Breaking change

Author: billiegoose

index.js

@@ -24,23 +24,42 @@ const cors = require('micro-cors')({allowHeaders})
 const fetch = require('node-fetch')
 
 async function service (req, res) {
-  let q = url.parse(req.url, true).query
-  if (!q.href) {
+  let p = url.parse(req.url, true).path
+  let parts = p.match(/\/([^\/]*)\/(.*)/)
+  if (parts === null) {
     res.setHeader('content-type', 'text/html')
     let html = `<!DOCTYPE html>
     <html>
-      <title>400 Error</title>
-      <h1>Missing 'href' parameter.</h1>
+      <title>cors-buster</title>
+      <h1>CORS Buster! 👻&#x20E0;</h1>
       <h2>See docs: <a href="https://npmjs.org/package/${pkg.name}">https://npmjs.org/package/${pkg.name}</a></h2>
+      <h2>Authenticity</h2>
+      This is a publicly available service. As such you may wonder if it is safe to trust.
+      You can inspect the source code that this server is running by visiting this page: <a href="/_src">/_src</a>.
+      The deploys are immutable, so you can be sure that the code will never change.
+      <h2>Logging</h2>
+      The cloud hosting provider keeps log of all requests. That log is public and available on this page: <a href="/_logs">/_logs</a>.
+      It records the URL, origin IP, referer, and user-agent. None of the sensitive HTTP headers (including those used for
+      HTTP Basic Auth and HTTP Token auth) are ever logged.
+      <h2>Request API</h2>
+      https://${process.env.NOW_URL}/domain/path?query
+      <ul>
+        <li>domain - the destination host</li>
+        <li>path - the rest of the URL</li>
+        <li>query - optional query parameters</li>
+      </ul>
+      Example: https://${process.env.NOW_URL}/github.com/wmhilton/cors-buster?service=git-upload-pack
+      <h2>Supported Protocols</h2>
+      In order to protect users who might send their usernames and passwords through the proxy,
+      all requests must be made using HTTPS. Plain old HTTP is insecure and therefore not allowed.
+      This proxy cannot be used to make requests to HTTP-only sites.
       <h2>Supported HTTP Methods</h2>
       <ul>
         <li>All - OPTIONS, GET, POST, PUT, DELETE, etc</li>
       </ul>
       <h2>Supported Query Parameters</h2>
       <ul>
-        <li>?href=&lt;href&gt; - <i>required</i>, the URL you are trying to reach</li>
-        <li>&method=&lt;method&gt; - <i>optional</i>, the HTTP method to use</li>
-        <li>&&lt;HTTP Header&gt;=&lt;value&gt; - <i>optional</i>, set any supported HTTP headers</li>
+        <li>All URL query parameters are passed on as-is to the destination address.</li>
       </ul>
       <h2>Supported Headers</h2>
       <ul>
@@ -50,17 +69,25 @@ async function service (req, res) {
     `
     return send(res, 400, html)
   }
+
   let headers = {}
   for (let h of allowHeaders) {
     if (req.headers[h]) {
-      headers[h] = q[h] || req.headers[h]
+      headers[h] = req.headers[h]
     }
   }
-  let f = await fetch(q.href, {
-    method: q.method || req.method,
-    headers,
-    body: req
-  })
+
+  let pathdomain = parts[1]
+  let remainingpath = parts[2]
+  console.log(`https://${pathdomain}/${remainingpath}`)
+  let f = await fetch(
+    `https://${pathdomain}/${remainingpath}`,
+    {
+      method: req.method,
+      headers,
+      body: req
+    }
+  )
   f.body.pipe(res)
 }
 

package.json

@@ -17,5 +17,8 @@
     "micro": "^8.0.1",
     "micro-cors": "0.0.4",
     "node-fetch": "^1.7.1"
+  },
+  "now": {
+    "public": true
   }
 }