123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526 |
- /*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
- 'use strict';
- /**
- * Module dependencies.
- * @private
- */
- var accepts = require('accepts');
- var deprecate = require('depd')('express');
- var isIP = require('net').isIP;
- var typeis = require('type-is');
- var http = require('http');
- var fresh = require('fresh');
- var parseRange = require('range-parser');
- var parse = require('parseurl');
- var proxyaddr = require('proxy-addr');
- /**
- * Request prototype.
- * @public
- */
- var req = Object.create(http.IncomingMessage.prototype)
- /**
- * Module exports.
- * @public
- */
- module.exports = req
- /**
- * Return request header.
- *
- * The `Referrer` header field is special-cased,
- * both `Referrer` and `Referer` are interchangeable.
- *
- * Examples:
- *
- * req.get('Content-Type');
- * // => "text/plain"
- *
- * req.get('content-type');
- * // => "text/plain"
- *
- * req.get('Something');
- * // => undefined
- *
- * Aliased as `req.header()`.
- *
- * @param {String} name
- * @return {String}
- * @public
- */
- req.get =
- req.header = function header(name) {
- if (!name) {
- throw new TypeError('name argument is required to req.get');
- }
- if (typeof name !== 'string') {
- throw new TypeError('name must be a string to req.get');
- }
- var lc = name.toLowerCase();
- switch (lc) {
- case 'referer':
- case 'referrer':
- return this.headers.referrer
- || this.headers.referer;
- default:
- return this.headers[lc];
- }
- };
- /**
- * To do: update docs.
- *
- * Check if the given `type(s)` is acceptable, returning
- * the best match when true, otherwise `undefined`, in which
- * case you should respond with 406 "Not Acceptable".
- *
- * The `type` value may be a single MIME type string
- * such as "application/json", an extension name
- * such as "json", a comma-delimited list such as "json, html, text/plain",
- * an argument list such as `"json", "html", "text/plain"`,
- * or an array `["json", "html", "text/plain"]`. When a list
- * or array is given, the _best_ match, if any is returned.
- *
- * Examples:
- *
- * // Accept: text/html
- * req.accepts('html');
- * // => "html"
- *
- * // Accept: text/*, application/json
- * req.accepts('html');
- * // => "html"
- * req.accepts('text/html');
- * // => "text/html"
- * req.accepts('json, text');
- * // => "json"
- * req.accepts('application/json');
- * // => "application/json"
- *
- * // Accept: text/*, application/json
- * req.accepts('image/png');
- * req.accepts('png');
- * // => undefined
- *
- * // Accept: text/*;q=.5, application/json
- * req.accepts(['html', 'json']);
- * req.accepts('html', 'json');
- * req.accepts('html, json');
- * // => "json"
- *
- * @param {String|Array} type(s)
- * @return {String|Array|Boolean}
- * @public
- */
- req.accepts = function(){
- var accept = accepts(this);
- return accept.types.apply(accept, arguments);
- };
- /**
- * Check if the given `encoding`s are accepted.
- *
- * @param {String} ...encoding
- * @return {String|Array}
- * @public
- */
- req.acceptsEncodings = function(){
- var accept = accepts(this);
- return accept.encodings.apply(accept, arguments);
- };
- req.acceptsEncoding = deprecate.function(req.acceptsEncodings,
- 'req.acceptsEncoding: Use acceptsEncodings instead');
- /**
- * Check if the given `charset`s are acceptable,
- * otherwise you should respond with 406 "Not Acceptable".
- *
- * @param {String} ...charset
- * @return {String|Array}
- * @public
- */
- req.acceptsCharsets = function(){
- var accept = accepts(this);
- return accept.charsets.apply(accept, arguments);
- };
- req.acceptsCharset = deprecate.function(req.acceptsCharsets,
- 'req.acceptsCharset: Use acceptsCharsets instead');
- /**
- * Check if the given `lang`s are acceptable,
- * otherwise you should respond with 406 "Not Acceptable".
- *
- * @param {String} ...lang
- * @return {String|Array}
- * @public
- */
- req.acceptsLanguages = function(){
- var accept = accepts(this);
- return accept.languages.apply(accept, arguments);
- };
- req.acceptsLanguage = deprecate.function(req.acceptsLanguages,
- 'req.acceptsLanguage: Use acceptsLanguages instead');
- /**
- * Parse Range header field, capping to the given `size`.
- *
- * Unspecified ranges such as "0-" require knowledge of your resource length. In
- * the case of a byte range this is of course the total number of bytes. If the
- * Range header field is not given `undefined` is returned, `-1` when unsatisfiable,
- * and `-2` when syntactically invalid.
- *
- * When ranges are returned, the array has a "type" property which is the type of
- * range that is required (most commonly, "bytes"). Each array element is an object
- * with a "start" and "end" property for the portion of the range.
- *
- * The "combine" option can be set to `true` and overlapping & adjacent ranges
- * will be combined into a single range.
- *
- * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3"
- * should respond with 4 users when available, not 3.
- *
- * @param {number} size
- * @param {object} [options]
- * @param {boolean} [options.combine=false]
- * @return {number|array}
- * @public
- */
- req.range = function range(size, options) {
- var range = this.get('Range');
- if (!range) return;
- return parseRange(size, range, options);
- };
- /**
- * Return the value of param `name` when present or `defaultValue`.
- *
- * - Checks route placeholders, ex: _/user/:id_
- * - Checks body params, ex: id=12, {"id":12}
- * - Checks query string params, ex: ?id=12
- *
- * To utilize request bodies, `req.body`
- * should be an object. This can be done by using
- * the `bodyParser()` middleware.
- *
- * @param {String} name
- * @param {Mixed} [defaultValue]
- * @return {String}
- * @public
- */
- req.param = function param(name, defaultValue) {
- var params = this.params || {};
- var body = this.body || {};
- var query = this.query || {};
- var args = arguments.length === 1
- ? 'name'
- : 'name, default';
- deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead');
- if (null != params[name] && params.hasOwnProperty(name)) return params[name];
- if (null != body[name]) return body[name];
- if (null != query[name]) return query[name];
- return defaultValue;
- };
- /**
- * Check if the incoming request contains the "Content-Type"
- * header field, and it contains the give mime `type`.
- *
- * Examples:
- *
- * // With Content-Type: text/html; charset=utf-8
- * req.is('html');
- * req.is('text/html');
- * req.is('text/*');
- * // => true
- *
- * // When Content-Type is application/json
- * req.is('json');
- * req.is('application/json');
- * req.is('application/*');
- * // => true
- *
- * req.is('html');
- * // => false
- *
- * @param {String|Array} types...
- * @return {String|false|null}
- * @public
- */
- req.is = function is(types) {
- var arr = types;
- // support flattened arguments
- if (!Array.isArray(types)) {
- arr = new Array(arguments.length);
- for (var i = 0; i < arr.length; i++) {
- arr[i] = arguments[i];
- }
- }
- return typeis(this, arr);
- };
- /**
- * Return the protocol string "http" or "https"
- * when requested with TLS. When the "trust proxy"
- * setting trusts the socket address, the
- * "X-Forwarded-Proto" header field will be trusted
- * and used if present.
- *
- * If you're running behind a reverse proxy that
- * supplies https for you this may be enabled.
- *
- * @return {String}
- * @public
- */
- defineGetter(req, 'protocol', function protocol(){
- var proto = this.connection.encrypted
- ? 'https'
- : 'http';
- var trust = this.app.get('trust proxy fn');
- if (!trust(this.connection.remoteAddress, 0)) {
- return proto;
- }
- // Note: X-Forwarded-Proto is normally only ever a
- // single value, but this is to be safe.
- var header = this.get('X-Forwarded-Proto') || proto
- var index = header.indexOf(',')
- return index !== -1
- ? header.substring(0, index).trim()
- : header.trim()
- });
- /**
- * Short-hand for:
- *
- * req.protocol === 'https'
- *
- * @return {Boolean}
- * @public
- */
- defineGetter(req, 'secure', function secure(){
- return this.protocol === 'https';
- });
- /**
- * Return the remote address from the trusted proxy.
- *
- * The is the remote address on the socket unless
- * "trust proxy" is set.
- *
- * @return {String}
- * @public
- */
- defineGetter(req, 'ip', function ip(){
- var trust = this.app.get('trust proxy fn');
- return proxyaddr(this, trust);
- });
- /**
- * When "trust proxy" is set, trusted proxy addresses + client.
- *
- * For example if the value were "client, proxy1, proxy2"
- * you would receive the array `["client", "proxy1", "proxy2"]`
- * where "proxy2" is the furthest down-stream and "proxy1" and
- * "proxy2" were trusted.
- *
- * @return {Array}
- * @public
- */
- defineGetter(req, 'ips', function ips() {
- var trust = this.app.get('trust proxy fn');
- var addrs = proxyaddr.all(this, trust);
- // reverse the order (to farthest -> closest)
- // and remove socket address
- addrs.reverse().pop()
- return addrs
- });
- /**
- * Return subdomains as an array.
- *
- * Subdomains are the dot-separated parts of the host before the main domain of
- * the app. By default, the domain of the app is assumed to be the last two
- * parts of the host. This can be changed by setting "subdomain offset".
- *
- * For example, if the domain is "tobi.ferrets.example.com":
- * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
- * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
- *
- * @return {Array}
- * @public
- */
- defineGetter(req, 'subdomains', function subdomains() {
- var hostname = this.hostname;
- if (!hostname) return [];
- var offset = this.app.get('subdomain offset');
- var subdomains = !isIP(hostname)
- ? hostname.split('.').reverse()
- : [hostname];
- return subdomains.slice(offset);
- });
- /**
- * Short-hand for `url.parse(req.url).pathname`.
- *
- * @return {String}
- * @public
- */
- defineGetter(req, 'path', function path() {
- return parse(this).pathname;
- });
- /**
- * Parse the "Host" header field to a hostname.
- *
- * When the "trust proxy" setting trusts the socket
- * address, the "X-Forwarded-Host" header field will
- * be trusted.
- *
- * @return {String}
- * @public
- */
- defineGetter(req, 'hostname', function hostname(){
- var trust = this.app.get('trust proxy fn');
- var host = this.get('X-Forwarded-Host');
- if (!host || !trust(this.connection.remoteAddress, 0)) {
- host = this.get('Host');
- } else if (host.indexOf(',') !== -1) {
- // Note: X-Forwarded-Host is normally only ever a
- // single value, but this is to be safe.
- host = host.substring(0, host.indexOf(',')).trimRight()
- }
- if (!host) return;
- // IPv6 literal support
- var offset = host[0] === '['
- ? host.indexOf(']') + 1
- : 0;
- var index = host.indexOf(':', offset);
- return index !== -1
- ? host.substring(0, index)
- : host;
- });
- // TODO: change req.host to return host in next major
- defineGetter(req, 'host', deprecate.function(function host(){
- return this.hostname;
- }, 'req.host: Use req.hostname instead'));
- /**
- * Check if the request is fresh, aka
- * Last-Modified and/or the ETag
- * still match.
- *
- * @return {Boolean}
- * @public
- */
- defineGetter(req, 'fresh', function(){
- var method = this.method;
- var res = this.res
- var status = res.statusCode
- // GET or HEAD for weak freshness validation only
- if ('GET' !== method && 'HEAD' !== method) return false;
- // 2xx or 304 as per rfc2616 14.26
- if ((status >= 200 && status < 300) || 304 === status) {
- return fresh(this.headers, {
- 'etag': res.get('ETag'),
- 'last-modified': res.get('Last-Modified')
- })
- }
- return false;
- });
- /**
- * Check if the request is stale, aka
- * "Last-Modified" and / or the "ETag" for the
- * resource has changed.
- *
- * @return {Boolean}
- * @public
- */
- defineGetter(req, 'stale', function stale(){
- return !this.fresh;
- });
- /**
- * Check if the request was an _XMLHttpRequest_.
- *
- * @return {Boolean}
- * @public
- */
- defineGetter(req, 'xhr', function xhr(){
- var val = this.get('X-Requested-With') || '';
- return val.toLowerCase() === 'xmlhttprequest';
- });
- /**
- * Helper function for creating a getter on an object.
- *
- * @param {Object} obj
- * @param {String} name
- * @param {Function} getter
- * @private
- */
- function defineGetter(obj, name, getter) {
- Object.defineProperty(obj, name, {
- configurable: true,
- enumerable: true,
- get: getter
- });
- }
|