Avoid race condition by using fs.open and fs.fstat, also allow file descriptor to be passed

README.md

@@ -44,6 +44,14 @@ Enable or disable accepting ranged requests, defaults to true.
 Disabling this will not send `Accept-Ranges` and ignore the contents
 of the `Range` request header.
 
+##### autoClose
+
+If `autoClose` is `false`, then the file descriptor won't be closed,
+even if there's an error. It is your responsibility to close it and
+make sure there's no file descriptor leak. If `autoClose` is set to
+`true` (default behavior), on `error` or `end` the file descriptor
+will be closed automatically.
+
 ##### cacheControl
 
 Enable or disable setting `Cache-Control` response header, defaults to
@@ -83,6 +91,11 @@ in the given order. By default, this is disabled (set to `false`). An
 example value that will serve extension-less HTML files: `['html', 'htm']`.
 This is skipped if the requested file already has an extension.
 
+##### fd
+
+If `fd` is specified, send will ignore the `path` argument and will use the
+specified file descriptor. This means that no `'open'` event will be emitted.
+
 ##### index
 
 By default send supports "index.html" files, to disable this
@@ -116,9 +129,11 @@ The `SendStream` is an event emitter and will emit the following events:
   - `error` an error occurred `(err)`
   - `directory` a directory was requested
   - `file` a file was requested `(path, stat)`
+  - `open` a file descriptor was opened for streaming `(fd)`
   - `headers` the headers are about to be set on a file `(res, path, stat)`
   - `stream` file streaming has started `(stream)`
   - `end` streaming has completed
+  - `close` the file descriptor was closed
 
 #### .pipe
 

index.js

@@ -15,7 +15,6 @@
 var createError = require('http-errors')
 var debug = require('debug')('send')
 var deprecate = require('depd')('send')
-var destroy = require('destroy')
 var encodeUrl = require('encodeurl')
 var escapeHtml = require('escape-html')
 var etag = require('etag')
@@ -166,9 +165,15 @@ function SendStream (req, path, options) {
     ? resolve(opts.root)
     : null
 
+  this.fd = typeof opts.fd === 'number'
+    ? opts.fd
+    : null
+
   if (!this._root && opts.from) {
     this.from(opts.from)
   }
+
+  this.onFileSystemError = this.onFileSystemError.bind(this)
 }
 
 /**
@@ -374,17 +379,17 @@ SendStream.prototype.headersAlreadySent = function headersAlreadySent () {
 SendStream.prototype.isCachable = function isCachable () {
   var statusCode = this.res.statusCode
   return (statusCode >= 200 && statusCode < 300) ||
-    statusCode === 304
+    /* istanbul ignore next */ statusCode === 304
 }
 
 /**
- * Handle stat() error.
+ * Handle file system error.
  *
  * @param {Error} error
  * @private
  */
 
-SendStream.prototype.onStatError = function onStatError (error) {
+SendStream.prototype.onFileSystemError = function onFileSystemError (error) {
   switch (error.code) {
     case 'ENAMETOOLONG':
     case 'ENOENT':
@@ -469,10 +474,34 @@ SendStream.prototype.redirect = function redirect (path) {
 SendStream.prototype.pipe = function pipe (res) {
   // root path
   var root = this._root
+  var self = this
 
   // references
   this.res = res
 
+  // response finished, done with the fd
+  onFinished(res, function onfinished () {
+    var autoClose = self.options.autoClose !== false
+    if (self._stream) self._stream.destroy()
+    if (typeof self.fd === 'number' && autoClose) {
+      fs.close(self.fd, function (err) {
+        /* istanbul ignore next */
+        if (err && err.code !== 'EBADF') return self.onFileSystemError(err)
+        self.fd = null
+        self.emit('close')
+      })
+    }
+  })
+
+  if (typeof this.fd === 'number') {
+    fs.fstat(this.fd, function (err, stat) {
+      if (err) return self.onFileSystemError(err)
+      self.emit('file', self.path, stat)
+      self.send(self.path, stat)
+    })
+    return res
+  }
+
   // decode the path
   var path = decode(this.path)
   if (path === -1) {
@@ -573,7 +602,7 @@ SendStream.prototype.send = function send (path, stat) {
     return
   }
 
-  debug('pipe "%s"', path)
+  debug('pipe fd "%d" for path "%s"', this.fd, path)
 
   // set header fields
   this.setHeader(path, stat)
@@ -652,7 +681,7 @@ SendStream.prototype.send = function send (path, stat) {
     return
   }
 
-  this.stream(path, opts)
+  this.stream(opts)
 }
 
 /**
@@ -664,34 +693,43 @@ SendStream.prototype.send = function send (path, stat) {
 SendStream.prototype.sendFile = function sendFile (path) {
   var i = 0
   var self = this
-
-  debug('stat "%s"', path)
-  fs.stat(path, function onstat (err, stat) {
-    if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
-      // not found, check extensions
-      return next(err)
-    }
-    if (err) return self.onStatError(err)
-    if (stat.isDirectory()) return self.redirect(self.path)
-    self.emit('file', path, stat)
-    self.send(path, stat)
+  var redirect = this.redirect.bind(this, this.path)
+
+  debug('open "%s"', path)
+  fs.open(path, 'r', function onopen (err, fd) {
+    return !err
+      ? sendStats(path, fd, self.onFileSystemError, redirect)
+      : err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep
+        ? next(err) // not found, check extensions
+        : self.onFileSystemError(err)
   })
 
   function next (err) {
     if (self._extensions.length <= i) {
       return err
-        ? self.onStatError(err)
+        ? self.onFileSystemError(err)
         : self.error(404)
     }
-
     var p = path + '.' + self._extensions[i++]
-
-    debug('stat "%s"', p)
-    fs.stat(p, function (err, stat) {
+    debug('open "%s"', p)
+    fs.open(p, 'r', function (err, fd) {
       if (err) return next(err)
-      if (stat.isDirectory()) return next()
-      self.emit('file', p, stat)
-      self.send(p, stat)
+      sendStats(p, fd, next, next)
+    })
+  }
+
+  function sendStats (path, fd, onError, onDirectory) {
+    debug('stat fd "%d" for path "%s"', fd, path)
+    fs.fstat(fd, function onstat (err, stat) {
+      if (err || stat.isDirectory()) {
+        return fs.close(fd, function (e) { /* istanbul ignore next */
+          return (err || e) ? onError(err || e) : onDirectory()
+        })
+      }
+      self.fd = fd
+      self.emit('file', path, stat)
+      self.emit('open', fd)
+      self.send(path, stat)
     })
   }
 }
@@ -702,72 +740,59 @@ SendStream.prototype.sendFile = function sendFile (path) {
  * @param {String} path
  * @api private
  */
+
 SendStream.prototype.sendIndex = function sendIndex (path) {
   var i = -1
   var self = this
 
-  function next (err) {
+  return (function next (err) {
     if (++i >= self._index.length) {
-      if (err) return self.onStatError(err)
+      if (err) return self.onFileSystemError(err)
       return self.error(404)
     }
 
     var p = join(path, self._index[i])
 
-    debug('stat "%s"', p)
-    fs.stat(p, function (err, stat) {
+    fs.open(p, 'r', function onopen (err, fd) {
       if (err) return next(err)
-      if (stat.isDirectory()) return next()
-      self.emit('file', p, stat)
-      self.send(p, stat)
+      debug('stat fd "%d" for path "%s"', fd, p)
+      fs.fstat(fd, function (err, stat) {
+        if (err || stat.isDirectory()) {
+          return fs.close(fd, function (e) {
+            next(err || e)
+          })
+        }
+        self.fd = fd
+        self.emit('file', p, stat)
+        self.emit('open', fd)
+        self.send(p, stat)
+      })
     })
-  }
-
-  next()
+  })()
 }
 
 /**
- * Stream `path` to the response.
+ * Stream to the response.
  *
- * @param {String} path
  * @param {Object} options
  * @api private
  */
 
-SendStream.prototype.stream = function stream (path, options) {
-  // TODO: this is all lame, refactor meeee
-  var finished = false
-  var self = this
-  var res = this.res
-
-  // pipe
-  var stream = fs.createReadStream(path, options)
-  this.emit('stream', stream)
-  stream.pipe(res)
-
-  // response finished, done with the fd
-  onFinished(res, function onfinished () {
-    finished = true
-    destroy(stream)
-  })
+SendStream.prototype.stream = function stream (options) {
+  options.fd = this.fd
+  options.autoClose = false
 
-  // error handling code-smell
-  stream.on('error', function onerror (err) {
-    // request already finished
-    if (finished) return
+  var stream = this._stream = new PartStream(options)
 
-    // clean up stream
-    finished = true
-    destroy(stream)
-
-    // error
-    self.onStatError(err)
-  })
+  // error
+  stream.on('error', this.onFileSystemError)
 
   // end
-  stream.on('end', function onend () {
-    self.emit('end')
-  })
+  stream.on('end', this.emit.bind(this, 'end'))
+
+  // pipe
+  this.emit('stream', stream)
+  stream.pipe(this.res)
 }
 
 /**
@@ -834,6 +859,17 @@ SendStream.prototype.setHeader = function setHeader (path, stat) {
   }
 }
 
+util.inherits(PartStream, fs.ReadStream)
+
+function PartStream (opts) {
+  fs.ReadStream.call(this, null, opts)
+  this.bufferSize = opts.highWaterMark || this.bufferSize
+}
+
+PartStream.prototype.destroy = PartStream.prototype.close = function closePartStream () {
+  this.readable = !(this.destroyed = this.closed = !(this.fd = null))
+}
+
 /**
  * Clear all headers from a response.
  *

package.json

@@ -16,7 +16,6 @@
   "dependencies": {
     "debug": "~2.2.0",
     "depd": "~1.1.0",
-    "destroy": "~1.0.4",
     "encodeurl": "~1.0.1",
     "escape-html": "~1.0.3",
     "etag": "~1.7.0",