UNPKG

@uppy/companion

Version:

OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:

github.com/transloadit/uppy

transloadit/uppy

31 lines (30 loc) 1.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/** * Initializes the oAuth flow for a provider. * * The client has open a new tab and is about to be redirected to the auth * provider. When the user will return to companion, we'll have to send the auth * token back to Uppy with `window.postMessage()`. * To prevent other tabs and unauthorized origins from accessing that token, we * reuse origin(s) from `corsOrigins` to limit the scope of `postMessage()`, which * has `targetOrigin` parameter, required for cross-origin messages (i.e. if Uppy * and Companion are served from different origins). * We support multiple origins in `corsOrigins`, we have to figure out which * origin the current connect request is coming from. Because the OAuth window * was opened with `window.open()`, starting a new browsing context, the request * is not cross origin and we don't have a `Origin` header to work with. * That's why we use the client-provided base64-encoded parameter, check if it * matches origin(s) allowed in `corsOrigins` Companion option, and use that as * our `targetOrigin` for the `window.postMessage()` call (see `send-token.js`). * * @param {object} req * @param {object} res */ export default function connect(req: object, res: object, next: any): void; /** * Derived from `cors` npm package. * @see https://github.com/expressjs/cors/blob/791983ebc0407115bc8ae8e64830d440da995938/lib/index.js#L19-L34 * @param {string} origin * @param {*} allowedOrigins * @returns {boolean} */ export function isOriginAllowed(origin: string, allowedOrigins: any): boolean;