| blob | 3f1eeca6c1ac502dfb12ae0144a3a5cced4f34a3 |
1 /*!
2 * express
3 * Copyright(c) 2009-2013 TJ Holowaychuk
4 * Copyright(c) 2013 Roman Shtylman
5 * Copyright(c) 2014-2015 Douglas Christopher Wilson
6 * MIT Licensed
7 */
9 'use strict';
11 /**
12 * Module dependencies.
13 * @private
14 */
16 var accepts = require('accepts');
17 var deprecate = require('depd')('express');
18 var isIP = require('net').isIP;
19 var typeis = require('type-is');
20 var http = require('http');
21 var fresh = require('fresh');
22 var parseRange = require('range-parser');
23 var parse = require('parseurl');
24 var proxyaddr = require('proxy-addr');
26 /**
27 * Request prototype.
28 * @public
29 */
31 var req = Object.create(http.IncomingMessage.prototype)
33 /**
34 * Module exports.
35 * @public
36 */
38 module.exports = req
40 /**
41 * Return request header.
42 *
43 * The `Referrer` header field is special-cased,
44 * both `Referrer` and `Referer` are interchangeable.
45 *
46 * Examples:
47 *
48 * req.get('Content-Type');
49 * // => "text/plain"
50 *
51 * req.get('content-type');
52 * // => "text/plain"
53 *
54 * req.get('Something');
55 * // => undefined
56 *
57 * Aliased as `req.header()`.
58 *
59 * @param {String} name
60 * @return {String}
61 * @public
62 */
64 req.get =
65 req.header = function header(name) {
66 if (!name) {
67 throw new TypeError('name argument is required to req.get');
68 }
70 if (typeof name !== 'string') {
71 throw new TypeError('name must be a string to req.get');
72 }
74 var lc = name.toLowerCase();
76 switch (lc) {
77 case 'referer':
78 case 'referrer':
79 return this.headers.referrer
80 || this.headers.referer;
81 default:
82 return this.headers[lc];
83 }
84 };
86 /**
87 * To do: update docs.
88 *
89 * Check if the given `type(s)` is acceptable, returning
90 * the best match when true, otherwise `undefined`, in which
91 * case you should respond with 406 "Not Acceptable".
92 *
93 * The `type` value may be a single MIME type string
94 * such as "application/json", an extension name
95 * such as "json", a comma-delimited list such as "json, html, text/plain",
96 * an argument list such as `"json", "html", "text/plain"`,
97 * or an array `["json", "html", "text/plain"]`. When a list
98 * or array is given, the _best_ match, if any is returned.
99 *
100 * Examples:
101 *
102 * // Accept: text/html
103 * req.accepts('html');
104 * // => "html"
105 *
106 * // Accept: text/*, application/json
107 * req.accepts('html');
108 * // => "html"
109 * req.accepts('text/html');
110 * // => "text/html"
111 * req.accepts('json, text');
112 * // => "json"
113 * req.accepts('application/json');
114 * // => "application/json"
115 *
116 * // Accept: text/*, application/json
117 * req.accepts('image/png');
118 * req.accepts('png');
119 * // => undefined
120 *
121 * // Accept: text/*;q=.5, application/json
122 * req.accepts(['html', 'json']);
123 * req.accepts('html', 'json');
124 * req.accepts('html, json');
125 * // => "json"
126 *
127 * @param {String|Array} type(s)
128 * @return {String|Array|Boolean}
129 * @public
130 */
132 req.accepts = function(){
133 var accept = accepts(this);
134 return accept.types.apply(accept, arguments);
135 };
137 /**
138 * Check if the given `encoding`s are accepted.
139 *
140 * @param {String} ...encoding
141 * @return {String|Array}
142 * @public
143 */
145 req.acceptsEncodings = function(){
146 var accept = accepts(this);
147 return accept.encodings.apply(accept, arguments);
148 };
150 req.acceptsEncoding = deprecate.function(req.acceptsEncodings,
151 'req.acceptsEncoding: Use acceptsEncodings instead');
153 /**
154 * Check if the given `charset`s are acceptable,
155 * otherwise you should respond with 406 "Not Acceptable".
156 *
157 * @param {String} ...charset
158 * @return {String|Array}
159 * @public
160 */
162 req.acceptsCharsets = function(){
163 var accept = accepts(this);
164 return accept.charsets.apply(accept, arguments);
165 };
167 req.acceptsCharset = deprecate.function(req.acceptsCharsets,
168 'req.acceptsCharset: Use acceptsCharsets instead');
170 /**
171 * Check if the given `lang`s are acceptable,
172 * otherwise you should respond with 406 "Not Acceptable".
173 *
174 * @param {String} ...lang
175 * @return {String|Array}
176 * @public
177 */
179 req.acceptsLanguages = function(){
180 var accept = accepts(this);
181 return accept.languages.apply(accept, arguments);
182 };
184 req.acceptsLanguage = deprecate.function(req.acceptsLanguages,
185 'req.acceptsLanguage: Use acceptsLanguages instead');
187 /**
188 * Parse Range header field, capping to the given `size`.
189 *
190 * Unspecified ranges such as "0-" require knowledge of your resource length. In
191 * the case of a byte range this is of course the total number of bytes. If the
192 * Range header field is not given `undefined` is returned, `-1` when unsatisfiable,
193 * and `-2` when syntactically invalid.
194 *
195 * When ranges are returned, the array has a "type" property which is the type of
196 * range that is required (most commonly, "bytes"). Each array element is an object
197 * with a "start" and "end" property for the portion of the range.
198 *
199 * The "combine" option can be set to `true` and overlapping & adjacent ranges
200 * will be combined into a single range.
201 *
202 * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3"
203 * should respond with 4 users when available, not 3.
204 *
205 * @param {number} size
206 * @param {object} [options]
207 * @param {boolean} [options.combine=false]
208 * @return {number|array}
209 * @public
210 */
212 req.range = function range(size, options) {
213 var range = this.get('Range');
214 if (!range) return;
215 return parseRange(size, range, options);
216 };
218 /**
219 * Return the value of param `name` when present or `defaultValue`.
220 *
221 * - Checks route placeholders, ex: _/user/:id_
222 * - Checks body params, ex: id=12, {"id":12}
223 * - Checks query string params, ex: ?id=12
224 *
225 * To utilize request bodies, `req.body`
226 * should be an object. This can be done by using
227 * the `bodyParser()` middleware.
228 *
229 * @param {String} name
230 * @param {Mixed} [defaultValue]
231 * @return {String}
232 * @public
233 */
235 req.param = function param(name, defaultValue) {
236 var params = this.params || {};
237 var body = this.body || {};
238 var query = this.query || {};
240 var args = arguments.length === 1
241 ? 'name'
242 : 'name, default';
243 deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead');
245 if (null != params[name] && params.hasOwnProperty(name)) return params[name];
246 if (null != body[name]) return body[name];
247 if (null != query[name]) return query[name];
249 return defaultValue;
250 };
252 /**
253 * Check if the incoming request contains the "Content-Type"
254 * header field, and it contains the given mime `type`.
255 *
256 * Examples:
257 *
258 * // With Content-Type: text/html; charset=utf-8
259 * req.is('html');
260 * req.is('text/html');
261 * req.is('text/*');
262 * // => true
263 *
264 * // When Content-Type is application/json
265 * req.is('json');
266 * req.is('application/json');
267 * req.is('application/*');
268 * // => true
269 *
270 * req.is('html');
271 * // => false
272 *
273 * @param {String|Array} types...
274 * @return {String|false|null}
275 * @public
276 */
278 req.is = function is(types) {
279 var arr = types;
281 // support flattened arguments
282 if (!Array.isArray(types)) {
283 arr = new Array(arguments.length);
284 for (var i = 0; i < arr.length; i++) {
285 arr[i] = arguments[i];
286 }
287 }
289 return typeis(this, arr);
290 };
292 /**
293 * Return the protocol string "http" or "https"
294 * when requested with TLS. When the "trust proxy"
295 * setting trusts the socket address, the
296 * "X-Forwarded-Proto" header field will be trusted
297 * and used if present.
298 *
299 * If you're running behind a reverse proxy that
300 * supplies https for you this may be enabled.
301 *
302 * @return {String}
303 * @public
304 */
306 defineGetter(req, 'protocol', function protocol(){
307 var proto = this.connection.encrypted
308 ? 'https'
309 : 'http';
310 var trust = this.app.get('trust proxy fn');
312 if (!trust(this.connection.remoteAddress, 0)) {
313 return proto;
314 }
316 // Note: X-Forwarded-Proto is normally only ever a
317 // single value, but this is to be safe.
318 var header = this.get('X-Forwarded-Proto') || proto
319 var index = header.indexOf(',')
321 return index !== -1
322 ? header.substring(0, index).trim()
323 : header.trim()
324 });
326 /**
327 * Short-hand for:
328 *
329 * req.protocol === 'https'
330 *
331 * @return {Boolean}
332 * @public
333 */
335 defineGetter(req, 'secure', function secure(){
336 return this.protocol === 'https';
337 });
339 /**
340 * Return the remote address from the trusted proxy.
341 *
342 * The is the remote address on the socket unless
343 * "trust proxy" is set.
344 *
345 * @return {String}
346 * @public
347 */
349 defineGetter(req, 'ip', function ip(){
350 var trust = this.app.get('trust proxy fn');
351 return proxyaddr(this, trust);
352 });
354 /**
355 * When "trust proxy" is set, trusted proxy addresses + client.
356 *
357 * For example if the value were "client, proxy1, proxy2"
358 * you would receive the array `["client", "proxy1", "proxy2"]`
359 * where "proxy2" is the furthest down-stream and "proxy1" and
360 * "proxy2" were trusted.
361 *
362 * @return {Array}
363 * @public
364 */
366 defineGetter(req, 'ips', function ips() {
367 var trust = this.app.get('trust proxy fn');
368 var addrs = proxyaddr.all(this, trust);
370 // reverse the order (to farthest -> closest)
371 // and remove socket address
372 addrs.reverse().pop()
374 return addrs
375 });
377 /**
378 * Return subdomains as an array.
379 *
380 * Subdomains are the dot-separated parts of the host before the main domain of
381 * the app. By default, the domain of the app is assumed to be the last two
382 * parts of the host. This can be changed by setting "subdomain offset".
383 *
384 * For example, if the domain is "tobi.ferrets.example.com":
385 * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
386 * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
387 *
388 * @return {Array}
389 * @public
390 */
392 defineGetter(req, 'subdomains', function subdomains() {
393 var hostname = this.hostname;
395 if (!hostname) return [];
397 var offset = this.app.get('subdomain offset');
398 var subdomains = !isIP(hostname)
399 ? hostname.split('.').reverse()
400 : [hostname];
402 return subdomains.slice(offset);
403 });
405 /**
406 * Short-hand for `url.parse(req.url).pathname`.
407 *
408 * @return {String}
409 * @public
410 */
412 defineGetter(req, 'path', function path() {
413 return parse(this).pathname;
414 });
416 /**
417 * Parse the "Host" header field to a hostname.
418 *
419 * When the "trust proxy" setting trusts the socket
420 * address, the "X-Forwarded-Host" header field will
421 * be trusted.
422 *
423 * @return {String}
424 * @public
425 */
427 defineGetter(req, 'hostname', function hostname(){
428 var trust = this.app.get('trust proxy fn');
429 var host = this.get('X-Forwarded-Host');
431 if (!host || !trust(this.connection.remoteAddress, 0)) {
432 host = this.get('Host');
433 } else if (host.indexOf(',') !== -1) {
434 // Note: X-Forwarded-Host is normally only ever a
435 // single value, but this is to be safe.
436 host = host.substring(0, host.indexOf(',')).trimRight()
437 }
439 if (!host) return;
441 // IPv6 literal support
442 var offset = host[0] === '['
443 ? host.indexOf(']') + 1
444 : 0;
445 var index = host.indexOf(':', offset);
447 return index !== -1
448 ? host.substring(0, index)
449 : host;
450 });
452 // TODO: change req.host to return host in next major
454 defineGetter(req, 'host', deprecate.function(function host(){
455 return this.hostname;
456 }, 'req.host: Use req.hostname instead'));
458 /**
459 * Check if the request is fresh, aka
460 * Last-Modified and/or the ETag
461 * still match.
462 *
463 * @return {Boolean}
464 * @public
465 */
467 defineGetter(req, 'fresh', function(){
468 var method = this.method;
469 var res = this.res
470 var status = res.statusCode
472 // GET or HEAD for weak freshness validation only
473 if ('GET' !== method && 'HEAD' !== method) return false;
475 // 2xx or 304 as per rfc2616 14.26
476 if ((status >= 200 && status < 300) || 304 === status) {
477 return fresh(this.headers, {
478 'etag': res.get('ETag'),
479 'last-modified': res.get('Last-Modified')
480 })
481 }
483 return false;
484 });
486 /**
487 * Check if the request is stale, aka
488 * "Last-Modified" and / or the "ETag" for the
489 * resource has changed.
490 *
491 * @return {Boolean}
492 * @public
493 */
495 defineGetter(req, 'stale', function stale(){
496 return !this.fresh;
497 });
499 /**
500 * Check if the request was an _XMLHttpRequest_.
501 *
502 * @return {Boolean}
503 * @public
504 */
506 defineGetter(req, 'xhr', function xhr(){
507 var val = this.get('X-Requested-With') || '';
508 return val.toLowerCase() === 'xmlhttprequest';
509 });
511 /**
512 * Helper function for creating a getter on an object.
513 *
514 * @param {Object} obj
515 * @param {String} name
516 * @param {Function} getter
517 * @private
518 */
519 function defineGetter(obj, name, getter) {
520 Object.defineProperty(obj, name, {
521 configurable: true,
522 enumerable: true,
523 get: getter
524 });
525 }