npm - @appwarden/middleware - Versions diffs - 3.10.1 → 3.11.0 - Mend

@appwarden/middleware 3.10.1 → 3.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/README.md +1 -1
package/{chunk-6O25N45F.js → chunk-2WPLLVUI.js} +11 -3
package/chunk-K7ZIT3FM.js +86 -0
package/{chunk-HIGZSGKS.js → chunk-KE2UVIYR.js} +2 -2
package/{chunk-QGXPAVOA.js → chunk-QUVGY2YI.js} +1 -1
package/{chunk-TASPCREA.js → chunk-ZOYE6D3A.js} +3 -3
package/cloudflare/astro.js +5 -5
package/cloudflare/nextjs.js +5 -5
package/cloudflare/react-router.js +5 -5
package/cloudflare/tanstack-start.js +5 -5
package/{cloudflare-PE3JKP3X.js → cloudflare-JVRRPVRP.js} +1 -1
package/cloudflare.d.ts +5 -0
package/cloudflare.js +17 -13
package/index.js +3 -3
package/package.json +1 -1
package/vercel.js +3 -3
package/chunk-ZQNXNGLV.js +0 -50

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 [![GitHub](https://img.shields.io/badge/GitHub-appwarden%2Fmiddleware-181717?logo=github&logoColor=white)](https://github.com/appwarden/middleware)
 [![npm version](https://img.shields.io/npm/v/@appwarden/middleware.svg)](https://www.npmjs.com/package/@appwarden/middleware)
 [![npm provenance](https://img.shields.io/badge/npm-provenance-green)](https://docs.npmjs.com/generating-provenance-statements)
-![Test Coverage](https://img.shields.io/badge/coverage-92.72%25-brightgreen)
+![Test Coverage](https://img.shields.io/badge/coverage-93.03%25-brightgreen)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 ## Core Features

package/{chunk-6O25N45F.js → chunk-2WPLLVUI.js} RENAMED Viewed

@@ -51,9 +51,9 @@ function isHTMLRequest(request) {
   }
   const normalizedAccept = accept.toLowerCase();
   const isWildcardOnlyAccept = (value) => {
-    const mediaRanges = value.split(",");
+    const mediaRanges2 = value.split(",");
     let hasNonEmptyRange = false;
-    for (const range of mediaRanges) {
+    for (const range of mediaRanges2) {
       const [typeSubtype] = range.split(";");
       const trimmed = typeSubtype.trim();
       if (!trimmed) {
@@ -69,7 +69,15 @@ function isHTMLRequest(request) {
   if (isWildcardOnlyAccept(normalizedAccept)) {
     return false;
   }
-  return normalizedAccept.includes("text/html");
+  const mediaRanges = normalizedAccept.split(",");
+  for (const range of mediaRanges) {
+    const [typeSubtype] = range.split(";");
+    const token = typeSubtype.trim();
+    if (token === "text/html") {
+      return true;
+    }
+  }
+  return false;
 }
 // src/schemas/use-content-security-policy.ts

package/chunk-K7ZIT3FM.js ADDED Viewed

@@ -0,0 +1,86 @@
+import {
+  UseCSPInputSchema,
+  isHTMLResponse
+} from "./chunk-2WPLLVUI.js";
+import {
+  makeCSPHeader
+} from "./chunk-QUVGY2YI.js";
+// src/middlewares/use-content-security-policy.ts
+var AppendAttribute = (attribute, nonce) => ({
+  element: function(element) {
+    element.setAttribute(attribute, nonce);
+  }
+});
+var useContentSecurityPolicy = (input) => {
+  const parsedInput = UseCSPInputSchema.safeParse(input);
+  if (!parsedInput.success) {
+    throw parsedInput.error;
+  }
+  const config = parsedInput.data;
+  return async (context, next) => {
+    await next();
+    const { response } = context;
+    if (
+      // if the csp is disabled
+      !["enforced", "report-only"].includes(config.mode)
+    ) {
+      context.debug("CSP is disabled");
+      return;
+    }
+    if (response.headers.has("Content-Type") && !isHTMLResponse(response)) {
+      return;
+    }
+    const cspNonce = crypto.randomUUID();
+    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
+      cspNonce,
+      config.directives,
+      config.mode
+    );
+    context.debug(`Applying CSP in ${config.mode} mode`);
+    const method = context.request.method.toUpperCase();
+    const shouldSkipTransform = !response.body || response.status === 204 || response.status === 304 || method === "HEAD";
+    if (shouldSkipTransform) {
+      context.debug(
+        "Skipping HTMLRewriter transform for response without body or HEAD request"
+      );
+      const nextResponse2 = new Response(null, response);
+      nextResponse2.headers.set(cspHeaderName, cspHeaderValue);
+      const originalContentType2 = response.headers.get("content-type");
+      if (originalContentType2) {
+        if (/charset\s*=/i.test(originalContentType2)) {
+          nextResponse2.headers.set("content-type", originalContentType2);
+        } else {
+          nextResponse2.headers.set(
+            "content-type",
+            `${originalContentType2}; charset=utf-8`
+          );
+        }
+      } else {
+        nextResponse2.headers.set("content-type", "text/html; charset=utf-8");
+      }
+      context.response = nextResponse2;
+      return;
+    }
+    const nextResponse = new Response(response.clone().body, response);
+    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
+    const originalContentType = response.headers.get("content-type");
+    if (originalContentType) {
+      if (/charset\s*=/i.test(originalContentType)) {
+        nextResponse.headers.set("content-type", originalContentType);
+      } else {
+        nextResponse.headers.set(
+          "content-type",
+          `${originalContentType}; charset=utf-8`
+        );
+      }
+    } else {
+      nextResponse.headers.set("content-type", "text/html; charset=utf-8");
+    }
+    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
+  };
+};
+export {
+  useContentSecurityPolicy
+};

package/{chunk-HIGZSGKS.js → chunk-KE2UVIYR.js} RENAMED Viewed

@@ -1,9 +1,9 @@
 import {
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/utils/build-lock-page-url.ts
 function normalizeLockPageSlug(lockPageSlug) {

package/{chunk-QGXPAVOA.js → chunk-QUVGY2YI.js} RENAMED Viewed

@@ -210,7 +210,7 @@ var insertErrorLogs = async (context, error) => {
         { html: true }
       );
     }
-  }).transform(await fetch(context.request));
+  }).transform(await fetch(context.request.clone()));
 };
 // src/utils/cloudflare/make-csp-header.ts

package/{chunk-TASPCREA.js → chunk-ZOYE6D3A.js} RENAMED Viewed

@@ -1,17 +1,17 @@
 import {
   MemoryCache,
   debug
-} from "./chunk-HIGZSGKS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   APPWARDEN_CACHE_KEY,
   APPWARDEN_TEST_ROUTE
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   deleteEdgeValue,
   getLockValue,
   store,
   syncEdgeValue
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/core/check-lock-status.ts
 var createContext = async (config) => {

package/cloudflare/astro.js CHANGED Viewed

@@ -3,29 +3,29 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-ZQNXNGLV.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/astro-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/cloudflare/nextjs.js CHANGED Viewed

@@ -3,22 +3,22 @@ import {
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   TEMPORARY_REDIRECT_STATUS,
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/nextjs-cloudflare.ts
 import {
@@ -101,7 +101,7 @@ function createAppwardenMiddleware(configFn) {
         debugFn(
           `Applying CSP headers in ${config.contentSecurityPolicy.mode} mode`
         );
-        const { makeCSPHeader } = await import("../cloudflare-PE3JKP3X.js");
+        const { makeCSPHeader } = await import("../cloudflare-JVRRPVRP.js");
         const [headerName, headerValue] = makeCSPHeader(
           "",
           config.contentSecurityPolicy.directives,

package/cloudflare/react-router.js CHANGED Viewed

@@ -3,28 +3,28 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-ZQNXNGLV.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/react-router-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/cloudflare/tanstack-start.js CHANGED Viewed

@@ -3,28 +3,28 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-ZQNXNGLV.js";
+} from "../chunk-K7ZIT3FM.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
 import {
   checkLockStatus
-} from "../chunk-TASPCREA.js";
+} from "../chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "../chunk-HIGZSGKS.js";
+} from "../chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "../chunk-6O25N45F.js";
+} from "../chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   printMessage
-} from "../chunk-QGXPAVOA.js";
+} from "../chunk-QUVGY2YI.js";
 // src/adapters/tanstack-start-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";

package/{cloudflare-PE3JKP3X.js → cloudflare-JVRRPVRP.js} RENAMED Viewed

@@ -11,7 +11,7 @@ import {
   makeCSPHeader,
   store,
   syncEdgeValue
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 export {
   CSP_KEYWORDS,
   autoQuoteCSPDirectiveArray,

package/cloudflare.d.ts CHANGED Viewed

@@ -260,8 +260,10 @@ declare const UseAppwardenInputSchema: z.ZodObject<{
                 "require-trusted-types-for"?: string | boolean | string[] | undefined;
             };
         }>>>;
+        debug: z.ZodOptional<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodBoolean]>>, boolean, string | boolean | undefined>>;
     }, "strip", z.ZodTypeAny, {
         lockPageSlug: string;
+        debug?: boolean | undefined;
         contentSecurityPolicy?: {
             mode: "disabled" | "report-only" | "enforced";
             directives?: {
@@ -295,6 +297,7 @@ declare const UseAppwardenInputSchema: z.ZodObject<{
         } | undefined;
     }, {
         lockPageSlug: string;
+        debug?: string | boolean | undefined;
         contentSecurityPolicy?: {
             mode: "disabled" | "report-only" | "enforced";
             directives: string | {
@@ -335,6 +338,7 @@ declare const UseAppwardenInputSchema: z.ZodObject<{
     lockPageSlug?: string | undefined;
     multidomainConfig?: Record<string, {
         lockPageSlug: string;
+        debug?: boolean | undefined;
         contentSecurityPolicy?: {
             mode: "disabled" | "report-only" | "enforced";
             directives?: {
@@ -374,6 +378,7 @@ declare const UseAppwardenInputSchema: z.ZodObject<{
     lockPageSlug?: string | undefined;
     multidomainConfig?: Record<string, {
         lockPageSlug: string;
+        debug?: string | boolean | undefined;
         contentSecurityPolicy?: {
             mode: "disabled" | "report-only" | "enforced";
             directives: string | {

package/cloudflare.js CHANGED Viewed

@@ -1,25 +1,25 @@
 import {
   useContentSecurityPolicy
-} from "./chunk-ZQNXNGLV.js";
+} from "./chunk-K7ZIT3FM.js";
 import {
   checkLockStatus
-} from "./chunk-TASPCREA.js";
+} from "./chunk-ZOYE6D3A.js";
 import {
   buildLockPageUrl,
   createRedirect,
   debug,
   isOnLockPage
-} from "./chunk-HIGZSGKS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   UseCSPInputSchema,
   isHTMLRequest
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   AppwardenApiTokenSchema,
   BooleanSchema,
   insertErrorLogs,
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/runners/appwarden-on-cloudflare.ts
 import { ZodError } from "zod";
@@ -33,7 +33,8 @@ var AppwardenMultidomainConfigSchema = z.record(
   z.string(),
   z.object({
     lockPageSlug: z.string(),
-    contentSecurityPolicy: z.lazy(() => UseCSPInputSchema).optional()
+    contentSecurityPolicy: z.lazy(() => UseCSPInputSchema).optional(),
+    debug: BooleanSchema.optional()
   })
 );
 var UseAppwardenInputSchema = z.object({
@@ -81,6 +82,9 @@ var useAppwarden = (input) => async (context, next) => {
   let shouldCallNext = true;
   try {
     const requestUrl = new URL(request.url);
+    if (request.method.toUpperCase() === "OPTIONS") {
+      return;
+    }
     if (!isHTMLRequest(request)) {
       return;
     }
@@ -121,11 +125,7 @@ var useAppwarden = (input) => async (context, next) => {
 // src/middlewares/use-fetch-origin.ts
 var useFetchOrigin = () => async (context, next) => {
-  context.response = await fetch(
-    new Request(context.request, {
-      redirect: "manual"
-    })
-  );
+  context.response = await fetch(new Request(context.request));
   await next();
 };
@@ -147,16 +147,20 @@ var appwardenOnCloudflare = (inputFn) => async (request, env, ctx) => {
     return insertErrorLogs(tempContext, parsedInput.error);
   }
   const input = parsedInput.data({ env, ctx, cf: {} });
+  const domainDebug = input.multidomainConfig?.[requestUrl.hostname]?.debug ?? input.debug ?? false;
   const context = {
     request,
     hostname: requestUrl.hostname,
     response: new Response("Unhandled response"),
     // https://developers.cloudflare.com/workers/observability/errors/#illegal-invocation-errors
     waitUntil: (fn) => ctx.waitUntil(fn),
-    debug: debug(input.debug ?? false)
+    debug: debug(domainDebug)
   };
   try {
-    const pipeline = [useAppwarden(input), useFetchOrigin()];
+    const pipeline = [
+      useAppwarden({ ...input, debug: domainDebug }),
+      useFetchOrigin()
+    ];
     const cspConfig = input.multidomainConfig?.[requestUrl.hostname]?.contentSecurityPolicy;
     if (cspConfig) {
       pipeline.push(useContentSecurityPolicy(cspConfig));

package/index.js CHANGED Viewed

@@ -5,14 +5,14 @@ import {
 } from "./chunk-QEFORWCW.js";
 import {
   useContentSecurityPolicy
-} from "./chunk-ZQNXNGLV.js";
+} from "./chunk-K7ZIT3FM.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
   CSPModeSchema,
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-6O25N45F.js";
-import "./chunk-QGXPAVOA.js";
+} from "./chunk-2WPLLVUI.js";
+import "./chunk-QUVGY2YI.js";
 export {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@appwarden/middleware",
-  "version": "3.10.1",
+  "version": "3.11.0",
   "description": "Instantly disable all user interaction with your app deployed on Cloudflare or Vercel",
   "type": "module",
   "license": "MIT",

package/vercel.js CHANGED Viewed

@@ -8,7 +8,7 @@ import {
   buildLockPageUrl,
   debug,
   isOnLockPage
-} from "./chunk-HIGZSGKS.js";
+} from "./chunk-KE2UVIYR.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
@@ -16,13 +16,13 @@ import {
   errors,
   globalErrors,
   isHTMLRequest
-} from "./chunk-6O25N45F.js";
+} from "./chunk-2WPLLVUI.js";
 import {
   LockValue,
   getErrors,
   makeCSPHeader,
   printMessage
-} from "./chunk-QGXPAVOA.js";
+} from "./chunk-QUVGY2YI.js";
 // src/runners/appwarden-on-vercel.ts
 import { waitUntil } from "@vercel/functions";

package/chunk-ZQNXNGLV.js DELETED Viewed

@@ -1,50 +0,0 @@
-import {
-  UseCSPInputSchema,
-  isHTMLResponse
-} from "./chunk-6O25N45F.js";
-import {
-  makeCSPHeader
-} from "./chunk-QGXPAVOA.js";
-// src/middlewares/use-content-security-policy.ts
-var AppendAttribute = (attribute, nonce) => ({
-  element: function(element) {
-    element.setAttribute(attribute, nonce);
-  }
-});
-var useContentSecurityPolicy = (input) => {
-  const parsedInput = UseCSPInputSchema.safeParse(input);
-  if (!parsedInput.success) {
-    throw parsedInput.error;
-  }
-  const config = parsedInput.data;
-  return async (context, next) => {
-    await next();
-    const { response } = context;
-    if (
-      // if the csp is disabled
-      !["enforced", "report-only"].includes(config.mode)
-    ) {
-      context.debug("CSP is disabled");
-      return;
-    }
-    if (response.headers.has("Content-Type") && !isHTMLResponse(response)) {
-      return;
-    }
-    const cspNonce = crypto.randomUUID();
-    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
-      cspNonce,
-      config.directives,
-      config.mode
-    );
-    context.debug(`Applying CSP in ${config.mode} mode`);
-    const nextResponse = new Response(response.body, response);
-    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
-    nextResponse.headers.set("content-type", "text/html; charset=utf-8");
-    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
-  };
-};
-export {
-  useContentSecurityPolicy
-};