better-auth
Version:
The most comprehensive authentication framework for TypeScript.
31 lines (29 loc) • 1.24 kB
JavaScript
import { wildcardMatch } from "../utils/wildcard.mjs";
import { getHost, getOrigin, getProtocol } from "../utils/url.mjs";
//#region src/auth/trusted-origins.ts
/**
* Matches the given url against an origin or origin pattern
* See "options.trustedOrigins" for details of supported patterns
*
* @param url The url to test
* @param pattern The origin pattern
* @param [settings] Specify supported pattern matching settings
* @returns {boolean} true if the URL matches the origin pattern, false otherwise.
*/
const matchesOriginPattern = (url, pattern, settings) => {
if (url.startsWith("/")) {
if (settings?.allowRelativePaths) return url.startsWith("/") && /^\/(?!\/|\\|%2f|%5c)[\w\-.\+/@]*(?:\?[\w\-.\+/=&%@]*)?$/.test(url);
return false;
}
if (pattern.includes("*") || pattern.includes("?")) {
if (pattern.includes("://")) return wildcardMatch(pattern)(getOrigin(url) || url);
const host = getHost(url);
if (!host) return false;
return wildcardMatch(pattern)(host);
}
const protocol = getProtocol(url);
return protocol === "http:" || protocol === "https:" || !protocol ? pattern === getOrigin(url) : url.startsWith(pattern);
};
//#endregion
export { matchesOriginPattern };
//# sourceMappingURL=trusted-origins.mjs.map