UNPKG

@doneisbetter/sso

Version:

A secure, privacy-focused SSO solution with ephemeral token handling

sso.doneisbetter.com

moldovancsaba/sso

55 lines 2.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
var _a; // Default CORS configuration const defaultConfig = { allowedOrigins: ((_a = process.env.ALLOWED_ORIGINS) === null || _a === void 0 ? void 0 : _a.split(',')) || ['http://localhost:3000'], allowedMethods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'], exposedHeaders: ['Content-Length', 'X-RateLimit-Limit', 'X-RateLimit-Remaining'], maxAge: 86400, // 24 hours credentials: true, }; /** * Validates if the origin is allowed based on the configuration * Supports exact matches and wildcard patterns */ const isOriginAllowed = (origin, allowedOrigins) => { if (!origin) return false; return allowedOrigins.some(allowed => { if (allowed === '*') return true; if (allowed.includes('*')) { const pattern = new RegExp('^' + allowed.replace('*', '.*') + '$'); return pattern.test(origin); } return allowed === origin; }); }; /** * CORS middleware factory that creates a configured middleware instance * Handles both preflight requests and actual CORS headers */ export const corsMiddleware = (customConfig) => { const config = Object.assign(Object.assign({}, defaultConfig), customConfig); return (req, res, next) => { const origin = req.get('Origin'); // Check if the origin is allowed if (origin && isOriginAllowed(origin, config.allowedOrigins)) { res.setHeader('Access-Control-Allow-Origin', origin); if (config.credentials) { res.setHeader('Access-Control-Allow-Credentials', 'true'); } // Handle preflight requests if (req.method === 'OPTIONS') { res.setHeader('Access-Control-Allow-Methods', config.allowedMethods.join(',')); res.setHeader('Access-Control-Allow-Headers', config.allowedHeaders.join(',')); res.setHeader('Access-Control-Expose-Headers', config.exposedHeaders.join(',')); res.setHeader('Access-Control-Max-Age', config.maxAge.toString()); // End preflight request here return res.status(204).end(); } } next(); }; }; //# sourceMappingURL=cors.js.map