Intercept and modify the response sent by the proxied server

[SorinGFS]

This a question

I try to build a proxy using express, and I want it to be transparent except for jwt access tokens. Basically, I want to manage the authentication at proxy level. Specifically, it is about Strapi that provides an access token valid for one month without the possibility of adjustment, and I want to store that token and issue tokens with lower validity to be managed at the proxy level.
I analyzed several middlewares to find the one that can intercept the Strapi token and gives the possibility to modify the sent answer. I could only find middleware that intercepts the token sent by the client.
My question is: can this middleware intercept and modify the response sent by the proxied server? If so, what function do I need? Can anyone show me an example?

[OriginalEXE]

Here is my specific example. Note that this disables the streaming of the response, but for my use case I am ok with it. It could probably be modified to support streaming.

onProxyRes: (proxyRes, _req, res) => {
  const bodyChunks: any[] = [];

  proxyRes.on('data', (chunk) => {
    bodyChunks.push(chunk);
  });

  proxyRes.on('end', () => {
    const body = Buffer.concat(bodyChunks);

    if (proxyRes.statusCode !== undefined) {
      res.status(proxyRes.statusCode);
    }

    Object.keys(proxyRes.headers).forEach((key) => {
      res.append(key, proxyRes.headers[key]);
    });

    if (
      proxyRes.headers['content-type'] &&
      proxyRes.headers['content-type'].includes('text/html')
    ) {
      const isGzip = res.getHeader('content-encoding') === 'gzip';
      const isBrotli = res.getHeader('content-encoding') === 'br';
      let html = isGzip
        ? zlib.gunzipSync(body).toString()
        : isBrotli
        ? zlib.brotliDecompressSync(body).toString()
        : body.toString();

      // Replace all letters A with a letter B
      html = html.replace('A', 'B');

      res.send(isGzip ? zlib.gzipSync(html) : Buffer.from(html));
    } else {
      res.send(body);
    }

    res.end();
  });
},

This specific example modifies the html response. onProxyRes is a property of the middleware config. You will also want to install and import zlib for gzipping.

It's a bit late, but hope it helps someone.

[hpl002]

Here is my specific example. Note that this disables the streaming of the response, but for my use case I am ok with it. It could probably be modified to support streaming.

onProxyRes: (proxyRes, _req, res) => {
  const bodyChunks: any[] = [];

  proxyRes.on('data', (chunk) => {
    bodyChunks.push(chunk);
  });

  proxyRes.on('end', () => {
    const body = Buffer.concat(bodyChunks);

    if (proxyRes.statusCode !== undefined) {
      res.status(proxyRes.statusCode);
    }

    Object.keys(proxyRes.headers).forEach((key) => {
      res.append(key, proxyRes.headers[key]);
    });

    if (
      proxyRes.headers['content-type'] &&
      proxyRes.headers['content-type'].includes('text/html')
    ) {
      const isGzip = res.getHeader('content-encoding') === 'gzip';
      let html = isGzip
        ? zlib.gunzipSync(body).toString()
        : body.toString();

      // Replace all letters A with a letter B
      html = html.replace('A', 'B');

      res.send(isGzip ? zlib.gzipSync(html) : Buffer.from(html));
    } else {
      res.send(body);
    }

    res.end();
  });
},

This specific example modifies the html response. onProxyRes is a property of the middleware config. You will also want to install and import zlib for gzipping.

It's a bit late, but hope it helps someone.

arent you trying to modify the response headers after they have been sent?

---

Edit:

remember to set the selfHandleResponse flag

option.selfHandleResponse true/false, if set to true, none of the webOutgoing passes are called and it's your responsibility to appropriately return the response by listening and acting on the proxyRes event

[chimurai]

dupe #97
fixed in #515