Skip to content

W
webpack_ast

司天真 / webpack_ast
该项目与 Fork 源项目分叉

Fork自 渔滒 / webpack_ast

通知 1
Star 0
Fork 0
W
webpack_ast

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 fc91d687 编写于 作者: 司天真's avatar 司天真
浏览文件
操作

11.23

上级 3f62dc14
展开全部 隐藏空白更改
内联 并排
Showing with 3111 addition and 1 deletion
槟榔/1.html 0 → 100644
浏览文件 @ fc91d687
<!doctype html>
<html dir="ltr" lang="zh">
<head>
<meta charset="utf-8">
<title>新标签页</title>
<style>
body {
background: #FFFFFF;
margin: 0;
}
#backgroundImage {
border: none;
height: 100%;
pointer-events: none;
position: fixed;
top: 0;
visibility: hidden;
width: 100%;
}
[show-background-image] #backgroundImage {
visibility: visible;
}
</style>
</head>
<body>
<iframe id="backgroundImage" src=""></iframe>
<ntp-app></ntp-app>
<script type="module" src="https://yun.duiba.com.cn/new_tab_page.js"></script>
<link rel="stylesheet" href="https://resources/css/text_defaults_md.css">
<link rel="stylesheet" href="https://theme/colors.css?sets=ui,chrome">
<link rel="stylesheet" href="https://yun.duiba.com.cn/shared_vars.css">
</body>
</html>
槟榔/1.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/2.js 0 → 100644
浏览文件 @ fc91d687
window = global
window['pdf731'] = "pfaf62c9";
window['pe1d6f'] = "p244a4d6";
window['p7e21a'] = "pe6455d0";
window['p3aa4d'] = "p26390dd";
window['p3a5ee'] = "p70c852d";
window['p8f6b2'] = "p24df0c3";
window['p24b7b'] = "p2a63090";
window['pd1b03'] = "p24161e9";
window['pcae13'] = "pc40787c";
window['pc6ff4'] = "pb65176e";
function aaa(r, n, t) {
function e(r, n) {
var t = n - r
, e = Math.random();
return r + Math.round(e * t)
}
function o() {
for (var r = "", n = 0; n < 8; n++) {
var t = e(0, 15);
r += f[t]
}
return r
}
function u() {
for (var r = "", n = e(5, 9), t = 0; t < n; t++) {
var o = e(0, 35);
r += i[o]
}
return r
}
for (var f = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"], i = ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"], a = 0; a < 50; a++) {
var c = o(), v = u();
window[c] = v
}
}
aaa('',",","")
\ No newline at end of file
槟榔/3.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/4.js 0 → 100644
浏览文件 @ fc91d687
window['pdf731'] = "pfaf62c9";
window['pe1d6f'] = "p244a4d6";
window['p7e21a'] = "pe6455d0";
window['p3aa4d'] = "p26390dd";
window['p3a5ee'] = "p70c852d";
window['p8f6b2'] = "p24df0c3";
window['p24b7b'] = "p2a63090";
window['pd1b03'] = "p24161e9";
window['pcae13'] = "pc40787c";
window['pc6ff4'] = "pb65176e";
!function r(n, t, e) {
function o(f, i) {
if (! t[f]) {
if (! n[f]) {
var a = "function" == typeof require && require;
if (! i && a)
return a(f, !0);
if (u)
return u(f, !0);
var c = new Error("Cannot find module '" + f + "'");
throw c.code = "MODULE_NOT_FOUND",
c
}
var v = t[f] = {
exports: {}
};
n[f][0].call(v.exports, function (r) {
var t = n[f][1][r];
return o(t ? t : r)
}, v, v.exports, r, n, t, e)
}
return t[f].exports
}
for (var u = "function" == typeof require && require, f = 0; f < e.length; f++)
o(e[f]);
return o
}({
1: [
function (r, n, t) {
function e(r, n) {
var t = n - r,
e = Math.random();
return r + Math.round(e * t)
}
function o() {
for (var r = "", n = 0; n < 8; n++) {
var t = e(0, 15);
r += f[t]
}
return r
}
function u() {
for (var r = "", n = e(5, 9), t = 0; t < n; t++) {
var o = e(0, 35);
r += i[o]
}
return r
}
for (var f =[
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"a",
"b",
"c",
"d",
"e",
"f"
], i =[
"a",
"b",
"c",
"d",
"e",
"f",
"g",
"h",
"i",
"j",
"k",
"l",
"m",
"n",
"o",
"p",
"q",
"r",
"s",
"t",
"u",
"v",
"w",
"x",
"y",
"z",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
], a = 0; a < 50; a++) {
var c = o(),
v = u();
window[c] = v
}
}, {}
]
}, {}, [1]);
槟榔/cookie.js
浏览文件 @ fc91d687
var cK = '_ac=eyJhaWQiOjg5NDIwLCJjaWQiOjM4NzIyMjY4Njl9; createdAtToday=false; dcustom=avatar%3Dhttps%3A%2F%2Fthirdwx.qlogo.cn%2Fmmopen%2Fvi_32%2FmticjmrhDj39O5ZdRo8EEmErwaGNMNDicXknOaPY746xrmkw3THpAPo0zFwZ4ymMQIMPicXS6V7fQalicY2WSnqofg%2F132%26nickname%3D*%E8%BF%9E; isNotLoginUser=false; tokenId=bed468babcebd4af1b74b04ae65e400b; w_ts=1668821859241; wdata3=ugtvymFKM3XYivx6oo3ByRtNszacaFKfMUKdXNUXtgzGBdpGZNMcdJzejwKYZJJnKoGkxzNtHVZqjqfxD5dqVKFi4YE1NdyXouThwqMYYgLN9mqa1E7athx8pn8JGjbdCXfLt9w3XNQU1P; wdata4=UTE3HKlqvd9JLrEoEbS8G2he4L4RbOYGbCOsCgHsRtOhbQXU1vjI/+G8R9qZqAjlDZ0CN2n+zEla9whAaUN7+5VrceoysPp8RxWwRBEKpD7P8gTD+FrNnWOqjsPBE7cGmYD3862rHafFKx5o9bz/zQ==';
var cK = '_ac=eyJhaWQiOjg5NDIwLCJjaWQiOjM4NzIyMjY4Njl9; createdAtToday=false; dcustom=avatar%3Dhttps%3A%2F%2Fthirdwx.qlogo.cn%2Fmmopen%2Fvi_32%2FmticjmrhDj39O5ZdRo8EEmErwaGNMNDicXknOaPY746xrmkw3THpAPo0zFwZ4ymMQIMPicXS6V7fQalicY2WSnqofg%2F132%26nickname%3D*%E8%BF%9E; isNotLoginUser=false; tokenId=15b2cde813b70326c5c86a7717293343; w_ts=1669012633790; wdata3=ugtvymFKM3XYivx6oo3ByRtNszacaFKfMUKdXNUXtgzGBdpGZNMcdJzejwKYZJJnKoGkxzNtHVZqjqfxD5dqVKFi4YE1NdyXouThwqMYYgLN9mqa1E7athx8pn8JGjbdFW6TcNrZVZrR7y; wdata4=TiWBdjGSaPTiVlw9xW+/i6lYN36YC54zemVH6q7La/0MUwXozVk/cT5HjL+iOBTUMe3QQf/a2FZoUU6qeznpCWn8lPXnDGQ2nlqX5jIs8qiwS2ditG7Dy8qDIhT29iItOVhyij3P69C9acQS7cSkRw==';
var list = cK.split(";");
for (var i = 1; i < list.length; i++) {
document.cookie = list[i];
......
槟榔/index.cc8cb0ac.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/.bin/http-server 0 → 100644
浏览文件 @ fc91d687
#!/bin/sh
basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
case `uname` in
*CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
esac
if [ -x "$basedir/node" ]; then
exec "$basedir/node" "$basedir/../http-server/bin/http-server" "$@"
else
exec node "$basedir/../http-server/bin/http-server" "$@"
fi
槟榔/node_modules/.bin/http-server.cmd 0 → 100644
浏览文件 @ fc91d687
@ECHO off
GOTO start
:find_dp0
SET dp0=%~dp0
EXIT /b
:start
SETLOCAL
CALL :find_dp0
IF EXIST "%dp0%\node.exe" (
SET "_prog=%dp0%\node.exe"
) ELSE (
SET "_prog=node"
SET PATHEXT=%PATHEXT:;.JS;=;%
)
endLocal & goto #_undefined_# 2>NUL || title %COMSPEC% & "%_prog%" "%dp0%\..\http-server\bin\http-server" %*
槟榔/node_modules/.bin/http-server.ps1 0 → 100644
浏览文件 @ fc91d687
#!/usr/bin/env pwsh
$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
$exe=""
if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
# Fix case when both the Windows and Linux builds of Node
# are installed in the same directory
$exe=".exe"
}
$ret=0
if (Test-Path "$basedir/node$exe") {
# Support pipeline input
if ($MyInvocation.ExpectingInput) {
$input | & "$basedir/node$exe" "$basedir/../http-server/bin/http-server" $args
} else {
& "$basedir/node$exe" "$basedir/../http-server/bin/http-server" $args
}
$ret=$LASTEXITCODE
} else {
# Support pipeline input
if ($MyInvocation.ExpectingInput) {
$input | & "node$exe" "$basedir/../http-server/bin/http-server" $args
} else {
& "node$exe" "$basedir/../http-server/bin/http-server" $args
}
$ret=$LASTEXITCODE
}
exit $ret
槟榔/node_modules/.bin/opener 0 → 100644
浏览文件 @ fc91d687
#!/bin/sh
basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
case `uname` in
*CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
esac
if [ -x "$basedir/node" ]; then
exec "$basedir/node" "$basedir/../opener/bin/opener-bin.js" "$@"
else
exec node "$basedir/../opener/bin/opener-bin.js" "$@"
fi
槟榔/node_modules/.bin/opener.cmd 0 → 100644
浏览文件 @ fc91d687
@ECHO off
GOTO start
:find_dp0
SET dp0=%~dp0
EXIT /b
:start
SETLOCAL
CALL :find_dp0
IF EXIST "%dp0%\node.exe" (
SET "_prog=%dp0%\node.exe"
) ELSE (
SET "_prog=node"
SET PATHEXT=%PATHEXT:;.JS;=;%
)
endLocal & goto #_undefined_# 2>NUL || title %COMSPEC% & "%_prog%" "%dp0%\..\opener\bin\opener-bin.js" %*
槟榔/node_modules/.bin/opener.ps1 0 → 100644
浏览文件 @ fc91d687
#!/usr/bin/env pwsh
$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
$exe=""
if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
# Fix case when both the Windows and Linux builds of Node
# are installed in the same directory
$exe=".exe"
}
$ret=0
if (Test-Path "$basedir/node$exe") {
# Support pipeline input
if ($MyInvocation.ExpectingInput) {
$input | & "$basedir/node$exe" "$basedir/../opener/bin/opener-bin.js" $args
} else {
& "$basedir/node$exe" "$basedir/../opener/bin/opener-bin.js" $args
}
$ret=$LASTEXITCODE
} else {
# Support pipeline input
if ($MyInvocation.ExpectingInput) {
$input | & "node$exe" "$basedir/../opener/bin/opener-bin.js" $args
} else {
& "node$exe" "$basedir/../opener/bin/opener-bin.js" $args
}
$ret=$LASTEXITCODE
}
exit $ret
槟榔/node_modules/.package-lock.json
浏览文件 @ fc91d687
......@@ -4938,6 +4938,24 @@
"resolved": "https://registry.npmmirror.com/balanced-match/-/balanced-match-1.0.2.tgz",
"integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
},
"node_modules/basic-auth": {
"version": "2.0.1",
"resolved": "https://repo.huaweicloud.com/repository/npm/basic-auth/-/basic-auth-2.0.1.tgz",
"integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
"license": "MIT",
"dependencies": {
"safe-buffer": "5.1.2"
},
"engines": {
"node": ">= 0.8"
}
},
"node_modules/basic-auth/node_modules/safe-buffer": {
"version": "5.1.2",
"resolved": "https://repo.huaweicloud.com/repository/npm/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
"license": "MIT"
},
"node_modules/batch": {
"version": "0.6.1",
"resolved": "https://registry.npmmirror.com/batch/-/batch-0.6.1.tgz",
......@@ -5498,6 +5516,15 @@
"resolved": "https://registry.npmmirror.com/core-util-is/-/core-util-is-1.0.3.tgz",
"integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
},
"node_modules/corser": {
"version": "2.0.1",
"resolved": "https://repo.huaweicloud.com/repository/npm/corser/-/corser-2.0.1.tgz",
"integrity": "sha512-utCYNzRSQIZNPIcGZdQc92UVJYAhtGAteCFg0yRaFm8f0P+CPtyGyHXJcGXnffjCybUCEx3FQ2G7U3/o9eIkVQ==",
"license": "MIT",
"engines": {
"node": ">= 0.4.0"
}
},
"node_modules/cosmiconfig": {
"version": "7.1.0",
"resolved": "https://registry.npmmirror.com/cosmiconfig/-/cosmiconfig-7.1.0.tgz",
......@@ -8158,6 +8185,103 @@
}
}
},
"node_modules/http-server": {
"version": "14.1.1",
"resolved": "https://repo.huaweicloud.com/repository/npm/http-server/-/http-server-14.1.1.tgz",
"integrity": "sha512-+cbxadF40UXd9T01zUHgA+rlo2Bg1Srer4+B4NwIHdaGxAGGv59nYRnGGDJ9LBk7alpS0US+J+bLLdQOOkJq4A==",
"license": "MIT",
"dependencies": {
"basic-auth": "^2.0.1",
"chalk": "^4.1.2",
"corser": "^2.0.1",
"he": "^1.2.0",
"html-encoding-sniffer": "^3.0.0",
"http-proxy": "^1.18.1",
"mime": "^1.6.0",
"minimist": "^1.2.6",
"opener": "^1.5.1",
"portfinder": "^1.0.28",
"secure-compare": "3.0.1",
"union": "~0.5.0",
"url-join": "^4.0.1"
},
"bin": {
"http-server": "bin/http-server"
},
"engines": {
"node": ">=12"
}
},
"node_modules/http-server/node_modules/ansi-styles": {
"version": "4.3.0",
"resolved": "https://repo.huaweicloud.com/repository/npm/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"license": "MIT",
"dependencies": {
"color-convert": "^2.0.1"
},
"engines": {
"node": ">=8"
},
"funding": {
"url": "https://github.com/chalk/ansi-styles?sponsor=1"
}
},
"node_modules/http-server/node_modules/chalk": {
"version": "4.1.2",
"resolved": "https://repo.huaweicloud.com/repository/npm/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"license": "MIT",
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
},
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/chalk/chalk?sponsor=1"
}
},
"node_modules/http-server/node_modules/color-convert": {
"version": "2.0.1",
"resolved": "https://repo.huaweicloud.com/repository/npm/color-convert/-/color-convert-2.0.1.tgz",
"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
"license": "MIT",
"dependencies": {
"color-name": "~1.1.4"
},
"engines": {
"node": ">=7.0.0"
}
},
"node_modules/http-server/node_modules/color-name": {
"version": "1.1.4",
"resolved": "https://repo.huaweicloud.com/repository/npm/color-name/-/color-name-1.1.4.tgz",
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"license": "MIT"
},
"node_modules/http-server/node_modules/has-flag": {
"version": "4.0.0",
"resolved": "https://repo.huaweicloud.com/repository/npm/has-flag/-/has-flag-4.0.0.tgz",
"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
"license": "MIT",
"engines": {
"node": ">=8"
}
},
"node_modules/http-server/node_modules/supports-color": {
"version": "7.2.0",
"resolved": "https://repo.huaweicloud.com/repository/npm/supports-color/-/supports-color-7.2.0.tgz",
"integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
"license": "MIT",
"dependencies": {
"has-flag": "^4.0.0"
},
"engines": {
"node": ">=8"
}
},
"node_modules/https-proxy-agent": {
"version": "5.0.1",
"resolved": "https://registry.npmmirror.com/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
......@@ -11673,6 +11797,15 @@
"node": ">=12"
}
},
"node_modules/opener": {
"version": "1.5.2",
"resolved": "https://repo.huaweicloud.com/repository/npm/opener/-/opener-1.5.2.tgz",
"integrity": "sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==",
"license": "(WTFPL OR MIT)",
"bin": {
"opener": "bin/opener-bin.js"
}
},
"node_modules/optionator": {
"version": "0.8.3",
"resolved": "https://registry.npmmirror.com/optionator/-/optionator-0.8.3.tgz",
......@@ -11986,6 +12119,38 @@
"node": ">=4"
}
},
"node_modules/portfinder": {
"version": "1.0.32",
"resolved": "https://repo.huaweicloud.com/repository/npm/portfinder/-/portfinder-1.0.32.tgz",
"integrity": "sha512-on2ZJVVDXRADWE6jnQaX0ioEylzgBpQk8r55NE4wjXW1ZxO+BgDlY6DXwj20i0V8eB4SenDQ00WEaxfiIQPcxg==",
"license": "MIT",
"dependencies": {
"async": "^2.6.4",
"debug": "^3.2.7",
"mkdirp": "^0.5.6"
},
"engines": {
"node": ">= 0.12.0"
}
},
"node_modules/portfinder/node_modules/async": {
"version": "2.6.4",
"resolved": "https://repo.huaweicloud.com/repository/npm/async/-/async-2.6.4.tgz",
"integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==",
"license": "MIT",
"dependencies": {
"lodash": "^4.17.14"
}
},
"node_modules/portfinder/node_modules/debug": {
"version": "3.2.7",
"resolved": "https://repo.huaweicloud.com/repository/npm/debug/-/debug-3.2.7.tgz",
"integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
"license": "MIT",
"dependencies": {
"ms": "^2.1.1"
}
},
"node_modules/postcss": {
"version": "8.4.19",
"resolved": "https://registry.npmmirror.com/postcss/-/postcss-8.4.19.tgz",
......@@ -13989,6 +14154,12 @@
"node": ">= 10.13.0"
}
},
"node_modules/secure-compare": {
"version": "3.0.1",
"resolved": "https://repo.huaweicloud.com/repository/npm/secure-compare/-/secure-compare-3.0.1.tgz",
"integrity": "sha512-AckIIV90rPDcBcglUwXPF3kg0P0qmPsPXAj6BBEENQE1p5yA1xfmDJzfi1Tappj37Pv2mVbKpL3Z1T+Nn7k1Qw==",
"license": "MIT"
},
"node_modules/select-hose": {
"version": "2.0.0",
"resolved": "https://registry.npmmirror.com/select-hose/-/select-hose-2.0.0.tgz",
......@@ -15051,6 +15222,17 @@
"node": ">=4"
}
},
"node_modules/union": {
"version": "0.5.0",
"resolved": "https://repo.huaweicloud.com/repository/npm/union/-/union-0.5.0.tgz",
"integrity": "sha512-N6uOhuW6zO95P3Mel2I2zMsbsanvvtgn6jVqJv4vbVcz/JN0OkL9suomjQGmWtxJQXOCqUJvquc1sMeNz/IwlA==",
"dependencies": {
"qs": "^6.4.0"
},
"engines": {
"node": ">= 0.8.0"
}
},
"node_modules/unique-string": {
"version": "2.0.0",
"resolved": "https://registry.npmmirror.com/unique-string/-/unique-string-2.0.0.tgz",
......@@ -15115,6 +15297,12 @@
"punycode": "^2.1.0"
}
},
"node_modules/url-join": {
"version": "4.0.1",
"resolved": "https://repo.huaweicloud.com/repository/npm/url-join/-/url-join-4.0.1.tgz",
"integrity": "sha512-jk1+QP6ZJqyOiuEI9AEWQfju/nB2Pw466kbA0LEZljHwKeMgd9WrAEgEGxjPDD2+TNbbb37rTyhEfrCXfuKXnA==",
"license": "MIT"
},
"node_modules/url-parse": {
"version": "1.5.10",
"resolved": "https://registry.npmmirror.com/url-parse/-/url-parse-1.5.10.tgz",
......
槟榔/node_modules/basic-auth/HISTORY.md 0 → 100644
浏览文件 @ fc91d687
2.0.1 / 2018-09-19
==================
* deps: safe-buffer@5.1.2
2.0.0 / 2017-09-12
==================
* Drop support for Node.js below 0.8
* Remove `auth(ctx)` signature -- pass in header or `auth(ctx.req)`
* Use `safe-buffer` for improved Buffer API
1.1.0 / 2016-11-18
==================
* Add `auth.parse` for low-level string parsing
1.0.4 / 2016-05-10
==================
* Improve error message when `req` argument is not an object
* Improve error message when `req` missing `headers` property
1.0.3 / 2015-07-01
==================
* Fix regression accepting a Koa context
1.0.2 / 2015-06-12
==================
* Improve error message when `req` argument missing
* perf: enable strict mode
* perf: hoist regular expression
* perf: parse with regular expressions
* perf: remove argument reassignment
1.0.1 / 2015-05-04
==================
* Update readme
1.0.0 / 2014-07-01
==================
* Support empty password
* Support empty username
0.0.1 / 2013-11-30
==================
* Initial release
槟榔/node_modules/basic-auth/LICENSE 0 → 100644
浏览文件 @ fc91d687
(The MIT License)
Copyright (c) 2013 TJ Holowaychuk
Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
槟榔/node_modules/basic-auth/README.md 0 → 100644
浏览文件 @ fc91d687
# basic-auth
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Node.js Version][node-version-image]][node-version-url]
[![Build Status][travis-image]][travis-url]
[![Test Coverage][coveralls-image]][coveralls-url]
Generic basic auth Authorization header field parser for whatever.
## Installation
This is a [Node.js](https://nodejs.org/en/) module available through the
[npm registry](https://www.npmjs.com/). Installation is done using the
[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
```
$ npm install basic-auth
```
## API
<!-- eslint-disable no-unused-vars -->
```js
var auth = require('basic-auth')
```
### auth(req)
Get the basic auth credentials from the given request. The `Authorization`
header is parsed and if the header is invalid, `undefined` is returned,
otherwise an object with `name` and `pass` properties.
### auth.parse(string)
Parse a basic auth authorization header string. This will return an object
with `name` and `pass` properties, or `undefined` if the string is invalid.
## Example
Pass a Node.js request object to the module export. If parsing fails
`undefined` is returned, otherwise an object with `.name` and `.pass`.
<!-- eslint-disable no-unused-vars, no-undef -->
```js
var auth = require('basic-auth')
var user = auth(req)
// => { name: 'something', pass: 'whatever' }
```
A header string from any other location can also be parsed with
`auth.parse`, for example a `Proxy-Authorization` header:
<!-- eslint-disable no-unused-vars, no-undef -->
```js
var auth = require('basic-auth')
var user = auth.parse(req.getHeader('Proxy-Authorization'))
```
### With vanilla node.js http server
```js
var http = require('http')
var auth = require('basic-auth')
var compare = require('tsscmp')
// Create server
var server = http.createServer(function (req, res) {
var credentials = auth(req)
// Check credentials
// The "check" function will typically be against your user store
if (!credentials || !check(credentials.name, credentials.pass)) {
res.statusCode = 401
res.setHeader('WWW-Authenticate', 'Basic realm="example"')
res.end('Access denied')
} else {
res.end('Access granted')
}
})
// Basic function to validate credentials for example
function check (name, pass) {
var valid = true
// Simple method to prevent short-circut and use timing-safe compare
valid = compare(name, 'john') && valid
valid = compare(pass, 'secret') && valid
return valid
}
// Listen
server.listen(3000)
```
# License
[MIT](LICENSE)
[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/basic-auth/master
[coveralls-url]: https://coveralls.io/r/jshttp/basic-auth?branch=master
[downloads-image]: https://badgen.net/npm/dm/basic-auth
[downloads-url]: https://npmjs.org/package/basic-auth
[node-version-image]: https://badgen.net/npm/node/basic-auth
[node-version-url]: https://nodejs.org/en/download
[npm-image]: https://badgen.net/npm/v/basic-auth
[npm-url]: https://npmjs.org/package/basic-auth
[travis-image]: https://badgen.net/travis/jshttp/basic-auth/master
[travis-url]: https://travis-ci.org/jshttp/basic-auth
槟榔/node_modules/basic-auth/index.js 0 → 100644
浏览文件 @ fc91d687
/*!
* basic-auth
* Copyright(c) 2013 TJ Holowaychuk
* Copyright(c) 2014 Jonathan Ong
* Copyright(c) 2015-2016 Douglas Christopher Wilson
* MIT Licensed
*/
'use strict'
/**
* Module dependencies.
* @private
*/
var Buffer = require('safe-buffer').Buffer
/**
* Module exports.
* @public
*/
module.exports = auth
module.exports.parse = parse
/**
* RegExp for basic auth credentials
*
* credentials = auth-scheme 1*SP token68
* auth-scheme = "Basic" ; case insensitive
* token68 = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"="
* @private
*/
var CREDENTIALS_REGEXP = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9._~+/-]+=*) *$/
/**
* RegExp for basic auth user/pass
*
* user-pass = userid ":" password
* userid = *<TEXT excluding ":">
* password = *TEXT
* @private
*/
var USER_PASS_REGEXP = /^([^:]*):(.*)$/
/**
* Parse the Authorization header field of a request.
*
* @param {object} req
* @return {object} with .name and .pass
* @public
*/
function auth (req) {
if (!req) {
throw new TypeError('argument req is required')
}
if (typeof req !== 'object') {
throw new TypeError('argument req is required to be an object')
}
// get header
var header = getAuthorization(req)
// parse header
return parse(header)
}
/**
* Decode base64 string.
* @private
*/
function decodeBase64 (str) {
return Buffer.from(str, 'base64').toString()
}
/**
* Get the Authorization header from request object.
* @private
*/
function getAuthorization (req) {
if (!req.headers || typeof req.headers !== 'object') {
throw new TypeError('argument req is required to have headers property')
}
return req.headers.authorization
}
/**
* Parse basic auth to object.
*
* @param {string} string
* @return {object}
* @public
*/
function parse (string) {
if (typeof string !== 'string') {
return undefined
}
// parse header
var match = CREDENTIALS_REGEXP.exec(string)
if (!match) {
return undefined
}
// decode user pass
var userPass = USER_PASS_REGEXP.exec(decodeBase64(match[1]))
if (!userPass) {
return undefined
}
// return credentials object
return new Credentials(userPass[1], userPass[2])
}
/**
* Object to represent user credentials.
* @private
*/
function Credentials (name, pass) {
this.name = name
this.pass = pass
}
槟榔/node_modules/basic-auth/node_modules/safe-buffer/LICENSE 0 → 100644
浏览文件 @ fc91d687
The MIT License (MIT)
Copyright (c) Feross Aboukhadijeh
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
槟榔/node_modules/basic-auth/node_modules/safe-buffer/README.md 0 → 100644
浏览文件 @ fc91d687
# safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][downloads-url] [![javascript style guide][standard-image]][standard-url]
[travis-image]: https://img.shields.io/travis/feross/safe-buffer/master.svg
[travis-url]: https://travis-ci.org/feross/safe-buffer
[npm-image]: https://img.shields.io/npm/v/safe-buffer.svg
[npm-url]: https://npmjs.org/package/safe-buffer
[downloads-image]: https://img.shields.io/npm/dm/safe-buffer.svg
[downloads-url]: https://npmjs.org/package/safe-buffer
[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
[standard-url]: https://standardjs.com
#### Safer Node.js Buffer API
**Use the new Node.js Buffer APIs (`Buffer.from`, `Buffer.alloc`,
`Buffer.allocUnsafe`, `Buffer.allocUnsafeSlow`) in all versions of Node.js.**
**Uses the built-in implementation when available.**
## install
```
npm install safe-buffer
```
## usage
The goal of this package is to provide a safe replacement for the node.js `Buffer`.
It's a drop-in replacement for `Buffer`. You can use it by adding one `require` line to
the top of your node.js modules:
```js
var Buffer = require('safe-buffer').Buffer
// Existing buffer code will continue to work without issues:
new Buffer('hey', 'utf8')
new Buffer([1, 2, 3], 'utf8')
new Buffer(obj)
new Buffer(16) // create an uninitialized buffer (potentially unsafe)
// But you can use these new explicit APIs to make clear what you want:
Buffer.from('hey', 'utf8') // convert from many types to a Buffer
Buffer.alloc(16) // create a zero-filled buffer (safe)
Buffer.allocUnsafe(16) // create an uninitialized buffer (potentially unsafe)
```
## api
### Class Method: Buffer.from(array)
<!-- YAML
added: v3.0.0
-->
* `array` {Array}
Allocates a new `Buffer` using an `array` of octets.
```js
const buf = Buffer.from([0x62,0x75,0x66,0x66,0x65,0x72]);
// creates a new Buffer containing ASCII bytes
// ['b','u','f','f','e','r']
```
A `TypeError` will be thrown if `array` is not an `Array`.
### Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]])
<!-- YAML
added: v5.10.0
-->
* `arrayBuffer` {ArrayBuffer} The `.buffer` property of a `TypedArray` or
a `new ArrayBuffer()`
* `byteOffset` {Number} Default: `0`
* `length` {Number} Default: `arrayBuffer.length - byteOffset`
When passed a reference to the `.buffer` property of a `TypedArray` instance,
the newly created `Buffer` will share the same allocated memory as the
TypedArray.
```js
const arr = new Uint16Array(2);
arr[0] = 5000;
arr[1] = 4000;
const buf = Buffer.from(arr.buffer); // shares the memory with arr;
console.log(buf);
// Prints: <Buffer 88 13 a0 0f>
// changing the TypedArray changes the Buffer also
arr[1] = 6000;
console.log(buf);
// Prints: <Buffer 88 13 70 17>
```
The optional `byteOffset` and `length` arguments specify a memory range within
the `arrayBuffer` that will be shared by the `Buffer`.
```js
const ab = new ArrayBuffer(10);
const buf = Buffer.from(ab, 0, 2);
console.log(buf.length);
// Prints: 2
```
A `TypeError` will be thrown if `arrayBuffer` is not an `ArrayBuffer`.
### Class Method: Buffer.from(buffer)
<!-- YAML
added: v3.0.0
-->
* `buffer` {Buffer}
Copies the passed `buffer` data onto a new `Buffer` instance.
```js
const buf1 = Buffer.from('buffer');
const buf2 = Buffer.from(buf1);
buf1[0] = 0x61;
console.log(buf1.toString());
// 'auffer'
console.log(buf2.toString());
// 'buffer' (copy is not changed)
```
A `TypeError` will be thrown if `buffer` is not a `Buffer`.
### Class Method: Buffer.from(str[, encoding])
<!-- YAML
added: v5.10.0
-->
* `str` {String} String to encode.
* `encoding` {String} Encoding to use, Default: `'utf8'`
Creates a new `Buffer` containing the given JavaScript string `str`. If
provided, the `encoding` parameter identifies the character encoding.
If not provided, `encoding` defaults to `'utf8'`.
```js
const buf1 = Buffer.from('this is a tést');
console.log(buf1.toString());
// prints: this is a tést
console.log(buf1.toString('ascii'));
// prints: this is a tC)st
const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex');
console.log(buf2.toString());
// prints: this is a tést
```
A `TypeError` will be thrown if `str` is not a string.
### Class Method: Buffer.alloc(size[, fill[, encoding]])
<!-- YAML
added: v5.10.0
-->
* `size` {Number}
* `fill` {Value} Default: `undefined`
* `encoding` {String} Default: `utf8`
Allocates a new `Buffer` of `size` bytes. If `fill` is `undefined`, the
`Buffer` will be *zero-filled*.
```js
const buf = Buffer.alloc(5);
console.log(buf);
// <Buffer 00 00 00 00 00>
```
The `size` must be less than or equal to the value of
`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
be created if a `size` less than or equal to 0 is specified.
If `fill` is specified, the allocated `Buffer` will be initialized by calling
`buf.fill(fill)`. See [`buf.fill()`][] for more information.
```js
const buf = Buffer.alloc(5, 'a');
console.log(buf);
// <Buffer 61 61 61 61 61>
```
If both `fill` and `encoding` are specified, the allocated `Buffer` will be
initialized by calling `buf.fill(fill, encoding)`. For example:
```js
const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64');
console.log(buf);
// <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64>
```
Calling `Buffer.alloc(size)` can be significantly slower than the alternative
`Buffer.allocUnsafe(size)` but ensures that the newly created `Buffer` instance
contents will *never contain sensitive data*.
A `TypeError` will be thrown if `size` is not a number.
### Class Method: Buffer.allocUnsafe(size)
<!-- YAML
added: v5.10.0
-->
* `size` {Number}
Allocates a new *non-zero-filled* `Buffer` of `size` bytes. The `size` must
be less than or equal to the value of `require('buffer').kMaxLength` (on 64-bit
architectures, `kMaxLength` is `(2^31)-1`). Otherwise, a [`RangeError`][] is
thrown. A zero-length Buffer will be created if a `size` less than or equal to
0 is specified.
The underlying memory for `Buffer` instances created in this way is *not
initialized*. The contents of the newly created `Buffer` are unknown and
*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
`Buffer` instances to zeroes.
```js
const buf = Buffer.allocUnsafe(5);
console.log(buf);
// <Buffer 78 e0 82 02 01>
// (octets will be different, every time)
buf.fill(0);
console.log(buf);
// <Buffer 00 00 00 00 00>
```
A `TypeError` will be thrown if `size` is not a number.
Note that the `Buffer` module pre-allocates an internal `Buffer` instance of
size `Buffer.poolSize` that is used as a pool for the fast allocation of new
`Buffer` instances created using `Buffer.allocUnsafe(size)` (and the deprecated
`new Buffer(size)` constructor) only when `size` is less than or equal to
`Buffer.poolSize >> 1` (floor of `Buffer.poolSize` divided by two). The default
value of `Buffer.poolSize` is `8192` but can be modified.
Use of this pre-allocated internal memory pool is a key difference between
calling `Buffer.alloc(size, fill)` vs. `Buffer.allocUnsafe(size).fill(fill)`.
Specifically, `Buffer.alloc(size, fill)` will *never* use the internal Buffer
pool, while `Buffer.allocUnsafe(size).fill(fill)` *will* use the internal
Buffer pool if `size` is less than or equal to half `Buffer.poolSize`. The
difference is subtle but can be important when an application requires the
additional performance that `Buffer.allocUnsafe(size)` provides.
### Class Method: Buffer.allocUnsafeSlow(size)
<!-- YAML
added: v5.10.0
-->
* `size` {Number}
Allocates a new *non-zero-filled* and non-pooled `Buffer` of `size` bytes. The
`size` must be less than or equal to the value of
`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
be created if a `size` less than or equal to 0 is specified.
The underlying memory for `Buffer` instances created in this way is *not
initialized*. The contents of the newly created `Buffer` are unknown and
*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
`Buffer` instances to zeroes.
When using `Buffer.allocUnsafe()` to allocate new `Buffer` instances,
allocations under 4KB are, by default, sliced from a single pre-allocated
`Buffer`. This allows applications to avoid the garbage collection overhead of
creating many individually allocated Buffers. This approach improves both
performance and memory usage by eliminating the need to track and cleanup as
many `Persistent` objects.
However, in the case where a developer may need to retain a small chunk of
memory from a pool for an indeterminate amount of time, it may be appropriate
to create an un-pooled Buffer instance using `Buffer.allocUnsafeSlow()` then
copy out the relevant bits.
```js
// need to keep around a few small chunks of memory
const store = [];
socket.on('readable', () => {
const data = socket.read();
// allocate for retained data
const sb = Buffer.allocUnsafeSlow(10);
// copy the data into the new allocation
data.copy(sb, 0, 0, 10);
store.push(sb);
});
```
Use of `Buffer.allocUnsafeSlow()` should be used only as a last resort *after*
a developer has observed undue memory retention in their applications.
A `TypeError` will be thrown if `size` is not a number.
### All the Rest
The rest of the `Buffer` API is exactly the same as in node.js.
[See the docs](https://nodejs.org/api/buffer.html).
## Related links
- [Node.js issue: Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660)
- [Node.js Enhancement Proposal: Buffer.from/Buffer.alloc/Buffer.zalloc/Buffer() soft-deprecate](https://github.com/nodejs/node-eps/pull/4)
## Why is `Buffer` unsafe?
Today, the node.js `Buffer` constructor is overloaded to handle many different argument
types like `String`, `Array`, `Object`, `TypedArrayView` (`Uint8Array`, etc.),
`ArrayBuffer`, and also `Number`.
The API is optimized for convenience: you can throw any type at it, and it will try to do
what you want.
Because the Buffer constructor is so powerful, you often see code like this:
```js
// Convert UTF-8 strings to hex
function toHex (str) {
return new Buffer(str).toString('hex')
}
```
***But what happens if `toHex` is called with a `Number` argument?***
### Remote Memory Disclosure
If an attacker can make your program call the `Buffer` constructor with a `Number`
argument, then they can make it allocate uninitialized memory from the node.js process.
This could potentially disclose TLS private keys, user data, or database passwords.
When the `Buffer` constructor is passed a `Number` argument, it returns an
**UNINITIALIZED** block of memory of the specified `size`. When you create a `Buffer` like
this, you **MUST** overwrite the contents before returning it to the user.
From the [node.js docs](https://nodejs.org/api/buffer.html#buffer_new_buffer_size):
> `new Buffer(size)`
>
> - `size` Number
>
> The underlying memory for `Buffer` instances created in this way is not initialized.
> **The contents of a newly created `Buffer` are unknown and could contain sensitive
> data.** Use `buf.fill(0)` to initialize a Buffer to zeroes.
(Emphasis our own.)
Whenever the programmer intended to create an uninitialized `Buffer` you often see code
like this:
```js
var buf = new Buffer(16)
// Immediately overwrite the uninitialized buffer with data from another buffer
for (var i = 0; i < buf.length; i++) {
buf[i] = otherBuf[i]
}
```
### Would this ever be a problem in real code?
Yes. It's surprisingly common to forget to check the type of your variables in a
dynamically-typed language like JavaScript.
Usually the consequences of assuming the wrong type is that your program crashes with an
uncaught exception. But the failure mode for forgetting to check the type of arguments to
the `Buffer` constructor is more catastrophic.
Here's an example of a vulnerable service that takes a JSON payload and converts it to
hex:
```js
// Take a JSON payload {str: "some string"} and convert it to hex
var server = http.createServer(function (req, res) {
var data = ''
req.setEncoding('utf8')
req.on('data', function (chunk) {
data += chunk
})
req.on('end', function () {
var body = JSON.parse(data)
res.end(new Buffer(body.str).toString('hex'))
})
})
server.listen(8080)
```
In this example, an http client just has to send:
```json
{
"str": 1000
}
```
and it will get back 1,000 bytes of uninitialized memory from the server.
This is a very serious bug. It's similar in severity to the
[the Heartbleed bug](http://heartbleed.com/) that allowed disclosure of OpenSSL process
memory by remote attackers.
### Which real-world packages were vulnerable?
#### [`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht)
[Mathias Buus](https://github.com/mafintosh) and I
([Feross Aboukhadijeh](http://feross.org/)) found this issue in one of our own packages,
[`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht). The bug would allow
anyone on the internet to send a series of messages to a user of `bittorrent-dht` and get
them to reveal 20 bytes at a time of uninitialized memory from the node.js process.
Here's
[the commit](https://github.com/feross/bittorrent-dht/commit/6c7da04025d5633699800a99ec3fbadf70ad35b8)
that fixed it. We released a new fixed version, created a
[Node Security Project disclosure](https://nodesecurity.io/advisories/68), and deprecated all
vulnerable versions on npm so users will get a warning to upgrade to a newer version.
#### [`ws`](https://www.npmjs.com/package/ws)
That got us wondering if there were other vulnerable packages. Sure enough, within a short
period of time, we found the same issue in [`ws`](https://www.npmjs.com/package/ws), the
most popular WebSocket implementation in node.js.
If certain APIs were called with `Number` parameters instead of `String` or `Buffer` as
expected, then uninitialized server memory would be disclosed to the remote peer.
These were the vulnerable methods:
```js
socket.send(number)
socket.ping(number)
socket.pong(number)
```
Here's a vulnerable socket server with some echo functionality:
```js
server.on('connection', function (socket) {
socket.on('message', function (message) {
message = JSON.parse(message)
if (message.type === 'echo') {
socket.send(message.data) // send back the user's message
}
})
})
```
`socket.send(number)` called on the server, will disclose server memory.
Here's [the release](https://github.com/websockets/ws/releases/tag/1.0.1) where the issue
was fixed, with a more detailed explanation. Props to
[Arnout Kazemier](https://github.com/3rd-Eden) for the quick fix. Here's the
[Node Security Project disclosure](https://nodesecurity.io/advisories/67).
### What's the solution?
It's important that node.js offers a fast way to get memory otherwise performance-critical
applications would needlessly get a lot slower.
But we need a better way to *signal our intent* as programmers. **When we want
uninitialized memory, we should request it explicitly.**
Sensitive functionality should not be packed into a developer-friendly API that loosely
accepts many different types. This type of API encourages the lazy practice of passing
variables in without checking the type very carefully.
#### A new API: `Buffer.allocUnsafe(number)`
The functionality of creating buffers with uninitialized memory should be part of another
API. We propose `Buffer.allocUnsafe(number)`. This way, it's not part of an API that
frequently gets user input of all sorts of different types passed into it.
```js
var buf = Buffer.allocUnsafe(16) // careful, uninitialized memory!
// Immediately overwrite the uninitialized buffer with data from another buffer
for (var i = 0; i < buf.length; i++) {
buf[i] = otherBuf[i]
}
```
### How do we fix node.js core?
We sent [a PR to node.js core](https://github.com/nodejs/node/pull/4514) (merged as
`semver-major`) which defends against one case:
```js
var str = 16
new Buffer(str, 'utf8')
```
In this situation, it's implied that the programmer intended the first argument to be a
string, since they passed an encoding as a second argument. Today, node.js will allocate
uninitialized memory in the case of `new Buffer(number, encoding)`, which is probably not
what the programmer intended.
But this is only a partial solution, since if the programmer does `new Buffer(variable)`
(without an `encoding` parameter) there's no way to know what they intended. If `variable`
is sometimes a number, then uninitialized memory will sometimes be returned.
### What's the real long-term fix?
We could deprecate and remove `new Buffer(number)` and use `Buffer.allocUnsafe(number)` when
we need uninitialized memory. But that would break 1000s of packages.
~~We believe the best solution is to:~~
~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~
~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocUnsafe(number)`~~
#### Update
We now support adding three new APIs:
- `Buffer.from(value)` - convert from any type to a buffer
- `Buffer.alloc(size)` - create a zero-filled buffer
- `Buffer.allocUnsafe(size)` - create an uninitialized buffer with given size
This solves the core problem that affected `ws` and `bittorrent-dht` which is
`Buffer(variable)` getting tricked into taking a number argument.
This way, existing code continues working and the impact on the npm ecosystem will be
minimal. Over time, npm maintainers can migrate performance-critical code to use
`Buffer.allocUnsafe(number)` instead of `new Buffer(number)`.
### Conclusion
We think there's a serious design issue with the `Buffer` API as it exists today. It
promotes insecure software by putting high-risk functionality into a convenient API
with friendly "developer ergonomics".
This wasn't merely a theoretical exercise because we found the issue in some of the
most popular npm packages.
Fortunately, there's an easy fix that can be applied today. Use `safe-buffer` in place of
`buffer`.
```js
var Buffer = require('safe-buffer').Buffer
```
Eventually, we hope that node.js core can switch to this new, safer behavior. We believe
the impact on the ecosystem would be minimal since it's not a breaking change.
Well-maintained, popular packages would be updated to use `Buffer.alloc` quickly, while
older, insecure packages would magically become safe from this attack vector.
## links
- [Node.js PR: buffer: throw if both length and enc are passed](https://github.com/nodejs/node/pull/4514)
- [Node Security Project disclosure for `ws`](https://nodesecurity.io/advisories/67)
- [Node Security Project disclosure for`bittorrent-dht`](https://nodesecurity.io/advisories/68)
## credit
The original issues in `bittorrent-dht`
([disclosure](https://nodesecurity.io/advisories/68)) and
`ws` ([disclosure](https://nodesecurity.io/advisories/67)) were discovered by
[Mathias Buus](https://github.com/mafintosh) and
[Feross Aboukhadijeh](http://feross.org/).
Thanks to [Adam Baldwin](https://github.com/evilpacket) for helping disclose these issues
and for his work running the [Node Security Project](https://nodesecurity.io/).
Thanks to [John Hiesey](https://github.com/jhiesey) for proofreading this README and
auditing the code.
## license
MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
槟榔/node_modules/basic-auth/node_modules/safe-buffer/index.d.ts 0 → 100644
浏览文件 @ fc91d687
declare module "safe-buffer" {
export class Buffer {
length: number
write(string: string, offset?: number, length?: number, encoding?: string): number;
toString(encoding?: string, start?: number, end?: number): string;
toJSON(): { type: 'Buffer', data: any[] };
equals(otherBuffer: Buffer): boolean;
compare(otherBuffer: Buffer, targetStart?: number, targetEnd?: number, sourceStart?: number, sourceEnd?: number): number;
copy(targetBuffer: Buffer, targetStart?: number, sourceStart?: number, sourceEnd?: number): number;
slice(start?: number, end?: number): Buffer;
writeUIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
writeUIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
writeIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
writeIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
readUIntLE(offset: number, byteLength: number, noAssert?: boolean): number;
readUIntBE(offset: number, byteLength: number, noAssert?: boolean): number;
readIntLE(offset: number, byteLength: number, noAssert?: boolean): number;
readIntBE(offset: number, byteLength: number, noAssert?: boolean): number;
readUInt8(offset: number, noAssert?: boolean): number;
readUInt16LE(offset: number, noAssert?: boolean): number;
readUInt16BE(offset: number, noAssert?: boolean): number;
readUInt32LE(offset: number, noAssert?: boolean): number;
readUInt32BE(offset: number, noAssert?: boolean): number;
readInt8(offset: number, noAssert?: boolean): number;
readInt16LE(offset: number, noAssert?: boolean): number;
readInt16BE(offset: number, noAssert?: boolean): number;
readInt32LE(offset: number, noAssert?: boolean): number;
readInt32BE(offset: number, noAssert?: boolean): number;
readFloatLE(offset: number, noAssert?: boolean): number;
readFloatBE(offset: number, noAssert?: boolean): number;
readDoubleLE(offset: number, noAssert?: boolean): number;
readDoubleBE(offset: number, noAssert?: boolean): number;
swap16(): Buffer;
swap32(): Buffer;
swap64(): Buffer;
writeUInt8(value: number, offset: number, noAssert?: boolean): number;
writeUInt16LE(value: number, offset: number, noAssert?: boolean): number;
writeUInt16BE(value: number, offset: number, noAssert?: boolean): number;
writeUInt32LE(value: number, offset: number, noAssert?: boolean): number;
writeUInt32BE(value: number, offset: number, noAssert?: boolean): number;
writeInt8(value: number, offset: number, noAssert?: boolean): number;
writeInt16LE(value: number, offset: number, noAssert?: boolean): number;
writeInt16BE(value: number, offset: number, noAssert?: boolean): number;
writeInt32LE(value: number, offset: number, noAssert?: boolean): number;
writeInt32BE(value: number, offset: number, noAssert?: boolean): number;
writeFloatLE(value: number, offset: number, noAssert?: boolean): number;
writeFloatBE(value: number, offset: number, noAssert?: boolean): number;
writeDoubleLE(value: number, offset: number, noAssert?: boolean): number;
writeDoubleBE(value: number, offset: number, noAssert?: boolean): number;
fill(value: any, offset?: number, end?: number): this;
indexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number;
lastIndexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number;
includes(value: string | number | Buffer, byteOffset?: number, encoding?: string): boolean;
/**
* Allocates a new buffer containing the given {str}.
*
* @param str String to store in buffer.
* @param encoding encoding to use, optional. Default is 'utf8'
*/
constructor (str: string, encoding?: string);
/**
* Allocates a new buffer of {size} octets.
*
* @param size count of octets to allocate.
*/
constructor (size: number);
/**
* Allocates a new buffer containing the given {array} of octets.
*
* @param array The octets to store.
*/
constructor (array: Uint8Array);
/**
* Produces a Buffer backed by the same allocated memory as
* the given {ArrayBuffer}.
*
*
* @param arrayBuffer The ArrayBuffer with which to share memory.
*/
constructor (arrayBuffer: ArrayBuffer);
/**
* Allocates a new buffer containing the given {array} of octets.
*
* @param array The octets to store.
*/
constructor (array: any[]);
/**
* Copies the passed {buffer} data onto a new {Buffer} instance.
*
* @param buffer The buffer to copy.
*/
constructor (buffer: Buffer);
prototype: Buffer;
/**
* Allocates a new Buffer using an {array} of octets.
*
* @param array
*/
static from(array: any[]): Buffer;
/**
* When passed a reference to the .buffer property of a TypedArray instance,
* the newly created Buffer will share the same allocated memory as the TypedArray.
* The optional {byteOffset} and {length} arguments specify a memory range
* within the {arrayBuffer} that will be shared by the Buffer.
*
* @param arrayBuffer The .buffer property of a TypedArray or a new ArrayBuffer()
* @param byteOffset
* @param length
*/
static from(arrayBuffer: ArrayBuffer, byteOffset?: number, length?: number): Buffer;
/**
* Copies the passed {buffer} data onto a new Buffer instance.
*
* @param buffer
*/
static from(buffer: Buffer): Buffer;
/**
* Creates a new Buffer containing the given JavaScript string {str}.
* If provided, the {encoding} parameter identifies the character encoding.
* If not provided, {encoding} defaults to 'utf8'.
*
* @param str
*/
static from(str: string, encoding?: string): Buffer;
/**
* Returns true if {obj} is a Buffer
*
* @param obj object to test.
*/
static isBuffer(obj: any): obj is Buffer;
/**
* Returns true if {encoding} is a valid encoding argument.
* Valid string encodings in Node 0.12: 'ascii'|'utf8'|'utf16le'|'ucs2'(alias of 'utf16le')|'base64'|'binary'(deprecated)|'hex'
*
* @param encoding string to test.
*/
static isEncoding(encoding: string): boolean;
/**
* Gives the actual byte length of a string. encoding defaults to 'utf8'.
* This is not the same as String.prototype.length since that returns the number of characters in a string.
*
* @param string string to test.
* @param encoding encoding used to evaluate (defaults to 'utf8')
*/
static byteLength(string: string, encoding?: string): number;
/**
* Returns a buffer which is the result of concatenating all the buffers in the list together.
*
* If the list has no items, or if the totalLength is 0, then it returns a zero-length buffer.
* If the list has exactly one item, then the first item of the list is returned.
* If the list has more than one item, then a new Buffer is created.
*
* @param list An array of Buffer objects to concatenate
* @param totalLength Total length of the buffers when concatenated.
* If totalLength is not provided, it is read from the buffers in the list. However, this adds an additional loop to the function, so it is faster to provide the length explicitly.
*/
static concat(list: Buffer[], totalLength?: number): Buffer;
/**
* The same as buf1.compare(buf2).
*/
static compare(buf1: Buffer, buf2: Buffer): number;
/**
* Allocates a new buffer of {size} octets.
*
* @param size count of octets to allocate.
* @param fill if specified, buffer will be initialized by calling buf.fill(fill).
* If parameter is omitted, buffer will be filled with zeros.
* @param encoding encoding used for call to buf.fill while initalizing
*/
static alloc(size: number, fill?: string | Buffer | number, encoding?: string): Buffer;
/**
* Allocates a new buffer of {size} octets, leaving memory not initialized, so the contents
* of the newly created Buffer are unknown and may contain sensitive data.
*
* @param size count of octets to allocate
*/
static allocUnsafe(size: number): Buffer;
/**
* Allocates a new non-pooled buffer of {size} octets, leaving memory not initialized, so the contents
* of the newly created Buffer are unknown and may contain sensitive data.
*
* @param size count of octets to allocate
*/
static allocUnsafeSlow(size: number): Buffer;
}
}
\ No newline at end of file
槟榔/node_modules/basic-auth/node_modules/safe-buffer/index.js 0 → 100644
浏览文件 @ fc91d687
/* eslint-disable node/no-deprecated-api */
var buffer = require('buffer')
var Buffer = buffer.Buffer
// alternative to using Object.keys for old browsers
function copyProps (src, dst) {
for (var key in src) {
dst[key] = src[key]
}
}
if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
module.exports = buffer
} else {
// Copy properties from require('buffer')
copyProps(buffer, exports)
exports.Buffer = SafeBuffer
}
function SafeBuffer (arg, encodingOrOffset, length) {
return Buffer(arg, encodingOrOffset, length)
}
// Copy static methods from Buffer
copyProps(Buffer, SafeBuffer)
SafeBuffer.from = function (arg, encodingOrOffset, length) {
if (typeof arg === 'number') {
throw new TypeError('Argument must not be a number')
}
return Buffer(arg, encodingOrOffset, length)
}
SafeBuffer.alloc = function (size, fill, encoding) {
if (typeof size !== 'number') {
throw new TypeError('Argument must be a number')
}
var buf = Buffer(size)
if (fill !== undefined) {
if (typeof encoding === 'string') {
buf.fill(fill, encoding)
} else {
buf.fill(fill)
}
} else {
buf.fill(0)
}
return buf
}
SafeBuffer.allocUnsafe = function (size) {
if (typeof size !== 'number') {
throw new TypeError('Argument must be a number')
}
return Buffer(size)
}
SafeBuffer.allocUnsafeSlow = function (size) {
if (typeof size !== 'number') {
throw new TypeError('Argument must be a number')
}
return buffer.SlowBuffer(size)
}
槟榔/node_modules/basic-auth/node_modules/safe-buffer/package.json 0 → 100644
浏览文件 @ fc91d687
{
"name": "safe-buffer",
"description": "Safer Node.js Buffer API",
"version": "5.1.2",
"author": {
"name": "Feross Aboukhadijeh",
"email": "feross@feross.org",
"url": "http://feross.org"
},
"bugs": {
"url": "https://github.com/feross/safe-buffer/issues"
},
"devDependencies": {
"standard": "*",
"tape": "^4.0.0"
},
"homepage": "https://github.com/feross/safe-buffer",
"keywords": [
"buffer",
"buffer allocate",
"node security",
"safe",
"safe-buffer",
"security",
"uninitialized"
],
"license": "MIT",
"main": "index.js",
"types": "index.d.ts",
"repository": {
"type": "git",
"url": "git://github.com/feross/safe-buffer.git"
},
"scripts": {
"test": "standard && tape test/*.js"
}
}
槟榔/node_modules/basic-auth/package.json 0 → 100644
浏览文件 @ fc91d687
{
"name": "basic-auth",
"description": "node.js basic auth parser",
"version": "2.0.1",
"license": "MIT",
"keywords": [
"basic",
"auth",
"authorization",
"basicauth"
],
"repository": "jshttp/basic-auth",
"dependencies": {
"safe-buffer": "5.1.2"
},
"devDependencies": {
"eslint": "5.6.0",
"eslint-config-standard": "12.0.0",
"eslint-plugin-import": "2.14.0",
"eslint-plugin-markdown": "1.0.0-beta.6",
"eslint-plugin-node": "7.0.1",
"eslint-plugin-promise": "4.0.1",
"eslint-plugin-standard": "4.0.0",
"istanbul": "0.4.5",
"mocha": "5.2.0"
},
"files": [
"HISTORY.md",
"LICENSE",
"index.js"
],
"engines": {
"node": ">= 0.8"
},
"scripts": {
"lint": "eslint --plugin markdown --ext js,md .",
"test": "mocha --check-leaks --reporter spec --bail",
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
"test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
}
}
槟榔/node_modules/corser/.travis.yml 0 → 100644
浏览文件 @ fc91d687
language: node_js
node_js:
- "node"
sudo: false
槟榔/node_modules/corser/LICENSE 0 → 100644
浏览文件 @ fc91d687
Copyright (C) 2012 Alexander Grüneberg
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
槟榔/node_modules/corser/README.md 0 → 100644
浏览文件 @ fc91d687
Corser
=======
[![Project Status: Active - The project has reached a stable, usable state and is being actively developed.](http://www.repostatus.org/badges/0.1.0/active.svg)](http://www.repostatus.org/#active)
[![Build Status](https://secure.travis-ci.org/agrueneberg/Corser.png)](http://travis-ci.org/agrueneberg/Corser)
A highly configurable, middleware compatible implementation of [CORS](http://www.w3.org/TR/cors/) for [Node.js](http://nodejs.org/).
Changelog
---------
### 2.0.1 (August 16, 2016)
* Add workaround for [Chrome 52 sending empty `Access-Control-Request-Headers` header](https://bugs.chromium.org/p/chromium/issues/detail?id=633729).
### 2.0.0 (March 22, 2014)
* Preflight requests are automatically closed. If there is a need for handling `OPTIONS` requests, check the `endPreflightRequests` option.
* The parameters of the callback function in dynamic origin checking are now `(err, matches)` instead of just `(matches)`.
Examples
--------
### How to use Corser as a middleware in Express
See `example/express/` for a working example.
var express, corser, app;
express = require("express");
corser = require("corser");
app = express();
app.use(corser.create());
app.get("/", function (req, res) {
res.writeHead(200);
res.end("Nice weather today, huh?");
});
app.listen(1337);
### How to use Corser as a middleware in Connect
See `example/connect/` for a working example.
var connect, corser, app;
connect = require("connect");
corser = require("corser");
app = connect();
app.use(corser.create());
app.use(function (req, res) {
res.writeHead(200);
res.end("Nice weather today, huh?");
});
app.listen(1337);
### How to use Corser with plain `http`
var http, corser, corserRequestListener;
http = require("http");
corser = require("corser");
// Create Corser request listener.
corserRequestListener = corser.create();
http.createServer(function (req, res) {
// Route req and res through the request listener.
corserRequestListener(req, res, function () {
res.writeHead(200);
res.end("Nice weather today, huh?");
});
}).listen(1337);
API
---
### Creating a Corser request listener
Creating a Corser request listener that generates the appropriate response headers to enable CORS is as simple as:
corser.create()
This is the equivalent of setting a response header of `Access-Control-Allow-Origin: *`. If you want to restrict the origins, or allow more sophisticated request or response headers, you have to pass a configuration object to `corser.create`.
Corser will automatically end preflight requests for you. A preflight request is a special `OPTIONS` request that the browser sends under certain conditions to negotiate with the server what methods, request headers and response headers are allowed for a CORS request. If you need to use the `OPTIONS` method for other stuff, just set `endPreflightRequests` to `false` and terminate those requests yourself:
var corserRequestListener;
corserRequestListener = corser.create({
endPreflightRequests: false
});
corserRequestListener(req, res, function () {
if (req.method === "OPTIONS") {
// End CORS preflight request.
res.writeHead(204);
res.end();
} else {
// Implement other HTTP methods.
}
});
#### Configuration Object
A configuration object with the following properties can be passed to `corser.create`.
##### `origins`
A case-sensitive whitelist of origins. Unless unbound, if the request comes from an origin that is not in this list, it will not be handled by CORS.
To allow for dynamic origin checking, a function `(origin, callback)` can be passed instead of an array. `origin` is the Origin header, `callback` is a function `(err, matches)`, where `matches` is a boolean flag that indicates whether the given Origin header matches or not.
Default: unbound, i.e. every origin is accepted.
##### `methods`
An uppercase whitelist of methods. If the request uses a method that is not in this list, it will not be handled by CORS.
Setting a value here will overwrite the list of default simple methods. To not lose them, concat the methods you want to add with `corser.simpleMethods`: `corser.simpleMethods.concat(["PUT", "DELETE"])`.
Default: simple methods (`GET`, `HEAD`, `POST`).
##### `requestHeaders`
A case-insensitive whitelist of request headers. If the request uses a request header that is not in this list, it will not be handled by CORS.
Setting a value here will overwrite the list of default simple request headers. To not lose them, concat the request headers you want to add with `corser.simpleRequestHeaders`: `corser.simpleRequestHeaders.concat(["Authorization"])`.
Default: simple request headers (`Accept`, `Accept-Language`, `Content-Language`, `Content-Type`, `Last-Event-ID`).
##### `responseHeaders`
A case-insensitive whitelist of response headers. Any response header that is not in this list will be filtered out by the user-agent (the browser).
Setting a value here will overwrite the list of default simple response headers. To not lose them, concat the response headers you want to add with `corser.simpleResponseHeaders`: `corser.simpleResponseHeaders.concat(["ETag"])`.
Default: simple response headers (`Cache-Control`, `Content-Language`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`).
##### `supportsCredentials`
A boolean that indicates if cookie credentials can be transferred as part of a CORS request. Currently, only a few HTML5 elements can benefit from this setting.
Default: `false`.
##### `maxAge`
An integer that indicates the maximum amount of time in seconds that a preflight request is kept in the client-side preflight result cache.
Default: not set.
##### `endPreflightRequests`
A boolean that indicates if CORS preflight requests should be automatically closed.
Default: `true`.
FAQ
---
### Ajax call returns `Origin X is not allowed by Access-Control-Allow-Origin`
Check if the `Origin` header of your request matches one of the origins provided in the `origins` property of the configuration object. If you didn't set any `origins` property, jump to the next question.
### Ajax call still returns `Origin X is not allowed by Access-Control-Allow-Origin`
Your request might use a non-simple method or one or more non-simple headers. According to the specification, the set of simple methods is `GET`, `HEAD`, and `POST`, and the set of simple request headers is `Accept`, `Accept-Language`, `Content-Language`, `Content-Type`, and `Last-Event-ID`. If your request uses **any** other method or header, you have to explicitly list them in the `methods` or `requestHeaders` property of the configuration object.
#### Example
You want to allow requests that use an `X-Requested-With` header. Pass the following configuration object to `corser.create`:
corser.create({
requestHeaders: corser.simpleRequestHeaders.concat(["X-Requested-With"])
});
### Getting a response header returns `Refused to get unsafe header "X"`
Your browser blocks every non-simple response headers that was not explicitly allowed in the preflight request. The set of simple response headers is `Cache-Control`, `Content-Language`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. If you want to access **any** other response header, you have to explicitly list them in the `responseHeaders` property of the configuration object.
#### Example
You want to allow clients to read the `ETag` header of a response. Pass the following configuration object to `corser.create`:
corser.create({
responseHeaders: corser.simpleResponseHeaders.concat(["ETag"])
});
槟榔/node_modules/corser/lib/corser.js 0 → 100644
浏览文件 @ fc91d687
/**
* Specification: http://www.w3.org/TR/2012/WD-cors-20120403/
* W3C Working Draft 3 April 2012
*/
"use strict";
/*jshint node:true */
var simpleMethods, simpleRequestHeaders, simpleResponseHeaders, toLowerCase, checkOriginMatch;
// A method is said to be a simple method if it is a case-sensitive match for one of the following:
Object.defineProperty(exports, "simpleMethods", {
get: function () {
return [
"GET",
"HEAD",
"POST"
];
}
});
simpleMethods = exports.simpleMethods;
// A header is said to be a simple header if the header field name is an ASCII case-insensitive match for one of
// the following:
Object.defineProperty(exports, "simpleRequestHeaders", {
get: function () {
return [
"accept",
"accept-language",
"content-language",
"content-type"
];
}
});
simpleRequestHeaders = exports.simpleRequestHeaders;
// A header is said to be a simple response header if the header field name is an ASCII case-insensitive
// match for one of the following:
Object.defineProperty(exports, "simpleResponseHeaders", {
get: function () {
return [
"cache-control",
"content-language",
"content-type",
"expires",
"last-modified",
"pragma"
];
}
});
simpleResponseHeaders = exports.simpleResponseHeaders;
toLowerCase = function (array) {
return array.map(function (el) {
return el.toLowerCase();
});
};
checkOriginMatch = function (originHeader, origins, callback) {
if (typeof origins === "function") {
origins(originHeader, function (err, allow) {
callback(err, allow);
});
} else if (origins.length > 0) {
callback(null, origins.some(function (origin) {
return origin === originHeader;
}));
} else {
// Always matching is acceptable since the list of origins can be unbounded.
callback(null, true);
}
};
exports.create = function (options) {
options = options || {};
options.origins = options.origins || [];
options.methods = options.methods || simpleMethods;
if (options.hasOwnProperty("requestHeaders") === true) {
options.requestHeaders = toLowerCase(options.requestHeaders);
} else {
options.requestHeaders = simpleRequestHeaders;
}
if (options.hasOwnProperty("responseHeaders") === true) {
options.responseHeaders = toLowerCase(options.responseHeaders);
} else {
options.responseHeaders = simpleResponseHeaders;
}
options.maxAge = options.maxAge || null;
options.supportsCredentials = options.supportsCredentials || false;
if (options.hasOwnProperty("endPreflightRequests") === false) {
options.endPreflightRequests = true;
}
return function (req, res, next) {
var methodMatches, headersMatch, requestMethod, requestHeaders, exposedHeaders, endPreflight;
// If the Origin header is not present terminate this set of steps.
if (!req.headers.hasOwnProperty("origin")) {
// The request is outside the scope of the CORS specification. If there is no Origin header,
// it could be a same-origin request. Let's let the user-agent handle this situation.
next();
} else {
// If the value of the Origin header is not a case-sensitive match for any of the values in
// list of origins, do not set any additional headers and terminate this set of steps.
checkOriginMatch(req.headers.origin, options.origins, function (err, originMatches) {
if (err !== null) {
next(err);
} else {
if (typeof originMatches !== "boolean" || originMatches === false) {
next();
} else {
// Respond to preflight request.
if (req.method === "OPTIONS") {
endPreflight = function () {
if (options.endPreflightRequests === true) {
res.writeHead(204);
res.end();
} else {
next();
}
};
// If there is no Access-Control-Request-Method header or if parsing failed, do not set
// any additional headers and terminate this set of steps.
if (!req.headers.hasOwnProperty("access-control-request-method")) {
endPreflight();
} else {
requestMethod = req.headers["access-control-request-method"];
// If there are no Access-Control-Request-Headers headers let header field-names be the
// empty list. If parsing failed do not set any additional headers and terminate this set
// of steps.
// Checking for an empty header is a workaround for a bug Chrome 52:
// https://bugs.chromium.org/p/chromium/issues/detail?id=633729
if (req.headers.hasOwnProperty("access-control-request-headers") && req.headers["access-control-request-headers"] !== "") {
requestHeaders = toLowerCase(req.headers["access-control-request-headers"].split(/,\s*/));
} else {
requestHeaders = [];
}
// If method is not a case-sensitive match for any of the values in list of methods do not
// set any additional headers and terminate this set of steps.
methodMatches = options.methods.indexOf(requestMethod) !== -1;
if (methodMatches === false) {
endPreflight();
} else {
// If any of the header field-names is not a ASCII case-insensitive match for any of
// the values in list of headers do not set any additional headers and terminate this
// set of steps.
headersMatch = requestHeaders.every(function (requestHeader) {
// Browsers automatically add Origin to Access-Control-Request-Headers. However,
// Origin is not one of the simple request headers. Therefore, the header is
// accepted even if it is not in the list of request headers because CORS would
// not work without it.
if (requestHeader === "origin") {
return true;
} else {
if (options.requestHeaders.indexOf(requestHeader) !== -1) {
return true;
} else {
return false;
}
}
});
if (headersMatch === false) {
endPreflight();
} else {
if (options.supportsCredentials === true) {
// If the resource supports credentials add a single Access-Control-Allow-Origin
// header, with the value of the Origin header as value, and add a single
// Access-Control-Allow-Credentials header with the literal string "true"
// as value.
res.setHeader("Access-Control-Allow-Origin", req.headers.origin);
res.setHeader("Access-Control-Allow-Credentials", "true");
} else {
// Otherwise, add a single Access-Control-Allow-Origin header, with either the
// value of the Origin header or the string "*" as value.
if (options.origins.length > 0 || typeof options.origins === "function") {
res.setHeader("Access-Control-Allow-Origin", req.headers.origin);
} else {
res.setHeader("Access-Control-Allow-Origin", "*");
}
}
// Optionally add a single Access-Control-Max-Age header with as value the amount
// of seconds the user agent is allowed to cache the result of the request.
if (options.maxAge !== null) {
res.setHeader("Access-Control-Max-Age", options.maxAge);
}
// Add one or more Access-Control-Allow-Methods headers consisting of (a subset
// of) the list of methods.
res.setHeader("Access-Control-Allow-Methods", options.methods.join(","));
// Add one or more Access-Control-Allow-Headers headers consisting of (a subset
// of) the list of headers.
res.setHeader("Access-Control-Allow-Headers", options.requestHeaders.join(","));
// And out.
endPreflight();
}
}
}
} else {
if (options.supportsCredentials === true) {
// If the resource supports credentials add a single Access-Control-Allow-Origin header,
// with the value of the Origin header as value, and add a single
// Access-Control-Allow-Credentials header with the literal string "true" as value.
res.setHeader("Access-Control-Allow-Origin", req.headers.origin);
res.setHeader("Access-Control-Allow-Credentials", "true");
} else {
// Otherwise, add a single Access-Control-Allow-Origin header, with either the value of
// the Origin header or the literal string "*" as value.
// If the list of origins is empty, use "*" as value.
if (options.origins.length > 0 || typeof options.origins === "function") {
res.setHeader("Access-Control-Allow-Origin", req.headers.origin);
} else {
res.setHeader("Access-Control-Allow-Origin", "*");
}
}
// If the list of exposed headers is not empty add one or more Access-Control-Expose-Headers
// headers, with as values the header field names given in the list of exposed headers.
exposedHeaders = options.responseHeaders.filter(function (optionsResponseHeader) {
return simpleResponseHeaders.indexOf(optionsResponseHeader) === -1;
});
if (exposedHeaders.length > 0) {
res.setHeader("Access-Control-Expose-Headers", exposedHeaders.join(","));
}
// And out.
next();
}
}
}
});
}
};
};
槟榔/node_modules/corser/package.json 0 → 100644
浏览文件 @ fc91d687
{
"name": "corser",
"version": "2.0.1",
"description": "A highly configurable, middleware compatible implementation of CORS.",
"keywords": ["cors", "cross-origin resource sharing", "connect", "express", "middleware"],
"bugs": "https://github.com/agrueneberg/Corser/issues",
"license": "MIT",
"author": "Alexander Grüneberg <alexander.grueneberg@googlemail.com>",
"main": "./lib/corser.js",
"repository": {
"type": "git",
"url": "https://github.com/agrueneberg/Corser.git"
},
"scripts": {
"test": "./node_modules/.bin/mocha"
},
"devDependencies": {
"mocha": "1.3.x",
"expect.js": "0.1.x"
},
"engines": {
"node": ">= 0.4.0"
}
}
槟榔/node_modules/http-server/LICENSE 0 → 100644
浏览文件 @ fc91d687
Copyright (c) 2011-2022 Charlie Robbins, Marak Squires, Jade Michael Thornton and the Contributors.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
槟榔/node_modules/http-server/README.md 0 → 100644
浏览文件 @ fc91d687
[![GitHub Workflow Status (master)](https://img.shields.io/github/workflow/status/http-party/http-server/Node.js%20CI/master?style=flat-square)](https://github.com/http-party/http-server/actions)
[![npm](https://img.shields.io/npm/v/http-server.svg?style=flat-square)](https://www.npmjs.com/package/http-server) [![homebrew](https://img.shields.io/homebrew/v/http-server?style=flat-square)](https://formulae.brew.sh/formula/http-server) [![npm downloads](https://img.shields.io/npm/dm/http-server?color=blue&label=npm%20downloads&style=flat-square)](https://www.npmjs.com/package/http-server)
[![license](https://img.shields.io/github/license/http-party/http-server.svg?style=flat-square)](https://github.com/http-party/http-server)
# http-server: a simple static HTTP server
`http-server` is a simple, zero-configuration command-line static HTTP server. It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development and learning.
![Example of running http-server](https://github.com/http-party/http-server/raw/master/screenshots/public.png)
## Installation:
#### Running on-demand:
Using `npx` you can run the script without installing it first:
npx http-server [path] [options]
#### Globally via `npm`
npm install --global http-server
This will install `http-server` globally so that it may be run from the command line anywhere.
#### Globally via Homebrew
brew install http-server
#### As a dependency in your `npm` package:
npm install http-server
## Usage:
http-server [path] [options]
`[path]` defaults to `./public` if the folder exists, and `./` otherwise.
*Now you can visit http://localhost:8080 to view your server*
**Note:** Caching is on by default. Add `-c-1` as an option to disable caching.
## Available Options:
| Command | Description | Defaults |
| ------------- |-------------|-------------|
|`-p` or `--port` |Port to use. Use `-p 0` to look for an open port, starting at 8080. It will also read from `process.env.PORT`. |8080 |
|`-a` |Address to use |0.0.0.0|
|`-d` |Show directory listings |`true` |
|`-i` | Display autoIndex | `true` |
|`-g` or `--gzip` |When enabled it will serve `./public/some-file.js.gz` in place of `./public/some-file.js` when a gzipped version of the file exists and the request accepts gzip encoding. If brotli is also enabled, it will try to serve brotli first.|`false`|
|`-b` or `--brotli`|When enabled it will serve `./public/some-file.js.br` in place of `./public/some-file.js` when a brotli compressed version of the file exists and the request accepts `br` encoding. If gzip is also enabled, it will try to serve brotli first. |`false`|
|`-e` or `--ext` |Default file extension if none supplied |`html` |
|`-s` or `--silent` |Suppress log messages from output | |
|`--cors` |Enable CORS via the `Access-Control-Allow-Origin` header | |
|`-o [path]` |Open browser window after starting the server. Optionally provide a URL path to open. e.g.: -o /other/dir/ | |
|`-c` |Set cache time (in seconds) for cache-control max-age header, e.g. `-c10` for 10 seconds. To disable caching, use `-c-1`.|`3600` |
|`-U` or `--utc` |Use UTC time format in log messages.| |
|`--log-ip` |Enable logging of the client's IP address |`false` |
|`-P` or `--proxy` |Proxies all requests which can't be resolved locally to the given url. e.g.: -P http://someurl.com | |
|`--proxy-options` |Pass proxy [options](https://github.com/http-party/node-http-proxy#options) using nested dotted objects. e.g.: --proxy-options.secure false |
|`--username` |Username for basic authentication | |
|`--password` |Password for basic authentication | |
|`-S`, `--tls` or `--ssl` |Enable secure request serving with TLS/SSL (HTTPS)|`false`|
|`-C` or `--cert` |Path to ssl cert file |`cert.pem` |
|`-K` or `--key` |Path to ssl key file |`key.pem` |
|`-r` or `--robots` | Automatically provide a /robots.txt (The content of which defaults to `User-agent: *\nDisallow: /`) | `false` |
|`--no-dotfiles` |Do not show dotfiles| |
|`--mimetypes` |Path to a .types file for custom mimetype definition| |
|`-h` or `--help` |Print this list and exit. | |
|`-v` or `--version`|Print the version and exit. | |
## Magic Files
- `index.html` will be served as the default file to any directory requests.
- `404.html` will be served if a file is not found. This can be used for Single-Page App (SPA) hosting to serve the entry page.
## Catch-all redirect
To implement a catch-all redirect, use the index page itself as the proxy with:
```
http-server --proxy http://localhost:8080?
```
Note the `?` at the end of the proxy URL. Thanks to [@houston3](https://github.com/houston3) for this clever hack!
## TLS/SSL
First, you need to make sure that [openssl](https://github.com/openssl/openssl) is installed correctly, and you have `key.pem` and `cert.pem` files. You can generate them using this command:
``` sh
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
```
You will be prompted with a few questions after entering the command. Use `127.0.0.1` as value for `Common name` if you want to be able to install the certificate in your OS's root certificate store or browser so that it is trusted.
This generates a cert-key pair and it will be valid for 3650 days (about 10 years).
Then you need to run the server with `-S` for enabling SSL and `-C` for your certificate file.
``` sh
http-server -S -C cert.pem
```
If you wish to use a passphrase with your private key you can include one in the openssl command via the -passout parameter (using password of foobar)
e.g.
`openssl req -newkey rsa:2048 -passout pass:foobar -keyout key.pem -x509 -days 365 -out cert.pem`
For security reasons, the passphrase will only be read from the `NODE_HTTP_SERVER_SSL_PASSPHRASE` environment variable.
This is what should be output if successful:
``` sh
Starting up http-server, serving ./ through https
http-server settings:
CORS: disabled
Cache: 3600 seconds
Connection Timeout: 120 seconds
Directory Listings: visible
AutoIndex: visible
Serve GZIP Files: false
Serve Brotli Files: false
Default File Extension: none
Available on:
https://127.0.0.1:8080
https://192.168.1.101:8080
https://192.168.1.104:8080
Hit CTRL-C to stop the server
```
# Development
Checkout this repository locally, then:
```sh
$ npm i
$ npm start
```
*Now you can visit http://localhost:8080 to view your server*
You should see the turtle image in the screenshot above hosted at that URL. See
the `./public` folder for demo content.
槟榔/node_modules/http-server/bin/http-server 0 → 100644
浏览文件 @ fc91d687
#!/usr/bin/env node
'use strict';
var chalk = require('chalk'),
os = require('os'),
httpServer = require('../lib/http-server'),
portfinder = require('portfinder'),
opener = require('opener'),
fs = require('fs'),
url = require('url');
var argv = require('minimist')(process.argv.slice(2), {
alias: {
tls: 'ssl'
}
});
var ifaces = os.networkInterfaces();
process.title = 'http-server';
if (argv.h || argv.help) {
console.log([
'usage: http-server [path] [options]',
'',
'options:',
' -p --port Port to use. If 0, look for open port. [8080]',
' -a Address to use [0.0.0.0]',
' -d Show directory listings [true]',
' -i Display autoIndex [true]',
' -g --gzip Serve gzip files when possible [false]',
' -b --brotli Serve brotli files when possible [false]',
' If both brotli and gzip are enabled, brotli takes precedence',
' -e --ext Default file extension if none supplied [none]',
' -s --silent Suppress log messages from output',
' --cors[=headers] Enable CORS via the "Access-Control-Allow-Origin" header',
' Optionally provide CORS headers list separated by commas',
' -o [path] Open browser window after starting the server.',
' Optionally provide a URL path to open the browser window to.',
' -c Cache time (max-age) in seconds [3600], e.g. -c10 for 10 seconds.',
' To disable caching, use -c-1.',
' -t Connections timeout in seconds [120], e.g. -t60 for 1 minute.',
' To disable timeout, use -t0',
' -U --utc Use UTC time format in log messages.',
' --log-ip Enable logging of the client\'s IP address',
'',
' -P --proxy Fallback proxy if the request cannot be resolved. e.g.: http://someurl.com',
' --proxy-options Pass options to proxy using nested dotted objects. e.g.: --proxy-options.secure false',
'',
' --username Username for basic authentication [none]',
' Can also be specified with the env variable NODE_HTTP_SERVER_USERNAME',
' --password Password for basic authentication [none]',
' Can also be specified with the env variable NODE_HTTP_SERVER_PASSWORD',
'',
' -S --tls --ssl Enable secure request serving with TLS/SSL (HTTPS)',
' -C --cert Path to TLS cert file (default: cert.pem)',
' -K --key Path to TLS key file (default: key.pem)',
'',
' -r --robots Respond to /robots.txt [User-agent: *\\nDisallow: /]',
' --no-dotfiles Do not show dotfiles',
' --mimetypes Path to a .types file for custom mimetype definition',
' -h --help Print this list and exit.',
' -v --version Print the version and exit.'
].join('\n'));
process.exit();
}
var port = argv.p || argv.port || parseInt(process.env.PORT, 10),
host = argv.a || '0.0.0.0',
tls = argv.S || argv.tls,
sslPassphrase = process.env.NODE_HTTP_SERVER_SSL_PASSPHRASE,
proxy = argv.P || argv.proxy,
proxyOptions = argv['proxy-options'],
utc = argv.U || argv.utc,
version = argv.v || argv.version,
logger;
var proxyOptionsBooleanProps = [
'ws', 'xfwd', 'secure', 'toProxy', 'prependPath', 'ignorePath', 'changeOrigin',
'preserveHeaderKeyCase', 'followRedirects', 'selfHandleResponse'
];
if (proxyOptions) {
Object.keys(proxyOptions).forEach(function (key) {
if (proxyOptionsBooleanProps.indexOf(key) > -1) {
proxyOptions[key] = proxyOptions[key].toLowerCase() === 'true';
}
});
}
if (!argv.s && !argv.silent) {
logger = {
info: console.log,
request: function (req, res, error) {
var date = utc ? new Date().toUTCString() : new Date();
var ip = argv['log-ip']
? req.headers['x-forwarded-for'] || '' + req.connection.remoteAddress
: '';
if (error) {
logger.info(
'[%s] %s "%s %s" Error (%s): "%s"',
date, ip, chalk.red(req.method), chalk.red(req.url),
chalk.red(error.status.toString()), chalk.red(error.message)
);
}
else {
logger.info(
'[%s] %s "%s %s" "%s"',
date, ip, chalk.cyan(req.method), chalk.cyan(req.url),
req.headers['user-agent']
);
}
}
};
}
else if (chalk) {
logger = {
info: function () {},
request: function () {}
};
}
if (version) {
logger.info('v' + require('../package.json').version);
process.exit();
}
if (!port) {
portfinder.basePort = 8080;
portfinder.getPort(function (err, port) {
if (err) { throw err; }
listen(port);
});
}
else {
listen(port);
}
function listen(port) {
var options = {
root: argv._[0],
cache: argv.c,
timeout: argv.t,
showDir: argv.d,
autoIndex: argv.i,
gzip: argv.g || argv.gzip,
brotli: argv.b || argv.brotli,
robots: argv.r || argv.robots,
ext: argv.e || argv.ext,
logFn: logger.request,
proxy: proxy,
proxyOptions: proxyOptions,
showDotfiles: argv.dotfiles,
mimetypes: argv.mimetypes,
username: argv.username || process.env.NODE_HTTP_SERVER_USERNAME,
password: argv.password || process.env.NODE_HTTP_SERVER_PASSWORD
};
if (argv.cors) {
options.cors = true;
if (typeof argv.cors === 'string') {
options.corsHeaders = argv.cors;
}
}
if (proxy) {
try {
new url.URL(proxy)
}
catch (err) {
logger.info(chalk.red('Error: Invalid proxy url'));
process.exit(1);
}
}
if (tls) {
options.https = {
cert: argv.C || argv.cert || 'cert.pem',
key: argv.K || argv.key || 'key.pem',
passphrase: sslPassphrase,
};
try {
fs.lstatSync(options.https.cert);
}
catch (err) {
logger.info(chalk.red('Error: Could not find certificate ' + options.https.cert));
process.exit(1);
}
try {
fs.lstatSync(options.https.key);
}
catch (err) {
logger.info(chalk.red('Error: Could not find private key ' + options.https.key));
process.exit(1);
}
}
var server = httpServer.createServer(options);
server.listen(port, host, function () {
var protocol = tls ? 'https://' : 'http://';
logger.info([
chalk.yellow('Starting up http-server, serving '),
chalk.cyan(server.root),
tls ? (chalk.yellow(' through') + chalk.cyan(' https')) : ''
].join(''));
logger.info([chalk.yellow('\nhttp-server version: '), chalk.cyan(require('../package.json').version)].join(''));
logger.info([
chalk.yellow('\nhttp-server settings: '),
([chalk.yellow('CORS: '), argv.cors ? chalk.cyan(argv.cors) : chalk.red('disabled')].join('')),
([chalk.yellow('Cache: '), argv.c ? (argv.c === '-1' ? chalk.red('disabled') : chalk.cyan(argv.c + ' seconds')) : chalk.cyan('3600 seconds')].join('')),
([chalk.yellow('Connection Timeout: '), argv.t === '0' ? chalk.red('disabled') : (argv.t ? chalk.cyan(argv.t + ' seconds') : chalk.cyan('120 seconds'))].join('')),
([chalk.yellow('Directory Listings: '), argv.d ? chalk.red('not visible') : chalk.cyan('visible')].join('')),
([chalk.yellow('AutoIndex: '), argv.i ? chalk.red('not visible') : chalk.cyan('visible')].join('')),
([chalk.yellow('Serve GZIP Files: '), argv.g || argv.gzip ? chalk.cyan('true') : chalk.red('false')].join('')),
([chalk.yellow('Serve Brotli Files: '), argv.b || argv.brotli ? chalk.cyan('true') : chalk.red('false')].join('')),
([chalk.yellow('Default File Extension: '), argv.e ? chalk.cyan(argv.e) : (argv.ext ? chalk.cyan(argv.ext) : chalk.red('none'))].join(''))
].join('\n'));
logger.info(chalk.yellow('\nAvailable on:'));
if (argv.a && host !== '0.0.0.0') {
logger.info(` ${protocol}${host}:${chalk.green(port.toString())}`);
} else {
Object.keys(ifaces).forEach(function (dev) {
ifaces[dev].forEach(function (details) {
if (details.family === 'IPv4') {
logger.info((' ' + protocol + details.address + ':' + chalk.green(port.toString())));
}
});
});
}
if (typeof proxy === 'string') {
if (proxyOptions) {
logger.info('Unhandled requests will be served from: ' + proxy + '. Options: ' + JSON.stringify(proxyOptions));
}
else {
logger.info('Unhandled requests will be served from: ' + proxy);
}
}
logger.info('Hit CTRL-C to stop the server');
if (argv.o) {
const openHost = host === '0.0.0.0' ? '127.0.0.1' : host;
let openUrl = `${protocol}${openHost}:${port}`;
if (typeof argv.o === 'string') {
openUrl += argv.o[0] === '/' ? argv.o : '/' + argv.o;
}
logger.info('Open: ' + openUrl);
opener(openUrl);
}
// Spacing before logs
if (!argv.s) logger.info();
});
}
if (process.platform === 'win32') {
require('readline').createInterface({
input: process.stdin,
output: process.stdout
}).on('SIGINT', function () {
process.emit('SIGINT');
});
}
process.on('SIGINT', function () {
logger.info(chalk.red('http-server stopped.'));
process.exit();
});
process.on('SIGTERM', function () {
logger.info(chalk.red('http-server stopped.'));
process.exit();
});
槟榔/node_modules/http-server/doc/http-server.1 0 → 100644
浏览文件 @ fc91d687
.TH http-server 1 "April 2020" GNU "http-server man page"
.SH NAME
http-server \- a simple zero-configuration command-line http server
.SH SYNOPSIS
.B http-server
[\fIPATH\fR]
[\fIOPTIONS\fR]
.SH DESCRIPTION
\fBhttp-server\fR is a simple, zero-configuration command-line http server. It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development, and learning.
.SH OPTIONS
.TP
.BI [\fIPATH\fR]
The directory to serve.
Defaults to ./public if it exists, and ./ otherwise.
.TP
.BI \-p ", " \-\-port " " \fIPORT\fR
Port to use. If 0, look for the first available port, starting at 8080.
Default is 8080.
.TP
.BI \-a " " \fIADDRESS\fR
Address to use.
Default is 0.0.0.0.
.TP
.BI \-d
Show directory listings.
Default is true.
.TP
.BI \-i
Display autoIndex.
Default is true.
.TP
.BI \-g ", " \-\-gzip
Serve gzip files when possible.
Default is false.
.TP
.BI \-b ", " \-\-brotli
Serve brotli files when possible.
If both brotli and gzip are enabled, brotli takes precedence.
Default is false.
.TP
.BI \-e ", " \-\-ext " " \fIEXTENSION\fR
Default file extension is none is provided.
.TP
.BI \-s ", " \-\-silent
Suppress log messages from output.
.TP
.BI \-\-cors " " [\fIHEADERS\fR]
Enable CORS via the "Access-Control-Allow-Origin" header.
Optionally provide CORS headers list separated by commas.
.TP
.BI \-o " " [\fIPATH\fR]
Open default browser window after starting the server.
Optionally provide a URL path to open the browser window to.
.TP
.BI \-c " " \fITIME\fR
Cache time (max-age) in seconds.
To disable caching, use \-c \-1.
Default is 3600.
.TP
.BI \-U ", " \-\-utc
Use UTC time format in log messages.
.TP
.BI \-\-log\-ip
Enable logging of the client IP address.
.TP
.BI \-P ", " \-\-proxy
Fallback proxy if the request cannot be resolved.
.TP
.BI \-\-proxy\-options
Pass proxy options using nested dotted objects.
.TP
.BI \-\-username " " \fIUSERNAME\fR
Username for basic authentication.
Can also be specified with the environment variable NODE_HTTP_SERVER_USERNAME.
Defaults to none.
.TP
.BI \-\-password " " \fIPASSWORD\fR
Password for basic authentication.
Can also be specified with the environment variable NODE_HTTP_SERVER_PASSWORD.
Defaults to none.
.TP
.BI \-S ", " \-\-tls ", " \-\-ssl
Enable https.
.TP
.BI \-C ", " \-\-cert " " [\fIFILE\fR]
Path to SSL certificate file.
If not specified, uses cert.pem.
.TP
.BI \-K ", " \-\-key " " [\fIFILE\fR]
Path to SSL key file.
If not specified, uses key.pem.
Passphrase will be read from NODE_HTTP_SERVER_SSL_PASSPHRASE (if set)
.TP
.BI \-r ", " \-\-robots " " [\fIUSER\-AGENT\fR]
Respond to /robots.txt request.
If not specified, uses "User-agent: *\\nDisallow: /]"
.TP
.BI \-\-no\-dotfiles
Do not show dotfiles.
.TP
.BI \-h ", " \-\-help
Print usage and exit.
.TP
.BI \-v ", " \-\-version
Print version and exit.
.SH FILES
.B index.html
will be served as the default file to any directory requests.
.B 404.html
will be served if a file is not found. This can be used for SPA hosting to serve the entry page.
.SH COPYING
Copyright (c) 2011-2022 Charlie Robbins, Marak Squires, and the Contributors.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
.SH VERSION
Version 0.12.2
槟榔/node_modules/http-server/lib/core/aliases.json 0 → 100644
浏览文件 @ fc91d687
{
"autoIndex": [ "autoIndex", "autoindex" ],
"showDir": [ "showDir", "showdir" ],
"showDotfiles": ["showDotfiles", "showdotfiles"],
"humanReadable": [ "humanReadable", "humanreadable", "human-readable" ],
"hidePermissions": ["hidePermissions", "hidepermissions", "hide-permissions"],
"si": [ "si", "index" ],
"handleError": [ "handleError", "handleerror" ],
"cors": [ "cors", "CORS" ],
"headers": [ "H", "header", "headers" ],
"contentType": [ "contentType", "contenttype", "content-type" ],
"mimeType": [
"mimetype",
"mimetypes",
"mimeType",
"mimeTypes",
"mime-type",
"mime-types",
"mime-Type",
"mime-Types"
],
"weakEtags": [ "weakEtags", "weaketags", "weak-etags" ],
"weakCompare": [
"weakcompare",
"weakCompare",
"weak-compare",
"weak-Compare"
],
"handleOptionsMethod": [
"handleOptionsMethod",
"handleoptionsmethod",
"handle-options-method"
]
}
槟榔/node_modules/http-server/lib/core/defaults.json 0 → 100644
浏览文件 @ fc91d687
{
"autoIndex": true,
"showDir": true,
"showDotfiles": true,
"humanReadable": true,
"hidePermissions": false,
"si": false,
"cache": "max-age=3600",
"cors": false,
"gzip": true,
"brotli": false,
"defaultExt": ".html",
"handleError": true,
"contentType": "application/octet-stream",
"weakEtags": true,
"weakCompare": true,
"handleOptionsMethod": false
}
槟榔/node_modules/http-server/lib/core/etag.js 0 → 100644
浏览文件 @ fc91d687
'use strict';
module.exports = (stat, weakEtag) => {
let etag = `"${[stat.ino, stat.size, stat.mtime.toISOString()].join('-')}"`;
if (weakEtag) {
etag = `W/${etag}`;
}
return etag;
};
槟榔/node_modules/http-server/lib/core/index.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/http-server/lib/core/opts.js 0 → 100644
浏览文件 @ fc91d687
'use strict';
// This is so you can have options aliasing and defaults in one place.
const defaults = require('./defaults.json');
const aliases = require('./aliases.json');
module.exports = (opts) => {
let autoIndex = defaults.autoIndex;
let showDir = defaults.showDir;
let showDotfiles = defaults.showDotfiles;
let humanReadable = defaults.humanReadable;
let hidePermissions = defaults.hidePermissions;
let si = defaults.si;
let cache = defaults.cache;
let gzip = defaults.gzip;
let brotli = defaults.brotli;
let defaultExt = defaults.defaultExt;
let handleError = defaults.handleError;
const headers = {};
let contentType = defaults.contentType;
let mimeTypes;
let weakEtags = defaults.weakEtags;
let weakCompare = defaults.weakCompare;
let handleOptionsMethod = defaults.handleOptionsMethod;
function isDeclared(k) {
return typeof opts[k] !== 'undefined' && opts[k] !== null;
}
function setHeader(str) {
const m = /^(.+?)\s*:\s*(.*)$/.exec(str);
if (!m) {
headers[str] = true;
} else {
headers[m[1]] = m[2];
}
}
if (opts) {
aliases.autoIndex.some((k) => {
if (isDeclared(k)) {
autoIndex = opts[k];
return true;
}
return false;
});
aliases.showDir.some((k) => {
if (isDeclared(k)) {
showDir = opts[k];
return true;
}
return false;
});
aliases.showDotfiles.some((k) => {
if (isDeclared(k)) {
showDotfiles = opts[k];
return true;
}
return false;
});
aliases.humanReadable.some((k) => {
if (isDeclared(k)) {
humanReadable = opts[k];
return true;
}
return false;
});
aliases.hidePermissions.some((k) => {
if (isDeclared(k)) {
hidePermissions = opts[k];
return true;
}
return false;
});
aliases.si.some((k) => {
if (isDeclared(k)) {
si = opts[k];
return true;
}
return false;
});
if (opts.defaultExt && typeof opts.defaultExt === 'string') {
defaultExt = opts.defaultExt;
}
if (typeof opts.cache !== 'undefined' && opts.cache !== null) {
if (typeof opts.cache === 'string') {
cache = opts.cache;
} else if (typeof opts.cache === 'number') {
cache = `max-age=${opts.cache}`;
} else if (typeof opts.cache === 'function') {
cache = opts.cache;
}
}
if (typeof opts.gzip !== 'undefined' && opts.gzip !== null) {
gzip = opts.gzip;
}
if (typeof opts.brotli !== 'undefined' && opts.brotli !== null) {
brotli = opts.brotli;
}
aliases.handleError.some((k) => {
if (isDeclared(k)) {
handleError = opts[k];
return true;
}
return false;
});
aliases.cors.forEach((k) => {
if (isDeclared(k) && opts[k]) {
handleOptionsMethod = true;
headers['Access-Control-Allow-Origin'] = '*';
headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since';
}
});
aliases.headers.forEach((k) => {
if (isDeclared(k)) {
if (Array.isArray(opts[k])) {
opts[k].forEach(setHeader);
} else if (opts[k] && typeof opts[k] === 'object') {
Object.keys(opts[k]).forEach((key) => {
headers[key] = opts[k][key];
});
} else {
setHeader(opts[k]);
}
}
});
aliases.contentType.some((k) => {
if (isDeclared(k)) {
contentType = opts[k];
return true;
}
return false;
});
aliases.mimeType.some((k) => {
if (isDeclared(k)) {
mimeTypes = opts[k];
return true;
}
return false;
});
aliases.weakEtags.some((k) => {
if (isDeclared(k)) {
weakEtags = opts[k];
return true;
}
return false;
});
aliases.weakCompare.some((k) => {
if (isDeclared(k)) {
weakCompare = opts[k];
return true;
}
return false;
});
aliases.handleOptionsMethod.some((k) => {
if (isDeclared(k)) {
handleOptionsMethod = handleOptionsMethod || opts[k];
return true;
}
return false;
});
}
return {
cache,
autoIndex,
showDir,
showDotfiles,
humanReadable,
hidePermissions,
si,
defaultExt,
baseDir: (opts && opts.baseDir) || '/',
gzip,
brotli,
handleError,
headers,
contentType,
mimeTypes,
weakEtags,
weakCompare,
handleOptionsMethod,
};
};
槟榔/node_modules/http-server/lib/http-server.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/http-server/package.json 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/opener/LICENSE.txt 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/opener/README.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/opener/bin/opener-bin.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/opener/lib/opener.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/opener/package.json 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/portfinder/LICENSE 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/portfinder/README.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/portfinder/lib/portfinder.d.ts 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/portfinder/lib/portfinder.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/portfinder/package.json 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/secure-compare/.npmignore 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/secure-compare/README.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/secure-compare/index.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/secure-compare/package.json 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/secure-compare/test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/.gitattributes 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/.travis.yml 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/CHANGELOG.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/LICENSE 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/README.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/after/index.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/simple/favicon.png 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/simple/simple.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/simple/spdy.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/socketio/README 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/socketio/index.html 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/examples/socketio/server.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/buffered-stream.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/core.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/http-stream.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/index.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/request-stream.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/response-stream.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/lib/routing-stream.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/package.json 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/after-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/body-parser-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/double-write-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/ecstatic-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/header-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/helpers/macros.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/prop-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/simple-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/status-code-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/test/streaming-test.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/union/union.png 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/.travis.yml 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/CHANGELOG.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/LICENSE 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/README.md 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/bin/changelog 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/lib/url-join.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/package.json 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/node_modules/url-join/test/tests.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/package-lock.json
浏览文件 @ fc91d687
此差异已折叠。
槟榔/package.json
浏览文件 @ fc91d687
此差异已折叠。
槟榔/token.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/token2.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/token3.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/token4.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/token5.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/token6.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/tokenKey copy.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
槟榔/tokenKey.js 0 → 100644
浏览文件 @ fc91d687
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册