|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673 |
- 'use strict';
- // rfc7231 6.1
- const statusCodeCacheableByDefault = new Set([
- 200,
- 203,
- 204,
- 206,
- 300,
- 301,
- 404,
- 405,
- 410,
- 414,
- 501,
- ]);
-
- // This implementation does not understand partial responses (206)
- const understoodStatuses = new Set([
- 200,
- 203,
- 204,
- 300,
- 301,
- 302,
- 303,
- 307,
- 308,
- 404,
- 405,
- 410,
- 414,
- 501,
- ]);
-
- const errorStatusCodes = new Set([
- 500,
- 502,
- 503,
- 504,
- ]);
-
- const hopByHopHeaders = {
- date: true, // included, because we add Age update Date
- connection: true,
- 'keep-alive': true,
- 'proxy-authenticate': true,
- 'proxy-authorization': true,
- te: true,
- trailer: true,
- 'transfer-encoding': true,
- upgrade: true,
- };
-
- const excludedFromRevalidationUpdate = {
- // Since the old body is reused, it doesn't make sense to change properties of the body
- 'content-length': true,
- 'content-encoding': true,
- 'transfer-encoding': true,
- 'content-range': true,
- };
-
- function toNumberOrZero(s) {
- const n = parseInt(s, 10);
- return isFinite(n) ? n : 0;
- }
-
- // RFC 5861
- function isErrorResponse(response) {
- // consider undefined response as faulty
- if(!response) {
- return true
- }
- return errorStatusCodes.has(response.status);
- }
-
- function parseCacheControl(header) {
- const cc = {};
- if (!header) return cc;
-
- // TODO: When there is more than one value present for a given directive (e.g., two Expires header fields, multiple Cache-Control: max-age directives),
- // the directive's value is considered invalid. Caches are encouraged to consider responses that have invalid freshness information to be stale
- const parts = header.trim().split(/\s*,\s*/); // TODO: lame parsing
- for (const part of parts) {
- const [k, v] = part.split(/\s*=\s*/, 2);
- cc[k] = v === undefined ? true : v.replace(/^"|"$/g, ''); // TODO: lame unquoting
- }
-
- return cc;
- }
-
- function formatCacheControl(cc) {
- let parts = [];
- for (const k in cc) {
- const v = cc[k];
- parts.push(v === true ? k : k + '=' + v);
- }
- if (!parts.length) {
- return undefined;
- }
- return parts.join(', ');
- }
-
- module.exports = class CachePolicy {
- constructor(
- req,
- res,
- {
- shared,
- cacheHeuristic,
- immutableMinTimeToLive,
- ignoreCargoCult,
- _fromObject,
- } = {}
- ) {
- if (_fromObject) {
- this._fromObject(_fromObject);
- return;
- }
-
- if (!res || !res.headers) {
- throw Error('Response headers missing');
- }
- this._assertRequestHasHeaders(req);
-
- this._responseTime = this.now();
- this._isShared = shared !== false;
- this._cacheHeuristic =
- undefined !== cacheHeuristic ? cacheHeuristic : 0.1; // 10% matches IE
- this._immutableMinTtl =
- undefined !== immutableMinTimeToLive
- ? immutableMinTimeToLive
- : 24 * 3600 * 1000;
-
- this._status = 'status' in res ? res.status : 200;
- this._resHeaders = res.headers;
- this._rescc = parseCacheControl(res.headers['cache-control']);
- this._method = 'method' in req ? req.method : 'GET';
- this._url = req.url;
- this._host = req.headers.host;
- this._noAuthorization = !req.headers.authorization;
- this._reqHeaders = res.headers.vary ? req.headers : null; // Don't keep all request headers if they won't be used
- this._reqcc = parseCacheControl(req.headers['cache-control']);
-
- // Assume that if someone uses legacy, non-standard uncecessary options they don't understand caching,
- // so there's no point stricly adhering to the blindly copy&pasted directives.
- if (
- ignoreCargoCult &&
- 'pre-check' in this._rescc &&
- 'post-check' in this._rescc
- ) {
- delete this._rescc['pre-check'];
- delete this._rescc['post-check'];
- delete this._rescc['no-cache'];
- delete this._rescc['no-store'];
- delete this._rescc['must-revalidate'];
- this._resHeaders = Object.assign({}, this._resHeaders, {
- 'cache-control': formatCacheControl(this._rescc),
- });
- delete this._resHeaders.expires;
- delete this._resHeaders.pragma;
- }
-
- // When the Cache-Control header field is not present in a request, caches MUST consider the no-cache request pragma-directive
- // as having the same effect as if "Cache-Control: no-cache" were present (see Section 5.2.1).
- if (
- res.headers['cache-control'] == null &&
- /no-cache/.test(res.headers.pragma)
- ) {
- this._rescc['no-cache'] = true;
- }
- }
-
- now() {
- return Date.now();
- }
-
- storable() {
- // The "no-store" request directive indicates that a cache MUST NOT store any part of either this request or any response to it.
- return !!(
- !this._reqcc['no-store'] &&
- // A cache MUST NOT store a response to any request, unless:
- // The request method is understood by the cache and defined as being cacheable, and
- ('GET' === this._method ||
- 'HEAD' === this._method ||
- ('POST' === this._method && this._hasExplicitExpiration())) &&
- // the response status code is understood by the cache, and
- understoodStatuses.has(this._status) &&
- // the "no-store" cache directive does not appear in request or response header fields, and
- !this._rescc['no-store'] &&
- // the "private" response directive does not appear in the response, if the cache is shared, and
- (!this._isShared || !this._rescc.private) &&
- // the Authorization header field does not appear in the request, if the cache is shared,
- (!this._isShared ||
- this._noAuthorization ||
- this._allowsStoringAuthenticated()) &&
- // the response either:
- // contains an Expires header field, or
- (this._resHeaders.expires ||
- // contains a max-age response directive, or
- // contains a s-maxage response directive and the cache is shared, or
- // contains a public response directive.
- this._rescc['max-age'] ||
- (this._isShared && this._rescc['s-maxage']) ||
- this._rescc.public ||
- // has a status code that is defined as cacheable by default
- statusCodeCacheableByDefault.has(this._status))
- );
- }
-
- _hasExplicitExpiration() {
- // 4.2.1 Calculating Freshness Lifetime
- return (
- (this._isShared && this._rescc['s-maxage']) ||
- this._rescc['max-age'] ||
- this._resHeaders.expires
- );
- }
-
- _assertRequestHasHeaders(req) {
- if (!req || !req.headers) {
- throw Error('Request headers missing');
- }
- }
-
- satisfiesWithoutRevalidation(req) {
- this._assertRequestHasHeaders(req);
-
- // When presented with a request, a cache MUST NOT reuse a stored response, unless:
- // the presented request does not contain the no-cache pragma (Section 5.4), nor the no-cache cache directive,
- // unless the stored response is successfully validated (Section 4.3), and
- const requestCC = parseCacheControl(req.headers['cache-control']);
- if (requestCC['no-cache'] || /no-cache/.test(req.headers.pragma)) {
- return false;
- }
-
- if (requestCC['max-age'] && this.age() > requestCC['max-age']) {
- return false;
- }
-
- if (
- requestCC['min-fresh'] &&
- this.timeToLive() < 1000 * requestCC['min-fresh']
- ) {
- return false;
- }
-
- // the stored response is either:
- // fresh, or allowed to be served stale
- if (this.stale()) {
- const allowsStale =
- requestCC['max-stale'] &&
- !this._rescc['must-revalidate'] &&
- (true === requestCC['max-stale'] ||
- requestCC['max-stale'] > this.age() - this.maxAge());
- if (!allowsStale) {
- return false;
- }
- }
-
- return this._requestMatches(req, false);
- }
-
- _requestMatches(req, allowHeadMethod) {
- // The presented effective request URI and that of the stored response match, and
- return (
- (!this._url || this._url === req.url) &&
- this._host === req.headers.host &&
- // the request method associated with the stored response allows it to be used for the presented request, and
- (!req.method ||
- this._method === req.method ||
- (allowHeadMethod && 'HEAD' === req.method)) &&
- // selecting header fields nominated by the stored response (if any) match those presented, and
- this._varyMatches(req)
- );
- }
-
- _allowsStoringAuthenticated() {
- // following Cache-Control response directives (Section 5.2.2) have such an effect: must-revalidate, public, and s-maxage.
- return (
- this._rescc['must-revalidate'] ||
- this._rescc.public ||
- this._rescc['s-maxage']
- );
- }
-
- _varyMatches(req) {
- if (!this._resHeaders.vary) {
- return true;
- }
-
- // A Vary header field-value of "*" always fails to match
- if (this._resHeaders.vary === '*') {
- return false;
- }
-
- const fields = this._resHeaders.vary
- .trim()
- .toLowerCase()
- .split(/\s*,\s*/);
- for (const name of fields) {
- if (req.headers[name] !== this._reqHeaders[name]) return false;
- }
- return true;
- }
-
- _copyWithoutHopByHopHeaders(inHeaders) {
- const headers = {};
- for (const name in inHeaders) {
- if (hopByHopHeaders[name]) continue;
- headers[name] = inHeaders[name];
- }
- // 9.1. Connection
- if (inHeaders.connection) {
- const tokens = inHeaders.connection.trim().split(/\s*,\s*/);
- for (const name of tokens) {
- delete headers[name];
- }
- }
- if (headers.warning) {
- const warnings = headers.warning.split(/,/).filter(warning => {
- return !/^\s*1[0-9][0-9]/.test(warning);
- });
- if (!warnings.length) {
- delete headers.warning;
- } else {
- headers.warning = warnings.join(',').trim();
- }
- }
- return headers;
- }
-
- responseHeaders() {
- const headers = this._copyWithoutHopByHopHeaders(this._resHeaders);
- const age = this.age();
-
- // A cache SHOULD generate 113 warning if it heuristically chose a freshness
- // lifetime greater than 24 hours and the response's age is greater than 24 hours.
- if (
- age > 3600 * 24 &&
- !this._hasExplicitExpiration() &&
- this.maxAge() > 3600 * 24
- ) {
- headers.warning =
- (headers.warning ? `${headers.warning}, ` : '') +
- '113 - "rfc7234 5.5.4"';
- }
- headers.age = `${Math.round(age)}`;
- headers.date = new Date(this.now()).toUTCString();
- return headers;
- }
-
- /**
- * Value of the Date response header or current time if Date was invalid
- * @return timestamp
- */
- date() {
- const serverDate = Date.parse(this._resHeaders.date);
- if (isFinite(serverDate)) {
- return serverDate;
- }
- return this._responseTime;
- }
-
- /**
- * Value of the Age header, in seconds, updated for the current time.
- * May be fractional.
- *
- * @return Number
- */
- age() {
- let age = this._ageValue();
-
- const residentTime = (this.now() - this._responseTime) / 1000;
- return age + residentTime;
- }
-
- _ageValue() {
- return toNumberOrZero(this._resHeaders.age);
- }
-
- /**
- * Value of applicable max-age (or heuristic equivalent) in seconds. This counts since response's `Date`.
- *
- * For an up-to-date value, see `timeToLive()`.
- *
- * @return Number
- */
- maxAge() {
- if (!this.storable() || this._rescc['no-cache']) {
- return 0;
- }
-
- // Shared responses with cookies are cacheable according to the RFC, but IMHO it'd be unwise to do so by default
- // so this implementation requires explicit opt-in via public header
- if (
- this._isShared &&
- (this._resHeaders['set-cookie'] &&
- !this._rescc.public &&
- !this._rescc.immutable)
- ) {
- return 0;
- }
-
- if (this._resHeaders.vary === '*') {
- return 0;
- }
-
- if (this._isShared) {
- if (this._rescc['proxy-revalidate']) {
- return 0;
- }
- // if a response includes the s-maxage directive, a shared cache recipient MUST ignore the Expires field.
- if (this._rescc['s-maxage']) {
- return toNumberOrZero(this._rescc['s-maxage']);
- }
- }
-
- // If a response includes a Cache-Control field with the max-age directive, a recipient MUST ignore the Expires field.
- if (this._rescc['max-age']) {
- return toNumberOrZero(this._rescc['max-age']);
- }
-
- const defaultMinTtl = this._rescc.immutable ? this._immutableMinTtl : 0;
-
- const serverDate = this.date();
- if (this._resHeaders.expires) {
- const expires = Date.parse(this._resHeaders.expires);
- // A cache recipient MUST interpret invalid date formats, especially the value "0", as representing a time in the past (i.e., "already expired").
- if (Number.isNaN(expires) || expires < serverDate) {
- return 0;
- }
- return Math.max(defaultMinTtl, (expires - serverDate) / 1000);
- }
-
- if (this._resHeaders['last-modified']) {
- const lastModified = Date.parse(this._resHeaders['last-modified']);
- if (isFinite(lastModified) && serverDate > lastModified) {
- return Math.max(
- defaultMinTtl,
- ((serverDate - lastModified) / 1000) * this._cacheHeuristic
- );
- }
- }
-
- return defaultMinTtl;
- }
-
- timeToLive() {
- const age = this.maxAge() - this.age();
- const staleIfErrorAge = age + toNumberOrZero(this._rescc['stale-if-error']);
- const staleWhileRevalidateAge = age + toNumberOrZero(this._rescc['stale-while-revalidate']);
- return Math.max(0, age, staleIfErrorAge, staleWhileRevalidateAge) * 1000;
- }
-
- stale() {
- return this.maxAge() <= this.age();
- }
-
- _useStaleIfError() {
- return this.maxAge() + toNumberOrZero(this._rescc['stale-if-error']) > this.age();
- }
-
- useStaleWhileRevalidate() {
- return this.maxAge() + toNumberOrZero(this._rescc['stale-while-revalidate']) > this.age();
- }
-
- static fromObject(obj) {
- return new this(undefined, undefined, { _fromObject: obj });
- }
-
- _fromObject(obj) {
- if (this._responseTime) throw Error('Reinitialized');
- if (!obj || obj.v !== 1) throw Error('Invalid serialization');
-
- this._responseTime = obj.t;
- this._isShared = obj.sh;
- this._cacheHeuristic = obj.ch;
- this._immutableMinTtl =
- obj.imm !== undefined ? obj.imm : 24 * 3600 * 1000;
- this._status = obj.st;
- this._resHeaders = obj.resh;
- this._rescc = obj.rescc;
- this._method = obj.m;
- this._url = obj.u;
- this._host = obj.h;
- this._noAuthorization = obj.a;
- this._reqHeaders = obj.reqh;
- this._reqcc = obj.reqcc;
- }
-
- toObject() {
- return {
- v: 1,
- t: this._responseTime,
- sh: this._isShared,
- ch: this._cacheHeuristic,
- imm: this._immutableMinTtl,
- st: this._status,
- resh: this._resHeaders,
- rescc: this._rescc,
- m: this._method,
- u: this._url,
- h: this._host,
- a: this._noAuthorization,
- reqh: this._reqHeaders,
- reqcc: this._reqcc,
- };
- }
-
- /**
- * Headers for sending to the origin server to revalidate stale response.
- * Allows server to return 304 to allow reuse of the previous response.
- *
- * Hop by hop headers are always stripped.
- * Revalidation headers may be added or removed, depending on request.
- */
- revalidationHeaders(incomingReq) {
- this._assertRequestHasHeaders(incomingReq);
- const headers = this._copyWithoutHopByHopHeaders(incomingReq.headers);
-
- // This implementation does not understand range requests
- delete headers['if-range'];
-
- if (!this._requestMatches(incomingReq, true) || !this.storable()) {
- // revalidation allowed via HEAD
- // not for the same resource, or wasn't allowed to be cached anyway
- delete headers['if-none-match'];
- delete headers['if-modified-since'];
- return headers;
- }
-
- /* MUST send that entity-tag in any cache validation request (using If-Match or If-None-Match) if an entity-tag has been provided by the origin server. */
- if (this._resHeaders.etag) {
- headers['if-none-match'] = headers['if-none-match']
- ? `${headers['if-none-match']}, ${this._resHeaders.etag}`
- : this._resHeaders.etag;
- }
-
- // Clients MAY issue simple (non-subrange) GET requests with either weak validators or strong validators. Clients MUST NOT use weak validators in other forms of request.
- const forbidsWeakValidators =
- headers['accept-ranges'] ||
- headers['if-match'] ||
- headers['if-unmodified-since'] ||
- (this._method && this._method != 'GET');
-
- /* SHOULD send the Last-Modified value in non-subrange cache validation requests (using If-Modified-Since) if only a Last-Modified value has been provided by the origin server.
- Note: This implementation does not understand partial responses (206) */
- if (forbidsWeakValidators) {
- delete headers['if-modified-since'];
-
- if (headers['if-none-match']) {
- const etags = headers['if-none-match']
- .split(/,/)
- .filter(etag => {
- return !/^\s*W\//.test(etag);
- });
- if (!etags.length) {
- delete headers['if-none-match'];
- } else {
- headers['if-none-match'] = etags.join(',').trim();
- }
- }
- } else if (
- this._resHeaders['last-modified'] &&
- !headers['if-modified-since']
- ) {
- headers['if-modified-since'] = this._resHeaders['last-modified'];
- }
-
- return headers;
- }
-
- /**
- * Creates new CachePolicy with information combined from the previews response,
- * and the new revalidation response.
- *
- * Returns {policy, modified} where modified is a boolean indicating
- * whether the response body has been modified, and old cached body can't be used.
- *
- * @return {Object} {policy: CachePolicy, modified: Boolean}
- */
- revalidatedPolicy(request, response) {
- this._assertRequestHasHeaders(request);
- if(this._useStaleIfError() && isErrorResponse(response)) { // I consider the revalidation request unsuccessful
- return {
- modified: false,
- matches: false,
- policy: this,
- };
- }
- if (!response || !response.headers) {
- throw Error('Response headers missing');
- }
-
- // These aren't going to be supported exactly, since one CachePolicy object
- // doesn't know about all the other cached objects.
- let matches = false;
- if (response.status !== undefined && response.status != 304) {
- matches = false;
- } else if (
- response.headers.etag &&
- !/^\s*W\//.test(response.headers.etag)
- ) {
- // "All of the stored responses with the same strong validator are selected.
- // If none of the stored responses contain the same strong validator,
- // then the cache MUST NOT use the new response to update any stored responses."
- matches =
- this._resHeaders.etag &&
- this._resHeaders.etag.replace(/^\s*W\//, '') ===
- response.headers.etag;
- } else if (this._resHeaders.etag && response.headers.etag) {
- // "If the new response contains a weak validator and that validator corresponds
- // to one of the cache's stored responses,
- // then the most recent of those matching stored responses is selected for update."
- matches =
- this._resHeaders.etag.replace(/^\s*W\//, '') ===
- response.headers.etag.replace(/^\s*W\//, '');
- } else if (this._resHeaders['last-modified']) {
- matches =
- this._resHeaders['last-modified'] ===
- response.headers['last-modified'];
- } else {
- // If the new response does not include any form of validator (such as in the case where
- // a client generates an If-Modified-Since request from a source other than the Last-Modified
- // response header field), and there is only one stored response, and that stored response also
- // lacks a validator, then that stored response is selected for update.
- if (
- !this._resHeaders.etag &&
- !this._resHeaders['last-modified'] &&
- !response.headers.etag &&
- !response.headers['last-modified']
- ) {
- matches = true;
- }
- }
-
- if (!matches) {
- return {
- policy: new this.constructor(request, response),
- // Client receiving 304 without body, even if it's invalid/mismatched has no option
- // but to reuse a cached body. We don't have a good way to tell clients to do
- // error recovery in such case.
- modified: response.status != 304,
- matches: false,
- };
- }
-
- // use other header fields provided in the 304 (Not Modified) response to replace all instances
- // of the corresponding header fields in the stored response.
- const headers = {};
- for (const k in this._resHeaders) {
- headers[k] =
- k in response.headers && !excludedFromRevalidationUpdate[k]
- ? response.headers[k]
- : this._resHeaders[k];
- }
-
- const newResponse = Object.assign({}, response, {
- status: this._status,
- method: this._method,
- headers,
- });
- return {
- policy: new this.constructor(request, newResponse, {
- shared: this._isShared,
- cacheHeuristic: this._cacheHeuristic,
- immutableMinTimeToLive: this._immutableMinTtl,
- }),
- modified: false,
- matches: true,
- };
- }
- };
|