whistle 2.9.74 → 2.9.76-beta

package/biz/webui/lib/index.js

@@ -6,7 +6,6 @@ var https = require('https');
 var parseReqUrl = require('parseurl');
 var bodyParser = require('body-parser');
 var crypto = require('crypto');
-var cookie = require('cookie');
 var fs = require('fs');
 var zlib = require('zlib');
 var extend = require('extend');
@@ -69,6 +68,26 @@ function shasum(str) {
   return shasum.digest('hex');
 }
 
+function parseCookie(str) {
+  var result = {};
+  str && str.split(';').forEach(function(pair) {
+    var index = pair.indexOf('=');
+    if (index === -1) {
+      return;
+    }
+    var key = pair.substring(0, index).trim();
+    var val = pair.substring(index + 1).trim();
+    if (result[key] == null) {
+      try {
+        result[key] = decodeURIComponent(val);
+      } catch (e) {
+        result[key] = val;
+      }
+    }
+  });
+  return result;
+}
+
 function getLoginKey (req, res, auth) {
   var ip = util.getClientIp(req);
   var password = auth.password;
@@ -112,7 +131,7 @@ function verifyLogin(req, res, auth) {
     return true;
   }
   var authKey = auth.authKey;
-  var cookies = cookie.parse(req.headers.cookie || '');
+  var cookies = parseCookie(req.headers.cookie);
   var lkey = cookies[authKey];
   var correctKey = getLoginKey(req, res, auth);
   if (correctKey === lkey) {
@@ -125,12 +144,12 @@ function verifyLogin(req, res, auth) {
     queryAuth.pass = queryAuth.pass && shasum(queryAuth.pass);
   }
   if (equalAuth(headerAuth, auth) || equalAuth(queryAuth, auth)) {
-    var options = {
-      expires: new Date(Date.now() + (MAX_AGE * 1000)),
-      maxAge: MAX_AGE,
-      path: '/'
-    };
-    res.setHeader('Set-Cookie', cookie.serialize(authKey, correctKey, options));
+    res.setHeader('Set-Cookie', [
+      authKey + '=' + util.encodeURIComponent(correctKey),
+      'Max-Age=' + MAX_AGE,
+      'Path=/',
+      'Expires=' + new Date(Date.now() + (MAX_AGE * 1000)).toUTCString()
+    ].join('; '));
     return true;
   }
 }

package/lib/handlers/file-proxy.js

@@ -17,6 +17,15 @@ var VAR_RE = /\{\S+\}/;
 var QUERY_VAR_RE = /\$?(?:\{\{([\w$-]+)\}\}|\{([\w$-]+)\})/g;
 var UTF8_OPTIONS = { encoding: 'utf8' };
 var ENABLE_OPTIONS = { enable: true };
+var SLASH_RE = /\\+/g;
+var QUOTE_RE = /"/g;
+var JS_RE = /^js:/i;
+var HTML_RE = /^html:/i;
+var BLANK_RE = /\s/g;
+
+function urlToStr(url) {
+  return url.replace(SLASH_RE, '').replace(QUOTE_RE, '\\$&').replace(BLANK_RE, ' ');
+}
 
 function isRawFileProtocol(protocol) {
   return RAW_FILE_RE.test(protocol);
@@ -176,6 +185,34 @@ function sendResponse(rule, res, reader, req) {
   res.response(reader);
 }
 
+function handleLocHref(req, rule, handleRes) {
+  var body = (util.getMatcherValue(rule) || '').trim();
+  var isJs = JS_RE.test(body);
+  var isHtml = HTML_RE.test(body);
+  if (isJs) {
+    body = body.substring(3);
+  } else if (isHtml) {
+    body = body.substring(5);
+  } else {
+    isJs = req.headers['sec-fetch-dest'] === 'script';
+  }
+  var type = isJs ? 'application/javascript' : 'text/html';
+  if (body) {
+    body = 'window.location.href = "' + urlToStr(body) + '";';
+    if (!isJs) {
+      body = '<script>' + body + '</script>';
+    }
+  }
+  
+  handleRes({
+    statusCode: 200,
+    body: body,
+    headers: {
+      'content-type': type + '; charset=utf-8'
+    }
+  });
+}
+
 module.exports = function (req, res, next) {
   var options = req.options;
   var config = this.config;
@@ -185,6 +222,9 @@ module.exports = function (req, res, next) {
   }
   var rules = req.rules;
   var rule = rules.rule;
+  if (protoMgr.isLocHref(protocol)) {
+    return handleLocHref(req, rule, render);
+  }
   if (isAutoCors(req, rule) && req.method === 'OPTIONS') {
     var optsRes = util.wrapResponse({ statusCode: 200  });
     optsRes.realUrl = rule.matcher;

package/lib/inspectors/res.js

@@ -134,9 +134,9 @@ function handleReplace(res, replacement) {
       util.isOriginalRegExp(pattern) &&
       (pattern = util.toOriginalRegExp(pattern))
     ) {
-      res.addTextTransform(new ReplacePatternTransform(pattern, value));
+      res.addTextTransform(new ReplacePatternTransform(pattern, value, util.isSSE(res)));
     } else if (pattern) {
-      res.addTextTransform(new ReplaceStringTransform(pattern, value));
+      res.addTextTransform(new ReplaceStringTransform(pattern, value, util.isSSE(res)));
     }
   });
 }

package/lib/rules/protocols.js

@@ -74,6 +74,7 @@ var protocols = [
 ];
 
 var RULE_RE = /^(?:|x|xs)(?:file|rawfile|dust|tpl|jsonp):/;
+var LOC_RE = /^locationHref:/;
 var PROXY_RE =
   /^x?(?:socks|proxy|https?-proxy|internal-proxy|internal-https?-proxy|https2http-proxy|http2https-proxy)$/;
 var pureResProtocols = [
@@ -275,11 +276,15 @@ function isWebsocketProtocol(protocol) {
 exports.isWebsocketProtocol = isWebsocketProtocol;
 
 function isFileProxy(protocol) {
-  return RULE_RE.test(protocol);
+  return RULE_RE.test(protocol) || LOC_RE.test(protocol);
 }
 
 exports.isFileProxy = isFileProxy;
 
+exports.isLocHref = function(protocol) {
+  return LOC_RE.test(protocol);
+};
+
 function contains(name) {
   if (
     protocols.indexOf(name) != -1 ||

package/lib/util/index.js

@@ -15,7 +15,6 @@ var iconv = require('iconv-lite');
 var zlib = require('zlib');
 var dns = require('dns');
 var PipeStream = require('pipestream');
-var Q = require('q');
 var Buffer = require('safe-buffer').Buffer;
 var protoMgr = require('../rules/protocols');
 var protocols = protoMgr.protocols;
@@ -438,6 +437,12 @@ function stat(file, callback, force) {
   });
 }
 
+function spreadPromise(promise, callback) {
+  promise.then(function(list) {
+    callback.apply(null, list);
+  });
+}
+
 function getFileWriter(file, callback, force) {
   if (!file) {
     return callback();
@@ -476,19 +481,19 @@ function getFileWriters(files, callback, force) {
     files = [files];
   }
 
-  Q.all(
+  spreadPromise(Promise.all(
     files.map(function (file) {
-      var defer = Q.defer();
-      getFileWriter(
-        file,
-        function (writer) {
-          defer.resolve(writer);
-        },
-        force
-      );
-      return defer.promise;
+      return new Promise(function(resolve) {
+        getFileWriter(
+          file,
+          function (writer) {
+            resolve(writer);
+          },
+          force
+        );
+      });
     })
-  ).spread(callback);
+  ), callback);
 }
 
 exports.getFileWriters = getFileWriters;
@@ -1248,22 +1253,13 @@ exports.parseRuleJson = function(rules, callback, req) {
   if (!Array.isArray(rules)) {
     rules = [rules];
   }
-  Q.all(
+  spreadPromise(Promise.all(
     rules.map(function (rule) {
-      var defer = Q.defer();
-      readRuleList(
-        rule,
-        function (data) {
-          defer.resolve(data);
-        },
-        true,
-        null,
-        null,
-        req
-      );
-      return defer.promise;
+      return new Promise(function(resolve) {
+        readRuleList(rule, resolve, true, null, null, req);
+      });
     })
-  ).spread(callback);
+  ), callback);
 };
 
 function getTempFilePath(filePath, rule) {
@@ -1487,23 +1483,13 @@ exports.getRuleValue = function(rules, callback, noBody, charset, isHtml, req) {
   if (!Array.isArray(rules)) {
     rules = [rules];
   }
-
-  Q.all(
+  spreadPromise(Promise.all(
     rules.map(function (rule) {
-      var defer = Q.defer();
-      readRuleList(
-        rule,
-        function (data) {
-          defer.resolve(data);
-        },
-        false,
-        charset,
-        isHtml,
-        req
-      );
-      return defer.promise;
+      return new Promise(function(resolve) {
+        readRuleList(rule, resolve, false, charset, isHtml, req);
+      });
     })
-  ).spread(callback);
+  ), callback);
 };
 
 function decodePath(path) {
@@ -3681,18 +3667,17 @@ exports.getBoundIp = function (host, cb) {
   }
   var boundIpDefer = boundIpDeferMap[host];
   if (boundIpDefer) {
-    return boundIpDefer.done(cb);
-  }
-  var defer = Q.defer();
-  boundIpDefer = defer.promise;
-  boundIpDeferMap[host] = boundIpDefer;
-  boundIpDefer.done(cb);
-  dns.lookup(host, function (err, ip) {
-    if (err) {
-      throw err;
-    }
-    defer.resolve(ip);
+    return boundIpDefer.then(cb);
+  }
+  boundIpDeferMap[host] = boundIpDefer = new Promise(function(resolve) {
+    dns.lookup(host, function (err, ip) {
+      if (err) {
+        throw err;
+      }
+      resolve(ip);
+    });
   });
+  boundIpDefer.then(cb);
 };
 
 function getPluginConfig(conf, name) {
@@ -4122,3 +4107,9 @@ exports.needAbortRes = function(req) {
   }
   return req.isTunnel && disable.tunnel;
 };
+
+var SSE_RE = /^\s*text\/event-stream\s*;?/i;
+
+exports.isSSE = function(res) {
+  return SSE_RE.test(res.headers['content-type']);
+};

package/lib/util/replace-pattern-transform.js

@@ -7,11 +7,12 @@ var SUB_MATCH_RE = /(^|\\{0,2})?(\$\$?(b)?[&\d])/g;
 var ALL_RE = /^\/\.[*+]\/g?i?g?$/;
 var MAX_SUB_MATCH_LEN = 512;
 
-function ReplacePatternTransform(pattern, value) {
+function ReplacePatternTransform(pattern, value, isSSE) {
   Transform.call(this);
   this._pattern = pattern;
   this._replaceAll = ALL_RE.test(pattern);
   this._value = value == null ? '' : value + '';
+  this._isSSE = isSSE;
   this._rest = '';
 }
 
@@ -39,6 +40,12 @@ proto._transform = function (chunk, _, callback) {
       return replacePattern(value, arguments);
     });
     index = Math.max(index, chunk.length - LENGTH);
+    if (this._isSSE) {
+      var endIndex = chunk.lastIndexOf('\n\n');
+      if (endIndex !== -1) {
+        index = Math.max(endIndex + 2, index);
+      }
+    }
     this._rest = chunk.substring(index);
     chunk = result.substring(0, result.length - this._rest.length);
   } else if (this._rest) {

package/lib/util/replace-string-transform.js

@@ -1,18 +1,19 @@
 var Transform = require('pipestream').Transform;
 var util = require('util');
 
-function ReplaceStringTransform(str, value) {
+function ReplaceStringTransform(str, value, isSSE) {
   Transform.call(this);
   this._str = str;
   this._length = this._str.length;
   this._value = value == null ? '' : value + '';
+  this._isSSE = isSSE;
   this._rest = '';
 }
 
 util.inherits(ReplaceStringTransform, Transform);
 
 var proto = ReplaceStringTransform.prototype;
-proto._transform = function (chunk, encoding, callback) {
+proto._transform = function (chunk, _, callback) {
   if (chunk != null) {
     chunk = this._rest + chunk;
     var minIndex = chunk.length + 1 - this._length;
@@ -23,6 +24,12 @@ proto._transform = function (chunk, encoding, callback) {
     } else {
       index = minIndex;
     }
+    if (this._isSSE) {
+      var endIndex = chunk.lastIndexOf('\n\n');
+      if (endIndex !== -1) {
+        index = Math.max(endIndex + 2, index);
+      }
+    }
     this._rest = chunk.substring(index);
     chunk = chunk.substring(0, index);
   } else {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "whistle",
   "description": "HTTP, HTTP2, HTTPS, Websocket debugging proxy",
-  "version": "2.9.74",
+  "version": "2.9.76-beta",
   "dataDirname": ".whistle",
   "localUIHost": "local.whistlejs.com",
   "port": 8899,
@@ -37,11 +37,10 @@
     "async-limiter": "2.0.0",
     "body-parser": "^1.19.0",
     "colors": "1.1.2",
-    "cookie": "^0.3.1",
     "express": "^4.19.2",
     "extend": "^3.0.2",
     "fs-extra2": "^1.0.0",
-    "hagent": "^0.9.0",
+    "hagent": "^0.9.2",
     "hparser": "^0.4.0",
     "iconv-lite": "^0.4.24",
     "json5": "^2.2.3",
@@ -51,11 +50,10 @@
     "node-forge": "^1.3.1",
     "node-pac": "^0.5.0",
     "parseurl": "^1.3.1",
-    "pfork": "^0.6.1",
+    "pfork": "^0.6.2",
     "pipestream": "^0.7.3",
-    "q": "1.4.1",
     "safe-buffer": "^5.1.2",
-    "set-global-proxy": "^0.1.11",
+    "set-global-proxy": "0.2.0-beta",
     "sni": "1.0.0",
     "sockx": "^0.2.1",
     "starting": "^8.0.2",