lalBi94 7bc56c09b5 $
2023-03-05 13:23:23 +01:00

177 lines
7.7 KiB
JavaScript

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const net_1 = __importDefault(require("net"));
const tls_1 = __importDefault(require("tls"));
const url_1 = __importDefault(require("url"));
const assert_1 = __importDefault(require("assert"));
const debug_1 = __importDefault(require("debug"));
const agent_base_1 = require("agent-base");
const parse_proxy_response_1 = __importDefault(require("./parse-proxy-response"));
const debug = debug_1.default('https-proxy-agent:agent');
/**
* The `HttpsProxyAgent` implements an HTTP Agent subclass that connects to
* the specified "HTTP(s) proxy server" in order to proxy HTTPS requests.
*
* Outgoing HTTP requests are first tunneled through the proxy server using the
* `CONNECT` HTTP request method to establish a connection to the proxy server,
* and then the proxy server connects to the destination target and issues the
* HTTP request from the proxy server.
*
* `https:` requests have their socket connection upgraded to TLS once
* the connection to the proxy server has been established.
*
* @api public
*/
class HttpsProxyAgent extends agent_base_1.Agent {
constructor(_opts) {
let opts;
if (typeof _opts === 'string') {
opts = url_1.default.parse(_opts);
}
else {
opts = _opts;
}
if (!opts) {
throw new Error('an HTTP(S) proxy server `host` and `port` must be specified!');
}
debug('creating new HttpsProxyAgent instance: %o', opts);
super(opts);
const proxy = Object.assign({}, opts);
// If `true`, then connect to the proxy server over TLS.
// Defaults to `false`.
this.secureProxy = opts.secureProxy || isHTTPS(proxy.protocol);
// Prefer `hostname` over `host`, and set the `port` if needed.
proxy.host = proxy.hostname || proxy.host;
if (typeof proxy.port === 'string') {
proxy.port = parseInt(proxy.port, 10);
}
if (!proxy.port && proxy.host) {
proxy.port = this.secureProxy ? 443 : 80;
}
// ALPN is supported by Node.js >= v5.
// attempt to negotiate http/1.1 for proxy servers that support http/2
if (this.secureProxy && !('ALPNProtocols' in proxy)) {
proxy.ALPNProtocols = ['http 1.1'];
}
if (proxy.host && proxy.path) {
// If both a `host` and `path` are specified then it's most likely
// the result of a `url.parse()` call... we need to remove the
// `path` portion so that `net.connect()` doesn't attempt to open
// that as a Unix socket file.
delete proxy.path;
delete proxy.pathname;
}
this.proxy = proxy;
}
/**
* Called when the node-core HTTP client library is creating a
* new HTTP request.
*
* @api protected
*/
callback(req, opts) {
return __awaiter(this, void 0, void 0, function* () {
const { proxy, secureProxy } = this;
// Create a socket connection to the proxy server.
let socket;
if (secureProxy) {
debug('Creating `tls.Socket`: %o', proxy);
socket = tls_1.default.connect(proxy);
}
else {
debug('Creating `net.Socket`: %o', proxy);
socket = net_1.default.connect(proxy);
}
const headers = Object.assign({}, proxy.headers);
const hostname = `${opts.host}:${opts.port}`;
let payload = `CONNECT ${hostname} HTTP/1.1\r\n`;
// Inject the `Proxy-Authorization` header if necessary.
if (proxy.auth) {
headers['Proxy-Authorization'] = `Basic ${Buffer.from(proxy.auth).toString('base64')}`;
}
// The `Host` header should only include the port
// number when it is not the default port.
let { host, port, secureEndpoint } = opts;
if (!isDefaultPort(port, secureEndpoint)) {
host += `:${port}`;
}
headers.Host = host;
headers.Connection = 'close';
for (const name of Object.keys(headers)) {
payload += `${name}: ${headers[name]}\r\n`;
}
const proxyResponsePromise = parse_proxy_response_1.default(socket);
socket.write(`${payload}\r\n`);
const { statusCode, buffered } = yield proxyResponsePromise;
if (statusCode === 200) {
req.once('socket', resume);
if (opts.secureEndpoint) {
// The proxy is connecting to a TLS server, so upgrade
// this socket connection to a TLS connection.
debug('Upgrading socket connection to TLS');
const servername = opts.servername || opts.host;
return tls_1.default.connect(Object.assign(Object.assign({}, omit(opts, 'host', 'hostname', 'path', 'port')), { socket,
servername }));
}
return socket;
}
// Some other status code that's not 200... need to re-play the HTTP
// header "data" events onto the socket once the HTTP machinery is
// attached so that the node core `http` can parse and handle the
// error status code.
// Close the original socket, and a new "fake" socket is returned
// instead, so that the proxy doesn't get the HTTP request
// written to it (which may contain `Authorization` headers or other
// sensitive data).
//
// See: https://hackerone.com/reports/541502
socket.destroy();
const fakeSocket = new net_1.default.Socket({ writable: false });
fakeSocket.readable = true;
// Need to wait for the "socket" event to re-play the "data" events.
req.once('socket', (s) => {
debug('replaying proxy buffer for failed request');
assert_1.default(s.listenerCount('data') > 0);
// Replay the "buffered" Buffer onto the fake `socket`, since at
// this point the HTTP module machinery has been hooked up for
// the user.
s.push(buffered);
s.push(null);
});
return fakeSocket;
});
}
}
exports.default = HttpsProxyAgent;
function resume(socket) {
socket.resume();
}
function isDefaultPort(port, secure) {
return Boolean((!secure && port === 80) || (secure && port === 443));
}
function isHTTPS(protocol) {
return typeof protocol === 'string' ? /^https:?$/i.test(protocol) : false;
}
function omit(obj, ...keys) {
const ret = {};
let key;
for (key in obj) {
if (!keys.includes(key)) {
ret[key] = obj[key];
}
}
return ret;
}
//# sourceMappingURL=agent.js.map