UNPKG

@worker-tools/middleware

Version:

A suite of standalone HTTP server middlewares for Worker Runtimes.

workers.tools/middleware

worker-tools/middleware

96 lines 4.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.strictCORS = exports.anyCORS = exports.cors = exports.VARY = exports.ALLOW_CREDENTIALS = exports.ALLOW_HEADERS = exports.ALLOW_METHODS = exports.ALLOW_ORIGIN = exports.REQUEST_HEADERS = exports.REQUEST_METHOD = exports.ORIGIN = void 0; exports.ORIGIN = 'Origin'; exports.REQUEST_METHOD = 'Access-Control-Request-Method'; exports.REQUEST_HEADERS = 'Access-Control-Request-Headers'; exports.ALLOW_ORIGIN = 'Access-Control-Allow-Origin'; exports.ALLOW_METHODS = 'Access-Control-Allow-Methods'; exports.ALLOW_HEADERS = 'Access-Control-Allow-Headers'; exports.ALLOW_CREDENTIALS = 'Access-Control-Allow-Credentials'; exports.VARY = 'VARY'; const SECOND = { unit: 'second', relativeTo: '1970-01-01' }; const isDuration = (x) => (x === null || x === void 0 ? void 0 : x[Symbol.toStringTag]) === 'Temporal.Duration'; const toMaxAge = (x) => (isDuration(x) ? x.total(SECOND) : x).toString(); /** * A CORS middleware that gives clients exactly the permissions they ask for, unless constrained by the definitions in `options`. * * Note that applying this middleware to your routes isn't enough for non-GET requests. * Pre-flight/OPTIONS routes need to be added manually: * ``` * router.options('/your/path', anyCORS(), () => noContent()) * router.post('/your/path', anyCORS(), (req, {}) => ok()) * ``` */ const cors = (options = {}) => async (ax) => { const x = await ax; const req = x.request; x.effects.push(res => { var _a, _b, _c, _d, _e, _f, _g, _h; const optOrigin = typeof options.origin === 'string' ? new URL(options.origin) : options.origin; res.headers.set(exports.ALLOW_ORIGIN, (_b = (_a = optOrigin === null || optOrigin === void 0 ? void 0 : optOrigin.origin) !== null && _a !== void 0 ? _a : req.headers.get(exports.ORIGIN)) !== null && _b !== void 0 ? _b : '*'); const requestedMethod = req.headers.get(exports.REQUEST_METHOD); if (requestedMethod && ((_d = (_c = options.methods) === null || _c === void 0 ? void 0 : _c.includes(requestedMethod)) !== null && _d !== void 0 ? _d : true)) { res.headers.append(exports.ALLOW_METHODS, requestedMethod); } const requestedHeaders = new Set((_f = (_e = req.headers.get(exports.REQUEST_HEADERS)) === null || _e === void 0 ? void 0 : _e.split(',')) === null || _f === void 0 ? void 0 : _f.map(h => h.trim())); for (const h of (_h = (_g = options.headers) === null || _g === void 0 ? void 0 : _g.filter(h => requestedHeaders.has(h))) !== null && _h !== void 0 ? _h : requestedHeaders) { res.headers.append(exports.ALLOW_HEADERS, h); } if (options.credentials) res.headers.set(exports.ALLOW_CREDENTIALS, 'true'); if (options.maxAge) res.headers.set('Access-Control-Max-Age', toMaxAge(options.maxAge)); if (!options.origin) res.headers.append(exports.VARY, exports.ORIGIN); if (!options.methods) res.headers.append(exports.VARY, exports.REQUEST_METHOD); if (!options.headers) res.headers.append(exports.VARY, exports.REQUEST_HEADERS); return res; }); return x; }; exports.cors = cors; exports.anyCORS = exports.cors; /** * A CORS middleware that only grants the permissions defined via `options`. * * Note that applying this middleware to your routes isn't enough for non-GET requests. * Pre-flight/OPTIONS routes need to be added manually: * ``` * router.options('/your/path', strictCORS({ ... }), () => noContent()) * router.post('/your/path', strictCORS({ ... }), (req, {}) => ok()) * ``` */ const strictCORS = (options) => async (ax) => { const x = await ax; const req = x.request; x.effects.push(res => { const optOrigin = typeof options.origin === 'string' ? new URL(options.origin) : options.origin; res.headers.set(exports.ALLOW_ORIGIN, optOrigin.origin); const requestedMethod = req.headers.get(exports.REQUEST_METHOD); if (requestedMethod && options.methods.includes(requestedMethod)) { for (const m of options.methods) { res.headers.append(exports.ALLOW_METHODS, m); } } if (req.headers.get(exports.REQUEST_HEADERS)) { for (const h of options.headers) { res.headers.append(exports.ALLOW_HEADERS, h); } } if (options.credentials) res.headers.set(exports.ALLOW_CREDENTIALS, 'true'); if (options.maxAge) res.headers.set('Access-Control-Max-Age', toMaxAge(options.maxAge)); return res; }); return x; }; exports.strictCORS = strictCORS; //# sourceMappingURL=cors.js.map