UNPKG

postman-runtime

Version:

Underlying library of executing Postman Collections

github.com/postmanlabs/postman-runtime

postmanlabs/postman-runtime

327 lines (278 loc) 12.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
var { Url, UrlMatchPatternList, VariableList } = require('postman-collection'), sdk = require('postman-collection'), _ = require('lodash'), /** * @const * @type {string} */ FUNCTION = 'function', /** * @const * @type {string} */ STRING = 'string', createReadStream; // function /** * Create readable stream for given file as well as detect possible file * read issues. * * @param {Object} resolver - External file resolver module * @param {String} fileSrc - File path * @param {Function} callback - Final callback * * @note This function is defined in the file's root because there is a need to * trap it within closure in order to append the stream clone functionalities. * This ensures lesser footprint in case we have a memory leak. */ createReadStream = function (resolver, fileSrc, callback) { var readStream; // check for the existence of the file before creating read stream. // eslint-disable-next-line security/detect-non-literal-fs-filename resolver.stat(fileSrc, function (err, stats) { if (err) { // overwrite `ENOENT: no such file or directory` error message. Most likely the case. err.code === 'ENOENT' && (err.message = `"${fileSrc}", no such file`); return callback(err); } // check for a valid file. if (stats && typeof stats.isFile === FUNCTION && !stats.isFile()) { return callback(new Error(`"${fileSrc}", is not a file`)); } // check read permissions for user. // octal `400` signifies 'user permissions'. [4 0 0] -> [u g o] // `4` signifies 'read permission'. [4] -> [1 0 0] -> [r w x] if (stats && !(stats.mode & 0o400)) { return callback(new Error(`"${fileSrc}", read permission denied`)); } // @note Handle all the errors before `createReadStream` to avoid listening on stream error event. // listening on error requires listening on end event as well. which will make this sync. // @note In form-data mode stream error will be handled in postman-request but bails out ongoing request. // eslint-disable-next-line security/detect-non-literal-fs-filename readStream = resolver.createReadStream(fileSrc); // We might have to read the file before making the actual request // e.g, while calculating body hash during AWS auth or redirecting form-data params // So, this method wraps the `createReadStream` function with fixed arguments. // This makes sure that we don't have to pass `fileResolver` to // internal modules (like auth plugins) for security reasons. readStream.cloneReadStream = function (callback) { // eslint-disable-next-line security/detect-non-literal-fs-filename return createReadStream(resolver, fileSrc, callback); }; callback(null, readStream); }); }; /** * Utility functions that are required to be re-used throughout the runner * * @module Runner~util * @private * * @note Do not put module logic or business logic related functions here. * The functions here are purely decoupled and low-level functions. */ module.exports = { /** * This function allows one to call another function by wrapping it within a try-catch block. * The first parameter is the function itself, followed by the scope in which this function is to be executed. * The third parameter onwards are blindly forwarded to the function being called * * @param {Function} fn - * @param {*} ctx - * * @returns {Error} If there was an error executing the function, the error is returned. * Note that if the function called here is asynchronous, it's errors will not be returned (for obvious reasons!) */ safeCall (fn, ctx) { // extract the arguments that are to be forwarded to the function to be called var args = Array.prototype.slice.call(arguments, 2); try { (typeof fn === FUNCTION) && fn.apply(ctx || global, args); } catch (err) { return err; } }, /** * Copies attributes from source object to destination object. * * @param {Object} dest - * @param {Object} src - * * @return {Object} */ syncObject (dest, src) { var prop; // update or add values from src for (prop in src) { if (Object.hasOwn(src, prop)) { dest[prop] = src[prop]; } } // remove values that no longer exist for (prop in dest) { if (Object.hasOwn(dest, prop) && !Object.hasOwn(src, prop)) { delete dest[prop]; } } return dest; }, /** * Create readable stream for given file as well as detect possible file * read issues. The resolver also attaches a clone function to the stream * so that the stream can be restarted any time. * * @param {Object} resolver - External file resolver module * @param {Function} resolver.stat - Resolver method to check for existence and permissions of file * @param {Function} resolver.createReadStream - Resolver method for creating read stream * @param {String} fileSrc - File path * @param {Function} callback - * */ createReadStream (resolver, fileSrc, callback) { // bail out if resolver not found. if (!resolver) { return callback(new Error('file resolver not supported')); } // bail out if resolver is not supported. if (typeof resolver.stat !== FUNCTION || typeof resolver.createReadStream !== FUNCTION) { return callback(new Error('file resolver interface mismatch')); } // bail out if file source is invalid or empty string. if (!fileSrc || typeof fileSrc !== STRING) { return callback(new Error('invalid or missing file source')); } // now that things are sanitized and validated, we transfer it to the // stream reading utility function that does the heavy lifting of // calling there resolver to return the stream return createReadStream(resolver, fileSrc, callback); }, /** * Mutates the given variable scope to be a vault variable scope by * converting the domains to UrlMatchPattern and adding a helper function * to get the matching variables for a given URL string. * * @note vault variables have a meta property called `domains` which is an * array of URL match pattern strings. * * @private * @param {PostmanVariableScope} scope - Postman variable scope instance */ prepareVaultVariableScope (scope) { // bail out if the given scope is already a vault variable scope if (scope.__vaultVariableScope) { return scope; } // traverse all the variables and convert the domains to UrlMatchPattern scope.values.each((variable) => { const domains = variable && variable._ && variable._.domains; if (!(Array.isArray(domains) && domains.length)) { return; } // mark the scope as having domain patterns scope.__hasDomainPatterns = true; // convert the domains to UrlMatchPattern variable._.domainPatterns = new UrlMatchPatternList(null, domains.map((domain) => { const url = new Url(domain); // @note URL path is ignored return `${url.protocol || 'https'}://${url.getRemote()}:*/*`; })); }); /** * Returns a list of variables that match the given URL string against * the domain patterns. * * @private * @param {String} urlString - URL string to match against * @returns {PostmanVariableList} */ scope.__getMatchingVariables = function (urlString) { // return all the variables if there are no domain patterns if (!scope.__hasDomainPatterns) { return scope.values; } const variables = scope.values.filter((variable) => { const domainPatterns = variable && variable._ && variable._.domainPatterns; if (!domainPatterns) { return true; } return domainPatterns.test(urlString); }); return new VariableList(null, variables.map((variable) => { return variable.toJSON(); // clone the variable })); }; // mark the scope as a vault variable scope scope.__vaultVariableScope = true; }, /** * Resolve variables in item and auth in context. * * @param {ItemContext} context - * @param {Item} [context.item] - * @param {RequestAuth} [context.auth] - * @param {Object} payload - * @param {VariableScope} payload._variables - * @param {Object} payload.data - * @param {VariableScope} payload.environment - * @param {VariableScope} payload.collectionVariables - * @param {VariableScope} payload.globals - * @param {VariableScope} payload.vaultSecrets - */ resolveVariables (context, payload) { if (!(context.item && context.item.request)) { return; } // @todo - resolve variables in a more graceful way var variableDefinitions = [ // extract the variable list from variable scopes // @note: this is the order of precedence for variable resolution - don't change it _.get(payload, '_variables.values', []), _.get(payload, 'data', []), _.get(payload, 'environment.values', []), _.get(payload, 'collectionVariables.values', []), _.get(payload, 'globals.values', []) // @note vault variables are added later ], vaultValues = _.get(payload, 'vaultSecrets.values'), hasVaultSecrets = vaultValues ? vaultValues.count() > 0 : false, itemParent = context.item.parent(), urlObj = context.item.request.url, // @note URL string is used to resolve nested variables as URL parser doesn't support them well. urlString = urlObj.toString(), unresolvedUrlString = urlString, vaultVariables, vaultUrl, item, auth; if (hasVaultSecrets) { // get the vault variables that match the unresolved URL string vaultUrl = urlObj.protocol ? urlString : `http://${urlString}`; // force protocol vaultVariables = payload.vaultSecrets.__getMatchingVariables(vaultUrl); // resolve variables in URL string with initial vault variables urlString = sdk.Property.replaceSubstitutions(urlString, [...variableDefinitions, vaultVariables]); if (urlString !== unresolvedUrlString) { // get the final list of vault variables that match the resolved URL string vaultUrl = new sdk.Url(urlString).toString(true); vaultVariables = payload.vaultSecrets.__getMatchingVariables(vaultUrl); // resolve vault variables in URL string // @note other variable scopes are skipped as they are already resolved urlString = sdk.Property.replaceSubstitutions(urlString, [vaultVariables]); } // add vault variables to the list of variable definitions variableDefinitions.push(vaultVariables); } else if (urlString) { urlString = sdk.Property.replaceSubstitutions(urlString, variableDefinitions); } // @todo - no need to sync variables when SDK starts supporting resolution from scope directly // @todo - avoid resolving the entire item as this unnecessarily resolves URL item = context.item = new sdk.Item(context.item.toObjectResolved(null, variableDefinitions, { ignoreOwnVariables: true })); // restore the parent reference item.setParent(itemParent); // re-parse and update the URL from the resolved string urlString && (item.request.url = new sdk.Url(urlString)); auth = context.auth; // resolve variables in auth auth && (context.auth = new sdk.RequestAuth(auth.toObjectResolved(null, variableDefinitions, { ignoreOwnVariables: true }))); } };