-    [HTTP2_HEADER_CONTENT_ENCODING]: 'br',  // enables: body encoding
-    /** [HTTP2_HEADER_CONTENT_TYPE]
-     * is undue for
+    [HTTP2_HEADER_CONTENT_ENCODING]: 'br',  // Enables: body encoding
+    /** [HTTP2_HEADER_CONTENT_TYPE] is undue for
      * Array/Blob/File/FormData/Object/URLSearchParams body types
      * and will be set automatically, with an option to override it here
      */
@@ -82,17 +81,17 @@ const {
 } = constants;
 
 const blob = new Blob(['bits']);
-const file = new File(['bits'], 'file.dab');
+const file = new File(['bits'], 'file.xyz');
 const readable = Readable.from('bits');
 
 const fd = new FormData({
-  aux: Date.now(),  // either [[key, value]] or kv sequenceable
+  aux: Date.now(),  // Either [[key, value]] or kv sequenceable
 });
 
 fd.append('celestial', 'payload');
-fd.append('blob', blob, 'blob.dab');
+fd.append('blob', blob, 'blob.xyz');
 fd.append('file', file);
-fd.append('readable', readable, 'readable.dab');
+fd.append('readable', readable, 'readable.xyz');
 
 const url = 'https://somewhe.re/somewhat/endpoint';
 
@@ -100,7 +99,7 @@ const res = await rekwest(url, {
   body: fd,
   headers: {
     [HTTP2_HEADER_AUTHORIZATION]: 'Bearer [token]',
-    [HTTP2_HEADER_CONTENT_ENCODING]: 'zstd',  // enables: body encoding
+    [HTTP2_HEADER_CONTENT_ENCODING]: 'zstd',  // Enables: body encoding
   },
   method: HTTP2_METHOD_POST,
 });
@@ -121,36 +120,37 @@ console.log(res.body);
   & [http2.ClientSessionRequestOptions](https://nodejs.org/api/http2.html#clienthttp2sessionrequestheaders-options)
   and [tls.ConnectionOptions](https://nodejs.org/api/tls.html#tlsconnectoptions-callback)
   for HTTP/2 attunes
+  * `allowDowngrade` **{boolean}** `Default: false` Controls whether `https:` redirects to `http:` are allowed
   * `baseURL` **{string | URL}** The base URL to use in cases where `url` is a relative URL
   * `body` **{string | Array | ArrayBuffer | ArrayBufferView | AsyncIterator | Blob | Buffer | DataView | File |
     FormData | Iterator | Object | Readable | ReadableStream | SharedArrayBuffer | URLSearchParams}** The body to send
     with the request
   * `bufferBody` **{boolean}** `Default: false` Toggles the buffering of the streamable request bodies for redirects and
     retries
-  * `cookies` **{boolean | Array<[k, v]> | Array<string\> | Cookies | Object | URLSearchParams}** `Default: true` The
+  * `cookies` **{boolean | string[] | Array<[k, v]> | Cookies | Object | URLSearchParams}** `Default: true` The
     cookies to add to
     the request
   * `cookiesTTL` **{boolean}** `Default: false` Controls enablement of TTL for the cookies cache
   * `credentials` **{include | omit | same-origin}** `Default: same-origin` Controls credentials in case of cross-origin
     redirects
-  * `decodersOptions` **{Object}** Configures decoders options, e.g.: `brotli`, `zstd`, `zlib`
+  * `decodersOptions` **{Object}** Configures decoders options, e.g.: `brotli`, `zlib`, `zstd`
   * `digest` **{boolean}** `Default: true` Controls whether to read the response stream or add a mixin
-  * `encodersOptions` **{Object}** Configures encoders options, e.g.: `brotli`, `zstd`, `zlib`
+  * `encodersOptions` **{Object}** Configures encoders options, e.g.: `brotli`, `zlib`, `zstd`
   * `follow` **{number}** `Default: 20` The number of redirects to follow
   * `h2` **{boolean}** `Default: false` Forces the use of HTTP/2 protocol
   * `headers` **{Object}** The headers to add to the request
-  * `maxRetryAfter` **{number}** The upper limit of `retry-after` header. If unset, it will use `timeout` value
   * `params` **{Object}** The search params to add to the `url`
   * `parse` **{boolean}** `Default: true` Controls whether to parse response body or return a buffer
   * `redirect` **{error | follow | manual}** `Default: follow` Controls the redirect flows
   * `retry` **{Object}** Represents the retry options
     * `attempts` **{number}** `Default: 0` The number of retry attempts
     * `backoffStrategy` **{string}** `Default: interval * Math.log(Math.random() * (Math.E * Math.E - Math.E) + Math.E)`
-      The backoff strategy algorithm that increases logarithmically. To fixate set value to `interval * 1`
+      The backoff strategy uses a log-uniform algorithm. To fix the interval, set the value to `interval * 1`.
     * `errorCodes` **{string[]}**
       `Default: ['ECONNREFUSED', 'ECONNRESET', 'EHOSTDOWN', 'EHOSTUNREACH', 'ENETDOWN', 'ENETUNREACH', 'ENOTFOUND', 'ERR_HTTP2_STREAM_ERROR']`
       The list of error codes to retry on
     * `interval` **{number}** `Default: 1e3` The initial retry interval
+    * `maxRetryAfter` **{number}** `Default: 3e5` The maximum `retry-after` limit in milliseconds
     * `retryAfter` **{boolean}** `Default: true` Controls `retry-after` header receptiveness
     * `statusCodes` **{number[]}** `Default: [429, 500, 502, 503, 504]` The list of status codes to retry on
   * `stripTrailingSlash` **{boolean}** `Default: false` Controls whether to strip trailing slash at the end of the URL
@@ -202,10 +202,16 @@ const rk = rekwest.extend({
   baseURL: 'https://somewhe.re',
 });
 
+const params = {
+  id: '[uid]',
+  signature: '[code]',
+  variant: 'A',
+};
 const signal = AbortSignal.timeout(1e4);
 const url = '/somewhat/endpoint';
 
 const res = await rk(url, {
+  params,
   signal,
 });
 

package/dist/config.cjs

@@ -22,6 +22,7 @@ const {
 } = _nodeHttp.default.constants;
 const timeout = 3e5;
 const defaults = {
+  allowDowngrade: false,
   bufferBody: false,
   cookiesTTL: false,
   credentials: _constants.requestCredentials.sameOrigin,
@@ -45,16 +46,15 @@ const defaults = {
     [HTTP2_HEADER_ACCEPT]: `${_mediatypes.APPLICATION_JSON}, ${_mediatypes.TEXT_PLAIN}, ${_mediatypes.WILDCARD}`,
     [HTTP2_HEADER_ACCEPT_ENCODING]: `br,${isZstdSupported ? ' zstd, ' : ' '}gzip, deflate, deflate-raw`
   },
-  maxRetryAfter: timeout,
   method: HTTP2_METHOD_GET,
   parse: true,
   redirect: _constants.requestRedirect.follow,
-  redirected: false,
   retry: {
     attempts: 0,
     backoffStrategy: 'interval * Math.log(Math.random() * (Math.E * Math.E - Math.E) + Math.E)',
     errorCodes: ['ECONNREFUSED', 'ECONNRESET', 'EHOSTDOWN', 'EHOSTUNREACH', 'ENETDOWN', 'ENETUNREACH', 'ENOTFOUND', 'ERR_HTTP2_STREAM_ERROR'],
     interval: 1e3,
+    maxRetryAfter: timeout,
     retryAfter: true,
     statusCodes: [HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_BAD_GATEWAY, HTTP_STATUS_SERVICE_UNAVAILABLE, HTTP_STATUS_GATEWAY_TIMEOUT]
   },

package/dist/cookies.cjs

@@ -5,7 +5,7 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.Cookies = void 0;
 var _utils = require("./utils.cjs");
-const lifetimeCap = 3456e7; // pragma: 400 days
+const lifetimeCap = 3456e7; // 400 days
 
 class Cookies extends URLSearchParams {
   static #finalizers = new Set();
@@ -37,7 +37,7 @@ class Cookies extends URLSearchParams {
         for (const attr of attrs) {
           if (/(?:expires|max-age)=/i.test(attr)) {
             const [key, val] = attr.toLowerCase().split('=');
-            const ms = Number.isFinite(Number(val)) ? val * 1e3 : Date.parse(val) - Date.now();
+            const ms = Number.isFinite(Number.parseInt(val, 10)) ? val * 1e3 : Date.parse(val) - Date.now();
             ttl[(0, _utils.toCamelCase)(key)] = Math.min(ms, lifetimeCap);
           }
         }

package/dist/postflight.cjs

@@ -48,13 +48,16 @@ const postflight = (req, res, options, {
     enumerable: true,
     value: cookies !== false && _cookies.Cookies.jar.has(url.origin) ? _cookies.Cookies.jar.get(url.origin) : void 0
   });
-  const result = (0, _redirects.redirects)(res, options);
+  let result;
+  try {
+    result = (0, _redirects.redirects)(res, options);
+  } catch (err) {
+    res.emit('error', err);
+    return reject((0, _mixin.mixin)(res, options));
+  }
   if (Object(result) === result) {
     return result.then(resolve, reject);
   }
-  if (result) {
-    return reject((0, _mixin.mixin)(res, options));
-  }
   if (res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
     return reject((0, _mixin.mixin)(res, options));
   }

package/dist/redirects.cjs

@@ -24,6 +24,7 @@ const {
 } = _nodeHttp.default.constants;
 const redirects = (res, options) => {
   const {
+    allowDowngrade,
     credentials,
     follow,
     redirect,
@@ -31,21 +32,24 @@ const redirects = (res, options) => {
   } = options;
   if (follow && /3\d{2}/.test(res.statusCode) && res.headers[HTTP2_HEADER_LOCATION]) {
     if (redirect === _constants.requestRedirect.error) {
-      return res.emit('error', new _errors.RequestError(`Unexpected redirect, redirect mode is set to: ${redirect}`));
+      throw new _errors.RequestError(`Unexpected redirect, redirect mode is set to: ${redirect}`);
     }
     if (redirect === _constants.requestRedirect.follow) {
-      const location = new URL(res.headers[HTTP2_HEADER_LOCATION], url);
-      if (!/^https?:/i.test(location.protocol)) {
-        return res.emit('error', new _errors.RequestError('URL scheme must be "http" or "https"'));
+      const loc = new URL(res.headers[HTTP2_HEADER_LOCATION], url);
+      if (!/^https?:/i.test(loc.protocol)) {
+        throw new _errors.RequestError('URL scheme must be "http" or "https"');
       }
-      if (!(0, _utils.sameOrigin)(location, url)) {
+      if (!allowDowngrade && loc.protocol === 'http:' && url.protocol === 'https:') {
+        throw new _errors.RequestError(`Protocol downgrade detected, redirect from "${url.protocol}" to "${loc.protocol}": ${loc}`);
+      }
+      if (!(0, _utils.sameOrigin)(loc, url)) {
         if (credentials !== _constants.requestCredentials.include) {
           options.credentials = _constants.requestCredentials.omit;
         }
         options.h2 = false;
       }
       if ([HTTP_STATUS_PERMANENT_REDIRECT, HTTP_STATUS_TEMPORARY_REDIRECT].includes(res.statusCode) && (0, _utils.isPipeStream)(options.body) && !(0, _nodeStream.isReadable)(options.body)) {
-        return res.emit('error', new _errors.RequestError(`Unable to ${redirect} redirect with streamable body`));
+        throw new _errors.RequestError(`Unable to ${redirect} redirect with streamable body`);
       }
       if ([HTTP_STATUS_MOVED_PERMANENTLY, HTTP_STATUS_FOUND].includes(res.statusCode) && options.method === HTTP2_METHOD_POST || res.statusCode === HTTP_STATUS_SEE_OTHER && ![HTTP2_METHOD_GET, HTTP2_METHOD_HEAD].includes(options.method)) {
         options.body = null;
@@ -53,7 +57,7 @@ const redirects = (res, options) => {
       }
       options.follow--;
       options.redirected = true;
-      return (0, _index.default)(location, options);
+      return (0, _index.default)(loc, options);
     }
   }
 };

package/dist/retries.cjs

@@ -19,7 +19,6 @@ const {
 const retries = (err, options) => {
   const {
     body,
-    maxRetryAfter,
     method,
     retry,
     url
@@ -36,8 +35,8 @@ const retries = (err, options) => {
       } = retry;
       if (retry.retryAfter && err.headers?.[HTTP2_HEADER_RETRY_AFTER]) {
         interval = err.headers[HTTP2_HEADER_RETRY_AFTER];
-        interval = Math.abs(Number(interval) * 1e3 || new Date(interval) - Date.now()) || 0;
-        if (interval > maxRetryAfter) {
+        interval = Number.isFinite(Number.parseInt(interval, 10)) ? interval * 1e3 : new Date(interval) - Date.now();
+        if (interval > retry.maxRetryAfter) {
           throw new _errors.RequestError(`Maximum '${HTTP2_HEADER_RETRY_AFTER}' limit exceeded: ${interval} ms`, {
             cause: err
           });
@@ -50,7 +49,10 @@ const retries = (err, options) => {
       }
       retry.attempts--;
       retry.interval = interval;
-      return (0, _promises.setTimeout)(interval).then(() => (0, _index.default)(url, options));
+      return _promises.scheduler.wait(interval).then(() => (0, _index.default)(url, {
+        ...options,
+        params: void 0
+      }));
     }
   }
 };

package/dist/utils.cjs

@@ -127,15 +127,15 @@ const normalize = (url, options = {}) => {
   });
 };
 exports.normalize = normalize;
-const normalizeHeaders = headers => {
+const normalizeHeaders = (headers = {}) => {
   const acc = {};
-  for (const [key, val] of Object.entries(headers ?? {})) {
+  for (const [key, val] of Object.entries(headers)) {
     const name = key.toLowerCase();
     acc[key] = val;
     if (key === HTTP2_HEADER_ACCEPT_ENCODING && !_config.isZstdSupported) {
-      const stripped = val.replace(/\s?zstd,?/gi, '').trim();
-      if (stripped) {
-        acc[key] = stripped;
+      const modified = val.replace(/\s?zstd,?/gi, '').trim();
+      if (modified) {
+        acc[key] = modified;
       } else {
         Reflect.deleteProperty(acc, name);
       }

package/package.json

@@ -71,5 +71,5 @@
     "test:cover": "c8 --include=src --reporter=lcov --reporter=text npm test"
   },
   "type": "module",
-  "version": "7.1.1"
+  "version": "7.2.1"
 }

package/src/codecs.js

@@ -36,6 +36,7 @@ export const encodeCodecs = {
   gzip: (opts) => zlib.createGzip(opts?.zlib),
   zstd: (opts) => isZstdSupported && zlib.createZstdCompress(opts?.zstd),
 };
+
 export const encode = (readable, encodings = '', { encodersOptions } = {}) => {
   const encoders = [];
 

package/src/config.js

@@ -26,6 +26,7 @@ const {
 const timeout = 3e5;
 
 const defaults = {
+  allowDowngrade: false,
   bufferBody: false,
   cookiesTTL: false,
   credentials: requestCredentials.sameOrigin,
@@ -49,11 +50,9 @@ const defaults = {
     [HTTP2_HEADER_ACCEPT]: `${ APPLICATION_JSON }, ${ TEXT_PLAIN }, ${ WILDCARD }`,
     [HTTP2_HEADER_ACCEPT_ENCODING]: `br,${ isZstdSupported ? ' zstd, ' : ' ' }gzip, deflate, deflate-raw`,
   },
-  maxRetryAfter: timeout,
   method: HTTP2_METHOD_GET,
   parse: true,
   redirect: requestRedirect.follow,
-  redirected: false,
   retry: {
     attempts: 0,
     backoffStrategy: 'interval * Math.log(Math.random() * (Math.E * Math.E - Math.E) + Math.E)',
@@ -68,6 +67,7 @@ const defaults = {
       'ERR_HTTP2_STREAM_ERROR',
     ],
     interval: 1e3,
+    maxRetryAfter: timeout,
     retryAfter: true,
     statusCodes: [
       HTTP_STATUS_TOO_MANY_REQUESTS,

package/src/cookies.js

@@ -3,7 +3,7 @@ import {
   toCamelCase,
 } from './utils.js';
 
-const lifetimeCap = 3456e7; // pragma: 400 days
+const lifetimeCap = 3456e7; // 400 days
 
 export class Cookies extends URLSearchParams {
 
@@ -39,7 +39,7 @@ export class Cookies extends URLSearchParams {
         for (const attr of attrs) {
           if (/(?:expires|max-age)=/i.test(attr)) {
             const [key, val] = attr.toLowerCase().split('=');
-            const ms = Number.isFinite(Number(val)) ? val * 1e3 : Date.parse(val) - Date.now();
+            const ms = Number.isFinite(Number.parseInt(val, 10)) ? val * 1e3 : Date.parse(val) - Date.now();
 
             ttl[toCamelCase(key)] = Math.min(ms, lifetimeCap);
           }

package/src/postflight.js

@@ -42,16 +42,20 @@ export const postflight = (req, res, options, { reject, resolve }) => {
     value: cookies !== false && Cookies.jar.has(url.origin) ? Cookies.jar.get(url.origin) : void 0,
   });
 
-  const result = redirects(res, options);
+  let result;
 
-  if (Object(result) === result) {
-    return result.then(resolve, reject);
-  }
+  try {
+    result = redirects(res, options);
+  } catch (err) {
+    res.emit('error', err);
 
-  if (result) {
     return reject(mixin(res, options));
   }
 
+  if (Object(result) === result) {
+    return result.then(resolve, reject);
+  }
+
   if (res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
     return reject(mixin(res, options));
   }

package/src/redirects.js

@@ -24,21 +24,33 @@ const {
 } = http2.constants;
 
 export const redirects = (res, options) => {
-  const { credentials, follow, redirect, url } = options;
+  const {
+    allowDowngrade,
+    credentials,
+    follow,
+    redirect,
+    url,
+  } = options;
 
   if (follow && /3\d{2}/.test(res.statusCode) && res.headers[HTTP2_HEADER_LOCATION]) {
     if (redirect === requestRedirect.error) {
-      return res.emit('error', new RequestError(`Unexpected redirect, redirect mode is set to: ${ redirect }`));
+      throw new RequestError(`Unexpected redirect, redirect mode is set to: ${ redirect }`);
     }
 
     if (redirect === requestRedirect.follow) {
-      const location = new URL(res.headers[HTTP2_HEADER_LOCATION], url);
+      const loc = new URL(res.headers[HTTP2_HEADER_LOCATION], url);
 
-      if (!/^https?:/i.test(location.protocol)) {
-        return res.emit('error', new RequestError('URL scheme must be "http" or "https"'));
+      if (!/^https?:/i.test(loc.protocol)) {
+        throw new RequestError('URL scheme must be "http" or "https"');
       }
 
-      if (!sameOrigin(location, url)) {
+      if (!allowDowngrade && loc.protocol === 'http:' && url.protocol === 'https:') {
+        throw new RequestError(
+          `Protocol downgrade detected, redirect from "${ url.protocol }" to "${ loc.protocol }": ${ loc }`,
+        );
+      }
+
+      if (!sameOrigin(loc, url)) {
         if (credentials !== requestCredentials.include) {
           options.credentials = requestCredentials.omit;
         }
@@ -50,7 +62,7 @@ export const redirects = (res, options) => {
         HTTP_STATUS_PERMANENT_REDIRECT,
         HTTP_STATUS_TEMPORARY_REDIRECT,
       ].includes(res.statusCode) && isPipeStream(options.body) && !isReadable(options.body)) {
-        return res.emit('error', new RequestError(`Unable to ${ redirect } redirect with streamable body`));
+        throw new RequestError(`Unable to ${ redirect } redirect with streamable body`);
       }
 
       if (([
@@ -68,7 +80,7 @@ export const redirects = (res, options) => {
       options.follow--;
       options.redirected = true;
 
-      return rekwest(location, options);
+      return rekwest(loc, options);
     }
   }
 };

package/src/retries.js

@@ -1,6 +1,6 @@
 import http2 from 'node:http2';
 import { isReadable } from 'node:stream';
-import { setTimeout as setTimeoutPromise } from 'node:timers/promises';
+import { scheduler } from 'node:timers/promises';
 import { RequestError } from './errors.js';
 import rekwest from './index.js';
 import { isPipeStream } from './utils.js';
@@ -12,7 +12,7 @@ const {
 } = http2.constants;
 
 export const retries = (err, options) => {
-  const { body, maxRetryAfter, method, retry, url } = options;
+  const { body, method, retry, url } = options;
 
   if (retry?.attempts > 0) {
     if (![
@@ -27,8 +27,8 @@ export const retries = (err, options) => {
 
       if (retry.retryAfter && err.headers?.[HTTP2_HEADER_RETRY_AFTER]) {
         interval = err.headers[HTTP2_HEADER_RETRY_AFTER];
-        interval = Math.abs(Number(interval) * 1e3 || new Date(interval) - Date.now()) || 0;
-        if (interval > maxRetryAfter) {
+        interval = Number.isFinite(Number.parseInt(interval, 10)) ? interval * 1e3 : new Date(interval) - Date.now();
+        if (interval > retry.maxRetryAfter) {
           throw new RequestError(
             `Maximum '${ HTTP2_HEADER_RETRY_AFTER }' limit exceeded: ${ interval } ms`,
             { cause: err },
@@ -45,7 +45,7 @@ export const retries = (err, options) => {
       retry.attempts--;
       retry.interval = interval;
 
-      return setTimeoutPromise(interval).then(() => rekwest(url, options));
+      return scheduler.wait(interval).then(() => rekwest(url, { ...options, params: void 0 }));
     }
   }
 };

package/src/utils.js

@@ -137,19 +137,19 @@ export const normalize = (url, options = {}) => {
   });
 };
 
-export const normalizeHeaders = (headers) => {
+export const normalizeHeaders = (headers = {}) => {
   const acc = {};
 
-  for (const [key, val] of Object.entries(headers ?? {})) {
+  for (const [key, val] of Object.entries(headers)) {
     const name = key.toLowerCase();
 
     acc[key] = val;
 
     if (key === HTTP2_HEADER_ACCEPT_ENCODING && !isZstdSupported) {
-      const stripped = val.replace(/\s?zstd,?/gi, '').trim();
+      const modified = val.replace(/\s?zstd,?/gi, '').trim();
 
-      if (stripped) {
-        acc[key] = stripped;
+      if (modified) {
+        acc[key] = modified;
       } else {
         Reflect.deleteProperty(acc, name);
       }