Merge branch 'master' into qr

Author: HARDY8118

.eslintrc.json

@@ -0,0 +1,11 @@
+{
+  "extends": "eslint-config-populist",
+  "rules": {
+    "strict": "warn",
+    "indent": ["warn", 2],
+    "valid-jsdoc": "warn",
+    "no-undefined": "warn",
+    "comma-dangle": "warn",
+    "callback-return": ["warn", ["next"]]
+  }
+}

README.md

@@ -104,6 +104,15 @@ Then you need to run the server with `-S` for enabling SSL and `-C` for your cer
 http-server -S -C cert.pem
 ```
 
+If you wish to use a passphrase with your private key you can include one in the openssl command via the -passout parameter (using password of foobar)
+
+
+e.g.
+`openssl req -newkey rsa:2048 -passout pass:foobar -keyout key.pem -x509 -days 365 -out cert.pem`
+
+For security reasons, the passphrase will only be read from the `NODE_HTTP_SERVER_SSL_PASSPHRASE` environment variable.
+
+
 This is what should be output if successful:
 
 ``` sh

bin/http-server

@@ -66,13 +66,14 @@ if (argv.h || argv.help) {
 }
 
 var port = argv.p || argv.port || parseInt(process.env.PORT, 10),
-  host = argv.a || '0.0.0.0',
-  tls = argv.S || argv.tls,
-  proxy = argv.P || argv.proxy,
-  proxyOptions = argv['proxy-options'],
-  utc = argv.U || argv.utc,
-  version = argv.v || argv.version,
-  logger;
+    host = argv.a || '0.0.0.0',
+    tls = argv.S || argv.tls,
+    sslPassphrase = process.env.NODE_HTTP_SERVER_SSL_PASSPHRASE,
+    proxy = argv.P || argv.proxy,
+    proxyOptions = argv['proxy-options'],
+    utc = argv.U || argv.utc,
+    version = argv.v || argv.version,
+    logger;
 
 var proxyOptionsBooleanProps = [
   'ws', 'xfwd', 'secure', 'toProxy', 'prependPath', 'ignorePath', 'changeOrigin',
@@ -176,7 +177,8 @@ function listen(port) {
   if (tls) {
     options.https = {
       cert: argv.C || argv.cert || 'cert.pem',
-      key: argv.K || argv.key || 'key.pem'
+      key: argv.K || argv.key || 'key.pem',
+      passphrase: sslPassphrase,
     };
     try {
       fs.lstatSync(options.https.cert);

doc/http-server.1

@@ -114,6 +114,7 @@ If not specified, uses cert.pem.
 .BI \-K ", " \-\-key " " [\fIFILE\fR]
 Path to SSL key file.
 If not specified, uses key.pem.
+Passphrase will be read from NODE_HTTP_SERVER_SSL_PASSPHRASE (if set)
 
 .TP
 .BI \-\-qr\-code

lib/core/index.js

@@ -228,7 +228,6 @@ module.exports = function createMiddleware(_dir, _options) {
       // and brotli special case.
       const defaultType = opts.contentType || 'application/octet-stream';
       let contentType = mime.lookup(file, defaultType);
-      let charSet;
       const range = (req.headers && req.headers.range);
       const lastModified = (new Date(stat.mtime)).toUTCString();
       const etag = generateEtag(stat, weakEtags);

lib/core/show-dir/last-modified-to-string.js

@@ -2,9 +2,9 @@
 
 module.exports = function lastModifiedToString(stat) {
   const t = new Date(stat.mtime);
-  return (("0" + (t.getDate())).slice(-2) + '-' +
-          t.toLocaleString('default', { month: 'short' }) + '-' + 
+  return (('0' + (t.getDate())).slice(-2) + '-' +
+          t.toLocaleString('default', { month: 'short' }) + '-' +
           t.getFullYear() + ' ' +
-          ("0" + t.getHours()).slice(-2) + ':' +
-          ("0" + t.getMinutes()).slice(-2));
+          ('0' + t.getHours()).slice(-2) + ':' +
+          ('0' + t.getMinutes()).slice(-2));
 };

lib/http-server.js

@@ -1,13 +1,12 @@
 'use strict';
 
 var fs = require('fs'),
-    union = require('union'),
-    httpServerCore = require('./core'),
-    auth = require('basic-auth'),
-    httpProxy = require('http-proxy'),
-    corser = require('corser'),
-    path = require('path'),
-    secureCompare = require('secure-compare');
+  union = require('union'),
+  httpServerCore = require('./core'),
+  auth = require('basic-auth'),
+  httpProxy = require('http-proxy'),
+  corser = require('corser'),
+  secureCompare = require('secure-compare');
 
 //
 // Remark: backwards compatibility for previous
@@ -35,10 +34,10 @@ function HttpServer(options) {
     this.root = options.root;
   } else {
     try {
+      // eslint-disable-next-line no-sync
       fs.lstatSync('./public');
       this.root = './public';
-    }
-    catch (err) {
+    } catch (err) {
       this.root = './';
     }
   }
@@ -47,11 +46,12 @@ function HttpServer(options) {
   this.headers['Accept-Ranges'] = 'bytes';
 
   this.cache = (
+    // eslint-disable-next-line no-nested-ternary
     options.cache === undefined ? 3600 :
     // -1 is a special case to turn off caching.
     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#Preventing_caching
-    options.cache === -1 ? 'no-cache, no-store, must-revalidate' :
-    options.cache // in seconds.
+      options.cache === -1 ? 'no-cache, no-store, must-revalidate' :
+        options.cache // in seconds.
   );
   this.showDir = options.showDir !== 'false';
   this.autoIndex = options.autoIndex !== 'false';
@@ -103,7 +103,7 @@ function HttpServer(options) {
     this.headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Range';
     if (options.corsHeaders) {
       options.corsHeaders.split(/\s*,\s*/)
-          .forEach(function (h) { this.headers['Access-Control-Allow-Headers'] += ', ' + h; }, this);
+        .forEach(function (h) { this.headers['Access-Control-Allow-Headers'] += ', ' + h; }, this);
     }
     before.push(corser.create(options.corsHeaders ? {
       requestHeaders: this.headers['Access-Control-Allow-Headers'].split(/\s*,\s*/)
@@ -146,7 +146,7 @@ function HttpServer(options) {
       proxy.web(req, res, {
         target: options.proxy,
         changeOrigin: true
-      }, function (err, req, res, target) {
+      }, function (err, req, res) {
         if (options.logFn) {
           options.logFn(req, res, {
             message: err.message,
@@ -173,7 +173,11 @@ function HttpServer(options) {
     serverOptions.https = options.https;
   }
 
-  this.server = union.createServer(serverOptions);
+  this.server = serverOptions.https && serverOptions.https.passphrase
+    // if passphrase is set, shim must be used as union does not support
+    ? require('./shims/https-server-shim')(serverOptions)
+    : union.createServer(serverOptions);
+
   if (options.timeout !== undefined) {
     this.server.setTimeout(options.timeout);
   }

lib/shims/https-server-shim.js

@@ -0,0 +1,67 @@
+/* eslint-disable no-process-env */
+/* eslint-disable no-sync */
+var https = require('https');
+var fs = require('fs');
+var core = require('union/lib/core');
+var RoutingStream = require('union/lib/routing-stream');
+
+module.exports = function (options) {
+  var isArray = Array.isArray(options.after);
+  var credentials;
+
+  if (!options) {
+    throw new Error('options is required to create a server');
+  }
+
+  function requestHandler(req, res) {
+    var routingStream = new RoutingStream({
+      before: options.before,
+      buffer: options.buffer,
+      after:
+        isArray &&
+        options.after.map(function (After) {
+          return new After();
+        }),
+      request: req,
+      response: res,
+      limit: options.limit,
+      headers: options.headers
+    });
+
+    routingStream.on('error', function (err) {
+      var fn = options.onError || core.errorHandler;
+      fn(err, routingStream, routingStream.target, function () {
+        routingStream.target.emit('next');
+      });
+    });
+
+    req.pipe(routingStream);
+  }
+
+  var serverOptions;
+
+  serverOptions = options.https;
+  if (!serverOptions.key || !serverOptions.cert) {
+    throw new Error(
+      'Both options key and cert are required.'
+    );
+  }
+
+  credentials = {
+    key: fs.readFileSync(serverOptions.key),
+    cert: fs.readFileSync(serverOptions.cert),
+    passphrase: process.env.NODE_HTTP_SERVER_SSL_PASSPHRASE
+  };
+
+  if (serverOptions.ca) {
+    serverOptions.ca = !Array.isArray(serverOptions.ca)
+      ? [serverOptions.ca]
+      : serverOptions.ca;
+
+    credentials.ca = serverOptions.ca.map(function (ca) {
+      return fs.readFileSync(ca);
+    });
+  }
+
+  return https.createServer(credentials, requestHandler);
+};