lwsjs / rewrite Goto Github PK

Rewrite rules having no parameters, automatically applied to every path (even to the non-matching ones.)

The problem is in getTargetUrl function of util.js.

The toUrl is automatically set to the to parameter, and will be returned even if the path doesn't match. For non-matching paths the intact url parameter should be returned instead.

function getTargetUrl (from, to, url) {
  const { pathToRegexp } = require('path-to-regexp')
  const fromParams = []
  const re = pathToRegexp(from, fromParams)
  const fromMatches = re.exec(url)
  let toUrl = to // <--------- it should be 'url' if 'fromMatches' is undefined

  for (const [index, fromParam] of fromParams.entries()) {
    if (fromMatches && fromMatches[index + 1]) {
      fromParam.value = fromMatches[index + 1]
    }
  }

  /* replace named params */
  for (const fromParam of fromParams) {
    if (typeof fromParam.name === 'string') {
      if (fromParam.value) {
        toUrl = toUrl.replace(new RegExp(`:${fromParam.name}`, 'g'), fromParam.value)
      } else {
        toUrl = url
      }
    }
  }

  /* replace positional params */
  for (const fromParam of fromParams) {
    if (typeof fromParam.name !== 'string') {
      toUrl = url.replace(re, toUrl)
    }
  }

  return toUrl
}

I would need something like optiona/conditional rewrites. That could be similar as the spa conditionals --spa.asset-test-fs by checking if a file is available in the fs, then serve it, otherwise rewrite the request.

When we rewrite URL that has a response to set a cookie (i.e. response has set-cookie header), sometimes, the response will specify to set the cookie in the remote domain, hence locally, the expected cookie isn't present.

This feature request is similar to cookieDomainRewrite option use case at node-http-proxy library (more details at its PR). I hope you could consider it. Thanks for your time 😁

The plugin has code:

/* On insecure connections, remove `secure` attribute from remote cookies */
const setCookies = remoteRes.headers['set-cookie']
if (!ctx.req.socket.encrypted && !lws.config.rewriteKeepSecureAttr && setCookies && setCookies.length) {
  const cookies = setCookies.map(c => util.removeCookieAttribute(c, 'secure'))
  remoteRes.headers['set-cookie'] = cookies
}

If secure attribute is removed but there is "SameSite=None" a browser rejects cookie, breaking all login pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie for exact error message in a browser DevTools:

Cookie "myCookie" rejected because it has the "SameSite=None" attribute but is missing the "secure" attribute.
This Set-Cookie was blocked because it had the "SameSite=None" attribute but did not have the "Secure" attribute, which is required in order to use "SameSite=None".

Consider removing SameSite=None together with secure. Other values of SameSite are safe without secure.

11:45:29 AM: Middleware error
Error: Cannot find module 'req-then'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:582:15)
at Function.Module._load (internal/modules/cjs/loader.js:508:25)
at Module.require (internal/modules/cjs/loader.js:637:17)
at require (internal/modules/cjs/helpers.js:22:18)
at Promise (node_modules\local-web-server\node_modules\lws-rewrite\index.js:113:25)
at process._tickCallback (internal/process/next_tick.js:68:7)

Hello, I think I already know the answer to this after a brief play with cli, and a quick look through the code, but it never hurts to ask.

npx lws-rewrite "https://a.mydomain.com/(.+)" "http://localhost:8081/a/$1" "https://a.mydomain.com/test"

I was hoping to see

http://localhost:8081/a/test

but I was greeted with the lovely error message of

C:\WINDOWS\system32>npx lws-rewrite "https://a.mydomain.com/(.+)" "http://localhost:8081/a/$1" "https://a.mydomain.com/test"
C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\node_modules\path-to-regexp\dist\index.js:48
                throw new TypeError("Missing parameter name at ".concat(i));
                ^

TypeError: Missing parameter name at 5
    at lexer (C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\node_modules\path-to-regexp\dist\index.js:48:23)
    at parse (C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\node_modules\path-to-regexp\dist\index.js:98:18)
    at stringToRegexp (C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\node_modules\path-to-regexp\dist\index.js:329:27)
    at pathToRegexp (C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\node_modules\path-to-regexp\dist\index.js:407:12)
    at Object.getTargetUrl (C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\lib\util.js:21:14)
    at Object.<anonymous> (C:\Users\CRichardson\AppData\Roaming\nvm\v19.6.0\node_modules\lws-rewrite\bin\cli.js:9:20)
    at Module._compile (node:internal/modules/cjs/loader:1246:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1300:10)
    at Module.load (node:internal/modules/cjs/loader:1103:32)
    at Module._load (node:internal/modules/cjs/loader:942:12)

Node.js v19.6.0

So, yes, I can see by the examples, you guys are expecting first and third params to be the path from server, and not a path including server..

But You never know, there could be some secret option I was not able to find, so thought best to ask.

When installing lws-rewrite via local-web-server NPM reports a high severity vulnerability in https-proxy-agent that is fixed in v3.x. Details about the securty issue: https://npmjs.com/advisories/1184

Would it be possible to upgrade to v3? Thanks!

I would like to proxy websocket connections. I looked at the code and I think it would be possible. Here is some documentation from https-proxy-agent. I am happy to have a go at implementing this. Would love any guidance or suggestions.

Hello,
I'm trying to use local-web-server for serving a documentation for a CSS framework.
My directory tree looks like that :

/
  dist/
    style.css
  public/
    index.html

The public folder contains the HTML documentation. In order to work well it needs files that are built in the dist folder. Those are the built files of the CSS framework.

I've tried to declare a rewrite like that :

ws -d public  --rewrite '/dist/(.*) -> ../dist/$1'

But I get 403 in the browser and a Middleware error in the shell :

13:51:19: Middleware error
ForbiddenError: Forbidden
    at resolvePath (/home/vprothais/dev/oneI/node_modules/resolve-path/index.js:83:11)
    at send (/home/vprothais/dev/oneI/node_modules/koa-send/index.js:81:10)
    at serve (/home/vprothais/dev/oneI/node_modules/koa-static/index.js:44:24)
    at dispatch (/home/vprothais/dev/oneI/node_modules/koa-compose/index.js:42:32)
    at module.exports (/home/vprothais/dev/oneI/node_modules/koa-range/index.js:11:12)
    at dispatch (/home/vprothais/dev/oneI/node_modules/koa-compose/index.js:42:32)
    at etag (/home/vprothais/dev/oneI/node_modules/koa-etag/index.js:26:12)
    at dispatch (/home/vprothais/dev/oneI/node_modules/koa-compose/index.js:42:32)
    at conditional (/home/vprothais/dev/oneI/node_modules/koa-conditional-get/index.js:19:12)
    at dispatch (/home/vprothais/dev/oneI/node_modules/koa-compose/index.js:42:32)

It's probably for security reason.
I frequently use Apache aliases for folder outside of the root directory. I assumed it would work here.
Do I missed something with the configuration ?

Thank you for your help !

Please see lwsjs/local-web-server#128.