336 lines
6.5 KiB
JavaScript
336 lines
6.5 KiB
JavaScript
/*!
|
|
* finalhandler
|
|
* Copyright(c) 2014-2022 Douglas Christopher Wilson
|
|
* MIT Licensed
|
|
*/
|
|
|
|
'use strict'
|
|
|
|
/**
|
|
* Module dependencies.
|
|
* @private
|
|
*/
|
|
|
|
var debug = require('debug')('finalhandler')
|
|
var encodeUrl = require('encodeurl')
|
|
var escapeHtml = require('escape-html')
|
|
var onFinished = require('on-finished')
|
|
var parseUrl = require('parseurl')
|
|
var statuses = require('statuses')
|
|
var unpipe = require('unpipe')
|
|
|
|
/**
|
|
* Module variables.
|
|
* @private
|
|
*/
|
|
|
|
var DOUBLE_SPACE_REGEXP = /\x20{2}/g
|
|
var NEWLINE_REGEXP = /\n/g
|
|
|
|
/* istanbul ignore next */
|
|
var defer = typeof setImmediate === 'function'
|
|
? setImmediate
|
|
: function (fn) { process.nextTick(fn.bind.apply(fn, arguments)) }
|
|
var isFinished = onFinished.isFinished
|
|
|
|
/**
|
|
* Create a minimal HTML document.
|
|
*
|
|
* @param {string} message
|
|
* @private
|
|
*/
|
|
|
|
function createHtmlDocument (message) {
|
|
var body = escapeHtml(message)
|
|
.replace(NEWLINE_REGEXP, '<br>')
|
|
.replace(DOUBLE_SPACE_REGEXP, ' ')
|
|
|
|
return '<!DOCTYPE html>\n' +
|
|
'<html lang="en">\n' +
|
|
'<head>\n' +
|
|
'<meta charset="utf-8">\n' +
|
|
'<title>Error</title>\n' +
|
|
'</head>\n' +
|
|
'<body>\n' +
|
|
'<pre>' + body + '</pre>\n' +
|
|
'</body>\n' +
|
|
'</html>\n'
|
|
}
|
|
|
|
/**
|
|
* Module exports.
|
|
* @public
|
|
*/
|
|
|
|
module.exports = finalhandler
|
|
|
|
/**
|
|
* Create a function to handle the final response.
|
|
*
|
|
* @param {Request} req
|
|
* @param {Response} res
|
|
* @param {Object} [options]
|
|
* @return {Function}
|
|
* @public
|
|
*/
|
|
|
|
function finalhandler (req, res, options) {
|
|
var opts = options || {}
|
|
|
|
// get environment
|
|
var env = opts.env || process.env.NODE_ENV || 'development'
|
|
|
|
// get error callback
|
|
var onerror = opts.onerror
|
|
|
|
return function (err) {
|
|
var headers
|
|
var msg
|
|
var status
|
|
|
|
// ignore 404 on in-flight response
|
|
if (!err && headersSent(res)) {
|
|
debug('cannot 404 after headers sent')
|
|
return
|
|
}
|
|
|
|
// unhandled error
|
|
if (err) {
|
|
// respect status code from error
|
|
status = getErrorStatusCode(err)
|
|
|
|
if (status === undefined) {
|
|
// fallback to status code on response
|
|
status = getResponseStatusCode(res)
|
|
} else {
|
|
// respect headers from error
|
|
headers = getErrorHeaders(err)
|
|
}
|
|
|
|
// get error message
|
|
msg = getErrorMessage(err, status, env)
|
|
} else {
|
|
// not found
|
|
status = 404
|
|
msg = 'Cannot ' + req.method + ' ' + encodeUrl(getResourceName(req))
|
|
}
|
|
|
|
debug('default %s', status)
|
|
|
|
// schedule onerror callback
|
|
if (err && onerror) {
|
|
defer(onerror, err, req, res)
|
|
}
|
|
|
|
// cannot actually respond
|
|
if (headersSent(res)) {
|
|
debug('cannot %d after headers sent', status)
|
|
req.socket.destroy()
|
|
return
|
|
}
|
|
|
|
// send response
|
|
send(req, res, status, headers, msg)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get headers from Error object.
|
|
*
|
|
* @param {Error} err
|
|
* @return {object}
|
|
* @private
|
|
*/
|
|
|
|
function getErrorHeaders (err) {
|
|
if (!err.headers || typeof err.headers !== 'object') {
|
|
return undefined
|
|
}
|
|
|
|
var headers = Object.create(null)
|
|
var keys = Object.keys(err.headers)
|
|
|
|
for (var i = 0; i < keys.length; i++) {
|
|
var key = keys[i]
|
|
headers[key] = err.headers[key]
|
|
}
|
|
|
|
return headers
|
|
}
|
|
|
|
/**
|
|
* Get message from Error object, fallback to status message.
|
|
*
|
|
* @param {Error} err
|
|
* @param {number} status
|
|
* @param {string} env
|
|
* @return {string}
|
|
* @private
|
|
*/
|
|
|
|
function getErrorMessage (err, status, env) {
|
|
var msg
|
|
|
|
if (env !== 'production') {
|
|
// use err.stack, which typically includes err.message
|
|
msg = err.stack
|
|
|
|
// fallback to err.toString() when possible
|
|
if (!msg && typeof err.toString === 'function') {
|
|
msg = err.toString()
|
|
}
|
|
}
|
|
|
|
return msg || statuses.message[status]
|
|
}
|
|
|
|
/**
|
|
* Get status code from Error object.
|
|
*
|
|
* @param {Error} err
|
|
* @return {number}
|
|
* @private
|
|
*/
|
|
|
|
function getErrorStatusCode (err) {
|
|
// check err.status
|
|
if (typeof err.status === 'number' && err.status >= 400 && err.status < 600) {
|
|
return err.status
|
|
}
|
|
|
|
// check err.statusCode
|
|
if (typeof err.statusCode === 'number' && err.statusCode >= 400 && err.statusCode < 600) {
|
|
return err.statusCode
|
|
}
|
|
|
|
return undefined
|
|
}
|
|
|
|
/**
|
|
* Get resource name for the request.
|
|
*
|
|
* This is typically just the original pathname of the request
|
|
* but will fallback to "resource" is that cannot be determined.
|
|
*
|
|
* @param {IncomingMessage} req
|
|
* @return {string}
|
|
* @private
|
|
*/
|
|
|
|
function getResourceName (req) {
|
|
try {
|
|
return parseUrl.original(req).pathname
|
|
} catch (e) {
|
|
return 'resource'
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get status code from response.
|
|
*
|
|
* @param {OutgoingMessage} res
|
|
* @return {number}
|
|
* @private
|
|
*/
|
|
|
|
function getResponseStatusCode (res) {
|
|
var status = res.statusCode
|
|
|
|
// default status code to 500 if outside valid range
|
|
if (typeof status !== 'number' || status < 400 || status > 599) {
|
|
status = 500
|
|
}
|
|
|
|
return status
|
|
}
|
|
|
|
/**
|
|
* Determine if the response headers have been sent.
|
|
*
|
|
* @param {object} res
|
|
* @returns {boolean}
|
|
* @private
|
|
*/
|
|
|
|
function headersSent (res) {
|
|
return typeof res.headersSent !== 'boolean'
|
|
? Boolean(res._header)
|
|
: res.headersSent
|
|
}
|
|
|
|
/**
|
|
* Send response.
|
|
*
|
|
* @param {IncomingMessage} req
|
|
* @param {OutgoingMessage} res
|
|
* @param {number} status
|
|
* @param {object} headers
|
|
* @param {string} message
|
|
* @private
|
|
*/
|
|
|
|
function send (req, res, status, headers, message) {
|
|
function write () {
|
|
// response body
|
|
var body = createHtmlDocument(message)
|
|
|
|
// response status
|
|
res.statusCode = status
|
|
res.statusMessage = statuses.message[status]
|
|
|
|
// remove any content headers
|
|
res.removeHeader('Content-Encoding')
|
|
res.removeHeader('Content-Language')
|
|
res.removeHeader('Content-Range')
|
|
|
|
// response headers
|
|
setHeaders(res, headers)
|
|
|
|
// security headers
|
|
res.setHeader('Content-Security-Policy', "default-src 'none'")
|
|
res.setHeader('X-Content-Type-Options', 'nosniff')
|
|
|
|
// standard headers
|
|
res.setHeader('Content-Type', 'text/html; charset=utf-8')
|
|
res.setHeader('Content-Length', Buffer.byteLength(body, 'utf8'))
|
|
|
|
if (req.method === 'HEAD') {
|
|
res.end()
|
|
return
|
|
}
|
|
|
|
res.end(body, 'utf8')
|
|
}
|
|
|
|
if (isFinished(req)) {
|
|
write()
|
|
return
|
|
}
|
|
|
|
// unpipe everything from the request
|
|
unpipe(req)
|
|
|
|
// flush the request
|
|
onFinished(req, write)
|
|
req.resume()
|
|
}
|
|
|
|
/**
|
|
* Set response headers from an object.
|
|
*
|
|
* @param {OutgoingMessage} res
|
|
* @param {object} headers
|
|
* @private
|
|
*/
|
|
|
|
function setHeaders (res, headers) {
|
|
if (!headers) {
|
|
return
|
|
}
|
|
|
|
var keys = Object.keys(headers)
|
|
for (var i = 0; i < keys.length; i++) {
|
|
var key = keys[i]
|
|
res.setHeader(key, headers[key])
|
|
}
|
|
}
|