stackpress/cjs/api/plugin.js

Incept is a content management framework.

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
})();
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = plugin;
exports.cors = cors;
exports.session = session;
exports.app = app;
exports.open = open;
const helpers_js_1 = require("./helpers.js");
function plugin(ctx) {
    if (!ctx.config.get('api'))
        return;
    ctx.on('listen', (_req, _res, ctx) => {
        const { webhooks = [] } = ctx.config('api') || {};
        for (const webhook of webhooks) {
            ctx.on(webhook.event, (req, res) => __awaiter(this, void 0, void 0, function* () {
                if (res.code !== 200)
                    return;
                const data = webhook.data || {};
                const params = req.data();
                const results = res.toStatusResponse().results;
                if (!(0, helpers_js_1.validData)(webhook.validity, results))
                    return;
                yield fetch(webhook.uri, {
                    method: webhook.method,
                    body: JSON.stringify({ data, params, results }),
                });
            }), -200);
        }
    });
    ctx.on('route', (_req, _res, ctx) => {
        const { endpoints = [] } = ctx.config('api') || {};
        if (!Array.isArray(endpoints) || endpoints.length === 0)
            return;
        ctx.import.all('/auth/oauth/token', () => Promise.resolve().then(() => __importStar(require('./pages/token.js'))));
        ctx.import.all('/auth/oauth', () => Promise.resolve().then(() => __importStar(require('./pages/oauth.js'))));
        ctx.view.all('/auth/oauth', 'stackpress/esm/api/views/oauth', -100);
        for (const endpoint of endpoints) {
            cors(endpoint, ctx);
            if (endpoint.type === 'session') {
                session(endpoint, ctx);
            }
            else if (endpoint.type === 'app') {
                app(endpoint, ctx);
            }
            else if (endpoint.type === 'public') {
                open(endpoint, ctx);
            }
        }
    });
}
;
function cors(endpoint, ctx) {
    let origin = endpoint.cors === true ? '*' : endpoint.cors;
    if (typeof origin === 'string') {
        origin = [origin];
    }
    if (!Array.isArray(origin))
        return;
    const cors = function CrossOrigin(req, res) {
        if (origin.includes('*')) {
            res.headers.set('Access-Control-Allow-Origin', '*');
        }
        else if (origin.includes(req.url.origin)) {
            res.headers.set('Access-Control-Allow-Origin', req.url.origin);
        }
        else {
            return;
        }
        const method = endpoint.method !== 'ALL' ? endpoint.method : '*';
        res.headers.set('Access-Control-Request-Method', method);
        res.headers.set('Access-Control-Allow-Methods', 'OPTIONS, GET');
        res.headers.set('Access-Control-Allow-Headers', '*');
    };
    const preflight = function PreFlight(req, res) {
        cors(req, res);
        res.code = 200;
    };
    ctx.route('OPTIONS', endpoint.route, preflight, 1000);
    ctx.route(endpoint.method, endpoint.route, cors, 1000);
}
function session(endpoint, ctx) {
    ctx.route(endpoint.method, endpoint.route, function SessionAPI(req, res, ctx) {
        return __awaiter(this, void 0, void 0, function* () {
            const authorization = (0, helpers_js_1.authorize)(req, res);
            if (!authorization) {
                return;
            }
            const { id, secret } = authorization;
            const response = yield ctx.resolve('session-detail', { id });
            if (!response || !response.results) {
                return (0, helpers_js_1.unauthorized)(res);
            }
            const session = response.results;
            if (req.method.toUpperCase() !== 'GET'
                && secret !== session.secret) {
                return (0, helpers_js_1.unauthorized)(res);
            }
            const permits = endpoint.scopes || [];
            if (!session.scopes.some(scope => permits.includes(scope))) {
                return (0, helpers_js_1.unauthorized)(res);
            }
            req.data.set(endpoint.data || {});
            req.data.set('profileId', session.profileId);
            yield ctx.emit(endpoint.event, req, res);
        });
    }, endpoint.priority || 0);
}
;
function app(endpoint, ctx) {
    ctx.route(endpoint.method, endpoint.route, function AppAPI(req, res, ctx) {
        return __awaiter(this, void 0, void 0, function* () {
            const authorization = (0, helpers_js_1.authorize)(req, res);
            if (!authorization) {
                return;
            }
            const { id, secret } = authorization;
            const response = yield ctx.resolve('application-detail', { id });
            if (!response || !response.results) {
                return (0, helpers_js_1.unauthorized)(res);
            }
            const application = response.results;
            if (req.method.toUpperCase() !== 'GET'
                && secret !== application.secret) {
                return (0, helpers_js_1.unauthorized)(res);
            }
            const permits = endpoint.scopes || [];
            if (!application.scopes.some(scope => permits.includes(scope))) {
                return (0, helpers_js_1.unauthorized)(res);
            }
            req.data.set(endpoint.data || {});
            yield ctx.emit(endpoint.event, req, res);
        });
    }, endpoint.priority || 0);
}
;
function open(endpoint, ctx) {
    ctx.route(endpoint.method, endpoint.route, function PublicAPI(req, res, ctx) {
        return __awaiter(this, void 0, void 0, function* () {
            req.data.set(endpoint.data || {});
            yield ctx.emit(endpoint.event, req, res);
        });
    }, endpoint.priority || 0);
}
;