@aikidosec/firewall/sinks/undici/wrapOnHeaders.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.wrapOnHeaders = wrapOnHeaders;
const parseHeaders_1 = require("./parseHeaders");
const isRedirectStatusCode_1 = require("../../helpers/isRedirectStatusCode");
const onRedirect_1 = require("./onRedirect");
/**
 * Wrap the onHeaders function and check if the response is a redirect. If yes, determine the destination URL and call onRedirect.
 */
function wrapOnHeaders(orig, requestContext, context) {
    // @ts-expect-error We return undefined if there is no original function, that's fine because the onHeaders function is optional
    return function onHeaders() {
        // eslint-disable-next-line prefer-rest-params
        const args = Array.from(arguments);
        if (args.length > 1) {
            const statusCode = args[0];
            if ((0, isRedirectStatusCode_1.isRedirectStatusCode)(statusCode)) {
                try {
                    // Get redirect location
                    const headers = (0, parseHeaders_1.parseHeaders)(args[1]);
                    if (typeof headers.location === "string") {
                        const destinationUrl = new URL(headers.location);
                        (0, onRedirect_1.onRedirect)(destinationUrl, requestContext, context);
                    }
                }
                catch {
                    // Ignore, log later if we have log levels
                }
            }
        }
        if (orig) {
            return orig.apply(
            // @ts-expect-error We don't know the type of this
            this, 
            // @ts-expect-error Arguments are not typed
            // eslint-disable-next-line prefer-rest-params
            arguments);
        }
    };
}