whistle 2.10.1 → 2.10.2

package/biz/webui/lib/index.js

@@ -56,7 +56,24 @@ var INSPECTOR_URL = '???_WHISTLE_PLUGIN_INSPECTOR_TAB_' + config.port + '???';
 var KEY_RE_G = /\${[^{}\s]+}|{\S+}/g;
 var COMMENT_RE = /#[^\r\n]*$/mg;
 
+function hasLogin() {
+  return config.username && config.password;
+}
+
+function isTempFile(query) {
+  var files = query.files;
+  if (files && typeof files === 'string') {
+    return false;
+  }
+  return common.isTempFile(query.filename);
+}
+
 function sendToService(req, res) {
+  if (!hasLogin() && req.path === '/cgi-bin/temp/get' && !isTempFile(req.query)) {
+    res.setHeader('Content-Type', 'application/json; charset=utf-8');
+    res.end('{"ec":0,"value":"","forbidden":true}');
+    return;
+  }
   proxyEvent.loadService(function(err, options) {
     if (err) {
       common.sendRes(res, 500, err.stack || err);
@@ -393,10 +410,8 @@ function cgiHandler(req, res) {
 app.all('/service/*', sendToService);
 app.all('/cgi-bin/service/*', sendToService);
 app.all('/cgi-bin/sessions/*', sendToService);
+app.all('/cgi-bin/log/*', sendToService);
 app.post('/cgi-bin/plugins/install', sendToService);
-app.all('/favicon.ico', function(req, res) {
-  res.sendFile(htdocs.getImgFile('favicon.ico'));
-});
 
 function readPluginPage(req, res, plugin, html, config) {
   res.type('html');

package/lib/config.js

@@ -153,6 +153,9 @@ config.CUSTOM_PLUGIN_PATH = path.join(getWhistlePath(), 'custom_plugins');
 config.CUSTOM_CERTS_DIR = path.resolve(getWhistlePath(), 'custom_certs');
 config.SAVED_SESSIONS_PATH = path.resolve(getWhistlePath(), 'saved_sessions');
 config.DEV_PLUGINS_PATH = path.resolve(getWhistlePath(), 'dev_plugins');
+config.rulesDir = path.join(config.baseDir, 'rules');
+config.valuesDir = path.join(config.baseDir, 'values');
+config.propertiesDir = path.join(config.baseDir, 'properties');
 
 try {
   fse.ensureDirSync(config.TEMP_FILES_PATH);

package/lib/https/ca.js

@@ -15,8 +15,6 @@ var common = require('../util/common');
 var rulesUtil = require('../rules/util');
 
 var pki = forge.pki;
-var CUR_VERSION = process.version;
-var requiredVersion = parseInt(CUR_VERSION.slice(1), 10) >= 6;
 var HTTPS_DIR = mkdir(path.join(config.getDataDir(), 'certs'));
 var ROOT_NEW_KEY_FILE = path.join(HTTPS_DIR, 'root_new.key');
 var ROOT_NEW_CRT_FILE = path.join(HTTPS_DIR, 'root_new.crt');
@@ -40,6 +38,7 @@ var customCertCount = 0;
 var cachePairs = new LRU({ max: 5120 });
 var certsCache = new LRU({ max: 256 });
 var remoteCerts = new LRU({ max: 1280 });
+var KEY_SIZE = 2048;
 var ILEGAL_CHAR_RE = /[^a-z\d-]/i;
 // https://cloud.tencent.com/developer/ask/sof/58155
 var RANDOM_SERIAL = '/' + Date.now() + '/' + process.pid + '/' + Math.floor(Math.random() * 100);
@@ -58,12 +57,12 @@ exports.remoteCerts = remoteCerts;
 exports.createSecureContext = createSecureContext;
 exports.CUSTOM_CERTS_DIR = CUSTOM_CERTS_DIR;
 
-function isRootCa(name) {
+function notRootCa(name) {
   return name !== 'root';
 }
 
 function checkFilename(name) {
-  return name && !ILLEGAL_PATH_RE.test(name) && isRootCa(name);
+  return name && !ILLEGAL_PATH_RE.test(name) && notRootCa(name);
 }
 
 function resetAllCerts() {
@@ -84,7 +83,7 @@ if (timer && typeof timer.unref === 'function') {
   timer.unref();
 }
 
-if (!useNewKey && requiredVersion && !checkCertificate()) {
+if (!useNewKey && !checkCertificate()) {
   try {
     fs.unlinkSync(ROOT_KEY_FILE);
     fs.unlinkSync(ROOT_CRT_FILE);
@@ -108,7 +107,7 @@ function isExpiredCert(crt) {
 function checkCertificate() {
   try {
     var crt = pki.certificateFromPem(fs.readFileSync(ROOT_CRT_FILE));
-    if (crt.publicKey.n.toString(2).length < 2048 || isExpiredCert(crt.validity)) {
+    if (crt.publicKey.n.toString(2).length < KEY_SIZE || isExpiredCert(crt.validity)) {
       return false;
     }
     return /^whistle\.\d+$/.test(getCommonName(crt));
@@ -265,7 +264,7 @@ function parseAllCustomCerts() {
     var validity = info.validity;
     var altNames = info.altNames;
     var dnsName = [];
-    var disabled = (isRootCa(filename) && rulesUtil.isDisabledCertFile(filename)) || undefined;
+    var disabled = (notRootCa(filename) && rulesUtil.isDisabledCertFile(filename)) || undefined;
     altNames.forEach(function (item) {
       if ((item.type === 2 || item.type === 7) && !pairs[item.value]) {
         if (!disabled) {
@@ -439,7 +438,7 @@ function createRootCA() {
 
 function createCACert(opts) {
   opts = opts || {};
-  var keys = pki.rsa.generateKeyPair(requiredVersion ? 2048 : 1024);
+  var keys = pki.rsa.generateKeyPair(KEY_SIZE);
   var cert = createCert(keys.publicKey);
   var now = Date.now() + common.padLeft(Math.floor(Math.random() * 1000), 3);
   var attrs = [
@@ -757,7 +756,7 @@ exports.setActiveCert = function (opts) {
     return;
   }
   var filename = opts.filename;
-  if (isRootCa(filename) && allCustomCerts[filename]) {
+  if (notRootCa(filename) && allCustomCerts[filename]) {
     rulesUtil.setDisabledCertFile(filename, opts.disabled);
     parseAllCustomCerts();
   }

package/lib/https/index.js

@@ -207,7 +207,7 @@ function resolveWebsocket(socket, wss) {
   };
 
   var plugin = pluginMgr.resolveWhistlePlugins(socket);
-  abortIfUnavailable(socket);
+  handleEnd(socket);
   pluginMgr.getRules(socket, function (rulesMgr) {
     if (rulesMgr) {
       socket.pluginRules = rulesMgr;
@@ -394,7 +394,7 @@ function resolveWebsocket(socket, wss) {
                           proxySocket.on('error', handleProxyError);
                           reqSocket = proxySocket;
                           proxySocket.on('secureConnect', function () {
-                            abortIfUnavailable(reqSocket);
+                            handleEnd(reqSocket);
                             pipeData();
                           });
                         } catch (e) {
@@ -403,7 +403,7 @@ function resolveWebsocket(socket, wss) {
                         return;
                       }
                       reqSocket = proxySocket;
-                      abortIfUnavailable(reqSocket);
+                      handleEnd(reqSocket);
                       pipeData();
                     };
                     // 对应 internal-proxy 要用直接请求，方便用来穿透 nginx
@@ -557,7 +557,7 @@ function resolveWebsocket(socket, wss) {
           return execCallback(e);
         }
         if (retryConnect) {
-          abortIfUnavailable(reqSocket);
+          handleEnd(reqSocket);
         } else {
           retryConnect = function (e) {
             if (!newIp && (newIp = util.getLocalhostIP(e, socket, socket._w2hostname, socket.hostIp))) {
@@ -621,7 +621,7 @@ function resolveWebsocket(socket, wss) {
     var disable = socket.disable;
     if (retryConnect) {
       reqSocket.removeListener('error', retryConnect);
-      abortIfUnavailable(reqSocket);
+      handleEnd(reqSocket);
       retryConnect = null;
     }
     clearTimeout(timeout);
@@ -847,7 +847,7 @@ function resolveWebsocket(socket, wss) {
     }
   }
 
-  function abortIfUnavailable(socket) {
+  function handleEnd(socket) {
     return util.onSocketEnd(socket, destroy);
   }
   var destroyed, reqDestroyed, resDestroyed;
@@ -1080,11 +1080,10 @@ function toHttp1(req, res) {
         formatRawHeaders(svrRes, isH2)
       );
       var write = res.write;
-      var handleError = function (e) {
-        e && handleAbort();
-      };
       res.write = function (chunk) {
-        return write.call(res, chunk, handleError);
+        return write.call(res, chunk, function (e) {
+          e && handleAbort();
+        });
       };
       svrRes.pipe(res);
       res.flushHeaders && res.flushHeaders();
@@ -1168,152 +1167,147 @@ module.exports = function (socket, next, isWebPort) {
 
   util.onSocketEnd(socket, destroy);
 
-  function abortIfUnavailable(s) {
-    return s.on('error', destroy);
-  }
   var clientIp = socket.clientIp;
   var clientPort = socket.clientPort;
-  util.readOneChunk(
-    socket,
-    function (chunk) {
-      headersStr = chunk && chunk.toString();
-      var isHttp = chunk && HTTP_RE.test(headersStr);
-      var statusLine = isHttp && RegExp['$&'];
-      if (isHttp && CONNECT_RE.test(RegExp.$1)) {
-        chunk = addClientInfo(socket, chunk, statusLine, clientIp, clientPort);
-        util.connect(
-          {
-            port: config.port,
-            host: LOCALHOST
-          },
+  util.readOneChunk(socket, function (chunk) {
+    headersStr = chunk && chunk.toString();
+    var isHttp = chunk && HTTP_RE.test(headersStr);
+    var statusLine = isHttp && RegExp['$&'];
+    if (isHttp && CONNECT_RE.test(RegExp.$1)) {
+      chunk = addClientInfo(socket, chunk, statusLine, clientIp, clientPort);
+      util.connect(
+        {
+          port: config.port,
+          host: config.host || LOCALHOST
+        },
           function (err, s) {
             reqSocket = s;
             if (err || socket._hasError) {
               return destroy(err);
             }
+            reqSocket.on('error', destroy);
             reqSocket.write(chunk);
             reqSocket.pipe(socket).pipe(reqSocket);
-            abortIfUnavailable(reqSocket);
             socket.resume();
           }
         );
-        return;
-      }
-      if (!chunk) {
+      return;
+    }
+    if (!chunk) {
         //没有数据
-        return isWebPort ? socket.destroy() : next(chunk);
-      }
-      if (isHttp) {
-        if (isEnable('forHttps') || disable.captureHttp) {
-          next(chunk);
-        } else {
-          socket.resume();
-          server.emit('connection', socket);
-          socket.emit(
+      return isWebPort ? socket.destroy() : next(chunk);
+    }
+    if (isHttp) {
+      if (isEnable('forHttps') || disable.captureHttp) {
+        next(chunk);
+      } else {
+        socket.resume();
+        server.emit('connection', socket);
+        socket.emit(
             'data',
             addClientInfo(socket, chunk, statusLine, clientIp, clientPort)
           );
-        }
-      } else if (isEnable('forHttp') || disable.captureHttps) {
+      }
+    } else if (isEnable('forHttp') || disable.captureHttps) {
+      return next(chunk);
+    } else {
+      var isHttpH2 = HTTP2_RE.test(headersStr);
+      if (!isHttpH2 && chunk[0] != 22) {
         return next(chunk);
-      } else {
-        var isHttpH2 = HTTP2_RE.test(headersStr);
-        if (!isHttpH2 && chunk[0] != 22) {
-          return next(chunk);
-        }
-        var useSNI, domain, serverKey;
-        var handleConnect = function (port) {
-          var promise =
+      }
+      var useSNI, domain, serverKey;
+      var handleConnect = function (port) {
+        var promise =
             !isHttpH2 && !useSNI && serverAgent.existsServer(serverKey);
-          var httpsServer = promise && promise.cert && promise.server;
-          if (httpsServer && httpsServer.setSecureContext) {
-            var cert = serverAgent.createCertificate(domain);
-            if (
+        var httpsServer = promise && promise.cert && promise.server;
+        if (httpsServer && httpsServer.setSecureContext) {
+          var cert = serverAgent.createCertificate(domain);
+          if (
               cert.key !== promise.cert.key ||
               cert.cert !== promise.cert.cert
             ) {
-              try {
-                cert._ctx = cert._ctx || ca.createSecureContext(cert);
-                httpsServer.setSecureContext(cert._ctx);
-                promise.cert = cert;
-              } catch (e) {}
-            }
+            try {
+              cert._ctx = cert._ctx || ca.createSecureContext(cert);
+              httpsServer.setSecureContext(cert._ctx);
+              promise.cert = cert;
+            } catch (e) {}
           }
-          util.connect(
-            {
-              port: port,
-              host: LOCALHOST,
-              localAddress: LOCALHOST
-            },
+        }
+        util.connect(
+          {
+            port: port,
+            host: LOCALHOST,
+            localAddress: LOCALHOST
+          },
             function (err, s) {
               reqSocket = s;
               if (err || socket._hasError) {
                 return destroy(err);
               }
+              reqSocket.on('error', destroy);
               socket._w2TunnelKey = reqSocket.localPort + ':' + reqSocket.remotePort;
               tunnelTmplData.set(socket._w2TunnelKey,  getTunnelData(socket, clientIp, clientPort, isHttpH2));
               reqSocket.write(chunk);
               reqSocket.pipe(socket).pipe(reqSocket);
               socket.resume();
-              abortIfUnavailable(reqSocket);
             }
           );
-        };
-        var useNoSNIServer = function () {
-          serverKey = requestCert ? ':' + domain : domain;
-          serverAgent.createServer(serverKey, handlers, handleConnect, 0, 0);
-        };
+      };
+      var useNoSNIServer = function () {
+        serverKey = requestCert ? ':' + domain : domain;
+        serverAgent.createServer(serverKey, handlers, handleConnect, 0, 0);
+      };
 
-        var handleRequest = function () {
-          if (useSNI) {
-            var disableH2 = !properties.isEnableHttp2();
-            if (disable.http2) {
-              disableH2 = true;
-            } else if (enable.http2) {
-              disableH2 = false;
-            }
-            getSNIServer(h2Handlers, handleConnect, disableH2, requestCert);
-          } else if (isHttpH2) {
-            getHttp2Server(h2Handlers, handleConnect);
-          } else {
-            useNoSNIServer();
+      var handleRequest = function () {
+        if (useSNI) {
+          var disableH2 = !properties.isEnableHttp2();
+          if (disable.http2) {
+            disableH2 = true;
+          } else if (enable.http2) {
+            disableH2 = false;
           }
-        };
-        if (isHttpH2) {
-          return handleRequest();
+          getSNIServer(h2Handlers, handleConnect, disableH2, requestCert);
+        } else if (isHttpH2) {
+          getHttp2Server(h2Handlers, handleConnect);
+        } else {
+          useNoSNIServer();
         }
-        useSNI = checkSNI(chunk);
-        var servername = useSNI || socket.tunnelHostname;
-        if (
+      };
+      if (isHttpH2) {
+        return handleRequest();
+      }
+      useSNI = checkSNI(chunk);
+      var servername = useSNI || socket.tunnelHostname;
+      if (
           !servername ||
           (useSNI ? disable.captureSNI : (disable.captureNoSNI || (net.isIP(servername) && !isCaptureIp()))) ||
           (socket.useProxifier && !ca.existsCustomCert(servername))
         ) {
-          return next(chunk);
-        }
-        var requestCert =
+        return next(chunk);
+      }
+      var requestCert =
           (enable.clientCert || enable.requestCert) &&
           !disable.clientCert &&
           !disable.requestCert;
-        domain = getDomain(servername);
-        socket.curUrl = socket.fullUrl = 'https://' + servername;
-        socket.useSNI = useSNI;
-        socket.serverName = socket.servername = servername;
-        socket.commonName = domain;
-        loadCert(socket, function (cert) {
-          if (socket._hasError) {
-            return destroy();
-          }
-          if (cert === false) {
-            return next(chunk);
-          }
-          if (cert) {
-            domain = servername;
-          }
-          handleRequest();
-        });
-      }
-    },
+      domain = getDomain(servername);
+      socket.curUrl = socket.fullUrl = 'https://' + servername;
+      socket.useSNI = useSNI;
+      socket.serverName = socket.servername = servername;
+      socket.commonName = domain;
+      loadCert(socket, function (cert) {
+        if (socket._hasError) {
+          return destroy();
+        }
+        if (cert === false) {
+          return next(chunk);
+        }
+        if (cert) {
+          domain = servername;
+        }
+        handleRequest();
+      });
+    }
+  },
     isWebPort ? 0 : TIMEOUT
   );
 };

package/lib/index.js

@@ -11,7 +11,6 @@ var setupHttps = require('./https').setup;
 var httpsUtil = require('./https/ca');
 var rulesUtil = require('./rules/util');
 var initDataServer = require('./util/data-server');
-var initLogServer = require('./util/log-server');
 var pluginMgr = require('./plugins');
 var config = require('./config');
 var loadService = require('./service');
@@ -61,7 +60,6 @@ function proxy(callback, _server) {
   tunnelProxy(server, proxyEvents);
   upgradeProxy(server);
   initDataServer(proxyEvents);
-  initLogServer(proxyEvents);
   rulesUtil.setup(proxyEvents);
   var properties = rulesUtil.properties;
   if (config.disableAllRules) {
@@ -254,7 +252,7 @@ function handleGlobalException(err) {
     code === 'ERR_HTTP_TRAILER_INVALID' ||
     code === 'ERR_INTERNAL_ASSERTION' ||
     code === 'ERR_INVALID_ARG_TYPE' ||
-    (err && /finishwrite/i.test(err.message)))
+    (err && /finishwrite|'_hadError'/i.test(err.message)))
   ) {
     return;
   }

package/lib/inspectors/log.js

@@ -29,7 +29,11 @@ module.exports = function (req, res) {
   if (log) {
     util.disableReqCache(req.headers);
     var host = req.headers.host;
+    delete req.rules.log;
     res.on('src', function (_res) {
+      if (!(log = req.rules.log) || !util.hasBody(_res)) {
+        return;
+      }
       var topScript, isHtml;
       if (util.supportHtmlTransform(_res, req)) {
         isHtml = true;

package/lib/inspectors/weinre.js

@@ -21,17 +21,22 @@ function getScript(host, name, isHtml, req) {
 }
 
 module.exports = function (req, res) {
-  if (req.rules.weinre) {
+  var weinre = req.rules.weinre;
+  if (weinre) {
     util.disableReqCache(req.headers);
+    delete req.rules.weinre;
     var host = req.headers.host;
     res.on('src', function (_res) {
+      if (!(weinre = req.rules.weinre) || !util.hasBody(_res)) {
+        return;
+      }
       var isHtml = util.supportHtmlTransform(_res, req);
       if (!isHtml && util.getContentType(_res.headers) !== 'JS') {
         return;
       }
       !util.isEnable(req, 'keepAllCSP') && util.disableCSP(_res.headers);
       !req._customCache && util.disableResStore(_res.headers);
-      var name = util.getPath(util.rule.getMatcher(req.rules.weinre));
+      var name = util.getPath(util.rule.getMatcher(weinre));
       var transform = new Transform();
       transform._transform = function (chunk, _, callback) {
         if (!chunk) {

package/lib/rules/index.js

@@ -63,7 +63,6 @@ exports.hasReqScript = rules.hasReqScript.bind(rules);
 exports.resolveDisable = rules.resolveDisable.bind(rules);
 exports.resolvePipe = rules.resolvePipe.bind(rules);
 exports.resolveRule = rules.resolveRule.bind(rules);
-exports.resolveRules = resolveReqRules;
 exports.resolveResRules = rules.resolveResRules.bind(rules);
 exports.resolveBodyFilter = rules.resolveBodyFilter.bind(rules);
 exports.lookupHost = rules.lookupHost.bind(rules);

package/lib/rules/protocols.js

@@ -73,6 +73,7 @@ var protocols = [
   'cipher',
   'sniCallback'
 ];
+var toolProtocols = ['log', 'weinre'];
 
 var RULE_RE = /^(?:|x|xs)(?:file|rawfile|dust|tpl|jsonp):/;
 var LOC_RE = /^locationHref:/;
@@ -86,7 +87,6 @@ var pureResProtocols = [
   'resDelay',
   'resSpeed',
   'resType',
-  'resType',
   'resCharset',
   'resCookies',
   'resCors',
@@ -108,7 +108,7 @@ var pureResProtocols = [
   'htmlPrepend',
   'jsPrepend',
   'responseFor'
-];
+].concat(toolProtocols);
 var resProtocols = [
   'filter',
   'enable',
@@ -155,7 +155,7 @@ var aliasProtocols = {
 var protocolsWithoutG = protocols.slice(1);
 var reqProtocols = protocols.filter(function (name) {
   return pureResProtocols.indexOf(name) === -1;
-});
+}).concat(toolProtocols);
 var reqProtosWithoutG = reqProtocols.filter(function (name) {
   return name !== 'G';
 });
@@ -266,12 +266,6 @@ function resetRules(rules) {
 
 exports.resetRules = resetRules;
 
-function isResRule(protocol) {
-  return resProtocols.indexOf(protocol) != -1;
-}
-
-exports.isResRule = isResRule;
-
 function isWebProtocol(protocol) {
   return protocol == 'http:' || protocol == 'https:';
 }