redirect on missing origin, fix target

arunaruljothi · Mar 6, 2023 · 498f3d8 · 498f3d8
1 parent f48b8c2
commit 498f3d8
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 30 deletions.
diff --git a/dist/server.js b/dist/server.js
@@ -12,6 +12,7 @@ const proxiedPort = process.env.PROXY_PORT || (enableHttpsProxy ? "443" : "80");
 const protocol = enableHttpsProxy ? "https" : "http";
 const port = process.env.PORT || "80";
 const name = `simple-proxy-${port}`;
+const requiresOrigin = allowedOriginRoot != "*";
 // logger
 const log = function (mes, level = "info") {
     if (enableLogging) {
@@ -27,43 +28,43 @@ const log = function (mes, level = "info") {
 const proxy = (0, http_proxy_1.createProxyServer)({});
 const server = (0, http_1.createServer)((req, res) => {
     // set target
-    let target = `${protocol}://${req.headers.host}${req.url}`;
-    const target_hostname = (new URL(target)).hostname;
-    target = `${protocol}://${target_hostname}:${proxiedPort}${req.url}`;
+    const fullTarget = `${protocol}://${req.headers.host}${req.url}`;
+    const targetHostname = (new URL(fullTarget)).hostname;
+    const target = `${protocol}://${targetHostname}:${proxiedPort}`;
     // set origin
-    const origin_url = req.headers.origin ? new URL(req.headers.origin) : undefined;
-    const origin_hostname = origin_url ? origin_url.hostname : "";
+    const originUrl = req.headers.origin ? new URL(req.headers.origin) : undefined;
+    const originHostname = originUrl ? originUrl.hostname : "";
     // if we previously proxied this result end it now
     if ("x-proxy-by" in req.headers) {
-        log(`RE_PROXY:: ${origin_url?.href} -> ${target}`);
+        log(`RE_PROXY:: ${originUrl?.href} -> ${target}`);
         res.writeHead(400, "ATTEMPT AT RE PROXY");
         res.end();
         return;
     }
-    // redirect on same origin
-    if (origin_hostname == target_hostname) {
-        log(`REDIRECT:: ${origin_url?.href} -> ${target}`);
+    // redirect on same origin or origin required and was not provided
+    if ((requiresOrigin && (originUrl == undefined)) || (originHostname == targetHostname)) {
+        log(`REDIRECT:: ${originUrl?.href} -> ${target}`);
         res.writeHead(302, {
-            'Location': target
+            'Location': fullTarget
         });
         res.end();
         return;
     }
     // cors
-    if (allowedOriginRoot == "*" || origin_hostname.includes(allowedOriginRoot)) {
+    if (allowedOriginRoot == "*" || originHostname.includes(allowedOriginRoot)) {
         // cors allowed
         const allowedHeaders = req.headers["access-control-request-headers"] || "";
         const allowedMethods = req.headers["access-control-request-method"] || ["GET", "POST", "PUT", "OPTIONS"].join(', ');
         res.setHeader('access-control-allow-methods', allowedMethods);
         if ('access-control-request-headers' in req.headers) {
             res.setHeader('access-control-allow-headers', allowedHeaders);
         }
-        res.setHeader('Access-Control-Allow-Origin', origin_url?.href || "*");
+        res.setHeader('Access-Control-Allow-Origin', originUrl?.href || "*");
         res.setHeader('Access-Control-Allow-Credentials', "true");
-        log(`CORS:: ${origin_url?.href} -> ${target}`);
+        log(`CORS:: ${originUrl?.href} -> ${fullTarget}`);
     }
     else {
-        log(`NO_CORS:: ${origin_url?.href} -> ${target}`);
+        log(`NO_CORS:: ${originUrl?.href} -> ${fullTarget}`);
     }
     // mark the request has having been proxied
     res.setHeader("x-proxy-by", name);
@@ -75,7 +76,7 @@ const server = (0, http_1.createServer)((req, res) => {
 const healthPort = (parseInt(port) + 1).toString();
 const healthServer = (0, http_1.createServer)((req, res) => {
     res.writeHead(200);
-    res.write("OK");
+    res.write("BAD");
     res.end();
 });
 // launch servers

diff --git a/src/server.ts b/src/server.ts
@@ -14,6 +14,7 @@ const proxiedPort = process.env.PROXY_PORT || (enableHttpsProxy ? "443" : "80")
 const protocol = enableHttpsProxy ? "https" : "http"
 const port = process.env.PORT || "80"
 const name = `simple-proxy-${port}`
+const requiresOrigin = allowedOriginRoot != "*"
 
 // logger
 const log = function(mes: string, level: "info" | "error" = "info"){
@@ -30,46 +31,46 @@ const log = function(mes: string, level: "info" | "error" = "info"){
 const proxy = createProxyServer({})
 const server: Server = createServer((req: IncomingMessage, res: ServerResponse) => {
   // set target
-  let target = `${protocol}://${req.headers.host}${req.url}`
-  const target_hostname = (new URL(target)).hostname
-  target = `${protocol}://${target_hostname}:${proxiedPort}${req.url}`
+  const fullTarget = `${protocol}://${req.headers.host}${req.url}`
+  const targetHostname = (new URL(fullTarget)).hostname
+  const target = `${protocol}://${targetHostname}:${proxiedPort}`
 
   // set origin
-  const origin_url: URL | undefined = req.headers.origin ? new URL(req.headers.origin) : undefined
-  const origin_hostname = origin_url ? origin_url.hostname : ""
+  const originUrl: URL | undefined = req.headers.origin ? new URL(req.headers.origin) : undefined
+  const originHostname = originUrl ? originUrl.hostname : ""
 
   // if we previously proxied this result end it now
   if ("x-proxy-by" in req.headers){
-    log (`RE_PROXY:: ${origin_url?.href} -> ${target}`)
+    log (`RE_PROXY:: ${originUrl?.href} -> ${target}`)
     res.writeHead(400, "ATTEMPT AT RE PROXY")
     res.end()
     return
   }
 
-  // redirect on same origin
-  if (origin_hostname == target_hostname){
-    log(`REDIRECT:: ${origin_url?.href} -> ${target}`)
+  // redirect on same origin or origin required and was not provided
+  if ((requiresOrigin && (originUrl == undefined)) || (originHostname == targetHostname)){
+    log(`REDIRECT:: ${originUrl?.href} -> ${target}`)
     res.writeHead(302, {
-      'Location': target
+      'Location': fullTarget
     })
     res.end()
     return
   }
 
   // cors
-  if ( allowedOriginRoot == "*" || origin_hostname.includes(allowedOriginRoot)){
+  if ( allowedOriginRoot == "*" || originHostname.includes(allowedOriginRoot)){
     // cors allowed
     const allowedHeaders = req.headers["access-control-request-headers"] || ""
     const allowedMethods = req.headers["access-control-request-method"] || ["GET", "POST", "PUT", "OPTIONS"].join(', ')
     res.setHeader('access-control-allow-methods', allowedMethods)
     if ('access-control-request-headers' in req.headers){
       res.setHeader('access-control-allow-headers',allowedHeaders )
     }
-    res.setHeader('Access-Control-Allow-Origin', origin_url?.href || "*")
+    res.setHeader('Access-Control-Allow-Origin', originUrl?.href || "*")
     res.setHeader('Access-Control-Allow-Credentials', "true")
-    log(`CORS:: ${origin_url?.href} -> ${target}`)
+    log(`CORS:: ${originUrl?.href} -> ${fullTarget}`)
   }else{
-    log(`NO_CORS:: ${origin_url?.href} -> ${target}`)
+    log(`NO_CORS:: ${originUrl?.href} -> ${fullTarget}`)
   }
 
   // mark the request has having been proxied
@@ -83,7 +84,7 @@ const server: Server = createServer((req: IncomingMessage, res: ServerResponse)
 const healthPort = (parseInt(port) + 1).toString()
 const healthServer: Server = createServer((req: IncomingMessage, res: ServerResponse) => {
   res.writeHead(200)
-  res.write("OK")
+  res.write("BAD")
   res.end()
 })