UNPKG

@trifrost/core

Version:

Blazingly fast, runtime-agnostic server framework for modern edge and node environments

trifrost.dev

trifrost-js/core

126 lines (125 loc) 5.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
import { isNeArray } from '@valkyriestudios/utils/array'; import { isBoolean } from '@valkyriestudios/utils/boolean'; import { isIntGte } from '@valkyriestudios/utils/number'; import { isObject } from '@valkyriestudios/utils/object'; import { isNeString } from '@valkyriestudios/utils/string'; import { HttpMethods, Sym_TriFrostDescription, Sym_TriFrostFingerPrint, Sym_TriFrostName } from '../types/constants'; /* Specific symbol attached to cors mware to identify them by */ export const Sym_TriFrostMiddlewareCors = Symbol('TriFrost.Middleware.Cors'); const METHODS = ['GET', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE', 'CONNECT', 'TRACE']; const METHODSSet = new Set(METHODS); /** * Cors defaults */ const CorsDefaults = { origin: '*', methods: ['GET', 'HEAD', 'POST'], headers: [], expose: [], credentials: false, }; /** * CORS - Cross Origin Resource Sharing * * @param {TriFrostCorsOptions} options - Options to apply * @param {TriFrostCorsConfig} config - Additional behavioral config * * @see origin - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Origin * @see methods - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Methods * @see headers - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Headers * @see expose - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Expose-Headers * @see credentials - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Credentials * @see maxage - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Max-Age */ export function Cors(options = {}, config) { const use_defaults = !isBoolean(config?.use_defaults) ? true : config.use_defaults; const { origin, methods, headers, expose, credentials, maxage } = use_defaults === true ? { ...CorsDefaults, ...(isObject(options) && options) } : isObject(options) ? options : {}; let originWhiteList = null; let originFn = null; const computed = { vary: 'Origin' }; /* Access-Control-Allow-Origin */ if (isNeString(origin)) { computed['access-control-allow-origin'] = origin; } else if (isNeArray(origin)) { originWhiteList = new Set(); for (let i = 0; i < origin.length; i++) { const val = origin[i]; if (isNeString(val)) originWhiteList.add(val.trim()); } if (!originWhiteList.size) throw new Error('TriFrostMiddleware@Cors: Invalid origin'); originFn = reqOrigin => { if (typeof reqOrigin === 'string' && originWhiteList.has(reqOrigin)) return reqOrigin; return null; }; } else if (typeof origin === 'function') { originFn = origin; } /* Access-Control-Allow-Methods */ if (isNeArray(methods)) { const normalized = new Set(); for (let i = 0; i < methods.length; i++) { const method = methods[i]; if (!METHODSSet.has(method)) throw new Error('TriFrostMiddleware@Cors: Invalid method "' + method + '"'); normalized.add(method); } computed['access-control-allow-methods'] = [...normalized].join(', '); } else if (methods === '*') { computed['access-control-allow-methods'] = '*'; } /* Access-Control-Allow-Headers */ if (isNeArray(headers)) { const normalized = new Set(); for (let i = 0; i < headers.length; i++) { const el = headers[i]; if (!isNeString(el)) throw new Error('TriFrostMiddleware@Cors: Invalid header "' + el + '"'); normalized.add(el.trim()); } computed['access-control-allow-headers'] = [...normalized.values()].join(', '); } /* Access-Control-Expose-Headers */ if (isNeArray(expose)) { const normalized = new Set(); for (let i = 0; i < expose.length; i++) { const el = expose[i]; if (!isNeString(el)) throw new Error('TriFrostMiddleware@Cors: Invalid expose "' + el + '"'); normalized.add(el.trim()); } computed['access-control-expose-headers'] = [...normalized.values()].join(', '); } /* Access-Control-Allow-Credentials */ if (credentials === true) { computed['access-control-allow-credentials'] = 'true'; } /* Access-Control-Max-Age */ if (isIntGte(maxage, 0)) { computed['access-control-max-age'] = `${maxage}`; } /* Baseline Middleware function */ const mware = function TriFrostCorsMiddleware(ctx) { /* Add computed headers */ ctx.setHeaders(computed); /* If origin is function we should check to see if we need to add it */ if (originFn) { const value = originFn(ctx.headers.origin ?? ctx.headers.Origin ?? null); if (value !== null) ctx.setHeader('access-control-allow-origin', value); } /* If it's an options call simply return a 204 status */ if (ctx.method === HttpMethods.OPTIONS) return ctx.status(204); }; /* Add symbols for introspection/use further down the line */ Reflect.set(mware, Sym_TriFrostName, 'TriFrostCors'); Reflect.set(mware, Sym_TriFrostDescription, 'Middleware for Cross Origin Resource Sharing'); Reflect.set(mware, Sym_TriFrostFingerPrint, Sym_TriFrostMiddlewareCors); return mware; }