feat: enable allowH2 by default and require Node.js >= 18.20.0

app.ts

@@ -1,6 +1,12 @@
 import path from 'path';
 import { readFile } from 'fs/promises';
-import { Application } from 'egg';
+import { Application, Context } from 'egg';
+import {
+  HttpClient as RawHttpClient,
+  RequestURL as HttpClientRequestURL,
+  RequestOptions,
+} from 'urllib';
+import ms from 'ms';
 import { ChangesStreamService } from './app/core/service/ChangesStreamService';
 
 declare module 'egg' {
@@ -9,12 +15,78 @@
   }
 }
 
+interface HttpClientRequestOptions extends RequestOptions {
+  ctx?: Context;
+  tracer?: unknown;
+}
+
+const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');
+
+class HttpClient extends RawHttpClient {
+  readonly #app: Application & { tracer?: unknown };
+
+  constructor(app: Application, options?: any) {
+    normalizeConfig(app);
+    options = {
+      ...app.config.httpclient,
+      ...options,
+    };
+    super({
+      app,
+      defaultArgs: options.request,
+      allowH2: options.allowH2,
+      // use on egg-security ssrf
+      // https://github.com/eggjs/egg-security/blob/master/lib/extend/safe_curl.js#L11
+      checkAddress: options.checkAddress,
+    } as any);
+    this.#app = app;
+  }
+
+  async request<T = any>(url: HttpClientRequestURL, options?: HttpClientRequestOptions) {
+    options = options ?? {};
+    if (options.ctx?.tracer) {
+      options.tracer = options.ctx.tracer;
+    } else {
+      options.tracer = options.tracer ?? this.#app.tracer;
+    }
+    return await super.request<T>(url, options);
+  }
+
+  async curl<T = any>(url: HttpClientRequestURL, options?: HttpClientRequestOptions) {
+    return await this.request<T>(url, options);
+  }
+
+  async safeCurl<T = any>(url: HttpClientRequestURL, options: any = {}) {
+    if (!this[SSRF_HTTPCLIENT]) {
+      const ssrfConfig = this.#app.config.security.ssrf;
+      if (ssrfConfig?.checkAddress) {
+        options.checkAddress = ssrfConfig.checkAddress;
+      } else {
+        this.#app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
+      }
+      this[SSRF_HTTPCLIENT] = new HttpClient(this.#app, {
+        checkAddress: ssrfConfig.checkAddress,
+      });
+    }
+    return await this[SSRF_HTTPCLIENT].request<T>(url, options);
+  }
+}
+
+function normalizeConfig(app: Application) {
+  const config = app.config.httpclient;
+  if (typeof config.request?.timeout === 'string') {
+    config.request.timeout = ms(config.request.timeout as string);
+  }
+}
+
 export default class CnpmcoreAppHook {
   private readonly app: Application;
 
   constructor(app: Application) {
     this.app = app;
     this.app.binaryHTML = '';
+    Reflect.set(app, 'HttpClient', HttpClient);
+    Reflect.set(app, 'HttpClientNext', HttpClient);
   }
 
   async configWillLoad() {

app/common/adapter/binary/AbstractBinary.ts

@@ -72,7 +72,7 @@ export abstract class AbstractBinary {
     for (const version of versions) {
       if (!version.modules) continue;
       const modulesVersion = parseInt(version.modules);
-      // node v6.0.0 moduels 48 min
+      // node v6.0.0 modules 48 min
       if (modulesVersion >= 48 && !nodeABIVersions.includes(modulesVersion)) {
         nodeABIVersions.push(modulesVersion);
       }

app/common/adapter/changesStream/NpmChangesStream.ts

@@ -28,7 +28,7 @@ export class NpmChangesStream extends AbstractChangeStream {
     const db = this.getChangesStreamUrl(registry, since);
     const { res } = await this.httpclient.request(db, {
       streaming: true,
-      timeout: 10000,
+      timeout: 60000,
     });
 
     let buf = '';

app/core/service/ChangesStreamService.ts

@@ -104,7 +104,9 @@
       this.logger.warn('[ChangesStreamService.executeTask:error] %s, exit now', err.message);
       if (err.name === 'HttpClientRequestTimeoutError'
         || err.name === 'ConnectTimeoutError'
-        || err.name === 'BodyTimeoutError') {
+        || err.name === 'BodyTimeoutError'
+        || err.message.includes('timeout')) {
+        // InformationalError: HTTP/2: "stream timeout after 60000"
         this.logger.warn(err);
       } else {
         this.logger.error(err);

config/config.default.ts

@@ -187,6 +187,7 @@ export default (appInfo: EggAppConfig) => {
 
   config.httpclient = {
     useHttpClientNext: true,
+    allowH2: true,
   };
 
   config.view = {

package.json

@@ -102,6 +102,7 @@
     "leoric": "^2.12.3",
     "lodash": "^4.17.21",
     "mime-types": "^2.1.35",
+    "ms": "^2.1.3",
     "mysql2": "^3.9.4",
     "node-rsa": "^1.1.1",
     "npm-package-arg": "^10.1.0",
@@ -112,6 +113,7 @@
     "ssri": "^8.0.1",
     "type-fest": "^2.5.3",
     "ua-parser-js": "^1.0.34",
+    "urllib": "4.5.0-beta.3",
     "validate-npm-package-name": "^3.0.0"
   },
   "optionalDependencies": {

test/common/adapter/changesStream/NpmChangesStream.test.ts

@@ -59,7 +59,7 @@ describe('test/common/adapter/changesStream/NpmChangesStream.test.ts', () => {
         };
       });
       const res: ChangesStreamChange[] = [];
-      const stream = await npmChangesStream.fetchChanges(registry, '9517');
+      const stream = npmChangesStream.fetchChanges(registry, '9517');
       for await (const change of stream) {
         res.push(change);
       }
@@ -74,7 +74,7 @@ describe('test/common/adapter/changesStream/NpmChangesStream.test.ts', () => {
         };
       });
       const res: ChangesStreamChange[] = [];
-      const stream = await npmChangesStream.fetchChanges(registry, '9517');
+      const stream = npmChangesStream.fetchChanges(registry, '9517');
       assert(stream);
       rStream.push('{"seq":2');
       rStream.push(',"id":"bac');
@@ -84,5 +84,19 @@ describe('test/common/adapter/changesStream/NpmChangesStream.test.ts', () => {
       }
       assert(res.length === 1);
     });
+
+    it.skip('should read changes work', async () => {
+      for (let i = 0; i < 10000; i++) {
+        const stream = npmChangesStream.fetchChanges(registry, '36904024');
+        assert(stream);
+        try {
+          for await (const change of stream) {
+            console.log(change);
+          }
+        } catch (err) {
+          console.error(err);
+        }
+      }
+    });
   });
 });