@h4ad/serverless-adapter/lib/frameworks/cors/index.d.cts

Run REST APIs and other web applications using your existing Node.js application framework (NestJS, Express, Koa, Hapi, Fastify and many others), on top of AWS, Azure, Digital Ocean and many other clouds.

import { IncomingMessage, ServerResponse } from 'http';
import cors, { CorsOptions } from 'cors';
import { F as FrameworkContract } from '../../framework.contract-td-lRvq6.cjs';

/**
 * The options to customize {@link CorsFramework}
 *
 * @breadcrumb Frameworks / CorsFramework
 * @public
 */
type CorsFrameworkOptions = CorsOptions & {
    /**
     * Send error 403 when cors is invalid. From what I read in `cors`, `fastify/cors` and [this problem](https://stackoverflow.com/questions/57212248/why-is-http-request-been-processed-in-action-even-when-cors-is-not-enabled)
     * it is normal to process the request even if the origin is invalid.
     * So this option will respond with error if this method was called from an invalid origin (or not allowed method) like [access control lib](https://github.com/primus/access-control/blob/master/index.js#L95-L115) .
     *
     * @defaultValue true
     */
    forbiddenOnInvalidOriginOrMethod?: boolean;
};
/**
 * The framework that handles cors for your api without relying on internals of the framework
 *
 * @example
 * ```typescript
 * import express from 'express';
 * import { ServerlessAdapter } from '@h4ad/serverless-adapter';
 * import { ExpressFramework } from '@h4ad/serverless-adapter/lib/frameworks/express';
 * import { CorsFramework } from '@h4ad/serverless-adapter/lib/frameworks/cors';
 *
 * const expressFramework = new ExpressFramework();
 * const options: CorsOptions = {}; // customize the options
 * const framework = new CorsFramework(expressFramework, options);
 *
 * export const handler = ServerlessAdapter.new(null)
 *   .setFramework(framework)
 *   // set other configurations and then build
 *   .build();
 * ```
 *
 * @breadcrumb Frameworks / CorsFramework
 * @public
 */
declare class CorsFramework<TApp> implements FrameworkContract<TApp> {
    protected readonly framework: FrameworkContract<TApp>;
    protected readonly options?: CorsFrameworkOptions | undefined;
    /**
     * Default Constructor
     */
    constructor(framework: FrameworkContract<TApp>, options?: CorsFrameworkOptions | undefined);
    /**
     * All cors headers that can be added by cors package
     */
    protected readonly corsHeaders: string[];
    /**
     * The cached instance of cors
     */
    protected readonly cachedCorsInstance: ReturnType<typeof cors>;
    /**
     * {@inheritDoc}
     */
    sendRequest(app: TApp, request: IncomingMessage, response: ServerResponse): void;
    /**
     * Handle next execution called by the cors package
     */
    protected onCorsNext(app: TApp, request: IncomingMessage, response: ServerResponse): () => void;
    /**
     * Format the headers to be standardized with the rest of the library, such as ApiGatewayV2.
     * Also, some frameworks don't support headers as an array, so we need to format the values.
     */
    protected formatHeaderValuesAddedByCorsPackage(response: ServerResponse): void;
    /**
     * Check if the origin is invalid or if the method is not allowed.
     * Highly inspired by [access-control](https://github.com/primus/access-control/blob/master/index.js#L95-L115)
     */
    protected isInvalidOriginOrMethodIsNotAllowed(request: IncomingMessage, allowedOrigin: number | string | string[] | undefined): boolean;
}

export { CorsFramework, type CorsFrameworkOptions };