tg-redbird 0.12.0 → 1.2.0

package/lib/proxy.js

@@ -1,20 +1,20 @@
 /*eslint-env node */
-"use strict";
-
-var http = require("http"),
-  httpProxy = require("http-proxy"),
-  validUrl = require("valid-url"),
-  parseUrl = require("url").parse,
-  path = require("path"),
-  _ = require("lodash"),
-  pino = require("pino"),
-  cluster = require("cluster"),
-  hash = require("object-hash"),
-  LRUCache = require("lru-cache"),
+'use strict';
+
+var http = require('http'),
+  httpProxy = require('http-proxy'),
+  validUrl = require('valid-url'),
+  parseUrl = require('url').parse,
+  path = require('path'),
+  _ = require('lodash'),
+  pino = require('pino'),
+  cluster = require('cluster'),
+  hash = require('object-hash'),
+  LRUCache = require('lru-cache'),
   routeCache = new LRUCache({ max: 5000 }),
-  safe = require("safetimeout"),
-  letsencrypt = require("./letsencrypt.js"),
-  Promise = require("bluebird");
+  safe = require('safetimeout'),
+  letsencrypt = require('./letsencrypt.js'),
+  Promise = require('bluebird');
 
 var ONE_DAY = 60 * 60 * 24 * 1000;
 var ONE_MONTH = ONE_DAY * 30;
@@ -34,15 +34,15 @@ function ReverseProxy(opts) {
   if (opts.bunyan !== false) {
     log = this.log = pino(
       opts.bunyan || {
-        name: "redbird",
+        name: 'redbird',
       }
     );
   }
 
   var _this = this;
 
-  if ((opts.cluster && typeof opts.cluster !== "number") || opts.cluster > 32) {
-    throw Error("cluster setting must be an integer less than 32");
+  if ((opts.cluster && typeof opts.cluster !== 'number') || opts.cluster > 32) {
+    throw Error('cluster setting must be an integer less than 32');
   }
 
   if (opts.cluster && cluster.isMaster) {
@@ -50,7 +50,7 @@ function ReverseProxy(opts) {
       cluster.fork();
     }
 
-    cluster.on("exit", function (worker, code, signal) {
+    cluster.on('exit', function (worker, code, signal) {
       // Fork if a worker dies.
       log &&
         log.error(
@@ -58,7 +58,7 @@ function ReverseProxy(opts) {
             code: code,
             signal: signal,
           },
-          "worker died un-expectedly... restarting it."
+          'worker died un-expectedly... restarting it.'
         );
       cluster.fork();
     });
@@ -96,9 +96,9 @@ function ReverseProxy(opts) {
       */
     }));
 
-    proxy.on("proxyReq", function (p, req) {
+    proxy.on('proxyReq', function (p, req) {
       if (req.host != null) {
-        p.setHeader("host", req.host);
+        p.setHeader('host', req.host);
       }
     });
 
@@ -106,10 +106,9 @@ function ReverseProxy(opts) {
     // Support NTLM auth
     //
     if (opts.ntlm) {
-      proxy.on("proxyRes", function (proxyRes) {
-        var key = "www-authenticate";
-        proxyRes.headers[key] =
-          proxyRes.headers[key] && proxyRes.headers[key].split(",");
+      proxy.on('proxyRes', function (proxyRes) {
+        var key = 'www-authenticate';
+        proxyRes.headers[key] = proxyRes.headers[key] && proxyRes.headers[key].split(',');
       });
     }
 
@@ -134,27 +133,25 @@ function ReverseProxy(opts) {
     server.listen(opts.port, opts.host);
 
     if (opts.errorHandler && _.isFunction(opts.errorHandler)) {
-      proxy.on("error", opts.errorHandler);
+      proxy.on('error', opts.errorHandler);
     } else {
-      proxy.on("error", handleProxyError);
+      proxy.on('error', handleProxyError);
     }
 
-    log &&
-      log.info("Started a Redbird reverse proxy server on port %s", opts.port);
+    log && log.info('Started a Redbird reverse proxy server on port %s', opts.port);
   }
 
   function websocketsUpgrade(req, socket, head) {
-    socket.on("error", function (err) {
-      log && log.error(err, "WebSockets error");
+    socket.on('error', function (err) {
+      log && log.error(err, 'WebSockets error');
     });
     var src = _this._getSource(req);
     _this._getTarget(src, req).then(function (target) {
-      log &&
-        log.info(
-          { headers: req.headers, target: target },
-          "upgrade to websockets"
-        );
+      log && log.info({ headers: req.headers, target: target }, 'upgrade to websockets');
       if (target) {
+        if (target.useTargetHostHeader === true) {
+          req.headers.host = target.host;
+        }
         proxy.ws(req, socket, head, { target: target });
       } else {
         respondNotFound(req, socket);
@@ -167,7 +164,7 @@ function ReverseProxy(opts) {
     // Send a 500 http status if headers have been sent
     //
 
-    if (err.code === "ECONNREFUSED") {
+    if (err.code === 'ECONNREFUSED') {
       res.writeHead && res.writeHead(502);
     } else if (!res.headersSent) {
       res.writeHead && res.writeHead(500);
@@ -176,8 +173,8 @@ function ReverseProxy(opts) {
     //
     // Do not log this common error
     //
-    if (err.message !== "socket hang up") {
-      log && log.error(err, "Proxy Error");
+    if (err.message !== 'socket hang up') {
+      log && log.error(err, 'Proxy Error');
     }
 
     //
@@ -188,21 +185,13 @@ function ReverseProxy(opts) {
   }
 }
 
-ReverseProxy.prototype.setupHttpProxy = function (
-  proxy,
-  websocketsUpgrade,
-  log,
-  opts
-) {
+ReverseProxy.prototype.setupHttpProxy = function (proxy, websocketsUpgrade, log, opts) {
   var _this = this;
   var httpServerModule = opts.serverModule || http;
-  var server = (this.server = httpServerModule.createServer(function (
-    req,
-    res
-  ) {
+  var server = (this.server = httpServerModule.createServer(function (req, res) {
     var src = _this._getSource(req);
     _this
-      ._getTarget(src, req)
+      ._getTarget(src, req, res)
       .bind(_this)
       .then(function (target) {
         if (target) {
@@ -224,49 +213,39 @@ ReverseProxy.prototype.setupHttpProxy = function (
   // Listen to the `upgrade` event and proxy the
   // WebSocket requests as well.
   //
-  server.on("upgrade", websocketsUpgrade);
+  server.on('upgrade', websocketsUpgrade);
 
-  server.on("error", function (err) {
-    log && log.error(err, "Server Error");
+  server.on('error', function (err) {
+    log && log.error(err, 'Server Error');
   });
 
   return server;
 };
 
 function shouldRedirectToHttps(certs, src, target, proxy) {
-  return (
-    certs &&
-    src in certs &&
-    target.sslRedirect &&
-    target.host != proxy.letsencryptHost
-  );
+  return certs && src in certs && target.sslRedirect && target.host != proxy.letsencryptHost;
 }
 
 ReverseProxy.prototype.setupLetsencrypt = function (log, opts) {
   if (!opts.letsencrypt.path) {
-    throw Error("Missing certificate path for Lets Encrypt");
+    throw Error('Missing certificate path for Lets Encrypt');
   }
   var letsencryptPort = opts.letsencrypt.port || 3000;
   letsencrypt.init(opts.letsencrypt.path, letsencryptPort, log);
 
   opts.resolvers = opts.resolvers || [];
-  this.letsencryptHost = "127.0.0.1:" + letsencryptPort;
-  var targetHost = "http://" + this.letsencryptHost;
+  this.letsencryptHost = '127.0.0.1:' + letsencryptPort;
+  var targetHost = 'http://' + this.letsencryptHost;
   var challengeResolver = function (host, url) {
     if (/^\/.well-known\/acme-challenge/.test(url)) {
-      return targetHost + "/" + host;
+      return targetHost + '/' + host;
     }
   };
   challengeResolver.priority = 9999;
   this.addResolver(challengeResolver);
 };
 
-ReverseProxy.prototype.setupHttpsProxy = function (
-  proxy,
-  websocketsUpgrade,
-  log,
-  sslOpts
-) {
+ReverseProxy.prototype.setupHttpsProxy = function (proxy, websocketsUpgrade, log, sslOpts) {
   var _this = this;
   var https;
 
@@ -303,42 +282,39 @@ ReverseProxy.prototype.setupHttpsProxy = function (
   }
 
   if (sslOpts.http2) {
-    https = sslOpts.serverModule || require("spdy");
+    https = sslOpts.serverModule || require('spdy');
     if (_.isObject(sslOpts.http2)) {
       sslOpts.spdy = sslOpts.http2;
     }
   } else {
-    https = sslOpts.serverModule || require("https");
+    https = sslOpts.serverModule || require('https');
   }
 
-  var httpsServer = (this.httpsServer = https.createServer(
-    ssl,
-    function (req, res) {
-      var src = _this._getSource(req);
-      var httpProxyOpts = Object.assign({}, _this.opts.httpProxy);
+  var httpsServer = (this.httpsServer = https.createServer(ssl, function (req, res) {
+    var src = _this._getSource(req);
+    var httpProxyOpts = Object.assign({}, _this.opts.httpProxy);
 
-      _this._getTarget(src, req).then(function (target) {
-        if (target) {
-          httpProxyOpts.target = target;
-          proxy.web(req, res, httpProxyOpts);
-        } else {
-          respondNotFound(req, res);
-        }
-      });
-    }
-  ));
+    _this._getTarget(src, req, res).then(function (target) {
+      if (target) {
+        httpProxyOpts.target = target;
+        proxy.web(req, res, httpProxyOpts);
+      } else {
+        respondNotFound(req, res);
+      }
+    });
+  }));
 
-  httpsServer.on("upgrade", websocketsUpgrade);
+  httpsServer.on('upgrade', websocketsUpgrade);
 
-  httpsServer.on("error", function (err) {
-    log && log.error(err, "HTTPS Server Error");
+  httpsServer.on('error', function (err) {
+    log && log.error(err, 'HTTPS Server Error');
   });
 
-  httpsServer.on("clientError", function (err) {
-    log && log.error(err, "HTTPS Client  Error");
+  httpsServer.on('clientError', function (err) {
+    log && log.error(err, 'HTTPS Client  Error');
   });
 
-  log && log.info("Listening to HTTPS requests on port %s", sslOpts.port);
+  log && log.info('Listening to HTTPS requests on port %s', sslOpts.port);
   httpsServer.listen(sslOpts.port, sslOpts.ip);
 };
 
@@ -352,17 +328,17 @@ ReverseProxy.prototype.addResolver = function (resolver) {
   var _this = this;
   resolver.forEach(function (resolveObj) {
     if (!_.isFunction(resolveObj)) {
-      throw new Error("Resolver must be an invokable function.");
+      throw new Error('Resolver must be an invokable function.');
     }
 
-    if (!resolveObj.hasOwnProperty("priority")) {
+    if (!resolveObj.hasOwnProperty('priority')) {
       resolveObj.priority = 0;
     }
 
     _this.resolvers.push(resolveObj);
   });
 
-  _this.resolvers = _.sortBy(_.uniq(_this.resolvers), ["priority"]).reverse();
+  _this.resolvers = _.sortBy(_.uniq(_this.resolvers), ['priority']).reverse();
 };
 
 ReverseProxy.prototype.removeResolver = function (resolver) {
@@ -394,8 +370,19 @@ ReverseProxy.buildTarget = function (target, opts) {
 ReverseProxy.prototype.register = function (src, target, opts) {
   if (this.opts.cluster && cluster.isMaster) return this;
 
+  // allow registering with src or target as an object to pass in
+  // options specific to each one.
+  if (src && src.src) {
+    target = src.target;
+    opts = src;
+    src = src.src;
+  } else if (target && target.target) {
+    opts = target;
+    target = target.target;
+  }
+
   if (!src || !target) {
-    throw Error("Cannot register a new route with unspecified src or target");
+    throw Error('Cannot register a new route with unspecified src or target');
   }
 
   var routing = this.routing;
@@ -406,26 +393,18 @@ ReverseProxy.prototype.register = function (src, target, opts) {
     var ssl = opts.ssl;
     if (ssl) {
       if (!this.httpsServer) {
-        throw Error("Cannot register https routes without defining a ssl port");
+        throw Error('Cannot register https routes without defining a ssl port');
       }
 
       if (!this.certs[src.hostname]) {
         if (ssl.key || ssl.cert || ssl.ca) {
-          this.certs[src.hostname] = createCredentialContext(
-            ssl.key,
-            ssl.cert,
-            ssl.ca
-          );
+          this.certs[src.hostname] = createCredentialContext(ssl.key, ssl.cert, ssl.ca);
         } else if (ssl.letsencrypt) {
           if (!this.opts.letsencrypt || !this.opts.letsencrypt.path) {
-            console.error("Missing certificate path for Lets Encrypt");
+            console.error('Missing certificate path for Lets Encrypt');
             return;
           }
-          this.log &&
-            this.log.info(
-              "Getting Lets Encrypt certificates for %s",
-              src.hostname
-            );
+          this.log && this.log.info('Getting Lets Encrypt certificates for %s', src.hostname);
           this.updateCertificates(
             src.hostname,
             ssl.letsencrypt.email,
@@ -442,11 +421,11 @@ ReverseProxy.prototype.register = function (src, target, opts) {
   target = ReverseProxy.buildTarget(target, opts);
 
   var host = (routing[src.hostname] = routing[src.hostname] || []);
-  var pathname = src.pathname || "/";
+  var pathname = src.pathname || '/';
   var route = _.find(host, { path: pathname });
 
   if (!route) {
-    route = { path: pathname, rr: 0, urls: [] };
+    route = { path: pathname, rr: 0, urls: [], opts: Object.assign({}, opts) };
     host.push(route);
 
     //
@@ -459,8 +438,7 @@ ReverseProxy.prototype.register = function (src, target, opts) {
 
   route.urls.push(target);
 
-  this.log &&
-    this.log.info({ from: src, to: target }, "Registered a new route");
+  this.log && this.log.info({ from: src, to: target }, 'Registered a new route');
   return this;
 };
 
@@ -472,60 +450,42 @@ ReverseProxy.prototype.updateCertificates = function (
   renew
 ) {
   var _this = this;
-  return letsencrypt
-    .getCertificates(domain, email, production, renew, this.log)
-    .then(
-      function (certs) {
-        if (certs) {
-          var opts = {
-            key: certs.privkey,
-            cert: certs.cert + certs.chain,
-          };
-          _this.certs[domain] = tls.createSecureContext(opts).context;
-
-          //
-          // TODO: cluster friendly
-          //
-          var renewTime = certs.expiresAt - Date.now() - renewWithin;
-          renewTime =
-            renewTime > 0
-              ? renewTime
-              : _this.opts.letsencrypt.minRenewTime || 60 * 60 * 1000;
-
-          _this.log &&
-            _this.log.info(
-              "Renewal of %s in %s days",
-              domain,
-              Math.floor(renewTime / ONE_DAY)
-            );
+  return letsencrypt.getCertificates(domain, email, production, renew, this.log).then(
+    function (certs) {
+      if (certs) {
+        var opts = {
+          key: certs.privkey,
+          cert: certs.cert + certs.chain,
+        };
+        _this.certs[domain] = tls.createSecureContext(opts).context;
 
-          function renewCertificate() {
-            _this.log &&
-              _this.log.info("Renewing letscrypt certificates for %s", domain);
-            _this.updateCertificates(
-              domain,
-              email,
-              production,
-              renewWithin,
-              true
-            );
-          }
+        //
+        // TODO: cluster friendly
+        //
+        var renewTime = certs.expiresAt - Date.now() - renewWithin;
+        renewTime =
+          renewTime > 0 ? renewTime : _this.opts.letsencrypt.minRenewTime || 60 * 60 * 1000;
 
-          _this.certs[domain].renewalTimeout = safe.setTimeout(
-            renewCertificate,
-            renewTime
-          );
-        } else {
-          //
-          // TODO: Try again, but we need an exponential backof to avoid getting banned.
-          //
-          _this.log && _this.log.info("Could not get any certs for %s", domain);
+        _this.log &&
+          _this.log.info('Renewal of %s in %s days', domain, Math.floor(renewTime / ONE_DAY));
+
+        function renewCertificate() {
+          _this.log && _this.log.info('Renewing letscrypt certificates for %s', domain);
+          _this.updateCertificates(domain, email, production, renewWithin, true);
         }
-      },
-      function (err) {
-        console.error("Error getting LetsEncrypt certificates", err);
+
+        _this.certs[domain].renewalTimeout = safe.setTimeout(renewCertificate, renewTime);
+      } else {
+        //
+        // TODO: Try again, but we need an exponential backof to avoid getting banned.
+        //
+        _this.log && _this.log.info('Could not get any certs for %s', domain);
       }
-    );
+    },
+    function (err) {
+      console.error('Error getting LetsEncrypt certificates', err);
+    }
+  );
 };
 
 ReverseProxy.prototype.unregister = function (src, target) {
@@ -537,7 +497,7 @@ ReverseProxy.prototype.unregister = function (src, target) {
 
   src = prepareUrl(src);
   var routes = this.routing[src.hostname] || [];
-  var pathname = src.pathname || "/";
+  var pathname = src.pathname || '/';
   var i;
 
   for (i = 0; i < routes.length; i++) {
@@ -569,8 +529,7 @@ ReverseProxy.prototype.unregister = function (src, target) {
       }
     }
 
-    this.log &&
-      this.log.info({ from: src, to: target }, "Unregistered a route");
+    this.log && this.log.info({ from: src, to: target }, 'Unregistered a route');
   }
   return this;
 };
@@ -581,7 +540,10 @@ ReverseProxy.prototype._defaultResolver = function (host, url) {
     return;
   }
 
-  url = url || "/";
+  url = url || '/';
+
+  // When URL comes with query params, the default resolver may fail to get the correct route.
+  const parsedUrl = parseUrl(url)
 
   var routes = this.routing[host];
   var i = 0;
@@ -595,7 +557,7 @@ ReverseProxy.prototype._defaultResolver = function (host, url) {
     for (i = 0; i < len; i++) {
       var route = routes[i];
 
-      if (route.path === "/" || startsWith(url, route.path)) {
+      if (route.path === '/' || startsWith(parsedUrl.pathname, route.path)) {
         return route;
       }
     }
@@ -627,18 +589,14 @@ ReverseProxy.prototype.resolve = function (host, url, req) {
         if (route && (route = ReverseProxy.buildRoute(route))) {
           // ensure resolved route has path that prefixes URL
           // no need to check for native routes.
-          if (
-            !route.isResolved ||
-            route.path === "/" ||
-            startsWith(url, route.path)
-          ) {
+          if (!route.isResolved || route.path === '/' || startsWith(url, route.path)) {
             return route;
           }
         }
       }
     })
     .catch(function (error) {
-      console.error("Resolvers error:", error);
+      console.error('Resolvers error:', error);
     });
 };
 
@@ -647,11 +605,7 @@ ReverseProxy.buildRoute = function (route) {
     return null;
   }
 
-  if (
-    _.isObject(route) &&
-    route.hasOwnProperty("urls") &&
-    route.hasOwnProperty("path")
-  ) {
+  if (_.isObject(route) && route.hasOwnProperty('urls') && route.hasOwnProperty('path')) {
     // default route type matched.
     return route;
   }
@@ -665,36 +619,30 @@ ReverseProxy.buildRoute = function (route) {
   var routeObject = { rr: 0, isResolved: true };
   if (_.isString(route)) {
     routeObject.urls = [ReverseProxy.buildTarget(route)];
-    routeObject.path = "/";
+    routeObject.path = '/';
   } else {
-    if (!route.hasOwnProperty("url")) {
+    if (!route.hasOwnProperty('url')) {
       return null;
     }
 
-    routeObject.urls = (_.isArray(route.url) ? route.url : [route.url]).map(
-      function (url) {
-        return ReverseProxy.buildTarget(url, route.opts || {});
-      }
-    );
+    routeObject.urls = (_.isArray(route.url) ? route.url : [route.url]).map(function (url) {
+      return ReverseProxy.buildTarget(url, route.opts || {});
+    });
 
-    routeObject.path = route.path || "/";
+    routeObject.path = route.path || '/';
   }
   routeCache.set(cacheKey, routeObject);
   return routeObject;
 };
 
-ReverseProxy.prototype._getTarget = function (src, req) {
+ReverseProxy.prototype._getTarget = function (src, req, res) {
   var url = req.url;
 
   return this.resolve(src, url, req)
     .bind(this)
     .then(function (route) {
       if (!route) {
-        this.log &&
-          this.log.warn(
-            { src: src, url: url },
-            "no valid route found for given source"
-          );
+        this.log && this.log.warn({ src: src, url: url }, 'no valid route found for given source');
         return;
       }
 
@@ -704,7 +652,7 @@ ReverseProxy.prototype._getTarget = function (src, req) {
         // remove prefix from src
         //
         req._url = url; // save original url
-        req.url = url.substr(pathname.length) || "/";
+        req.url = url.substr(pathname.length) || '';
       }
 
       //
@@ -721,7 +669,11 @@ ReverseProxy.prototype._getTarget = function (src, req) {
       // Fix request url if targetname specified.
       //
       if (target.pathname) {
-        req.url = path.join(target.pathname, req.url);
+        if (req.url) {
+          req.url = path.posix.join(target.pathname, req.url);
+        } else {
+          req.url = target.pathname;
+        }
       }
 
       //
@@ -732,33 +684,41 @@ ReverseProxy.prototype._getTarget = function (src, req) {
         req.host = target.host;
       }
 
+      if (_.get(route, "opts.onRequest")) {
+        const resultFromRequestHandler = route.opts.onRequest(req, res, target);
+        if (resultFromRequestHandler !== undefined) {
+          this.log &&
+            this.log.info(
+              'Proxying %s received result from onRequest handler, returning.',
+              src + url
+            );
+          return resultFromRequestHandler;
+        }
+      }
+
       this.log &&
-        this.log.info(
-          "Proxying %s to %s",
-          src + url,
-          path.join(target.host, req.url)
-        );
+        this.log.info('Proxying %s to %s', src + url, path.posix.join(target.host, req.url));
 
       return target;
     });
 };
 
 ReverseProxy.prototype._getSource = function (req) {
-  if (
-    this.opts.preferForwardedHost === true &&
-    req.headers["x-forwarded-host"]
-  ) {
-    return req.headers["x-forwarded-host"].split(":")[0];
+  if (this.opts.preferForwardedHost === true && req.headers['x-forwarded-host']) {
+    return req.headers['x-forwarded-host'].split(':')[0];
   }
   if (req.headers.host) {
-    return req.headers.host.split(":")[0];
+    return req.headers.host.split(':')[0];
   }
 };
 
 ReverseProxy.prototype.close = function () {
   try {
-    this.server.close();
-    this.httpsServer && this.httpsServer.close();
+    return Promise.all(
+      [this.server, this.httpsServer]
+        .filter((s) => s)
+        .map((server) => new Promise((resolve) => server.close(resolve)))
+    );
   } catch (err) {
     // Ignore for now...
   }
@@ -787,13 +747,13 @@ ReverseProxy.prototype.close = function () {
 
 var respondNotFound = function (req, res) {
   res.statusCode = 404;
-  res.write("Not Found");
+  res.write('Not Found');
   res.end();
 };
 
 ReverseProxy.prototype.notFound = function (callback) {
-  if (typeof callback == "function") respondNotFound = callback;
-  else throw Error("notFound callback is not a function");
+  if (typeof callback == 'function') respondNotFound = callback;
+  else throw Error('notFound callback is not a function');
 };
 
 //
@@ -803,11 +763,9 @@ function redirectToHttps(req, res, target, ssl, log) {
   req.url = req._url || req.url; // Get the original url since we are going to redirect.
 
   var targetPort = ssl.redirectPort || ssl.port;
-  var hostname =
-    req.headers.host.split(":")[0] + (targetPort ? ":" + targetPort : "");
-  var url = "https://" + path.join(hostname, req.url);
-  log &&
-    log.info("Redirecting %s to %s", path.join(req.headers.host, req.url), url);
+  var hostname = req.headers.host.split(':')[0] + (targetPort ? ':' + targetPort : '');
+  var url = 'https://' + path.posix.join(hostname, req.url);
+  log && log.info('Redirecting %s to %s', path.posix.join(req.headers.host, req.url), url);
   //
   // We can use 301 for permanent redirect, but its bad for debugging, we may have it as
   // a configurable option.
@@ -818,8 +776,7 @@ function redirectToHttps(req, res, target, ssl, log) {
 
 function startsWith(input, str) {
   return (
-    input.slice(0, str.length) === str &&
-    (input.length === str.length || input[str.length] === "/")
+    input.slice(0, str.length) === str && (input.length === str.length || input[str.length] === '/')
   );
 }
 
@@ -829,7 +786,7 @@ function prepareUrl(url) {
     url = setHttp(url);
 
     if (!validUrl.isHttpUri(url) && !validUrl.isHttpsUri(url)) {
-      throw Error("uri is not a valid http uri " + url);
+      throw Error('uri is not a valid http uri ' + url);
     }
 
     url = parseUrl(url);
@@ -837,27 +794,29 @@ function prepareUrl(url) {
   return url;
 }
 
-function getCertData(pathname, unbundle) {
-  var fs = require("fs");
+function getCertData(source, unbundle) {
+  var fs = require('fs');
+  var data;
+  // TODO: Support async source.
 
-  // TODO: Support input as Buffer, Stream or Pathname.
-
-  if (pathname) {
-    if (_.isArray(pathname)) {
-      var pathnames = pathname;
+  if (source) {
+    if (_.isArray(source)) {
+      var sources = source;
       return _.flatten(
-        _.map(pathnames, function (_pathname) {
-          return getCertData(_pathname, unbundle);
+        _.map(sources, function (_source) {
+          return getCertData(_source, unbundle);
         })
       );
-    } else if (fs.existsSync(pathname)) {
-      if (unbundle) {
-        return unbundleCert(fs.readFileSync(pathname, "utf8"));
-      } else {
-        return fs.readFileSync(pathname, "utf8");
-      }
+    } else if (Buffer.isBuffer(source)) {
+      data = source.toString('utf8');
+    } else if (fs.existsSync(source)) {
+      data = fs.readFileSync(source, 'utf8');
     }
   }
+
+  if (data) {
+    return unbundle ? unbundleCert(data) : data;
+  }
 }
 
 /**
@@ -865,7 +824,7 @@ function getCertData(pathname, unbundle) {
  http://www.benjiegillam.com/2012/06/node-dot-js-ssl-certificate-chain/
  */
 function unbundleCert(bundle) {
-  var chain = bundle.trim().split("\n");
+  var chain = bundle.trim().split('\n');
 
   var ca = [];
   var cert = [];
@@ -877,7 +836,7 @@ function unbundleCert(bundle) {
     }
     cert.push(line);
     if (line.match(/-END CERTIFICATE-/)) {
-      var joined = cert.join("\n");
+      var joined = cert.join('\n');
       ca.push(joined);
       cert = [];
     }
@@ -885,7 +844,7 @@ function unbundleCert(bundle) {
   return ca;
 }
 
-var tls = require("tls");
+var tls = require('tls');
 function createCredentialContext(key, cert, ca) {
   var opts = {};
 
@@ -905,7 +864,7 @@ function createCredentialContext(key, cert, ca) {
 // Adds http protocol if non specified.
 function setHttp(link) {
   if (link.search(/^http[s]?\:\/\//) === -1) {
-    link = "http://" + link;
+    link = 'http://' + link;
   }
   return link;
 }