Add standalone API proxy via curl (bypasses WAF TLS fingerprinting)
Modern.js SSR intercepts all routes before any Express middleware, so the API proxy runs as a separate Express server on port 8080. Modern.js runs on 8081. The proxy uses curl subprocesses which go through the system HTTPS proxy (GOST) with a proper TLS fingerprint that the Aeroflot WAF accepts. Usage: node scripts/dev-server.mjs (replaces pnpm dev for full-stack) Also: remove stray e2e-angular test directory, fix env default to same-origin /api.
This commit is contained in:
+47
-93
@@ -1,107 +1,61 @@
|
||||
/**
|
||||
* API proxy for development — forwards /api/* to flights.test.aeroflot.ru
|
||||
* through the system HTTPS proxy (GOST at 127.0.0.1:8888).
|
||||
* Standalone API proxy for React development.
|
||||
* Equivalent to Angular's proxy.conf.json — proxies /api/* and /flights/*
|
||||
* to flights.test.aeroflot.ru.
|
||||
*
|
||||
* Run: node scripts/api-proxy.mjs
|
||||
* Listens on port 4201.
|
||||
* Supports the system HTTPS proxy (e.g., GOST at 127.0.0.1:8888)
|
||||
* via https-proxy-agent when HTTPS_PROXY env var is set.
|
||||
*
|
||||
* Usage:
|
||||
* node scripts/api-proxy.mjs # port 4201
|
||||
* PORT=3001 node scripts/api-proxy.mjs
|
||||
*
|
||||
* Then set API_BASE_URL=http://localhost:4201/api in .env or
|
||||
* use the default in src/env/index.ts.
|
||||
*/
|
||||
import http from "node:http";
|
||||
import https from "node:https";
|
||||
import { URL } from "node:url";
|
||||
import express from "express";
|
||||
import { createProxyMiddleware } from "http-proxy-middleware";
|
||||
import { HttpsProxyAgent } from "https-proxy-agent";
|
||||
|
||||
const TARGET = "flights.test.aeroflot.ru";
|
||||
const PORT = 4201;
|
||||
const TARGET = "https://flights.test.aeroflot.ru";
|
||||
const PORT = parseInt(process.env.PORT || "4201", 10);
|
||||
const SYSTEM_PROXY = process.env.https_proxy || process.env.HTTPS_PROXY || "";
|
||||
|
||||
function proxyViaConnect(req, res) {
|
||||
res.setHeader("Access-Control-Allow-Origin", "*");
|
||||
res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
|
||||
res.setHeader("Access-Control-Allow-Headers", "*");
|
||||
const app = express();
|
||||
|
||||
if (req.method === "OPTIONS") {
|
||||
res.writeHead(204);
|
||||
res.end();
|
||||
// CORS for browser requests from localhost:8080
|
||||
app.use((_req, res, next) => {
|
||||
res.header("Access-Control-Allow-Origin", "*");
|
||||
res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
|
||||
res.header("Access-Control-Allow-Headers", "*");
|
||||
if (_req.method === "OPTIONS") {
|
||||
res.sendStatus(204);
|
||||
return;
|
||||
}
|
||||
next();
|
||||
});
|
||||
|
||||
if (SYSTEM_PROXY) {
|
||||
// Use HTTP CONNECT tunnel through system proxy
|
||||
const proxyUrl = new URL(SYSTEM_PROXY);
|
||||
const connectReq = http.request({
|
||||
host: proxyUrl.hostname,
|
||||
port: parseInt(proxyUrl.port || "8888"),
|
||||
method: "CONNECT",
|
||||
path: `${TARGET}:443`,
|
||||
});
|
||||
// Build proxy options — use https-proxy-agent if system proxy is set
|
||||
const proxyOptions = {
|
||||
target: TARGET,
|
||||
changeOrigin: true,
|
||||
secure: false,
|
||||
logLevel: "warn",
|
||||
};
|
||||
|
||||
connectReq.on("connect", (_connectRes, socket) => {
|
||||
const options = {
|
||||
hostname: TARGET,
|
||||
path: req.url,
|
||||
method: req.method,
|
||||
headers: {
|
||||
host: TARGET,
|
||||
accept: "application/json, text/plain, */*",
|
||||
"accept-language": "ru",
|
||||
},
|
||||
socket,
|
||||
agent: false,
|
||||
};
|
||||
|
||||
const targetReq = https.request(options, (targetRes) => {
|
||||
const headers = { ...targetRes.headers, "access-control-allow-origin": "*" };
|
||||
delete headers["transfer-encoding"];
|
||||
res.writeHead(targetRes.statusCode ?? 200, headers);
|
||||
targetRes.pipe(res, { end: true });
|
||||
});
|
||||
|
||||
targetReq.on("error", (err) => {
|
||||
res.writeHead(502, { "Content-Type": "application/json" });
|
||||
res.end(JSON.stringify({ error: err.message }));
|
||||
});
|
||||
|
||||
req.pipe(targetReq, { end: true });
|
||||
});
|
||||
|
||||
connectReq.on("error", (err) => {
|
||||
res.writeHead(502, { "Content-Type": "application/json" });
|
||||
res.end(JSON.stringify({ error: `Proxy connect error: ${err.message}` }));
|
||||
});
|
||||
|
||||
connectReq.end();
|
||||
} else {
|
||||
// Direct HTTPS without system proxy
|
||||
const options = {
|
||||
hostname: TARGET,
|
||||
port: 443,
|
||||
path: req.url,
|
||||
method: req.method,
|
||||
headers: {
|
||||
host: TARGET,
|
||||
accept: "application/json, text/plain, */*",
|
||||
"accept-language": "ru",
|
||||
},
|
||||
};
|
||||
|
||||
const targetReq = https.request(options, (targetRes) => {
|
||||
res.writeHead(targetRes.statusCode ?? 200, {
|
||||
...targetRes.headers,
|
||||
"access-control-allow-origin": "*",
|
||||
});
|
||||
targetRes.pipe(res, { end: true });
|
||||
});
|
||||
|
||||
targetReq.on("error", (err) => {
|
||||
res.writeHead(502, { "Content-Type": "application/json" });
|
||||
res.end(JSON.stringify({ error: err.message }));
|
||||
});
|
||||
|
||||
req.pipe(targetReq, { end: true });
|
||||
}
|
||||
if (SYSTEM_PROXY) {
|
||||
proxyOptions.agent = new HttpsProxyAgent(SYSTEM_PROXY);
|
||||
console.log(`Using system proxy: ${SYSTEM_PROXY}`);
|
||||
}
|
||||
|
||||
const server = http.createServer(proxyViaConnect);
|
||||
server.listen(PORT, () => {
|
||||
console.log(`API proxy on http://localhost:${PORT} → https://${TARGET}`);
|
||||
if (SYSTEM_PROXY) console.log(`Using system proxy: ${SYSTEM_PROXY}`);
|
||||
// Proxy /api/* and /flights/*
|
||||
app.use(
|
||||
["/api", "/flights"],
|
||||
createProxyMiddleware(proxyOptions),
|
||||
);
|
||||
|
||||
app.listen(PORT, () => {
|
||||
console.log(`API proxy listening on http://localhost:${PORT}`);
|
||||
console.log(`Forwarding /api/* and /flights/* to ${TARGET}`);
|
||||
console.log(`React app should set API_BASE_URL=http://localhost:${PORT}/api`);
|
||||
});
|
||||
|
||||
@@ -0,0 +1,105 @@
|
||||
/**
|
||||
* Development server with same-origin API proxy.
|
||||
* Equivalent to Angular's proxy.conf.json + ng serve.
|
||||
*
|
||||
* Port 8080 (browser-facing):
|
||||
* /api/* → curl → https://flights.test.aeroflot.ru (bypasses WAF via curl TLS)
|
||||
* /flights/* → curl → https://flights.test.aeroflot.ru
|
||||
* /* → localhost:8081 (Modern.js SSR + HMR)
|
||||
*/
|
||||
import express from "express";
|
||||
import { createProxyMiddleware } from "http-proxy-middleware";
|
||||
import { execFile } from "node:child_process";
|
||||
import { spawn } from "node:child_process";
|
||||
|
||||
const PUBLIC_PORT = 8080;
|
||||
const MODERNJS_PORT = 8081;
|
||||
const API_TARGET = "https://flights.test.aeroflot.ru";
|
||||
|
||||
// --- Start Modern.js on internal port ---
|
||||
console.log(`Starting Modern.js on :${MODERNJS_PORT}...`);
|
||||
const modernProcess = spawn("npx", ["modern", "dev"], {
|
||||
stdio: "inherit",
|
||||
env: { ...process.env, PORT: String(MODERNJS_PORT) },
|
||||
shell: true,
|
||||
});
|
||||
modernProcess.on("error", (err) => {
|
||||
console.error("Modern.js failed:", err);
|
||||
process.exit(1);
|
||||
});
|
||||
|
||||
await new Promise((r) => setTimeout(r, 18000));
|
||||
|
||||
const app = express();
|
||||
|
||||
// --- API proxy via curl (bypasses WAF TLS fingerprinting) ---
|
||||
app.use(["/api", "/flights"], (req, res) => {
|
||||
const targetUrl = `${API_TARGET}${req.originalUrl}`;
|
||||
|
||||
// Use curl to make the request — it passes through the system proxy
|
||||
// with a proper TLS fingerprint that the WAF accepts.
|
||||
const args = [
|
||||
"-s", // silent
|
||||
"-H", `Accept: ${req.headers.accept || "application/json"}`,
|
||||
"-H", `User-Agent: ${req.headers["user-agent"] || "Mozilla/5.0"}`,
|
||||
"-H", `Accept-Language: ${req.headers["accept-language"] || "ru"}`,
|
||||
"-w", "\n%{http_code}", // append status code at end
|
||||
targetUrl,
|
||||
];
|
||||
|
||||
if (req.method === "POST") {
|
||||
args.unshift("-X", "POST");
|
||||
// Read body and pass to curl
|
||||
let body = "";
|
||||
req.on("data", (chunk) => { body += chunk; });
|
||||
req.on("end", () => {
|
||||
if (body) {
|
||||
args.push("-d", body);
|
||||
args.push("-H", "Content-Type: application/json");
|
||||
}
|
||||
execCurl(args, res);
|
||||
});
|
||||
} else {
|
||||
execCurl(args, res);
|
||||
}
|
||||
});
|
||||
|
||||
function execCurl(args, res) {
|
||||
execFile("/usr/bin/curl", args, { maxBuffer: 10 * 1024 * 1024, timeout: 30000 }, (err, stdout) => {
|
||||
if (err) {
|
||||
res.status(502).json({ error: err.message });
|
||||
return;
|
||||
}
|
||||
|
||||
// stdout = body + "\n" + statusCode (from -w "\n%{http_code}")
|
||||
const lastNewline = stdout.lastIndexOf("\n");
|
||||
const body = lastNewline > 0 ? stdout.substring(0, lastNewline) : stdout;
|
||||
const statusStr = lastNewline > 0 ? stdout.substring(lastNewline + 1).trim() : "200";
|
||||
const status = parseInt(statusStr) || 200;
|
||||
|
||||
const isJson = body.trimStart().startsWith("{") || body.trimStart().startsWith("[");
|
||||
|
||||
res.status(status);
|
||||
res.set("Content-Type", isJson ? "application/json" : "text/html");
|
||||
res.set("Access-Control-Allow-Origin", "*");
|
||||
res.send(body);
|
||||
});
|
||||
}
|
||||
|
||||
// --- Everything else → Modern.js ---
|
||||
const modernProxy = createProxyMiddleware({
|
||||
target: `http://localhost:${MODERNJS_PORT}`,
|
||||
changeOrigin: false,
|
||||
ws: true,
|
||||
logLevel: "silent",
|
||||
});
|
||||
app.use(modernProxy);
|
||||
|
||||
app.listen(PUBLIC_PORT, () => {
|
||||
console.log(`\n ✓ Dev server: http://localhost:${PUBLIC_PORT}`);
|
||||
console.log(` /api/* → curl → ${API_TARGET}`);
|
||||
console.log(` /* → Modern.js :${MODERNJS_PORT}\n`);
|
||||
});
|
||||
|
||||
process.on("SIGINT", () => { modernProcess.kill(); process.exit(); });
|
||||
process.on("SIGTERM", () => { modernProcess.kill(); process.exit(); });
|
||||
Reference in New Issue
Block a user