feat: expose a connect-style middleware (#5)

Author: billiegoose

allow-request.js

@@ -1,21 +1,34 @@
-const url = require('url')
-
-function isPreflight (req, u) {
-  return req.method === 'OPTIONS'
+function isPreflightInfoRefs (req, u) {
+  return req.method === 'OPTIONS' && u.pathname.endsWith('/info/refs') && (u.query.service === 'git-upload-pack' || u.query.service === 'git-receive-pack')
 }
 
 function isInfoRefs (req, u) {
   return req.method === 'GET' && u.pathname.endsWith('/info/refs') && (u.query.service === 'git-upload-pack' || u.query.service === 'git-receive-pack')
 }
 
+function isPreflightPull (req, u) {
+  return req.method === 'OPTIONS' && req.headers['access-control-request-headers'].includes('content-type') && u.pathname.endsWith('git-upload-pack')
+}
+
 function isPull (req, u) {
   return req.method === 'POST' && req.headers['content-type'] === 'application/x-git-upload-pack-request' && u.pathname.endsWith('git-upload-pack')
 }
 
+function isPreflightPush (req, u) {
+  return req.method === 'OPTIONS' && req.headers['access-control-request-headers'].includes('content-type') && u.pathname.endsWith('git-receive-pack')
+}
+
 function isPush (req, u) {
   return req.method === 'POST' && req.headers['content-type'] === 'application/x-git-receive-pack-request' && u.pathname.endsWith('git-receive-pack')
 }
 
 module.exports = function allow (req, u) {
-  return (isPreflight(req, u) || isInfoRefs(req, u) || isPull(req, u) || isPush(req, u))
+  return (
+    isPreflightInfoRefs(req, u) ||
+    isInfoRefs(req, u) ||
+    isPreflightPull(req, u) ||
+    isPull(req, u) ||
+    isPreflightPush(req, u) ||
+    isPush(req, u)
+  )
 }

index.js

@@ -4,125 +4,42 @@ const pkg = require('./package.json')
 const {send} = require('micro')
 const origin = process.env.ALLOW_ORIGIN
 const insecure_origins = (process.env.INSECURE_HTTP_ORIGINS || '').split(',')
-const allowHeaders = [
-  'accept-encoding',
-  'accept-language',
-  'accept',
-  'access-control-allow-origin',
-  'authorization',
-  'cache-control',
-  'connection',
-  'content-length',
-  'content-type',
-  'dnt',
-  'pragma',
-  'range',
-  'referer',
-  'user-agent',
-  'x-http-method-override',
-  'x-requested-with',
-]
-const exposeHeaders = [
-  'accept-ranges',
-  'age',
-  'cache-control',
-  'content-length',
-  'content-language',
-  'content-type',
-  'date',
-  'etag',
-  'expires',
-  'last-modified',
-  'pragma',
-  'server',
-  'transfer-encoding',
-  'vary',
-  'x-github-request-id',
-]
-const allowMethods = [
-  'POST',
-  'GET',
-  'OPTIONS'
-]
-const fetch = require('node-fetch')
-const cors = require('./micro-cors.js')({
-  allowHeaders,
-  exposeHeaders,
-  allowMethods,
-  allowCredentials: false,
-  origin
-})
-const allow = require('./allow-request.js')
+const middleware = require('./middleware.js')({ origin, insecure_origins })
 
 async function service (req, res) {
-  let u = url.parse(req.url, true)
-
-  if (u.pathname === '/') {
-    res.setHeader('content-type', 'text/html')
-    let html = `<!DOCTYPE html>
-    <html>
-      <title>@isomorphic-git/cors-proxy</title>
-      <h1>@isomorphic-git/cors-proxy</h1>
-      <p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a>
-         &ndash; a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>)
-         for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p>
-      <p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p>
-      <p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p>
-
-      <h2>Terms of Use</h2>
-      <p><b>This free service is provided to you AS IS with no guarantees.
-      By using this free service, you promise not to use excessive amounts of bandwidth.
-      </b></p>
-
-      <p><b>If you are cloning or pushing large amounts of data your IP address may be banned.
-      Please run your own instance of the software if you need to make heavy use this service.</b></p>
-
-      <h2>Allowed Origins</h2>
-      This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code>
-    </html>
-    `
-    return send(res, 400, html)
-  }
+  middleware(req, res, () => {
+    let u = url.parse(req.url, true)
+
+    if (u.pathname === '/') {
+      res.setHeader('content-type', 'text/html')
+      let html = `<!DOCTYPE html>
+      <html>
+        <title>@isomorphic-git/cors-proxy</title>
+        <h1>@isomorphic-git/cors-proxy</h1>
+        <p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a>
+           &ndash; a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>)
+           for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p>
+        <p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p>
+        <p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p>
+
+        <h2>Terms of Use</h2>
+        <p><b>This free service is provided to you AS IS with no guarantees.
+        By using this free service, you promise not to use excessive amounts of bandwidth.
+        </b></p>
+
+        <p><b>If you are cloning or pushing large amounts of data your IP address may be banned.
+        Please run your own instance of the software if you need to make heavy use this service.</b></p>
+
+        <h2>Allowed Origins</h2>
+        This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code>
+      </html>
+      `
+      return send(res, 400, html)
+    }
 
-  if (!allow(req, u)) {
     // Don't waste my precious bandwidth
     return send(res, 403, '')
-  }
-
-  // Handle CORS preflight request
-  if (req.method === 'OPTIONS') {
-    return send(res, 200, '')
-  }
-
-  let headers = {}
-  for (let h of allowHeaders) {
-    if (req.headers[h]) {
-      headers[h] = req.headers[h]
-    }
-  }
-
-  let p = u.path
-  let parts = p.match(/\/([^\/]*)\/(.*)/)
-  let pathdomain = parts[1]
-  let remainingpath = parts[2]
-  let protocol = insecure_origins.includes(pathdomain) ? 'http' : 'https'
-  console.log(`${protocol}://${pathdomain}/${remainingpath}`)
-  let f = await fetch(
-    `${protocol}://${pathdomain}/${remainingpath}`,
-    {
-      method: req.method,
-      headers,
-      body: (req.method !== 'GET' && req.method !== 'HEAD') ? req : undefined
-    }
-  )
-  res.statusCode = f.status
-  for (let h of exposeHeaders) {
-    if (h === 'content-length') continue
-    if (f.headers.has(h)) {
-      res.setHeader(h, f.headers.get(h))
-    }
-  }
-  f.body.pipe(res)
+  })
 }
 
-module.exports = cors(service)
+module.exports = service

micro-cors.js

@@ -0,0 +1,114 @@
+'use strict'
+const url = require('url')
+const {send} = require('micro')
+const microCors = require('micro-cors')
+const fetch = require('node-fetch')
+
+const allowHeaders = [
+  'accept-encoding',
+  'accept-language',
+  'accept',
+  'access-control-allow-origin',
+  'authorization',
+  'cache-control',
+  'connection',
+  'content-length',
+  'content-type',
+  'dnt',
+  'pragma',
+  'range',
+  'referer',
+  'user-agent',
+  'x-http-method-override',
+  'x-requested-with',
+]
+const exposeHeaders = [
+  'accept-ranges',
+  'age',
+  'cache-control',
+  'content-length',
+  'content-language',
+  'content-type',
+  'date',
+  'etag',
+  'expires',
+  'last-modified',
+  'pragma',
+  'server',
+  'transfer-encoding',
+  'vary',
+  'x-github-request-id',
+]
+const allowMethods = [
+  'POST',
+  'GET',
+  'OPTIONS'
+]
+
+const allow = require('./allow-request.js')
+
+const filter = (predicate, middleware) => {
+  function corsProxyMiddleware (req, res, next) {
+    if (predicate(req, res)) {
+      middleware(req, res, next)
+    } else {
+      next()
+    }
+  }
+  return corsProxyMiddleware
+}
+
+module.exports = ({ origin, insecure_origins = [] } = {}) => {
+  function predicate (req) {
+    let u = url.parse(req.url, true)
+    // Not a git request, skip
+    return allow(req, u)
+  }
+  function middleware (req, res) {
+    let u = url.parse(req.url, true)
+
+    // Handle CORS preflight request
+    if (req.method === 'OPTIONS') {
+      return send(res, 200, '')
+    }
+
+    let headers = {}
+    for (let h of allowHeaders) {
+      if (req.headers[h]) {
+        headers[h] = req.headers[h]
+      }
+    }
+
+    let p = u.path
+    let parts = p.match(/\/([^\/]*)\/(.*)/)
+    let pathdomain = parts[1]
+    let remainingpath = parts[2]
+    let protocol = insecure_origins.includes(pathdomain) ? 'http' : 'https'
+
+    fetch(
+      `${protocol}://${pathdomain}/${remainingpath}`,
+      {
+        method: req.method,
+        headers,
+        body: (req.method !== 'GET' && req.method !== 'HEAD') ? req : undefined
+      }
+    ).then(f => {
+      res.statusCode = f.status
+      for (let h of exposeHeaders) {
+        if (h === 'content-length') continue
+        if (f.headers.has(h)) {
+          res.setHeader(h, f.headers.get(h))
+        }
+      }
+      f.body.pipe(res)
+    })
+  }
+  const cors = microCors({
+    allowHeaders,
+    exposeHeaders,
+    allowMethods,
+    allowCredentials: false,
+    origin
+  })
+  return filter(predicate, cors(middleware))
+}