index.js 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131
  1. /*!
  2. * send
  3. * Copyright(c) 2012 TJ Holowaychuk
  4. * Copyright(c) 2014-2016 Douglas Christopher Wilson
  5. * MIT Licensed
  6. */
  7. 'use strict'
  8. /**
  9. * Module dependencies.
  10. * @private
  11. */
  12. var createError = require('http-errors')
  13. var debug = require('debug')('send')
  14. var deprecate = require('depd')('send')
  15. var destroy = require('destroy')
  16. var encodeUrl = require('encodeurl')
  17. var escapeHtml = require('escape-html')
  18. var etag = require('etag')
  19. var fresh = require('fresh')
  20. var fs = require('fs')
  21. var mime = require('mime')
  22. var ms = require('ms')
  23. var onFinished = require('on-finished')
  24. var parseRange = require('range-parser')
  25. var path = require('path')
  26. var statuses = require('statuses')
  27. var Stream = require('stream')
  28. var util = require('util')
  29. /**
  30. * Path function references.
  31. * @private
  32. */
  33. var extname = path.extname
  34. var join = path.join
  35. var normalize = path.normalize
  36. var resolve = path.resolve
  37. var sep = path.sep
  38. /**
  39. * Regular expression for identifying a bytes Range header.
  40. * @private
  41. */
  42. var BYTES_RANGE_REGEXP = /^ *bytes=/
  43. /**
  44. * Maximum value allowed for the max age.
  45. * @private
  46. */
  47. var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1000 // 1 year
  48. /**
  49. * Regular expression to match a path with a directory up component.
  50. * @private
  51. */
  52. var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/
  53. /**
  54. * Module exports.
  55. * @public
  56. */
  57. module.exports = send
  58. module.exports.mime = mime
  59. /**
  60. * Return a `SendStream` for `req` and `path`.
  61. *
  62. * @param {object} req
  63. * @param {string} path
  64. * @param {object} [options]
  65. * @return {SendStream}
  66. * @public
  67. */
  68. function send (req, path, options) {
  69. return new SendStream(req, path, options)
  70. }
  71. /**
  72. * Initialize a `SendStream` with the given `path`.
  73. *
  74. * @param {Request} req
  75. * @param {String} path
  76. * @param {object} [options]
  77. * @private
  78. */
  79. function SendStream (req, path, options) {
  80. Stream.call(this)
  81. var opts = options || {}
  82. this.options = opts
  83. this.path = path
  84. this.req = req
  85. this._acceptRanges = opts.acceptRanges !== undefined
  86. ? Boolean(opts.acceptRanges)
  87. : true
  88. this._cacheControl = opts.cacheControl !== undefined
  89. ? Boolean(opts.cacheControl)
  90. : true
  91. this._etag = opts.etag !== undefined
  92. ? Boolean(opts.etag)
  93. : true
  94. this._dotfiles = opts.dotfiles !== undefined
  95. ? opts.dotfiles
  96. : 'ignore'
  97. if (this._dotfiles !== 'ignore' && this._dotfiles !== 'allow' && this._dotfiles !== 'deny') {
  98. throw new TypeError('dotfiles option must be "allow", "deny", or "ignore"')
  99. }
  100. this._hidden = Boolean(opts.hidden)
  101. if (opts.hidden !== undefined) {
  102. deprecate('hidden: use dotfiles: \'' + (this._hidden ? 'allow' : 'ignore') + '\' instead')
  103. }
  104. // legacy support
  105. if (opts.dotfiles === undefined) {
  106. this._dotfiles = undefined
  107. }
  108. this._extensions = opts.extensions !== undefined
  109. ? normalizeList(opts.extensions, 'extensions option')
  110. : []
  111. this._immutable = opts.immutable !== undefined
  112. ? Boolean(opts.immutable)
  113. : false
  114. this._index = opts.index !== undefined
  115. ? normalizeList(opts.index, 'index option')
  116. : ['index.html']
  117. this._lastModified = opts.lastModified !== undefined
  118. ? Boolean(opts.lastModified)
  119. : true
  120. this._maxage = opts.maxAge || opts.maxage
  121. this._maxage = typeof this._maxage === 'string'
  122. ? ms(this._maxage)
  123. : Number(this._maxage)
  124. this._maxage = !isNaN(this._maxage)
  125. ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
  126. : 0
  127. this._root = opts.root
  128. ? resolve(opts.root)
  129. : null
  130. if (!this._root && opts.from) {
  131. this.from(opts.from)
  132. }
  133. }
  134. /**
  135. * Inherits from `Stream`.
  136. */
  137. util.inherits(SendStream, Stream)
  138. /**
  139. * Enable or disable etag generation.
  140. *
  141. * @param {Boolean} val
  142. * @return {SendStream}
  143. * @api public
  144. */
  145. SendStream.prototype.etag = deprecate.function(function etag (val) {
  146. this._etag = Boolean(val)
  147. debug('etag %s', this._etag)
  148. return this
  149. }, 'send.etag: pass etag as option')
  150. /**
  151. * Enable or disable "hidden" (dot) files.
  152. *
  153. * @param {Boolean} path
  154. * @return {SendStream}
  155. * @api public
  156. */
  157. SendStream.prototype.hidden = deprecate.function(function hidden (val) {
  158. this._hidden = Boolean(val)
  159. this._dotfiles = undefined
  160. debug('hidden %s', this._hidden)
  161. return this
  162. }, 'send.hidden: use dotfiles option')
  163. /**
  164. * Set index `paths`, set to a falsy
  165. * value to disable index support.
  166. *
  167. * @param {String|Boolean|Array} paths
  168. * @return {SendStream}
  169. * @api public
  170. */
  171. SendStream.prototype.index = deprecate.function(function index (paths) {
  172. var index = !paths ? [] : normalizeList(paths, 'paths argument')
  173. debug('index %o', paths)
  174. this._index = index
  175. return this
  176. }, 'send.index: pass index as option')
  177. /**
  178. * Set root `path`.
  179. *
  180. * @param {String} path
  181. * @return {SendStream}
  182. * @api public
  183. */
  184. SendStream.prototype.root = function root (path) {
  185. this._root = resolve(String(path))
  186. debug('root %s', this._root)
  187. return this
  188. }
  189. SendStream.prototype.from = deprecate.function(SendStream.prototype.root,
  190. 'send.from: pass root as option')
  191. SendStream.prototype.root = deprecate.function(SendStream.prototype.root,
  192. 'send.root: pass root as option')
  193. /**
  194. * Set max-age to `maxAge`.
  195. *
  196. * @param {Number} maxAge
  197. * @return {SendStream}
  198. * @api public
  199. */
  200. SendStream.prototype.maxage = deprecate.function(function maxage (maxAge) {
  201. this._maxage = typeof maxAge === 'string'
  202. ? ms(maxAge)
  203. : Number(maxAge)
  204. this._maxage = !isNaN(this._maxage)
  205. ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
  206. : 0
  207. debug('max-age %d', this._maxage)
  208. return this
  209. }, 'send.maxage: pass maxAge as option')
  210. /**
  211. * Emit error with `status`.
  212. *
  213. * @param {number} status
  214. * @param {Error} [err]
  215. * @private
  216. */
  217. SendStream.prototype.error = function error (status, err) {
  218. // emit if listeners instead of responding
  219. if (hasListeners(this, 'error')) {
  220. return this.emit('error', createError(status, err, {
  221. expose: false
  222. }))
  223. }
  224. var res = this.res
  225. var msg = statuses[status] || String(status)
  226. var doc = createHtmlDocument('Error', escapeHtml(msg))
  227. // clear existing headers
  228. clearHeaders(res)
  229. // add error headers
  230. if (err && err.headers) {
  231. setHeaders(res, err.headers)
  232. }
  233. // send basic response
  234. res.statusCode = status
  235. res.setHeader('Content-Type', 'text/html; charset=UTF-8')
  236. res.setHeader('Content-Length', Buffer.byteLength(doc))
  237. res.setHeader('Content-Security-Policy', "default-src 'self'")
  238. res.setHeader('X-Content-Type-Options', 'nosniff')
  239. res.end(doc)
  240. }
  241. /**
  242. * Check if the pathname ends with "/".
  243. *
  244. * @return {boolean}
  245. * @private
  246. */
  247. SendStream.prototype.hasTrailingSlash = function hasTrailingSlash () {
  248. return this.path[this.path.length - 1] === '/'
  249. }
  250. /**
  251. * Check if this is a conditional GET request.
  252. *
  253. * @return {Boolean}
  254. * @api private
  255. */
  256. SendStream.prototype.isConditionalGET = function isConditionalGET () {
  257. return this.req.headers['if-match'] ||
  258. this.req.headers['if-unmodified-since'] ||
  259. this.req.headers['if-none-match'] ||
  260. this.req.headers['if-modified-since']
  261. }
  262. /**
  263. * Check if the request preconditions failed.
  264. *
  265. * @return {boolean}
  266. * @private
  267. */
  268. SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
  269. var req = this.req
  270. var res = this.res
  271. // if-match
  272. var match = req.headers['if-match']
  273. if (match) {
  274. var etag = res.getHeader('ETag')
  275. return !etag || (match !== '*' && parseTokenList(match).every(function (match) {
  276. return match !== etag && match !== 'W/' + etag && 'W/' + match !== etag
  277. }))
  278. }
  279. // if-unmodified-since
  280. var unmodifiedSince = parseHttpDate(req.headers['if-unmodified-since'])
  281. if (!isNaN(unmodifiedSince)) {
  282. var lastModified = parseHttpDate(res.getHeader('Last-Modified'))
  283. return isNaN(lastModified) || lastModified > unmodifiedSince
  284. }
  285. return false
  286. }
  287. /**
  288. * Strip content-* header fields.
  289. *
  290. * @private
  291. */
  292. SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
  293. var res = this.res
  294. var headers = getHeaderNames(res)
  295. for (var i = 0; i < headers.length; i++) {
  296. var header = headers[i]
  297. if (header.substr(0, 8) === 'content-' && header !== 'content-location') {
  298. res.removeHeader(header)
  299. }
  300. }
  301. }
  302. /**
  303. * Respond with 304 not modified.
  304. *
  305. * @api private
  306. */
  307. SendStream.prototype.notModified = function notModified () {
  308. var res = this.res
  309. debug('not modified')
  310. this.removeContentHeaderFields()
  311. res.statusCode = 304
  312. res.end()
  313. }
  314. /**
  315. * Raise error that headers already sent.
  316. *
  317. * @api private
  318. */
  319. SendStream.prototype.headersAlreadySent = function headersAlreadySent () {
  320. var err = new Error('Can\'t set headers after they are sent.')
  321. debug('headers already sent')
  322. this.error(500, err)
  323. }
  324. /**
  325. * Check if the request is cacheable, aka
  326. * responded with 2xx or 304 (see RFC 2616 section 14.2{5,6}).
  327. *
  328. * @return {Boolean}
  329. * @api private
  330. */
  331. SendStream.prototype.isCachable = function isCachable () {
  332. var statusCode = this.res.statusCode
  333. return (statusCode >= 200 && statusCode < 300) ||
  334. statusCode === 304
  335. }
  336. /**
  337. * Handle stat() error.
  338. *
  339. * @param {Error} error
  340. * @private
  341. */
  342. SendStream.prototype.onStatError = function onStatError (error) {
  343. switch (error.code) {
  344. case 'ENAMETOOLONG':
  345. case 'ENOENT':
  346. case 'ENOTDIR':
  347. this.error(404, error)
  348. break
  349. default:
  350. this.error(500, error)
  351. break
  352. }
  353. }
  354. /**
  355. * Check if the cache is fresh.
  356. *
  357. * @return {Boolean}
  358. * @api private
  359. */
  360. SendStream.prototype.isFresh = function isFresh () {
  361. return fresh(this.req.headers, {
  362. 'etag': this.res.getHeader('ETag'),
  363. 'last-modified': this.res.getHeader('Last-Modified')
  364. })
  365. }
  366. /**
  367. * Check if the range is fresh.
  368. *
  369. * @return {Boolean}
  370. * @api private
  371. */
  372. SendStream.prototype.isRangeFresh = function isRangeFresh () {
  373. var ifRange = this.req.headers['if-range']
  374. if (!ifRange) {
  375. return true
  376. }
  377. // if-range as etag
  378. if (ifRange.indexOf('"') !== -1) {
  379. var etag = this.res.getHeader('ETag')
  380. return Boolean(etag && ifRange.indexOf(etag) !== -1)
  381. }
  382. // if-range as modified date
  383. var lastModified = this.res.getHeader('Last-Modified')
  384. return parseHttpDate(lastModified) <= parseHttpDate(ifRange)
  385. }
  386. /**
  387. * Redirect to path.
  388. *
  389. * @param {string} path
  390. * @private
  391. */
  392. SendStream.prototype.redirect = function redirect (path) {
  393. var res = this.res
  394. if (hasListeners(this, 'directory')) {
  395. this.emit('directory', res, path)
  396. return
  397. }
  398. if (this.hasTrailingSlash()) {
  399. this.error(403)
  400. return
  401. }
  402. var loc = encodeUrl(collapseLeadingSlashes(this.path + '/'))
  403. var doc = createHtmlDocument('Redirecting', 'Redirecting to <a href="' + escapeHtml(loc) + '">' +
  404. escapeHtml(loc) + '</a>')
  405. // redirect
  406. res.statusCode = 301
  407. res.setHeader('Content-Type', 'text/html; charset=UTF-8')
  408. res.setHeader('Content-Length', Buffer.byteLength(doc))
  409. res.setHeader('Content-Security-Policy', "default-src 'self'")
  410. res.setHeader('X-Content-Type-Options', 'nosniff')
  411. res.setHeader('Location', loc)
  412. res.end(doc)
  413. }
  414. /**
  415. * Pipe to `res.
  416. *
  417. * @param {Stream} res
  418. * @return {Stream} res
  419. * @api public
  420. */
  421. SendStream.prototype.pipe = function pipe (res) {
  422. // root path
  423. var root = this._root
  424. // references
  425. this.res = res
  426. // decode the path
  427. var path = decode(this.path)
  428. if (path === -1) {
  429. this.error(400)
  430. return res
  431. }
  432. // null byte(s)
  433. if (~path.indexOf('\0')) {
  434. this.error(400)
  435. return res
  436. }
  437. var parts
  438. if (root !== null) {
  439. // normalize
  440. if (path) {
  441. path = normalize('.' + sep + path)
  442. }
  443. // malicious path
  444. if (UP_PATH_REGEXP.test(path)) {
  445. debug('malicious path "%s"', path)
  446. this.error(403)
  447. return res
  448. }
  449. // explode path parts
  450. parts = path.split(sep)
  451. // join / normalize from optional root dir
  452. path = normalize(join(root, path))
  453. root = normalize(root + sep)
  454. } else {
  455. // ".." is malicious without "root"
  456. if (UP_PATH_REGEXP.test(path)) {
  457. debug('malicious path "%s"', path)
  458. this.error(403)
  459. return res
  460. }
  461. // explode path parts
  462. parts = normalize(path).split(sep)
  463. // resolve the path
  464. path = resolve(path)
  465. }
  466. // dotfile handling
  467. if (containsDotFile(parts)) {
  468. var access = this._dotfiles
  469. // legacy support
  470. if (access === undefined) {
  471. access = parts[parts.length - 1][0] === '.'
  472. ? (this._hidden ? 'allow' : 'ignore')
  473. : 'allow'
  474. }
  475. debug('%s dotfile "%s"', access, path)
  476. switch (access) {
  477. case 'allow':
  478. break
  479. case 'deny':
  480. this.error(403)
  481. return res
  482. case 'ignore':
  483. default:
  484. this.error(404)
  485. return res
  486. }
  487. }
  488. // index file support
  489. if (this._index.length && this.hasTrailingSlash()) {
  490. this.sendIndex(path)
  491. return res
  492. }
  493. this.sendFile(path)
  494. return res
  495. }
  496. /**
  497. * Transfer `path`.
  498. *
  499. * @param {String} path
  500. * @api public
  501. */
  502. SendStream.prototype.send = function send (path, stat) {
  503. var len = stat.size
  504. var options = this.options
  505. var opts = {}
  506. var res = this.res
  507. var req = this.req
  508. var ranges = req.headers.range
  509. var offset = options.start || 0
  510. if (headersSent(res)) {
  511. // impossible to send now
  512. this.headersAlreadySent()
  513. return
  514. }
  515. debug('pipe "%s"', path)
  516. // set header fields
  517. this.setHeader(path, stat)
  518. // set content-type
  519. this.type(path)
  520. // conditional GET support
  521. if (this.isConditionalGET()) {
  522. if (this.isPreconditionFailure()) {
  523. this.error(412)
  524. return
  525. }
  526. if (this.isCachable() && this.isFresh()) {
  527. this.notModified()
  528. return
  529. }
  530. }
  531. // adjust len to start/end options
  532. len = Math.max(0, len - offset)
  533. if (options.end !== undefined) {
  534. var bytes = options.end - offset + 1
  535. if (len > bytes) len = bytes
  536. }
  537. // Range support
  538. if (this._acceptRanges && BYTES_RANGE_REGEXP.test(ranges)) {
  539. // parse
  540. ranges = parseRange(len, ranges, {
  541. combine: true
  542. })
  543. // If-Range support
  544. if (!this.isRangeFresh()) {
  545. debug('range stale')
  546. ranges = -2
  547. }
  548. // unsatisfiable
  549. if (ranges === -1) {
  550. debug('range unsatisfiable')
  551. // Content-Range
  552. res.setHeader('Content-Range', contentRange('bytes', len))
  553. // 416 Requested Range Not Satisfiable
  554. return this.error(416, {
  555. headers: {'Content-Range': res.getHeader('Content-Range')}
  556. })
  557. }
  558. // valid (syntactically invalid/multiple ranges are treated as a regular response)
  559. if (ranges !== -2 && ranges.length === 1) {
  560. debug('range %j', ranges)
  561. // Content-Range
  562. res.statusCode = 206
  563. res.setHeader('Content-Range', contentRange('bytes', len, ranges[0]))
  564. // adjust for requested range
  565. offset += ranges[0].start
  566. len = ranges[0].end - ranges[0].start + 1
  567. }
  568. }
  569. // clone options
  570. for (var prop in options) {
  571. opts[prop] = options[prop]
  572. }
  573. // set read options
  574. opts.start = offset
  575. opts.end = Math.max(offset, offset + len - 1)
  576. // content-length
  577. res.setHeader('Content-Length', len)
  578. // HEAD support
  579. if (req.method === 'HEAD') {
  580. res.end()
  581. return
  582. }
  583. this.stream(path, opts)
  584. }
  585. /**
  586. * Transfer file for `path`.
  587. *
  588. * @param {String} path
  589. * @api private
  590. */
  591. SendStream.prototype.sendFile = function sendFile (path) {
  592. var i = 0
  593. var self = this
  594. debug('stat "%s"', path)
  595. fs.stat(path, function onstat (err, stat) {
  596. if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
  597. // not found, check extensions
  598. return next(err)
  599. }
  600. if (err) return self.onStatError(err)
  601. if (stat.isDirectory()) return self.redirect(path)
  602. self.emit('file', path, stat)
  603. self.send(path, stat)
  604. })
  605. function next (err) {
  606. if (self._extensions.length <= i) {
  607. return err
  608. ? self.onStatError(err)
  609. : self.error(404)
  610. }
  611. var p = path + '.' + self._extensions[i++]
  612. debug('stat "%s"', p)
  613. fs.stat(p, function (err, stat) {
  614. if (err) return next(err)
  615. if (stat.isDirectory()) return next()
  616. self.emit('file', p, stat)
  617. self.send(p, stat)
  618. })
  619. }
  620. }
  621. /**
  622. * Transfer index for `path`.
  623. *
  624. * @param {String} path
  625. * @api private
  626. */
  627. SendStream.prototype.sendIndex = function sendIndex (path) {
  628. var i = -1
  629. var self = this
  630. function next (err) {
  631. if (++i >= self._index.length) {
  632. if (err) return self.onStatError(err)
  633. return self.error(404)
  634. }
  635. var p = join(path, self._index[i])
  636. debug('stat "%s"', p)
  637. fs.stat(p, function (err, stat) {
  638. if (err) return next(err)
  639. if (stat.isDirectory()) return next()
  640. self.emit('file', p, stat)
  641. self.send(p, stat)
  642. })
  643. }
  644. next()
  645. }
  646. /**
  647. * Stream `path` to the response.
  648. *
  649. * @param {String} path
  650. * @param {Object} options
  651. * @api private
  652. */
  653. SendStream.prototype.stream = function stream (path, options) {
  654. // TODO: this is all lame, refactor meeee
  655. var finished = false
  656. var self = this
  657. var res = this.res
  658. // pipe
  659. var stream = fs.createReadStream(path, options)
  660. this.emit('stream', stream)
  661. stream.pipe(res)
  662. // response finished, done with the fd
  663. onFinished(res, function onfinished () {
  664. finished = true
  665. destroy(stream)
  666. })
  667. // error handling code-smell
  668. stream.on('error', function onerror (err) {
  669. // request already finished
  670. if (finished) return
  671. // clean up stream
  672. finished = true
  673. destroy(stream)
  674. // error
  675. self.onStatError(err)
  676. })
  677. // end
  678. stream.on('end', function onend () {
  679. self.emit('end')
  680. })
  681. }
  682. /**
  683. * Set content-type based on `path`
  684. * if it hasn't been explicitly set.
  685. *
  686. * @param {String} path
  687. * @api private
  688. */
  689. SendStream.prototype.type = function type (path) {
  690. var res = this.res
  691. if (res.getHeader('Content-Type')) return
  692. var type = mime.lookup(path)
  693. if (!type) {
  694. debug('no content-type')
  695. return
  696. }
  697. var charset = mime.charsets.lookup(type)
  698. debug('content-type %s', type)
  699. res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''))
  700. }
  701. /**
  702. * Set response header fields, most
  703. * fields may be pre-defined.
  704. *
  705. * @param {String} path
  706. * @param {Object} stat
  707. * @api private
  708. */
  709. SendStream.prototype.setHeader = function setHeader (path, stat) {
  710. var res = this.res
  711. this.emit('headers', res, path, stat)
  712. if (this._acceptRanges && !res.getHeader('Accept-Ranges')) {
  713. debug('accept ranges')
  714. res.setHeader('Accept-Ranges', 'bytes')
  715. }
  716. if (this._cacheControl && !res.getHeader('Cache-Control')) {
  717. var cacheControl = 'public, max-age=' + Math.floor(this._maxage / 1000)
  718. if (this._immutable) {
  719. cacheControl += ', immutable'
  720. }
  721. debug('cache-control %s', cacheControl)
  722. res.setHeader('Cache-Control', cacheControl)
  723. }
  724. if (this._lastModified && !res.getHeader('Last-Modified')) {
  725. var modified = stat.mtime.toUTCString()
  726. debug('modified %s', modified)
  727. res.setHeader('Last-Modified', modified)
  728. }
  729. if (this._etag && !res.getHeader('ETag')) {
  730. var val = etag(stat)
  731. debug('etag %s', val)
  732. res.setHeader('ETag', val)
  733. }
  734. }
  735. /**
  736. * Clear all headers from a response.
  737. *
  738. * @param {object} res
  739. * @private
  740. */
  741. function clearHeaders (res) {
  742. var headers = getHeaderNames(res)
  743. for (var i = 0; i < headers.length; i++) {
  744. res.removeHeader(headers[i])
  745. }
  746. }
  747. /**
  748. * Collapse all leading slashes into a single slash
  749. *
  750. * @param {string} str
  751. * @private
  752. */
  753. function collapseLeadingSlashes (str) {
  754. for (var i = 0; i < str.length; i++) {
  755. if (str[i] !== '/') {
  756. break
  757. }
  758. }
  759. return i > 1
  760. ? '/' + str.substr(i)
  761. : str
  762. }
  763. /**
  764. * Determine if path parts contain a dotfile.
  765. *
  766. * @api private
  767. */
  768. function containsDotFile (parts) {
  769. for (var i = 0; i < parts.length; i++) {
  770. var part = parts[i]
  771. if (part.length > 1 && part[0] === '.') {
  772. return true
  773. }
  774. }
  775. return false
  776. }
  777. /**
  778. * Create a Content-Range header.
  779. *
  780. * @param {string} type
  781. * @param {number} size
  782. * @param {array} [range]
  783. */
  784. function contentRange (type, size, range) {
  785. return type + ' ' + (range ? range.start + '-' + range.end : '*') + '/' + size
  786. }
  787. /**
  788. * Create a minimal HTML document.
  789. *
  790. * @param {string} title
  791. * @param {string} body
  792. * @private
  793. */
  794. function createHtmlDocument (title, body) {
  795. return '<!DOCTYPE html>\n' +
  796. '<html lang="en">\n' +
  797. '<head>\n' +
  798. '<meta charset="utf-8">\n' +
  799. '<title>' + title + '</title>\n' +
  800. '</head>\n' +
  801. '<body>\n' +
  802. '<pre>' + body + '</pre>\n' +
  803. '</body>\n' +
  804. '</html>\n'
  805. }
  806. /**
  807. * decodeURIComponent.
  808. *
  809. * Allows V8 to only deoptimize this fn instead of all
  810. * of send().
  811. *
  812. * @param {String} path
  813. * @api private
  814. */
  815. function decode (path) {
  816. try {
  817. return decodeURIComponent(path)
  818. } catch (err) {
  819. return -1
  820. }
  821. }
  822. /**
  823. * Get the header names on a respnse.
  824. *
  825. * @param {object} res
  826. * @returns {array[string]}
  827. * @private
  828. */
  829. function getHeaderNames (res) {
  830. return typeof res.getHeaderNames !== 'function'
  831. ? Object.keys(res._headers || {})
  832. : res.getHeaderNames()
  833. }
  834. /**
  835. * Determine if emitter has listeners of a given type.
  836. *
  837. * The way to do this check is done three different ways in Node.js >= 0.8
  838. * so this consolidates them into a minimal set using instance methods.
  839. *
  840. * @param {EventEmitter} emitter
  841. * @param {string} type
  842. * @returns {boolean}
  843. * @private
  844. */
  845. function hasListeners (emitter, type) {
  846. var count = typeof emitter.listenerCount !== 'function'
  847. ? emitter.listeners(type).length
  848. : emitter.listenerCount(type)
  849. return count > 0
  850. }
  851. /**
  852. * Determine if the response headers have been sent.
  853. *
  854. * @param {object} res
  855. * @returns {boolean}
  856. * @private
  857. */
  858. function headersSent (res) {
  859. return typeof res.headersSent !== 'boolean'
  860. ? Boolean(res._header)
  861. : res.headersSent
  862. }
  863. /**
  864. * Normalize the index option into an array.
  865. *
  866. * @param {boolean|string|array} val
  867. * @param {string} name
  868. * @private
  869. */
  870. function normalizeList (val, name) {
  871. var list = [].concat(val || [])
  872. for (var i = 0; i < list.length; i++) {
  873. if (typeof list[i] !== 'string') {
  874. throw new TypeError(name + ' must be array of strings or false')
  875. }
  876. }
  877. return list
  878. }
  879. /**
  880. * Parse an HTTP Date into a number.
  881. *
  882. * @param {string} date
  883. * @private
  884. */
  885. function parseHttpDate (date) {
  886. var timestamp = date && Date.parse(date)
  887. return typeof timestamp === 'number'
  888. ? timestamp
  889. : NaN
  890. }
  891. /**
  892. * Parse a HTTP token list.
  893. *
  894. * @param {string} str
  895. * @private
  896. */
  897. function parseTokenList (str) {
  898. var end = 0
  899. var list = []
  900. var start = 0
  901. // gather tokens
  902. for (var i = 0, len = str.length; i < len; i++) {
  903. switch (str.charCodeAt(i)) {
  904. case 0x20: /* */
  905. if (start === end) {
  906. start = end = i + 1
  907. }
  908. break
  909. case 0x2c: /* , */
  910. list.push(str.substring(start, end))
  911. start = end = i + 1
  912. break
  913. default:
  914. end = i + 1
  915. break
  916. }
  917. }
  918. // final token
  919. list.push(str.substring(start, end))
  920. return list
  921. }
  922. /**
  923. * Set an object of headers on a response.
  924. *
  925. * @param {object} res
  926. * @param {object} headers
  927. * @private
  928. */
  929. function setHeaders (res, headers) {
  930. var keys = Object.keys(headers)
  931. for (var i = 0; i < keys.length; i++) {
  932. var key = keys[i]
  933. res.setHeader(key, headers[key])
  934. }
  935. }