feat(clickTtHttpPageRoutes): implement form action rewriting and proxy for POST requests
- Added a new function to rewrite form actions in HTML to route submissions through the proxy, enhancing logging for login actions. - Implemented a POST endpoint for the proxy to handle form submissions, including validation for target URLs and forwarding requests with appropriate headers. - Enhanced error handling and response management for the new proxy functionality, ensuring robust interaction with external services.
This commit is contained in:
Torsten Schulz (local)
@@ -47,6 +47,32 @@ function rewriteLinksInHtml(html, proxyBaseUrl, pageBaseUrl) {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Schreibt Formular-Actions um, sodass Submissions über unseren Proxy laufen (Login etc. wird geloggt).
|
||||
*/
|
||||
function rewriteFormActionsInHtml(html, proxyBaseUrl, pageBaseUrl) {
|
||||
if (!html || !proxyBaseUrl || !pageBaseUrl) return html;
|
||||
try {
|
||||
const base = new URL(pageBaseUrl);
|
||||
return html.replace(
|
||||
/<form\s+([^>]*?)action\s*=\s*["']([^"']*)["']([^>]*)>/gi,
|
||||
(match, before, action, after) => {
|
||||
const actionTrim = action.trim();
|
||||
if (!actionTrim) return match; // action="" = same URL
|
||||
let absoluteUrl = actionTrim;
|
||||
if (actionTrim.startsWith('/') || !actionTrim.startsWith('http')) {
|
||||
absoluteUrl = new URL(actionTrim, base.origin + base.pathname).href;
|
||||
}
|
||||
if (!shouldProxyUrl(absoluteUrl)) return match;
|
||||
const proxyUrl = `${proxyBaseUrl}${proxyBaseUrl.includes('?') ? '&' : '?'}url=${encodeURIComponent(absoluteUrl)}`;
|
||||
return `<form ${before}action="${proxyUrl}"${after}>`;
|
||||
}
|
||||
);
|
||||
} catch {
|
||||
return html;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/clicktt/proxy
|
||||
* Proxy für iframe-Einbettung – liefert HTML direkt (ohne Auth, für iframe src).
|
||||
@@ -117,6 +143,7 @@ router.get('/proxy', async (req, res, next) => {
|
||||
|| `${req.protocol || 'http'}://${req.get('host') || 'localhost:' + (process.env.PORT || 3005)}`;
|
||||
const proxyBase = baseUrl.replace(/\/$/, '') + '/api/clicktt/proxy';
|
||||
html = rewriteLinksInHtml(html, proxyBase, targetUrl);
|
||||
html = rewriteFormActionsInHtml(html, proxyBase, targetUrl);
|
||||
|
||||
res.set({
|
||||
'Content-Type': 'text/html; charset=utf-8',
|
||||
@@ -134,6 +161,73 @@ router.get('/proxy', async (req, res, next) => {
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* POST /api/clicktt/proxy
|
||||
* Formular-Weiterleitung (Login etc.) – POST wird an Ziel-URL weitergeleitet und geloggt.
|
||||
* Query: url (Ziel-URL, erforderlich)
|
||||
*/
|
||||
router.post('/proxy', async (req, res, next) => {
|
||||
try {
|
||||
const targetUrl = req.query.url;
|
||||
if (!targetUrl || (!targetUrl.includes('click-tt.de') && !targetUrl.includes('httv.de'))) {
|
||||
return res.status(400).send('<html><body><h1>Fehler</h1><p>Parameter url (click-tt.de oder httv.de) erforderlich.</p></body></html>');
|
||||
}
|
||||
|
||||
const contentType = req.get('content-type') || 'application/x-www-form-urlencoded';
|
||||
const cookie = req.get('cookie');
|
||||
const body = typeof req.body === 'string' ? req.body : (req.body && Object.keys(req.body).length
|
||||
? new URLSearchParams(req.body).toString()
|
||||
: null);
|
||||
|
||||
const result = await clickTtHttpPageService.fetchWithLogging({
|
||||
url: targetUrl,
|
||||
fetchType: 'formPost',
|
||||
method: 'POST',
|
||||
body: body || undefined,
|
||||
headers: {
|
||||
'Content-Type': contentType,
|
||||
...(cookie && { Cookie: cookie }),
|
||||
},
|
||||
userId: null,
|
||||
});
|
||||
|
||||
const responseHeaders = result.headers;
|
||||
if (responseHeaders) {
|
||||
const raw = responseHeaders.raw?.();
|
||||
const setCookies = raw?.['set-cookie'] ?? responseHeaders.get?.('set-cookie') ?? responseHeaders['set-cookie'];
|
||||
if (setCookies) {
|
||||
(Array.isArray(setCookies) ? setCookies : [setCookies]).forEach(c => res.append('Set-Cookie', c));
|
||||
}
|
||||
const location = responseHeaders.get?.('location') ?? responseHeaders['location'];
|
||||
if (location && (result.status >= 301 && result.status <= 308)) {
|
||||
const baseUrl = process.env.BACKEND_BASE_URL || process.env.BASE_URL
|
||||
|| `${req.protocol || 'http'}://${req.get('host') || 'localhost:' + (process.env.PORT || 3005)}`;
|
||||
const proxyBase = baseUrl.replace(/\/$/, '') + '/api/clicktt/proxy';
|
||||
if (shouldProxyUrl(location)) {
|
||||
res.redirect(302, `${proxyBase}?url=${encodeURIComponent(location)}`);
|
||||
return;
|
||||
}
|
||||
res.redirect(result.status, location);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
res.set({
|
||||
'Content-Type': result.contentType || 'text/html; charset=utf-8',
|
||||
'Access-Control-Allow-Origin': '*',
|
||||
'X-Frame-Options': 'ALLOWALL',
|
||||
'Content-Security-Policy': 'frame-ancestors *;',
|
||||
'Cache-Control': 'no-cache, no-store, must-revalidate',
|
||||
});
|
||||
res.status(result.status).send(result.body);
|
||||
} catch (error) {
|
||||
console.error('ClickTT Proxy POST Fehler:', error);
|
||||
res.status(500).send(
|
||||
`<html><body><h1>Fehler beim Senden</h1><p>${String(error.message)}</p></body></html>`
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* GET /api/clicktt/league-page
|
||||
* Ruft die Ligenübersicht ab (leaguePage)
|
||||
|
||||
@@ -99,27 +99,32 @@ async function fetchWithLogging(options) {
|
||||
clubIdParam = null,
|
||||
userId = null,
|
||||
method = 'GET',
|
||||
body = null,
|
||||
headers: customHeaders = {},
|
||||
} = options;
|
||||
|
||||
const baseDomain = extractBaseDomain(url);
|
||||
const startTime = Date.now();
|
||||
|
||||
const headers = {
|
||||
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
|
||||
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
|
||||
'Accept-Language': 'de,en-US;q=0.7,en;q=0.3',
|
||||
...customHeaders,
|
||||
};
|
||||
|
||||
try {
|
||||
const response = await fetch(url, {
|
||||
method,
|
||||
headers: {
|
||||
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
|
||||
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
|
||||
'Accept-Language': 'de,en-US;q=0.7,en;q=0.3',
|
||||
},
|
||||
timeout: 30000,
|
||||
});
|
||||
const fetchOpts = { method, headers, timeout: 30000 };
|
||||
if (body && (method === 'POST' || method === 'PUT')) {
|
||||
fetchOpts.body = body;
|
||||
}
|
||||
const response = await fetch(url, fetchOpts);
|
||||
|
||||
const executionTimeMs = Date.now() - startTime;
|
||||
const contentType = response.headers.get('content-type') || null;
|
||||
const body = await response.text();
|
||||
const responseBody = await response.text();
|
||||
const success = response.ok;
|
||||
const snippet = createResponseSnippet(body);
|
||||
const snippet = createResponseSnippet(responseBody);
|
||||
|
||||
await HttpPageFetchLog.create({
|
||||
userId,
|
||||
@@ -143,8 +148,9 @@ async function fetchWithLogging(options) {
|
||||
success,
|
||||
status: response.status,
|
||||
contentType,
|
||||
body,
|
||||
body: responseBody,
|
||||
executionTimeMs,
|
||||
headers: response.headers,
|
||||
};
|
||||
} catch (error) {
|
||||
const executionTimeMs = Date.now() - startTime;
|
||||
|
||||
Reference in New Issue
Block a user