next-armored
Version:
Security middlewares for Next.js
206 lines (204 loc) • 8.59 kB
JavaScript
;
var __create = Object.create;
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __getProtoOf = Object.getPrototypeOf;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __commonJS = (cb, mod) => function __require() {
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
};
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
// If the importer is in node compatibility mode or this is not an ESM
// file that has been converted to a CommonJS file using a Babel-
// compatible transform (i.e. "__esModule" has not been set), then set
// "default" to the CommonJS "module.exports" for node compatibility.
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
mod
));
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
// middlewares/cross-origin-resource-sharing/dist/index.js
var require_dist = __commonJS({
"middlewares/cross-origin-resource-sharing/dist/index.js"(exports2, module2) {
"use strict";
var __defProp2 = Object.defineProperty;
var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
var __getOwnPropNames2 = Object.getOwnPropertyNames;
var __hasOwnProp2 = Object.prototype.hasOwnProperty;
var __export2 = (target, all) => {
for (var name in all)
__defProp2(target, name, { get: all[name], enumerable: true });
};
var __copyProps2 = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames2(from))
if (!__hasOwnProp2.call(to, key) && key !== except)
__defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
}
return to;
};
var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
var cross_origin_resource_sharing_exports = {};
__export2(cross_origin_resource_sharing_exports, {
DEFAULT_CORS_CONFIG: () => DEFAULT_CORS_CONFIG,
createCorsMiddleware: () => middleware_default,
default: () => cross_origin_resource_sharing_default
});
module2.exports = __toCommonJS2(cross_origin_resource_sharing_exports);
var import_server = require("next/server");
var DEFAULT_CORS_CONFIG = {
origins: void 0,
// Required -> DO NOT USE * by default
methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
headers: ["Content-Type", "Authorization"],
allowCredentials: true,
preflightContinue: false,
optionsSuccessStatus: 204,
exposedHeaders: [],
maxAge: 5
// 5 seconds is the default value, 86400 seconds is often used
};
var ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
var ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
var ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
var ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
var ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
var ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
var createCorsMiddleware2 = ({
origins,
methods = DEFAULT_CORS_CONFIG.methods,
headers = DEFAULT_CORS_CONFIG.headers,
allowCredentials = DEFAULT_CORS_CONFIG.allowCredentials,
exposedHeaders = DEFAULT_CORS_CONFIG.exposedHeaders,
maxAge = DEFAULT_CORS_CONFIG.maxAge,
optionsSuccessStatus = DEFAULT_CORS_CONFIG.optionsSuccessStatus,
preflightContinue = DEFAULT_CORS_CONFIG.preflightContinue
}) => {
console.log("createCorsMiddleware");
const corsOptions = {
ACCESS_CONTROL_ALLOW_METHODS: methods.join(", "),
ACCESS_CONTROL_ALLOW_HEADERS: headers.join(", "),
ACCESS_CONTROL_ALLOW_CREDENTIALS: allowCredentials ? "true" : "false",
...exposedHeaders.length > 0 ? { ACCESS_CONTROL_EXPOSE_HEADERS: exposedHeaders.join(", ") } : {},
...maxAge ? { ACCESS_CONTROL_MAX_AGE: maxAge.toString() } : {}
};
function configureMaxAge(maxAge2) {
return {
key: ACCESS_CONTROL_MAX_AGE,
value: maxAge2.toString()
};
}
function configureExposedHeaders(exposedHeaders2) {
return {
key: ACCESS_CONTROL_EXPOSE_HEADERS,
value: exposedHeaders2.join(", ")
};
}
function configureAllowCredentials(allowCredentials2) {
return {
key: ACCESS_CONTROL_ALLOW_CREDENTIALS,
value: allowCredentials2 ? "true" : "false"
};
}
function configureAllowMethods(methods2) {
return {
key: ACCESS_CONTROL_ALLOW_METHODS,
value: methods2.join(", ")
};
}
function configureAllowHeaders(headers2) {
return {
key: ACCESS_CONTROL_ALLOW_HEADERS,
value: headers2.join(", ")
};
}
function configureAllowOrigin(origin) {
return {
key: ACCESS_CONTROL_ALLOW_ORIGIN,
value: origin
};
}
function getIsOriginAllowed(origin, allowedOrigins) {
console.log("getIsOriginAllowed", origin, allowedOrigins);
if (allowedOrigins.length === 0) {
return { result: false };
}
if (allowedOrigins.includes("*")) {
return { result: true, origin };
}
for (const allowedOrigin of allowedOrigins) {
if (typeof allowedOrigin === "string" && allowedOrigin === origin) {
return { result: true, origin };
}
if (allowedOrigin instanceof RegExp && allowedOrigin.test(origin)) {
return { result: true, origin };
}
}
return { result: false };
}
const middleware = (request) => {
const origin = request.headers.get("origin") ?? "";
const isOriginAllowed = getIsOriginAllowed(origin, origins);
console.log("isOriginAllowed", isOriginAllowed);
const optionsHeaders = [];
optionsHeaders.push(configureMaxAge(maxAge));
optionsHeaders.push(configureExposedHeaders(exposedHeaders));
optionsHeaders.push(configureAllowCredentials(allowCredentials));
optionsHeaders.push(configureAllowMethods(methods));
optionsHeaders.push(configureAllowHeaders(headers));
if (isOriginAllowed.result) {
optionsHeaders.push(configureAllowOrigin(isOriginAllowed.origin));
}
const isPreflight = request.method === "OPTIONS";
if (isPreflight) {
if (preflightContinue) {
const response2 = import_server.NextResponse.next();
optionsHeaders.forEach(({ key, value }) => {
response2.headers.set(key, value);
});
return response2;
}
return import_server.NextResponse.json(
{},
{
headers: optionsHeaders.map((header) => [header.key, header.value]),
status: optionsSuccessStatus
}
);
}
const response = import_server.NextResponse.next();
optionsHeaders.forEach(({ key, value }) => {
response.headers.set(key, value);
});
return response;
};
return middleware;
};
var middleware_default = createCorsMiddleware2;
var cross_origin_resource_sharing_default = middleware_default;
}
});
// index.ts
var next_armored_exports = {};
__export(next_armored_exports, {
createCorsMiddleware: () => import_cross_origin_resource_sharing.createCorsMiddleware
});
module.exports = __toCommonJS(next_armored_exports);
var import_cross_origin_resource_sharing = __toESM(require_dist(), 1);
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
createCorsMiddleware
});
//# sourceMappingURL=index.cjs.map