insomnia/app/network/network.js
2017-06-30 09:00:00 -07:00

570 lines
20 KiB
JavaScript

import electron from 'electron';
import mkdirp from 'mkdirp';
import mimes from 'mime-types';
import {parse as urlParse, resolve as urlResolve} from 'url';
import {Curl} from 'node-libcurl';
import {join as pathJoin} from 'path';
import * as models from '../models';
import * as querystring from '../common/querystring';
import * as util from '../common/misc.js';
import {AUTH_BASIC, AUTH_DIGEST, AUTH_NTLM, CONTENT_TYPE_FORM_DATA, CONTENT_TYPE_FORM_URLENCODED, getAppVersion} from '../common/constants';
import {describeByteSize, hasAuthHeader, hasContentTypeHeader, hasUserAgentHeader, setDefaultProtocol} from '../common/misc';
import {getRenderedRequest} from '../common/render';
import fs from 'fs';
import * as db from '../common/database';
import * as CACerts from './cacert';
import {getAuthHeader} from './authentication';
import {cookiesFromJar, jarFromCookies} from '../common/cookies';
import urlMatchesCertHost from './url-matches-cert-host';
// Time since user's last keypress to wait before making the request
const MAX_DELAY_TIME = 1000;
let cancelRequestFunction = null;
let lastUserInteraction = Date.now();
export function cancelCurrentRequest () {
if (typeof cancelRequestFunction === 'function') {
cancelRequestFunction();
}
}
export function _actuallySend (renderedRequest, workspace, settings) {
return new Promise(async resolve => {
function handleError (err, prefix = null) {
resolve({
url: renderedRequest.url,
parentId: renderedRequest._id,
error: prefix ? `${prefix}: ${err.message}` : err.message,
elapsedTime: 0,
statusMessage: 'Error',
settingSendCookies: renderedRequest.settingSendCookies,
settingStoreCookies: renderedRequest.settingStoreCookies
});
}
try {
// Initialize the curl handle
const curl = new Curl();
let timeline = [];
// Define helper to add base fields when responding
const respond = (patch, bodyBuffer = null) => {
const response = Object.assign({
parentId: renderedRequest._id,
timeline: timeline,
settingSendCookies: renderedRequest.settingSendCookies,
settingStoreCookies: renderedRequest.settingStoreCookies
}, patch);
resolve({bodyBuffer, response});
};
// Define helper to setOpt for better error handling
const setOpt = (opt, val, optional = false) => {
const name = Object.keys(Curl.option).find(name => Curl.option[name] === opt);
try {
curl.setOpt(opt, val);
} catch (err) {
if (!optional) {
throw new Error(`${err.message} (${opt} ${name || 'n/a'})`);
} else {
console.warn(`Failed to set optional Curl opt (${opt} ${name || 'n/a'})`);
}
}
};
const setOptionalOpt = (opt, val) => setOpt(opt, val, true);
// Setup the cancellation logic
cancelRequestFunction = () => {
respond({
elapsedTime: curl.getInfo(Curl.info.TOTAL_TIME) * 1000,
bytesRead: curl.getInfo(Curl.info.SIZE_DOWNLOAD),
url: curl.getInfo(Curl.info.EFFECTIVE_URL),
statusMessage: 'Cancelled',
error: 'Request was cancelled'
});
// Kill it!
curl.close();
};
// Set all the basic options
setOpt(Curl.option.CUSTOMREQUEST, renderedRequest.method);
setOpt(Curl.option.NOBODY, renderedRequest.method.toLowerCase() === 'head' ? 1 : 0);
setOpt(Curl.option.FOLLOWLOCATION, settings.followRedirects);
setOpt(Curl.option.TIMEOUT_MS, settings.timeout); // 0 for no timeout
setOpt(Curl.option.VERBOSE, true); // True so debug function works
setOpt(Curl.option.NOPROGRESS, false); // False so progress function works
setOpt(Curl.option.ACCEPT_ENCODING, ''); // Auto decode everything
// Setup debug handler
setOpt(Curl.option.DEBUGFUNCTION, (infoType, content) => {
const name = Object.keys(Curl.info.debug).find(k => Curl.info.debug[k] === infoType);
if (
infoType === Curl.info.debug.SSL_DATA_IN ||
infoType === Curl.info.debug.SSL_DATA_OUT
) {
return 0;
}
// Ignore the possibly large data messages
if (infoType === Curl.info.debug.DATA_OUT) {
if (content.length === 0) {
// Sometimes this happens, but I'm not sure why. Just ignore it.
} else if (content.length < 1000) {
timeline.push({name, value: content});
} else {
timeline.push({name, value: `(${describeByteSize(content.length)} hidden)`});
}
return 0;
}
if (infoType === Curl.info.debug.DATA_IN) {
timeline.push({
name: 'TEXT',
value: `Received ${describeByteSize(content.length)} chunk`
});
return 0;
}
// Don't show cookie setting because this will display every domain in the jar
if (infoType === Curl.info.debug.TEXT && content.indexOf('Added cookie') === 0) {
return 0;
}
timeline.push({name, value: content});
return 0; // Must be here
});
// Set the headers (to be modified as we go)
const headers = [...renderedRequest.headers];
let lastPercent = 0;
// NOTE: This option was added in 7.32.0 so make it optional
setOptionalOpt(Curl.option.XFERINFOFUNCTION, (dltotal, dlnow, ultotal, ulnow) => {
if (dltotal === 0) {
return 0;
}
const percent = Math.round(dlnow / dltotal * 100);
if (percent !== lastPercent) {
// console.log('PROGRESS 2', `${percent}%`, ultotal, ulnow);
lastPercent = percent;
}
return 0;
});
// Set the URL, including the query parameters
const qs = querystring.buildFromParams(renderedRequest.parameters);
const url = querystring.joinUrl(renderedRequest.url, qs);
const isUnixSocket = url.match(/https?:\/\/unix:\//);
const finalUrl = util.prepareUrlForSending(url, renderedRequest.settingEncodeUrl);
if (isUnixSocket) {
// URL prep will convert "unix:/path" hostname to "unix/path"
const match = finalUrl.match(/(https?:)\/\/unix:?(\/[^:]+):\/(.+)/);
const protocol = (match && match[1]) || '';
const socketPath = (match && match[2]) || '';
const socketUrl = (match && match[3]) || '';
setOpt(Curl.option.URL, `${protocol}//${socketUrl}`);
setOpt(Curl.option.UNIX_SOCKET_PATH, socketPath);
} else {
setOpt(Curl.option.URL, finalUrl);
}
timeline.push({name: 'TEXT', value: 'Preparing request to ' + finalUrl});
// log some things
if (renderedRequest.settingEncodeUrl) {
timeline.push({name: 'TEXT', value: 'Enable automatic URL encoding'});
} else {
timeline.push({name: 'TEXT', value: 'Disable automatic URL encoding'});
}
// SSL Validation
if (settings.validateSSL) {
timeline.push({name: 'TEXT', value: 'Enable SSL validation'});
} else {
setOpt(Curl.option.SSL_VERIFYHOST, 0);
setOpt(Curl.option.SSL_VERIFYPEER, 0);
timeline.push({name: 'TEXT', value: 'Disable SSL validation'});
}
// Setup CA Root Certificates if not on Mac. Thanks to libcurl, Mac will use
// certificates form the OS.
if (process.platform !== 'darwin') {
const basCAPath = pathJoin(electron.remote.app.getPath('temp'), 'insomnia');
const fullCAPath = pathJoin(basCAPath, CACerts.filename);
try {
fs.statSync(fullCAPath);
} catch (err) {
// Doesn't exist yet, so write it
mkdirp.sync(basCAPath);
fs.writeFileSync(fullCAPath, CACerts.blob);
console.log('[net] Set CA to', fullCAPath);
}
setOpt(Curl.option.CAINFO, fullCAPath);
}
// Set cookies from jar
if (renderedRequest.settingSendCookies) {
// Tell Curl to store cookies that it receives. This is only important if we receive
// a cookie on a redirect that needs to be sent on the next request in the chain.
curl.setOpt(Curl.option.COOKIEFILE, '');
const cookies = renderedRequest.cookieJar.cookies || [];
for (const cookie of cookies) {
let expiresTimestamp = 0;
if (cookie.expires) {
const expiresDate = new Date(cookie.expires);
expiresTimestamp = Math.round(expiresDate.getTime() / 1000);
}
setOpt(Curl.option.COOKIELIST, [
cookie.httpOnly ? `#HttpOnly_${cookie.domain}` : cookie.domain,
cookie.hostOnly ? 'FALSE' : 'TRUE',
cookie.path,
cookie.secure ? 'TRUE' : 'FALSE',
expiresTimestamp,
cookie.key,
cookie.value
].join('\t'));
}
timeline.push({
name: 'TEXT',
value: 'Enable cookie sending with jar of ' +
`${cookies.length} cookie${cookies.length !== 1 ? 's' : ''}`
});
} else {
timeline.push({
name: 'TEXT',
value: 'Disable cookie sending due to user setting'
});
}
// Set proxy settings if we have them
if (settings.proxyEnabled) {
const {protocol} = urlParse(renderedRequest.url);
const {httpProxy, httpsProxy, noProxy} = settings;
const proxyHost = protocol === 'https:' ? httpsProxy : httpProxy;
const proxy = proxyHost ? setDefaultProtocol(proxyHost) : null;
timeline.push({name: 'TEXT', value: `Enable network proxy for ${protocol}`});
if (proxy) {
setOpt(Curl.option.PROXY, proxy);
setOpt(Curl.option.PROXYAUTH, Curl.auth.ANY);
}
if (noProxy) {
setOpt(Curl.option.NOPROXY, noProxy);
}
} else {
setOpt(Curl.option.PROXY, '');
}
// Set client certs if needed
for (const certificate of workspace.certificates) {
if (certificate.disabled) {
continue;
}
const cHostWithProtocol = setDefaultProtocol(certificate.host, 'https:');
if (urlMatchesCertHost(cHostWithProtocol, renderedRequest.url)) {
const ensureFile = blobOrFilename => {
if (blobOrFilename.indexOf('/') === 0) {
return blobOrFilename;
} else {
// Legacy support. Certs used to be stored in blobs, so lets write it to
// the temp directory first.
// TODO: Delete this fallback eventually
const fullBase = pathJoin(electron.remote.app.getPath('temp'), 'insomnia');
mkdirp.sync(fullBase);
const name = `${renderedRequest._id}_${renderedRequest.modified}`;
const fullPath = pathJoin(fullBase, name);
fs.writeFileSync(fullPath, new Buffer(blobOrFilename, 'base64'));
return fullPath;
}
};
const {passphrase, cert, key, pfx} = certificate;
if (cert) {
setOpt(Curl.option.SSLCERT, ensureFile(cert));
setOpt(Curl.option.SSLCERTTYPE, 'PEM');
timeline.push({name: 'TEXT', value: 'Adding SSL PEM certificate'});
}
if (pfx) {
setOpt(Curl.option.SSLCERT, ensureFile(pfx));
setOpt(Curl.option.SSLCERTTYPE, 'P12');
timeline.push({name: 'TEXT', value: 'Adding SSL P12 certificate'});
}
if (key) {
setOpt(Curl.option.SSLKEY, ensureFile(key));
timeline.push({name: 'TEXT', value: 'Adding SSL KEY certificate'});
}
if (passphrase) {
setOpt(Curl.option.KEYPASSWD, passphrase);
}
}
}
// Build the body
let noBody = false;
const expectsBody = ['POST', 'PUT', 'PATCH'].includes(renderedRequest.method.toUpperCase());
if (renderedRequest.body.mimeType === CONTENT_TYPE_FORM_URLENCODED) {
const d = querystring.buildFromParams(renderedRequest.body.params || [], false);
setOpt(Curl.option.POSTFIELDS, d); // Send raw data
} else if (renderedRequest.body.mimeType === CONTENT_TYPE_FORM_DATA) {
const data = renderedRequest.body.params.map(param => {
if (param.type === 'file' && param.fileName) {
const type = mimes.lookup(param.fileName) || 'application/octet-stream';
return {name: param.name, file: param.fileName, type};
} else {
return {name: param.name, contents: param.value};
}
});
setOpt(Curl.option.HTTPPOST, data);
} else if (renderedRequest.body.fileName) {
const {size} = fs.statSync(renderedRequest.body.fileName);
const fd = fs.openSync(renderedRequest.body.fileName, 'r+');
setOpt(Curl.option.INFILESIZE, size);
setOpt(Curl.option.UPLOAD, 1);
setOpt(Curl.option.READDATA, fd);
const fn = () => fs.closeSync(fd);
curl.on('end', fn);
curl.on('error', fn);
} else if (typeof renderedRequest.body.mimeType === 'string' || expectsBody) {
setOpt(Curl.option.POSTFIELDS, renderedRequest.body.text || '');
} else {
// No body
noBody = true;
}
if (!noBody) {
// Don't chunk uploads
headers.push({name: 'Expect', value: ''});
headers.push({name: 'Transfer-Encoding', value: ''});
}
// Build the body
const dataBuffers = [];
let dataBuffersLength = 0;
curl.on('data', chunk => {
dataBuffers.push(chunk);
dataBuffersLength += chunk.length;
});
// Handle Authorization header
if (!hasAuthHeader(headers) && !renderedRequest.authentication.disabled) {
if (renderedRequest.authentication.type === AUTH_BASIC) {
const {username, password} = renderedRequest.authentication;
setOpt(Curl.option.HTTPAUTH, Curl.auth.BASIC);
setOpt(Curl.option.USERNAME, username || '');
setOpt(Curl.option.PASSWORD, password || '');
} else if (renderedRequest.authentication.type === AUTH_DIGEST) {
const {username, password} = renderedRequest.authentication;
setOpt(Curl.option.HTTPAUTH, Curl.auth.DIGEST);
setOpt(Curl.option.USERNAME, username || '');
setOpt(Curl.option.PASSWORD, password || '');
} else if (renderedRequest.authentication.type === AUTH_NTLM) {
const {username, password} = renderedRequest.authentication;
setOpt(Curl.option.HTTPAUTH, Curl.auth.NTLM);
setOpt(Curl.option.USERNAME, username || '');
setOpt(Curl.option.PASSWORD, password || '');
} else {
const authHeader = await getAuthHeader(
renderedRequest._id,
renderedRequest.authentication
);
if (authHeader) {
headers.push(authHeader);
}
}
}
// Set User-Agent if it't not already in headers
if (!hasUserAgentHeader(headers)) {
setOpt(Curl.option.USERAGENT, `insomnia/${getAppVersion()}`);
}
// Prevent curl from adding default content-type header
if (!hasContentTypeHeader(headers)) {
headers.push({name: 'content-type', value: ''});
}
// NOTE: This is last because headers might be modified multiple times
const headerStrings = headers
.filter(h => h.name)
.map(h => `${(h.name || '').trim()}: ${h.value}`);
setOpt(Curl.option.HTTPHEADER, headerStrings);
// Handle the response ending
curl.on('end', async function (_1, _2, allCurlHeadersObjects) {
// Headers are an array (one for each redirect)
const lastCurlHeadersObject = allCurlHeadersObjects[allCurlHeadersObjects.length - 1];
// Collect various things
const result = lastCurlHeadersObject && lastCurlHeadersObject.result;
const statusCode = result ? result.code : 0;
const statusMessage = result ? result.reason : 'Unknown';
// Collect the headers
const headers = [];
for (const name of lastCurlHeadersObject ? Object.keys(lastCurlHeadersObject) : []) {
if (typeof lastCurlHeadersObject[name] === 'string') {
headers.push({name, value: lastCurlHeadersObject[name]});
} else if (Array.isArray(lastCurlHeadersObject[name])) {
for (const value of lastCurlHeadersObject[name]) {
headers.push({name, value});
}
}
}
// Calculate the content type
const contentTypeHeader = util.getContentTypeHeader(headers);
const contentType = contentTypeHeader ? contentTypeHeader.value : '';
// Update Cookie Jar
let currentUrl = finalUrl;
let setCookieStrings = [];
const jar = jarFromCookies(renderedRequest.cookieJar.cookies);
for (const curlHeaderObject of allCurlHeadersObjects) {
// Collect Set-Cookie headers
const setCookieHeaders = _getCurlHeader(curlHeaderObject, 'set-cookie', []);
setCookieStrings = [...setCookieStrings, ...setCookieHeaders];
// Pull out new URL if there is a redirect
const newLocation = _getCurlHeader(curlHeaderObject, 'location', null);
if (newLocation !== null) {
currentUrl = urlResolve(currentUrl, newLocation);
}
}
// Update jar with Set-Cookie headers
for (const setCookieStr of setCookieStrings) {
try {
jar.setCookieSync(setCookieStr, currentUrl);
} catch (err) {
timeline.push({name: 'TEXT', value: `Rejected cookie: ${err.message}`});
}
}
// Update cookie jar if we need to and if we found any cookies
if (renderedRequest.settingStoreCookies && setCookieStrings.length) {
const cookies = await cookiesFromJar(jar);
models.cookieJar.update(renderedRequest.cookieJar, {cookies});
}
// Print informational message
if (setCookieStrings.length > 0) {
const n = setCookieStrings.length;
if (renderedRequest.settingStoreCookies) {
timeline.push({name: 'TEXT', value: `Saved ${n} cookie${n === 1 ? '' : 's'}`});
} else {
timeline.push({name: 'TEXT', value: `Ignored ${n} cookie${n === 1 ? '' : 's'}`});
}
}
// Handle the body
const bodyBuffer = Buffer.concat(dataBuffers, dataBuffersLength);
// Return the response data
respond({
headers,
contentType,
statusCode,
statusMessage,
elapsedTime: curl.getInfo(Curl.info.TOTAL_TIME) * 1000,
bytesRead: curl.getInfo(Curl.info.SIZE_DOWNLOAD),
url: curl.getInfo(Curl.info.EFFECTIVE_URL)
}, bodyBuffer);
// Close the request
this.close();
});
curl.on('error', function (err, code) {
let error = err + '';
let statusMessage = 'Error';
if (code === Curl.code.CURLE_ABORTED_BY_CALLBACK) {
error = 'Request aborted';
statusMessage = 'Abort';
}
respond({statusMessage, error});
});
curl.perform();
} catch (err) {
handleError(err);
}
});
}
export async function send (requestId, environmentId) {
// HACK: wait for all debounces to finish
/*
* TODO: Do this in a more robust way
* The following block adds a "long" delay to let potential debounces and
* database updates finish before making the request. This is done by tracking
* the time of the user's last keypress and making sure the request is sent a
* significant time after the last press.
*/
const timeSinceLastInteraction = Date.now() - lastUserInteraction;
const delayMillis = Math.max(0, MAX_DELAY_TIME - timeSinceLastInteraction);
if (delayMillis > 0) {
await util.delay(delayMillis);
}
// Fetch some things
const request = await models.request.getById(requestId);
const settings = await models.settings.getOrCreate();
// This may throw
const renderedRequest = await getRenderedRequest(request, environmentId);
// Get the workspace for the request
const ancestors = await db.withAncestors(request, [
models.requestGroup.type,
models.workspace.type
]);
const workspace = ancestors.find(doc => doc.type === models.workspace.type);
// Render succeeded so we're good to go!
return _actuallySend(renderedRequest, workspace, settings);
}
function _getCurlHeader (curlHeadersObj, name, fallback) {
const headerName = Object.keys(curlHeadersObj).find(
n => n.toLowerCase() === name.toLowerCase()
);
if (headerName) {
return curlHeadersObj[headerName];
} else {
return fallback;
}
}
document.addEventListener('keydown', e => {
if (e.ctrlKey || e.metaKey || e.altKey) {
return;
}
lastUserInteraction = Date.now();
});