next-armored
Version:
Security middlewares for Next.js
175 lines (173 loc) • 6.93 kB
JavaScript
import {
__commonJS,
__require,
__toESM
} from "./chunk-7D4SUZUM.js";
// middlewares/cross-origin-resource-sharing/dist/index.js
var require_dist = __commonJS({
"middlewares/cross-origin-resource-sharing/dist/index.js"(exports, module) {
"use strict";
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
var cross_origin_resource_sharing_exports = {};
__export(cross_origin_resource_sharing_exports, {
DEFAULT_CORS_CONFIG: () => DEFAULT_CORS_CONFIG,
createCorsMiddleware: () => middleware_default,
default: () => cross_origin_resource_sharing_default
});
module.exports = __toCommonJS(cross_origin_resource_sharing_exports);
var import_server = __require("next/server");
var DEFAULT_CORS_CONFIG = {
origins: void 0,
// Required -> DO NOT USE * by default
methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
headers: ["Content-Type", "Authorization"],
allowCredentials: true,
preflightContinue: false,
optionsSuccessStatus: 204,
exposedHeaders: [],
maxAge: 5
// 5 seconds is the default value, 86400 seconds is often used
};
var ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
var ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
var ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
var ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
var ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
var ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
var createCorsMiddleware2 = ({
origins,
methods = DEFAULT_CORS_CONFIG.methods,
headers = DEFAULT_CORS_CONFIG.headers,
allowCredentials = DEFAULT_CORS_CONFIG.allowCredentials,
exposedHeaders = DEFAULT_CORS_CONFIG.exposedHeaders,
maxAge = DEFAULT_CORS_CONFIG.maxAge,
optionsSuccessStatus = DEFAULT_CORS_CONFIG.optionsSuccessStatus,
preflightContinue = DEFAULT_CORS_CONFIG.preflightContinue
}) => {
console.log("createCorsMiddleware");
const corsOptions = {
ACCESS_CONTROL_ALLOW_METHODS: methods.join(", "),
ACCESS_CONTROL_ALLOW_HEADERS: headers.join(", "),
ACCESS_CONTROL_ALLOW_CREDENTIALS: allowCredentials ? "true" : "false",
...exposedHeaders.length > 0 ? { ACCESS_CONTROL_EXPOSE_HEADERS: exposedHeaders.join(", ") } : {},
...maxAge ? { ACCESS_CONTROL_MAX_AGE: maxAge.toString() } : {}
};
function configureMaxAge(maxAge2) {
return {
key: ACCESS_CONTROL_MAX_AGE,
value: maxAge2.toString()
};
}
function configureExposedHeaders(exposedHeaders2) {
return {
key: ACCESS_CONTROL_EXPOSE_HEADERS,
value: exposedHeaders2.join(", ")
};
}
function configureAllowCredentials(allowCredentials2) {
return {
key: ACCESS_CONTROL_ALLOW_CREDENTIALS,
value: allowCredentials2 ? "true" : "false"
};
}
function configureAllowMethods(methods2) {
return {
key: ACCESS_CONTROL_ALLOW_METHODS,
value: methods2.join(", ")
};
}
function configureAllowHeaders(headers2) {
return {
key: ACCESS_CONTROL_ALLOW_HEADERS,
value: headers2.join(", ")
};
}
function configureAllowOrigin(origin) {
return {
key: ACCESS_CONTROL_ALLOW_ORIGIN,
value: origin
};
}
function getIsOriginAllowed(origin, allowedOrigins) {
console.log("getIsOriginAllowed", origin, allowedOrigins);
if (allowedOrigins.length === 0) {
return { result: false };
}
if (allowedOrigins.includes("*")) {
return { result: true, origin };
}
for (const allowedOrigin of allowedOrigins) {
if (typeof allowedOrigin === "string" && allowedOrigin === origin) {
return { result: true, origin };
}
if (allowedOrigin instanceof RegExp && allowedOrigin.test(origin)) {
return { result: true, origin };
}
}
return { result: false };
}
const middleware = (request) => {
const origin = request.headers.get("origin") ?? "";
const isOriginAllowed = getIsOriginAllowed(origin, origins);
console.log("isOriginAllowed", isOriginAllowed);
const optionsHeaders = [];
optionsHeaders.push(configureMaxAge(maxAge));
optionsHeaders.push(configureExposedHeaders(exposedHeaders));
optionsHeaders.push(configureAllowCredentials(allowCredentials));
optionsHeaders.push(configureAllowMethods(methods));
optionsHeaders.push(configureAllowHeaders(headers));
if (isOriginAllowed.result) {
optionsHeaders.push(configureAllowOrigin(isOriginAllowed.origin));
}
const isPreflight = request.method === "OPTIONS";
if (isPreflight) {
if (preflightContinue) {
const response2 = import_server.NextResponse.next();
optionsHeaders.forEach(({ key, value }) => {
response2.headers.set(key, value);
});
return response2;
}
return import_server.NextResponse.json(
{},
{
headers: optionsHeaders.map((header) => [header.key, header.value]),
status: optionsSuccessStatus
}
);
}
const response = import_server.NextResponse.next();
optionsHeaders.forEach(({ key, value }) => {
response.headers.set(key, value);
});
return response;
};
return middleware;
};
var middleware_default = createCorsMiddleware2;
var cross_origin_resource_sharing_default = middleware_default;
}
});
// index.ts
var import_cross_origin_resource_sharing = __toESM(require_dist(), 1);
var export_createCorsMiddleware = import_cross_origin_resource_sharing.createCorsMiddleware;
export {
export_createCorsMiddleware as createCorsMiddleware
};
//# sourceMappingURL=index.js.map