midwinter/dist/cors.js

A next-gen middleware engine built for the WinterCG environments.

'use strict';

// src/plugins/cors/util.ts
var AccessControlHeader = {
  AllowOrigin: "Access-Control-Allow-Origin",
  AllowCredentials: "Access-Control-Allow-Credentials",
  AllowMethods: "Access-Control-Allow-Methods",
  AllowHeaders: "Access-Control-Allow-Headers",
  RequestHeaders: "Access-Control-Request-Headers",
  ExposeHeaders: "Access-Control-Expose-Headers",
  MaxAge: "Access-Control-Max-Age"
};
var setOriginHeaders = ({ allowOrigin }, headers) => {
  if (!allowOrigin) return;
  const origin = headers.get("origin");
  if (allowOrigin === "*") {
    headers.set(AccessControlHeader.AllowOrigin, "*");
    return;
  }
  const existingVary = headers.get("Vary");
  headers.set("Vary", existingVary ?? "Origin");
  if (typeof allowOrigin === "string") {
    headers.set(AccessControlHeader.AllowOrigin, allowOrigin);
    return;
  }
  if (Array.isArray(allowOrigin) && typeof origin === "string" && allowOrigin.includes(origin)) {
    headers.set(AccessControlHeader.AllowOrigin, origin);
  }
};
var handlePreflight = ({
  allowMethods,
  maxAge,
  ...opts
}, headers, req) => {
  if (maxAge != null) {
    headers.set(AccessControlHeader.MaxAge, maxAge.toString());
  }
  if (allowMethods?.length) {
    headers.set(AccessControlHeader.AllowMethods, allowMethods.join(","));
  }
  let allowHeaders = opts.allowHeaders;
  if (!allowHeaders?.length) {
    const requestHeaders = req.headers.get(AccessControlHeader.RequestHeaders);
    if (requestHeaders) {
      allowHeaders = requestHeaders.split(/\s*,\s*/);
    }
  }
  if (allowHeaders?.length) {
    headers.set(AccessControlHeader.AllowHeaders, allowHeaders.join(","));
    headers.append("Vary", AccessControlHeader.RequestHeaders);
  }
  headers.delete("Content-Length");
  headers.delete("Content-Type");
  return new Response(null, {
    headers,
    status: 204,
    statusText: "No Content"
  });
};

// src/plugins/cors/index.ts
var init = () => {
  const cors = (options) => {
    return async (req, ctx, meta) => {
      const {
        allowOrigin = "*",
        allowMethods = ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"],
        allowHeaders = [],
        exposeHeaders = [],
        allowCredentials = false,
        maxAge
      } = (typeof options === "function" ? await options(req, ctx, meta) : options) ?? {};
      return (res) => {
        const headers = new Headers(res.headers);
        setOriginHeaders({ allowOrigin }, headers);
        if (allowCredentials) {
          headers.set(AccessControlHeader.AllowCredentials, "true");
        }
        if (exposeHeaders.length) {
          headers.set(
            AccessControlHeader.ExposeHeaders,
            exposeHeaders.join(",")
          );
        }
        if (req.method.toUpperCase() === "OPTIONS") {
          return handlePreflight(
            { allowMethods, maxAge, allowHeaders },
            headers,
            req
          );
        }
        return new Response(res.body, {
          status: res.status,
          statusText: res.statusText,
          headers
        });
      };
    };
  };
  return { cors };
};

exports.init = init;