import { BareResponseFetch } from "@mercuryworkshop/bare-mux"; import IDBMap from "@webreflection/idb-map"; import { ParseResultType } from "parse-domain"; import { MessageW2C, ScramjetServiceWorker } from "."; import { renderError } from "./error"; import { FakeServiceWorker } from "./fakesw"; import { CookieStore } from "../shared/cookie"; const { encodeUrl, decodeUrl } = self.$scramjet.shared.url; const { rewriteHeaders, rewriteHtml, rewriteJs, rewriteCss, rewriteWorkers } = self.$scramjet.shared.rewrite; const { parseDomain, ScramjetHeaders } = self.$scramjet.shared.util; export async function swfetch( this: ScramjetServiceWorker, { request, clientId }: FetchEvent ) { if (new URL(request.url).pathname.startsWith("/scramjet/worker")) { const dataurl = new URL(request.url).searchParams.get("data"); const res = await fetch(dataurl); const ab = await res.arrayBuffer(); const origin = new URL( decodeURIComponent(new URL(request.url).searchParams.get("origin")) ); const rewritten = rewriteWorkers(ab, new URL(origin)); return new Response(rewritten, { headers: { "Content-Type": "application/javascript", }, }); } const client = await self.clients.get(clientId); const urlParam = new URLSearchParams(new URL(request.url).search); if (urlParam.has("url")) { return Response.redirect( encodeUrl(urlParam.get("url"), new URL(urlParam.get("url"))) ); } try { const requesturl = new URL(request.url); let workertype = ""; if (requesturl.searchParams.has("type")) { workertype = requesturl.searchParams.get("type") as string; requesturl.searchParams.delete("type"); } if (requesturl.searchParams.has("dest")) { requesturl.searchParams.delete("dest"); } const url = new URL(decodeUrl(requesturl)); const activeWorker: FakeServiceWorker | null = this.serviceWorkers.find( (w) => w.origin === url.origin ); if ( activeWorker && activeWorker.connected && urlParam.get("from") !== "swruntime" ) { // TODO: check scope const r = await activeWorker.fetch(request); if (r) return r; } if (url.origin == new URL(request.url).origin) { throw new Error( "attempted to fetch from same origin - this means the site has obtained a reference to the real origin, aborting" ); } const headers = new ScramjetHeaders(); for (const [key, value] of request.headers.entries()) { headers.set(key, value); } if ( client && new URL(client.url).pathname.startsWith(self.$scramjet.config.prefix) ) { // TODO: i was against cors emulation but we might actually break stuff if we send full origin/referrer always let url = new URL(decodeUrl(client.url)); headers.set("Referer", url.toString()); headers.set("Origin", url.origin); } const cookies = this.cookieStore.getCookies(url, false); if (cookies.length) { headers.set("Cookie", cookies); } // TODO this is wrong somehow headers.set("Sec-Fetch-Mode", "cors"); headers.set("Sec-Fetch-Site", "same-origin"); headers.set("Sec-Fetch-Dest", "empty"); const response: BareResponseFetch = await this.client.fetch(url, { method: request.method, body: request.body, headers: headers.headers, credentials: "omit", mode: request.mode === "cors" ? request.mode : "same-origin", cache: request.cache, redirect: "manual", //@ts-ignore why the fuck is this not typed mircosoft duplex: "half", }); return await handleResponse( url, workertype, request.destination, response, this.cookieStore, client ); } catch (err) { console.error("ERROR FROM SERVICE WORKER FETCH", err); if (!["document", "iframe"].includes(request.destination)) return new Response(undefined, { status: 500 }); return renderError(err, decodeUrl(request.url)); } } async function handleResponse( url: URL, workertype: string, destination: RequestDestination, response: BareResponseFetch, cookieStore: CookieStore, client: Client ): Promise { let responseBody: string | ArrayBuffer | ReadableStream; const responseHeaders = rewriteHeaders(response.rawHeaders, url); let maybeHeaders = responseHeaders["set-cookie"] || []; for (const cookie in maybeHeaders) { if (client) client.postMessage({ scramjet$type: "cookie", cookie, url: url.href, } as MessageW2C); } await cookieStore.setCookies( maybeHeaders instanceof Array ? maybeHeaders : [maybeHeaders], url ); for (const header in responseHeaders) { // flatten everything past here if (Array.isArray(responseHeaders[header])) responseHeaders[header] = responseHeaders[header][0]; } if (response.body) { switch (destination) { case "iframe": case "document": if (responseHeaders["content-type"]?.startsWith("text/html")) { responseBody = rewriteHtml( await response.text(), cookieStore, url, true ); } else { responseBody = response.body; } break; case "script": responseBody = rewriteJs(await response.arrayBuffer(), url); // Disable threading for now, it's causing issues. // responseBody = await this.threadpool.rewriteJs(await responseBody.arrayBuffer(), url.toString()); break; case "style": responseBody = rewriteCss(await response.text(), url); break; case "sharedworker": case "worker": responseBody = rewriteWorkers(await response.arrayBuffer(), url); break; default: responseBody = response.body; break; } } // downloads if (["document", "iframe"].includes(destination)) { const header = responseHeaders["content-disposition"]; // validate header and test for filename if (!/\s*?((inline|attachment);\s*?)filename=/i.test(header)) { // if filename= wasn"t specified then maybe the remote specified to download this as an attachment? // if it"s invalid then we can still possibly test for the attachment/inline type const type = /^\s*?attachment/i.test(header) ? "attachment" : "inline"; // set the filename const [filename] = new URL(response.finalURL).pathname .split("/") .slice(-1); responseHeaders["content-disposition"] = `${type}; filename=${JSON.stringify(filename)}`; } } if (responseHeaders["accept"] === "text/event-stream") { responseHeaders["content-type"] = "text/event-stream"; } // scramjet runtime can use features that permissions-policy blocks delete responseHeaders["permissions-policy"]; if (crossOriginIsolated) { responseHeaders["Cross-Origin-Embedder-Policy"] = "require-corp"; } return new Response(responseBody, { headers: responseHeaders as HeadersInit, status: response.status, statusText: response.statusText, }); }