UNPKG

@p-j/eapi-middleware-headers

Version:

A middleware to manage headers or requests within an EAPI app. Check worker-eapi-template for context.

github.com/p-j/eapi/tree/main/packages/eapi-middleware-headers

p-j/eapi

142 lines (107 loc) 5.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# `@p-j/eapi-middleware-headers` > A middleware to configure headers on both Request (to an upstream server) and Response on a per route or request basis ## Installation - From the NPM registry ```sh npm install @p-j/eapi-middleware-headers # or yarn add @p-j/eapi-middleware-headers ``` ## API - [`withHeaders`](./src/withHeaders.ts) is a [Middleware Factory](../eapi-types/index.d.ts); it takes in the following options: ```ts export interface WithHeadersOptions { addRequestHeaders?: HeadersInit removeRequestHeaders?: string[] addResponseHeaders?: HeadersInit removeResponseHeaders?: string[] existing?: 'combine' | 'override' | 'skip' } ``` As noted above, none of the options are required. - `addRequestHeaders` headers to add to the Request before passing it down to the requestHandler - `removeRequestHeaders` headers to remove from the Request before passing it down to the requestHandler - `addResponseHeaders` headers to add to the Response before returning it - `removeResponseHeaders` headers to remove from the Response before returning it - `existing` define how add<Request|Response>Headers will handle existing headers, it can be set to either `'combine'`, `'override'` or `'skip'`. **Defaults to `'combine'`.** - [`managerHeaders`](./src/withHeaders.ts) is a utility function that adds CORS headers to a `Request` or a `Response`; it takes in the following options: ```ts export interface ManageHeadersOptions { subject: Request | Response addHeaders?: HeadersInit removeHeaders?: string[] existing?: 'combine' | 'override' | 'skip' } ``` - `subject` the `Request` or `Response` to work on - `addHeaders` headers to add - `removeHeaders` headers to remove - `existing` define how addHeaders will handle existing headers, it can be set to either `'combine'`, `'override'` or `'skip'`. **Defaults to `'combine'`.** ## Usage ### Adding a header to a Request aimed at an upstream server Another way of implementing the [Proxy example](https://github.com/p-j/eapi/tree/main/packages/eapi-middleware-redirect#proxy-example) from the `eapi-middleware-redirect` ```ts import { withHeaders } from '@p-j/eapi-middleware-headers' const callUpstream: RequestHandler = ({ request }) => { // combine the url with the request details provided, including the Authorization Header added by the middleware const searchParams = new URLSearchParams({ x: request.query.param1, y: request.query.param2 }) const upstreamRequest = new Request(`https://some.api.com/endpoint?${searchParams.toString()}`, request) return fetch(upstreamRequest) } const addAuthorizationHeader = withHeaders({ addRequestHeader: { Authorization: `Bearer ${API_KEY}` } }) const requestHandler = addAuthorizationHeader(callUpstream) addEventListener('fetch', (event) => event.respondWith(requestHandler({ event, request: event.request }))) ``` ### Removing headers before forwarding a request to a 3rd party server As a follow up to the example above, we may want to remove sensitive informations from the original request before sending it to a 3rd party server: ```ts import { withHeaders } from '@p-j/eapi-middleware-headers' const callUpstream: RequestHandler = ({ request }) => { // combine the url with the request details provided, including the Authorization Header added by the middleware const searchParams = new URLSearchParams({ x: request.query.param1, y: request.query.param2 }) const upstreamRequest = new Request(`https://some.api.com/endpoint?${searchParams.toString()}`, request) return fetch(upstreamRequest) } const addAuthorizationHeader = withHeaders({ addRequestHeader: { Authorization: `Bearer ${API_KEY}` }, removeRequestHeaders: [ // these headers will not be sent to the upstream server 'user-agent', 'referer', 'cookie', 'cf-connecting-ip', ], }) const requestHandler = addAuthorizationHeader(callUpstream) addEventListener('fetch', (event) => event.respondWith(requestHandler({ event, request: event.request }))) ``` ### Adding headers to a Response Overriding CORS headers from an upstream API (you should likely use [`eapi-middleware-cors](../eapi-middleware-cors) for this instead) ```ts import { withHeaders } from '@p-j/eapi-middleware-headers' const callUpstream: RequestHandler = ({ request }) => { // combine the url with the request details provided, including the Authorization Header added by the middleware const searchParams = new URLSearchParams({ x: request.query.param1, y: request.query.param2 }) const upstreamRequest = new Request(`https://some.api.com/endpoint?${searchParams.toString()}`, request) return fetch(upstreamRequest) } const addAuthorizationHeader = withHeaders({ addRequestHeader: { Authorization: `Bearer ${API_KEY}` }, removeRequestHeaders: [ // these headers will not be sent to the upstream server 'user-agent', 'referer', 'cookie', 'cf-connecting-ip', ], addResponseHeader: { 'Access-Control-Allow-Origin': 'https://my-awesome-origin.com', 'Access-Control-Allow-Headers': ['Origin', 'Content-Type', 'Accept', 'Authorization'].join(','), 'Access-Control-Allow-Methods': ['GET', 'OPTIONS', 'HEAD'].join(','), 'Access-Control-Max-Age': '3600', }, existing: 'override', // Make sure we override any exsting headers }) const requestHandler = addAuthorizationHeader(callUpstream) addEventListener('fetch', (event) => event.respondWith(requestHandler({ event, request: event.request }))) ```