| import express from 'express'; |
| import fetch, { Headers as FetchHeaders } from 'node-fetch'; |
|
|
| const app = express(); |
| app.use(express.raw({ |
| type: '*/*', |
| limit: '100mb' |
| })); |
|
|
| app.options('*', (req, res) => { |
| const origin = req.headers.origin; |
|
|
| if (origin) { |
| res.setHeader('Access-Control-Allow-Origin', origin); |
| res.setHeader('Access-Control-Allow-Credentials', 'true'); |
| } else { |
| res.setHeader('Access-Control-Allow-Origin', '*'); |
| } |
|
|
| res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD'); |
| |
| const requestedHeaders = req.headers['access-control-request-headers']; |
| if (requestedHeaders) { |
| res.setHeader('Access-Control-Allow-Headers', requestedHeaders); |
| } else { |
| res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, X-CSRF-Token, Accept, Origin'); |
| } |
| |
| res.setHeader('Access-Control-Max-Age', '86400'); |
|
|
| if (origin) { |
| res.setHeader('Vary', 'Origin'); |
| } |
|
|
| res.status(204).end(); |
| }); |
|
|
| app.get('/', (req, res) => { |
| const origin = req.headers.origin; |
| if (origin) { |
| res.setHeader('Access-Control-Allow-Origin', origin); |
| res.setHeader('Vary', 'Origin'); |
| if (req.method === 'OPTIONS') { |
| res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS'); |
| res.setHeader('Access-Control-Allow-Headers', 'Content-Type'); |
| res.status(204).end(); |
| return; |
| } |
| } else { |
| res.setHeader('Access-Control-Allow-Origin', '*'); |
| } |
| res.send('Hello World'); |
| }); |
|
|
| app.all('*', async (req, res) => { |
| if (req.url === '/') { |
| return; |
| } |
|
|
| const clientRequestOrigin = req.headers.origin; |
|
|
| try { |
| let targetUrlString = req.url.substring(1); |
| |
| try { |
| targetUrlString = decodeURIComponent(targetUrlString); |
| } catch (e) {} |
|
|
| if (!targetUrlString) { |
| addCorsHeaders(res, clientRequestOrigin); |
| res.status(400).send('Target URL is missing in the path.'); |
| return; |
| } |
|
|
| let targetUrl; |
| try { |
| targetUrl = new URL(targetUrlString); |
| } catch (e) { |
| addCorsHeaders(res, clientRequestOrigin); |
| res.status(400).send(`Invalid target URL provided in path: ${targetUrlString}`); |
| return; |
| } |
| |
| const requestHeaders = {...req.headers}; |
| delete requestHeaders['host']; |
| delete requestHeaders['content-length']; |
|
|
| const response = await fetch(targetUrl.toString(), { |
| method: req.method, |
| headers: requestHeaders, |
| body: (req.method !== 'GET' && req.method !== 'HEAD') ? req.body : undefined, |
| redirect: 'manual', |
| compress: false |
| }); |
|
|
| response.headers.forEach((value, key) => { |
| const lowerKey = key.toLowerCase(); |
| if (!lowerKey.startsWith('access-control-') && |
| lowerKey !== 'strict-transport-security' && |
| lowerKey !== 'content-security-policy' && |
| lowerKey !== 'public-key-pins' && |
| lowerKey !== 'transfer-encoding' && |
| lowerKey !== 'connection' && |
| lowerKey !== 'keep-alive' && |
| lowerKey !== 'proxy-authenticate' && |
| lowerKey !== 'proxy-authorization' && |
| lowerKey !== 'te' && |
| lowerKey !== 'trailers' && |
| lowerKey !== 'upgrade' |
| ) { |
| res.setHeader(key, value); |
| } |
| }); |
| |
| addCorsHeaders(res, clientRequestOrigin); |
| const exposedHeaders = Array.from(response.headers.keys()).filter(key => |
| !key.toLowerCase().startsWith('access-control-') |
| ).join(', '); |
| if (exposedHeaders) { |
| res.setHeader('Access-Control-Expose-Headers', exposedHeaders || '*'); |
| } |
| |
| res.status(response.status); |
|
|
| if (response.body) { |
| response.body.pipe(res); |
| } else { |
| res.end(); |
| } |
|
|
| } catch (error) { |
| if (!res.headersSent) { |
| addCorsHeaders(res, clientRequestOrigin); |
| let statusCode = 500; |
| let message = 'Proxy error occurred.'; |
|
|
| if (error.code === 'ENOTFOUND') { |
| statusCode = 404; |
| message = `Target host not found: ${req.url.substring(1)}`; |
| } else if (error.message && error.message.includes('Invalid URL')) { |
| statusCode = 400; |
| message = `Invalid target URL in path: ${req.url.substring(1)}`; |
| } else if (error.code === 'ECONNREFUSED') { |
| statusCode = 502; |
| message = `Bad Gateway: Could not connect to target server at ${req.url.substring(1)}`; |
| } else if (error.code === 'ERR_INVALID_URL') { |
| statusCode = 400; |
| message = `Invalid target URL format in path: ${req.url.substring(1)}`; |
| } |
| res.status(statusCode).send(message); |
| } else { |
| res.end(); |
| } |
| } |
| }); |
|
|
| function addCorsHeaders(res, clientRequestOrigin) { |
| if (clientRequestOrigin) { |
| res.setHeader('Access-Control-Allow-Origin', clientRequestOrigin); |
| res.setHeader('Access-Control-Allow-Credentials', 'true'); |
| res.setHeader('Vary', 'Origin'); |
| } else { |
| res.setHeader('Access-Control-Allow-Origin', '*'); |
| } |
| } |
|
|
| const PORT = process.env.PORT || 7860; |
| const HOST = '0.0.0.0'; |
|
|
| app.listen(PORT, HOST); |
