Node-Red configuration
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.js 23KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143
  1. /*!
  2. * send
  3. * Copyright(c) 2012 TJ Holowaychuk
  4. * Copyright(c) 2014-2022 Douglas Christopher Wilson
  5. * MIT Licensed
  6. */
  7. 'use strict'
  8. /**
  9. * Module dependencies.
  10. * @private
  11. */
  12. var createError = require('http-errors')
  13. var debug = require('debug')('send')
  14. var deprecate = require('depd')('send')
  15. var destroy = require('destroy')
  16. var encodeUrl = require('encodeurl')
  17. var escapeHtml = require('escape-html')
  18. var etag = require('etag')
  19. var fresh = require('fresh')
  20. var fs = require('fs')
  21. var mime = require('mime')
  22. var ms = require('ms')
  23. var onFinished = require('on-finished')
  24. var parseRange = require('range-parser')
  25. var path = require('path')
  26. var statuses = require('statuses')
  27. var Stream = require('stream')
  28. var util = require('util')
  29. /**
  30. * Path function references.
  31. * @private
  32. */
  33. var extname = path.extname
  34. var join = path.join
  35. var normalize = path.normalize
  36. var resolve = path.resolve
  37. var sep = path.sep
  38. /**
  39. * Regular expression for identifying a bytes Range header.
  40. * @private
  41. */
  42. var BYTES_RANGE_REGEXP = /^ *bytes=/
  43. /**
  44. * Maximum value allowed for the max age.
  45. * @private
  46. */
  47. var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1000 // 1 year
  48. /**
  49. * Regular expression to match a path with a directory up component.
  50. * @private
  51. */
  52. var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/
  53. /**
  54. * Module exports.
  55. * @public
  56. */
  57. module.exports = send
  58. module.exports.mime = mime
  59. /**
  60. * Return a `SendStream` for `req` and `path`.
  61. *
  62. * @param {object} req
  63. * @param {string} path
  64. * @param {object} [options]
  65. * @return {SendStream}
  66. * @public
  67. */
  68. function send (req, path, options) {
  69. return new SendStream(req, path, options)
  70. }
  71. /**
  72. * Initialize a `SendStream` with the given `path`.
  73. *
  74. * @param {Request} req
  75. * @param {String} path
  76. * @param {object} [options]
  77. * @private
  78. */
  79. function SendStream (req, path, options) {
  80. Stream.call(this)
  81. var opts = options || {}
  82. this.options = opts
  83. this.path = path
  84. this.req = req
  85. this._acceptRanges = opts.acceptRanges !== undefined
  86. ? Boolean(opts.acceptRanges)
  87. : true
  88. this._cacheControl = opts.cacheControl !== undefined
  89. ? Boolean(opts.cacheControl)
  90. : true
  91. this._etag = opts.etag !== undefined
  92. ? Boolean(opts.etag)
  93. : true
  94. this._dotfiles = opts.dotfiles !== undefined
  95. ? opts.dotfiles
  96. : 'ignore'
  97. if (this._dotfiles !== 'ignore' && this._dotfiles !== 'allow' && this._dotfiles !== 'deny') {
  98. throw new TypeError('dotfiles option must be "allow", "deny", or "ignore"')
  99. }
  100. this._hidden = Boolean(opts.hidden)
  101. if (opts.hidden !== undefined) {
  102. deprecate('hidden: use dotfiles: \'' + (this._hidden ? 'allow' : 'ignore') + '\' instead')
  103. }
  104. // legacy support
  105. if (opts.dotfiles === undefined) {
  106. this._dotfiles = undefined
  107. }
  108. this._extensions = opts.extensions !== undefined
  109. ? normalizeList(opts.extensions, 'extensions option')
  110. : []
  111. this._immutable = opts.immutable !== undefined
  112. ? Boolean(opts.immutable)
  113. : false
  114. this._index = opts.index !== undefined
  115. ? normalizeList(opts.index, 'index option')
  116. : ['index.html']
  117. this._lastModified = opts.lastModified !== undefined
  118. ? Boolean(opts.lastModified)
  119. : true
  120. this._maxage = opts.maxAge || opts.maxage
  121. this._maxage = typeof this._maxage === 'string'
  122. ? ms(this._maxage)
  123. : Number(this._maxage)
  124. this._maxage = !isNaN(this._maxage)
  125. ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
  126. : 0
  127. this._root = opts.root
  128. ? resolve(opts.root)
  129. : null
  130. if (!this._root && opts.from) {
  131. this.from(opts.from)
  132. }
  133. }
  134. /**
  135. * Inherits from `Stream`.
  136. */
  137. util.inherits(SendStream, Stream)
  138. /**
  139. * Enable or disable etag generation.
  140. *
  141. * @param {Boolean} val
  142. * @return {SendStream}
  143. * @api public
  144. */
  145. SendStream.prototype.etag = deprecate.function(function etag (val) {
  146. this._etag = Boolean(val)
  147. debug('etag %s', this._etag)
  148. return this
  149. }, 'send.etag: pass etag as option')
  150. /**
  151. * Enable or disable "hidden" (dot) files.
  152. *
  153. * @param {Boolean} path
  154. * @return {SendStream}
  155. * @api public
  156. */
  157. SendStream.prototype.hidden = deprecate.function(function hidden (val) {
  158. this._hidden = Boolean(val)
  159. this._dotfiles = undefined
  160. debug('hidden %s', this._hidden)
  161. return this
  162. }, 'send.hidden: use dotfiles option')
  163. /**
  164. * Set index `paths`, set to a falsy
  165. * value to disable index support.
  166. *
  167. * @param {String|Boolean|Array} paths
  168. * @return {SendStream}
  169. * @api public
  170. */
  171. SendStream.prototype.index = deprecate.function(function index (paths) {
  172. var index = !paths ? [] : normalizeList(paths, 'paths argument')
  173. debug('index %o', paths)
  174. this._index = index
  175. return this
  176. }, 'send.index: pass index as option')
  177. /**
  178. * Set root `path`.
  179. *
  180. * @param {String} path
  181. * @return {SendStream}
  182. * @api public
  183. */
  184. SendStream.prototype.root = function root (path) {
  185. this._root = resolve(String(path))
  186. debug('root %s', this._root)
  187. return this
  188. }
  189. SendStream.prototype.from = deprecate.function(SendStream.prototype.root,
  190. 'send.from: pass root as option')
  191. SendStream.prototype.root = deprecate.function(SendStream.prototype.root,
  192. 'send.root: pass root as option')
  193. /**
  194. * Set max-age to `maxAge`.
  195. *
  196. * @param {Number} maxAge
  197. * @return {SendStream}
  198. * @api public
  199. */
  200. SendStream.prototype.maxage = deprecate.function(function maxage (maxAge) {
  201. this._maxage = typeof maxAge === 'string'
  202. ? ms(maxAge)
  203. : Number(maxAge)
  204. this._maxage = !isNaN(this._maxage)
  205. ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
  206. : 0
  207. debug('max-age %d', this._maxage)
  208. return this
  209. }, 'send.maxage: pass maxAge as option')
  210. /**
  211. * Emit error with `status`.
  212. *
  213. * @param {number} status
  214. * @param {Error} [err]
  215. * @private
  216. */
  217. SendStream.prototype.error = function error (status, err) {
  218. // emit if listeners instead of responding
  219. if (hasListeners(this, 'error')) {
  220. return this.emit('error', createHttpError(status, err))
  221. }
  222. var res = this.res
  223. var msg = statuses.message[status] || String(status)
  224. var doc = createHtmlDocument('Error', escapeHtml(msg))
  225. // clear existing headers
  226. clearHeaders(res)
  227. // add error headers
  228. if (err && err.headers) {
  229. setHeaders(res, err.headers)
  230. }
  231. // send basic response
  232. res.statusCode = status
  233. res.setHeader('Content-Type', 'text/html; charset=UTF-8')
  234. res.setHeader('Content-Length', Buffer.byteLength(doc))
  235. res.setHeader('Content-Security-Policy', "default-src 'none'")
  236. res.setHeader('X-Content-Type-Options', 'nosniff')
  237. res.end(doc)
  238. }
  239. /**
  240. * Check if the pathname ends with "/".
  241. *
  242. * @return {boolean}
  243. * @private
  244. */
  245. SendStream.prototype.hasTrailingSlash = function hasTrailingSlash () {
  246. return this.path[this.path.length - 1] === '/'
  247. }
  248. /**
  249. * Check if this is a conditional GET request.
  250. *
  251. * @return {Boolean}
  252. * @api private
  253. */
  254. SendStream.prototype.isConditionalGET = function isConditionalGET () {
  255. return this.req.headers['if-match'] ||
  256. this.req.headers['if-unmodified-since'] ||
  257. this.req.headers['if-none-match'] ||
  258. this.req.headers['if-modified-since']
  259. }
  260. /**
  261. * Check if the request preconditions failed.
  262. *
  263. * @return {boolean}
  264. * @private
  265. */
  266. SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
  267. var req = this.req
  268. var res = this.res
  269. // if-match
  270. var match = req.headers['if-match']
  271. if (match) {
  272. var etag = res.getHeader('ETag')
  273. return !etag || (match !== '*' && parseTokenList(match).every(function (match) {
  274. return match !== etag && match !== 'W/' + etag && 'W/' + match !== etag
  275. }))
  276. }
  277. // if-unmodified-since
  278. var unmodifiedSince = parseHttpDate(req.headers['if-unmodified-since'])
  279. if (!isNaN(unmodifiedSince)) {
  280. var lastModified = parseHttpDate(res.getHeader('Last-Modified'))
  281. return isNaN(lastModified) || lastModified > unmodifiedSince
  282. }
  283. return false
  284. }
  285. /**
  286. * Strip various content header fields for a change in entity.
  287. *
  288. * @private
  289. */
  290. SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
  291. var res = this.res
  292. res.removeHeader('Content-Encoding')
  293. res.removeHeader('Content-Language')
  294. res.removeHeader('Content-Length')
  295. res.removeHeader('Content-Range')
  296. res.removeHeader('Content-Type')
  297. }
  298. /**
  299. * Respond with 304 not modified.
  300. *
  301. * @api private
  302. */
  303. SendStream.prototype.notModified = function notModified () {
  304. var res = this.res
  305. debug('not modified')
  306. this.removeContentHeaderFields()
  307. res.statusCode = 304
  308. res.end()
  309. }
  310. /**
  311. * Raise error that headers already sent.
  312. *
  313. * @api private
  314. */
  315. SendStream.prototype.headersAlreadySent = function headersAlreadySent () {
  316. var err = new Error('Can\'t set headers after they are sent.')
  317. debug('headers already sent')
  318. this.error(500, err)
  319. }
  320. /**
  321. * Check if the request is cacheable, aka
  322. * responded with 2xx or 304 (see RFC 2616 section 14.2{5,6}).
  323. *
  324. * @return {Boolean}
  325. * @api private
  326. */
  327. SendStream.prototype.isCachable = function isCachable () {
  328. var statusCode = this.res.statusCode
  329. return (statusCode >= 200 && statusCode < 300) ||
  330. statusCode === 304
  331. }
  332. /**
  333. * Handle stat() error.
  334. *
  335. * @param {Error} error
  336. * @private
  337. */
  338. SendStream.prototype.onStatError = function onStatError (error) {
  339. switch (error.code) {
  340. case 'ENAMETOOLONG':
  341. case 'ENOENT':
  342. case 'ENOTDIR':
  343. this.error(404, error)
  344. break
  345. default:
  346. this.error(500, error)
  347. break
  348. }
  349. }
  350. /**
  351. * Check if the cache is fresh.
  352. *
  353. * @return {Boolean}
  354. * @api private
  355. */
  356. SendStream.prototype.isFresh = function isFresh () {
  357. return fresh(this.req.headers, {
  358. etag: this.res.getHeader('ETag'),
  359. 'last-modified': this.res.getHeader('Last-Modified')
  360. })
  361. }
  362. /**
  363. * Check if the range is fresh.
  364. *
  365. * @return {Boolean}
  366. * @api private
  367. */
  368. SendStream.prototype.isRangeFresh = function isRangeFresh () {
  369. var ifRange = this.req.headers['if-range']
  370. if (!ifRange) {
  371. return true
  372. }
  373. // if-range as etag
  374. if (ifRange.indexOf('"') !== -1) {
  375. var etag = this.res.getHeader('ETag')
  376. return Boolean(etag && ifRange.indexOf(etag) !== -1)
  377. }
  378. // if-range as modified date
  379. var lastModified = this.res.getHeader('Last-Modified')
  380. return parseHttpDate(lastModified) <= parseHttpDate(ifRange)
  381. }
  382. /**
  383. * Redirect to path.
  384. *
  385. * @param {string} path
  386. * @private
  387. */
  388. SendStream.prototype.redirect = function redirect (path) {
  389. var res = this.res
  390. if (hasListeners(this, 'directory')) {
  391. this.emit('directory', res, path)
  392. return
  393. }
  394. if (this.hasTrailingSlash()) {
  395. this.error(403)
  396. return
  397. }
  398. var loc = encodeUrl(collapseLeadingSlashes(this.path + '/'))
  399. var doc = createHtmlDocument('Redirecting', 'Redirecting to <a href="' + escapeHtml(loc) + '">' +
  400. escapeHtml(loc) + '</a>')
  401. // redirect
  402. res.statusCode = 301
  403. res.setHeader('Content-Type', 'text/html; charset=UTF-8')
  404. res.setHeader('Content-Length', Buffer.byteLength(doc))
  405. res.setHeader('Content-Security-Policy', "default-src 'none'")
  406. res.setHeader('X-Content-Type-Options', 'nosniff')
  407. res.setHeader('Location', loc)
  408. res.end(doc)
  409. }
  410. /**
  411. * Pipe to `res.
  412. *
  413. * @param {Stream} res
  414. * @return {Stream} res
  415. * @api public
  416. */
  417. SendStream.prototype.pipe = function pipe (res) {
  418. // root path
  419. var root = this._root
  420. // references
  421. this.res = res
  422. // decode the path
  423. var path = decode(this.path)
  424. if (path === -1) {
  425. this.error(400)
  426. return res
  427. }
  428. // null byte(s)
  429. if (~path.indexOf('\0')) {
  430. this.error(400)
  431. return res
  432. }
  433. var parts
  434. if (root !== null) {
  435. // normalize
  436. if (path) {
  437. path = normalize('.' + sep + path)
  438. }
  439. // malicious path
  440. if (UP_PATH_REGEXP.test(path)) {
  441. debug('malicious path "%s"', path)
  442. this.error(403)
  443. return res
  444. }
  445. // explode path parts
  446. parts = path.split(sep)
  447. // join / normalize from optional root dir
  448. path = normalize(join(root, path))
  449. } else {
  450. // ".." is malicious without "root"
  451. if (UP_PATH_REGEXP.test(path)) {
  452. debug('malicious path "%s"', path)
  453. this.error(403)
  454. return res
  455. }
  456. // explode path parts
  457. parts = normalize(path).split(sep)
  458. // resolve the path
  459. path = resolve(path)
  460. }
  461. // dotfile handling
  462. if (containsDotFile(parts)) {
  463. var access = this._dotfiles
  464. // legacy support
  465. if (access === undefined) {
  466. access = parts[parts.length - 1][0] === '.'
  467. ? (this._hidden ? 'allow' : 'ignore')
  468. : 'allow'
  469. }
  470. debug('%s dotfile "%s"', access, path)
  471. switch (access) {
  472. case 'allow':
  473. break
  474. case 'deny':
  475. this.error(403)
  476. return res
  477. case 'ignore':
  478. default:
  479. this.error(404)
  480. return res
  481. }
  482. }
  483. // index file support
  484. if (this._index.length && this.hasTrailingSlash()) {
  485. this.sendIndex(path)
  486. return res
  487. }
  488. this.sendFile(path)
  489. return res
  490. }
  491. /**
  492. * Transfer `path`.
  493. *
  494. * @param {String} path
  495. * @api public
  496. */
  497. SendStream.prototype.send = function send (path, stat) {
  498. var len = stat.size
  499. var options = this.options
  500. var opts = {}
  501. var res = this.res
  502. var req = this.req
  503. var ranges = req.headers.range
  504. var offset = options.start || 0
  505. if (headersSent(res)) {
  506. // impossible to send now
  507. this.headersAlreadySent()
  508. return
  509. }
  510. debug('pipe "%s"', path)
  511. // set header fields
  512. this.setHeader(path, stat)
  513. // set content-type
  514. this.type(path)
  515. // conditional GET support
  516. if (this.isConditionalGET()) {
  517. if (this.isPreconditionFailure()) {
  518. this.error(412)
  519. return
  520. }
  521. if (this.isCachable() && this.isFresh()) {
  522. this.notModified()
  523. return
  524. }
  525. }
  526. // adjust len to start/end options
  527. len = Math.max(0, len - offset)
  528. if (options.end !== undefined) {
  529. var bytes = options.end - offset + 1
  530. if (len > bytes) len = bytes
  531. }
  532. // Range support
  533. if (this._acceptRanges && BYTES_RANGE_REGEXP.test(ranges)) {
  534. // parse
  535. ranges = parseRange(len, ranges, {
  536. combine: true
  537. })
  538. // If-Range support
  539. if (!this.isRangeFresh()) {
  540. debug('range stale')
  541. ranges = -2
  542. }
  543. // unsatisfiable
  544. if (ranges === -1) {
  545. debug('range unsatisfiable')
  546. // Content-Range
  547. res.setHeader('Content-Range', contentRange('bytes', len))
  548. // 416 Requested Range Not Satisfiable
  549. return this.error(416, {
  550. headers: { 'Content-Range': res.getHeader('Content-Range') }
  551. })
  552. }
  553. // valid (syntactically invalid/multiple ranges are treated as a regular response)
  554. if (ranges !== -2 && ranges.length === 1) {
  555. debug('range %j', ranges)
  556. // Content-Range
  557. res.statusCode = 206
  558. res.setHeader('Content-Range', contentRange('bytes', len, ranges[0]))
  559. // adjust for requested range
  560. offset += ranges[0].start
  561. len = ranges[0].end - ranges[0].start + 1
  562. }
  563. }
  564. // clone options
  565. for (var prop in options) {
  566. opts[prop] = options[prop]
  567. }
  568. // set read options
  569. opts.start = offset
  570. opts.end = Math.max(offset, offset + len - 1)
  571. // content-length
  572. res.setHeader('Content-Length', len)
  573. // HEAD support
  574. if (req.method === 'HEAD') {
  575. res.end()
  576. return
  577. }
  578. this.stream(path, opts)
  579. }
  580. /**
  581. * Transfer file for `path`.
  582. *
  583. * @param {String} path
  584. * @api private
  585. */
  586. SendStream.prototype.sendFile = function sendFile (path) {
  587. var i = 0
  588. var self = this
  589. debug('stat "%s"', path)
  590. fs.stat(path, function onstat (err, stat) {
  591. if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
  592. // not found, check extensions
  593. return next(err)
  594. }
  595. if (err) return self.onStatError(err)
  596. if (stat.isDirectory()) return self.redirect(path)
  597. self.emit('file', path, stat)
  598. self.send(path, stat)
  599. })
  600. function next (err) {
  601. if (self._extensions.length <= i) {
  602. return err
  603. ? self.onStatError(err)
  604. : self.error(404)
  605. }
  606. var p = path + '.' + self._extensions[i++]
  607. debug('stat "%s"', p)
  608. fs.stat(p, function (err, stat) {
  609. if (err) return next(err)
  610. if (stat.isDirectory()) return next()
  611. self.emit('file', p, stat)
  612. self.send(p, stat)
  613. })
  614. }
  615. }
  616. /**
  617. * Transfer index for `path`.
  618. *
  619. * @param {String} path
  620. * @api private
  621. */
  622. SendStream.prototype.sendIndex = function sendIndex (path) {
  623. var i = -1
  624. var self = this
  625. function next (err) {
  626. if (++i >= self._index.length) {
  627. if (err) return self.onStatError(err)
  628. return self.error(404)
  629. }
  630. var p = join(path, self._index[i])
  631. debug('stat "%s"', p)
  632. fs.stat(p, function (err, stat) {
  633. if (err) return next(err)
  634. if (stat.isDirectory()) return next()
  635. self.emit('file', p, stat)
  636. self.send(p, stat)
  637. })
  638. }
  639. next()
  640. }
  641. /**
  642. * Stream `path` to the response.
  643. *
  644. * @param {String} path
  645. * @param {Object} options
  646. * @api private
  647. */
  648. SendStream.prototype.stream = function stream (path, options) {
  649. var self = this
  650. var res = this.res
  651. // pipe
  652. var stream = fs.createReadStream(path, options)
  653. this.emit('stream', stream)
  654. stream.pipe(res)
  655. // cleanup
  656. function cleanup () {
  657. destroy(stream, true)
  658. }
  659. // response finished, cleanup
  660. onFinished(res, cleanup)
  661. // error handling
  662. stream.on('error', function onerror (err) {
  663. // clean up stream early
  664. cleanup()
  665. // error
  666. self.onStatError(err)
  667. })
  668. // end
  669. stream.on('end', function onend () {
  670. self.emit('end')
  671. })
  672. }
  673. /**
  674. * Set content-type based on `path`
  675. * if it hasn't been explicitly set.
  676. *
  677. * @param {String} path
  678. * @api private
  679. */
  680. SendStream.prototype.type = function type (path) {
  681. var res = this.res
  682. if (res.getHeader('Content-Type')) return
  683. var type = mime.lookup(path)
  684. if (!type) {
  685. debug('no content-type')
  686. return
  687. }
  688. var charset = mime.charsets.lookup(type)
  689. debug('content-type %s', type)
  690. res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''))
  691. }
  692. /**
  693. * Set response header fields, most
  694. * fields may be pre-defined.
  695. *
  696. * @param {String} path
  697. * @param {Object} stat
  698. * @api private
  699. */
  700. SendStream.prototype.setHeader = function setHeader (path, stat) {
  701. var res = this.res
  702. this.emit('headers', res, path, stat)
  703. if (this._acceptRanges && !res.getHeader('Accept-Ranges')) {
  704. debug('accept ranges')
  705. res.setHeader('Accept-Ranges', 'bytes')
  706. }
  707. if (this._cacheControl && !res.getHeader('Cache-Control')) {
  708. var cacheControl = 'public, max-age=' + Math.floor(this._maxage / 1000)
  709. if (this._immutable) {
  710. cacheControl += ', immutable'
  711. }
  712. debug('cache-control %s', cacheControl)
  713. res.setHeader('Cache-Control', cacheControl)
  714. }
  715. if (this._lastModified && !res.getHeader('Last-Modified')) {
  716. var modified = stat.mtime.toUTCString()
  717. debug('modified %s', modified)
  718. res.setHeader('Last-Modified', modified)
  719. }
  720. if (this._etag && !res.getHeader('ETag')) {
  721. var val = etag(stat)
  722. debug('etag %s', val)
  723. res.setHeader('ETag', val)
  724. }
  725. }
  726. /**
  727. * Clear all headers from a response.
  728. *
  729. * @param {object} res
  730. * @private
  731. */
  732. function clearHeaders (res) {
  733. var headers = getHeaderNames(res)
  734. for (var i = 0; i < headers.length; i++) {
  735. res.removeHeader(headers[i])
  736. }
  737. }
  738. /**
  739. * Collapse all leading slashes into a single slash
  740. *
  741. * @param {string} str
  742. * @private
  743. */
  744. function collapseLeadingSlashes (str) {
  745. for (var i = 0; i < str.length; i++) {
  746. if (str[i] !== '/') {
  747. break
  748. }
  749. }
  750. return i > 1
  751. ? '/' + str.substr(i)
  752. : str
  753. }
  754. /**
  755. * Determine if path parts contain a dotfile.
  756. *
  757. * @api private
  758. */
  759. function containsDotFile (parts) {
  760. for (var i = 0; i < parts.length; i++) {
  761. var part = parts[i]
  762. if (part.length > 1 && part[0] === '.') {
  763. return true
  764. }
  765. }
  766. return false
  767. }
  768. /**
  769. * Create a Content-Range header.
  770. *
  771. * @param {string} type
  772. * @param {number} size
  773. * @param {array} [range]
  774. */
  775. function contentRange (type, size, range) {
  776. return type + ' ' + (range ? range.start + '-' + range.end : '*') + '/' + size
  777. }
  778. /**
  779. * Create a minimal HTML document.
  780. *
  781. * @param {string} title
  782. * @param {string} body
  783. * @private
  784. */
  785. function createHtmlDocument (title, body) {
  786. return '<!DOCTYPE html>\n' +
  787. '<html lang="en">\n' +
  788. '<head>\n' +
  789. '<meta charset="utf-8">\n' +
  790. '<title>' + title + '</title>\n' +
  791. '</head>\n' +
  792. '<body>\n' +
  793. '<pre>' + body + '</pre>\n' +
  794. '</body>\n' +
  795. '</html>\n'
  796. }
  797. /**
  798. * Create a HttpError object from simple arguments.
  799. *
  800. * @param {number} status
  801. * @param {Error|object} err
  802. * @private
  803. */
  804. function createHttpError (status, err) {
  805. if (!err) {
  806. return createError(status)
  807. }
  808. return err instanceof Error
  809. ? createError(status, err, { expose: false })
  810. : createError(status, err)
  811. }
  812. /**
  813. * decodeURIComponent.
  814. *
  815. * Allows V8 to only deoptimize this fn instead of all
  816. * of send().
  817. *
  818. * @param {String} path
  819. * @api private
  820. */
  821. function decode (path) {
  822. try {
  823. return decodeURIComponent(path)
  824. } catch (err) {
  825. return -1
  826. }
  827. }
  828. /**
  829. * Get the header names on a respnse.
  830. *
  831. * @param {object} res
  832. * @returns {array[string]}
  833. * @private
  834. */
  835. function getHeaderNames (res) {
  836. return typeof res.getHeaderNames !== 'function'
  837. ? Object.keys(res._headers || {})
  838. : res.getHeaderNames()
  839. }
  840. /**
  841. * Determine if emitter has listeners of a given type.
  842. *
  843. * The way to do this check is done three different ways in Node.js >= 0.8
  844. * so this consolidates them into a minimal set using instance methods.
  845. *
  846. * @param {EventEmitter} emitter
  847. * @param {string} type
  848. * @returns {boolean}
  849. * @private
  850. */
  851. function hasListeners (emitter, type) {
  852. var count = typeof emitter.listenerCount !== 'function'
  853. ? emitter.listeners(type).length
  854. : emitter.listenerCount(type)
  855. return count > 0
  856. }
  857. /**
  858. * Determine if the response headers have been sent.
  859. *
  860. * @param {object} res
  861. * @returns {boolean}
  862. * @private
  863. */
  864. function headersSent (res) {
  865. return typeof res.headersSent !== 'boolean'
  866. ? Boolean(res._header)
  867. : res.headersSent
  868. }
  869. /**
  870. * Normalize the index option into an array.
  871. *
  872. * @param {boolean|string|array} val
  873. * @param {string} name
  874. * @private
  875. */
  876. function normalizeList (val, name) {
  877. var list = [].concat(val || [])
  878. for (var i = 0; i < list.length; i++) {
  879. if (typeof list[i] !== 'string') {
  880. throw new TypeError(name + ' must be array of strings or false')
  881. }
  882. }
  883. return list
  884. }
  885. /**
  886. * Parse an HTTP Date into a number.
  887. *
  888. * @param {string} date
  889. * @private
  890. */
  891. function parseHttpDate (date) {
  892. var timestamp = date && Date.parse(date)
  893. return typeof timestamp === 'number'
  894. ? timestamp
  895. : NaN
  896. }
  897. /**
  898. * Parse a HTTP token list.
  899. *
  900. * @param {string} str
  901. * @private
  902. */
  903. function parseTokenList (str) {
  904. var end = 0
  905. var list = []
  906. var start = 0
  907. // gather tokens
  908. for (var i = 0, len = str.length; i < len; i++) {
  909. switch (str.charCodeAt(i)) {
  910. case 0x20: /* */
  911. if (start === end) {
  912. start = end = i + 1
  913. }
  914. break
  915. case 0x2c: /* , */
  916. if (start !== end) {
  917. list.push(str.substring(start, end))
  918. }
  919. start = end = i + 1
  920. break
  921. default:
  922. end = i + 1
  923. break
  924. }
  925. }
  926. // final token
  927. if (start !== end) {
  928. list.push(str.substring(start, end))
  929. }
  930. return list
  931. }
  932. /**
  933. * Set an object of headers on a response.
  934. *
  935. * @param {object} res
  936. * @param {object} headers
  937. * @private
  938. */
  939. function setHeaders (res, headers) {
  940. var keys = Object.keys(headers)
  941. for (var i = 0; i < keys.length; i++) {
  942. var key = keys[i]
  943. res.setHeader(key, headers[key])
  944. }
  945. }