npm - @appwarden/middleware - Versions diffs - 3.7.0 → 3.9.0 - Mend

@appwarden/middleware 3.7.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +62 -61
package/{chunk-G5FWKV2Q.js → chunk-MYIKUPTR.js} +3 -3
package/{chunk-GK6JL5NZ.js → chunk-QGXPAVOA.js} +3 -5
package/{chunk-HCGLR3Z3.js → chunk-UIIYORBW.js} +3 -9
package/{chunk-52NBQDQT.js → chunk-VSCXTBP6.js} +2 -2
package/{chunk-EPJ4ZVO6.js → chunk-Z7FIMIZS.js} +2 -2
package/cloudflare/astro.d.ts +359 -16
package/cloudflare/astro.js +22 -16
package/cloudflare/nextjs.d.ts +419 -16
package/cloudflare/nextjs.js +19 -15
package/cloudflare/react-router.d.ts +355 -39
package/cloudflare/react-router.js +17 -39
package/cloudflare/tanstack-start.d.ts +45 -94
package/cloudflare/tanstack-start.js +37 -21
package/{cloudflare-K5EFFMNI.js → cloudflare-PE3JKP3X.js} +1 -1
package/cloudflare.d.ts +17 -77
package/cloudflare.js +6 -40
package/index.d.ts +1 -5
package/index.js +3 -3
package/package.json +7 -4
package/{use-content-security-policy-DUYpyUPy.d.ts → use-content-security-policy-jlU0Hjj8.d.ts} +24 -71
package/vercel.d.ts +26 -86
package/vercel.js +25 -15
package/chunk-MNGMTDH3.js +0 -25
package/use-content-security-policy-Dvc-oObb.d.ts +0 -17

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 [![GitHub](https://img.shields.io/badge/GitHub-appwarden%2Fmiddleware-181717?logo=github&logoColor=white)](https://github.com/appwarden/middleware)
 [![npm version](https://img.shields.io/npm/v/@appwarden/middleware.svg)](https://www.npmjs.com/package/@appwarden/middleware)
 [![npm provenance](https://img.shields.io/badge/npm-provenance-green)](https://docs.npmjs.com/generating-provenance-statements)
-![Test Coverage](https://img.shields.io/badge/coverage-91.5%25-brightgreen)
+![Test Coverage](https://img.shields.io/badge/coverage-92.72%25-brightgreen)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 ## Core Features
@@ -39,11 +39,13 @@ The path or route (for example, `/maintenance`) to redirect users to when the do
 This should be a working page on your site, such as a maintenance or status page, that
 explains why the website is temporarily unavailable.
-### `contentSecurityPolicy`
+### `contentSecurityPolicy` (optional)
-Controls the [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) headers that Appwarden adds.
+Controls the [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) headers that Appwarden adds. This configuration is optional—if not provided, no CSP header will be applied.
-- `mode` (optional) controls how the CSP is applied:
+When provided, both `mode` and `directives` are required:
+- `mode` controls how the CSP is applied:
   - `"disabled"` – no CSP header is sent.
   - `"report-only"` – sends the `Content-Security-Policy-Report-Only` header so violations are
     reported (for example in the browser console) but not blocked.
@@ -52,7 +54,7 @@ Controls the [Content Security Policy](https://developer.mozilla.org/en-US/docs/
   When developing or iterating on your CSP, we recommend starting with `"report-only"` so you can
   identify and fix violations before switching to `"enforced"`.
-- `directives` (optional) is an object whose keys are CSP directive names and whose values are
+- `directives` is an object whose keys are CSP directive names and whose values are
   arrays of allowed sources. For example:
   ```ts
@@ -60,6 +62,7 @@ Controls the [Content Security Policy](https://developer.mozilla.org/en-US/docs/
     mode: "enforced",
     directives: {
       "script-src": ["'self'", "{{nonce}}"],
+      "style-src": ["'self'", "{{nonce}}"],
     },
   }
   ```
@@ -108,7 +111,7 @@ The **Universal Middleware** (`@appwarden/middleware/cloudflare`) is the recomme
 import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare"
 const appwardenHandler = createAppwardenMiddleware((cloudflare) => ({
-  debug: cloudflare.env.DEBUG === "true",
+  debug: cloudflare.env.DEBUG,
   lockPageSlug: cloudflare.env.LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
   contentSecurityPolicy: {
@@ -142,12 +145,12 @@ import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare/astr
 const appwarden = createAppwardenMiddleware((cloudflare) => ({
   lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
-  debug: cloudflare.env.APPWARDEN_DEBUG === "true",
+  debug: cloudflare.env.DEBUG,
   contentSecurityPolicy: {
-    mode: "enforced",
+    // See Configuration > contentSecurityPolicy section for details
+    mode: "report-only",
     directives: {
-      "script-src": ["'self'", "{{nonce}}"],
-      "style-src": ["'self'", "{{nonce}}"],
+      "default-src": ["'self'"],
     },
   },
 }))
@@ -159,57 +162,59 @@ See the [Astro + Cloudflare guide](https://appwarden.io/docs/guides/astro-cloudf
 ##### React Router on Cloudflare
+- Set `future.v8_middleware: true` in your `react-router.config.ts` file
 ```ts
 // app/root.tsx
+import { env } from "cloudflare:workers"
 import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare/react-router"
-import type { CloudflareContext } from "@appwarden/middleware/cloudflare/react-router"
-export const unstable_middleware = [
-  createAppwardenMiddleware((cloudflare: CloudflareContext) => ({
-    lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
-    appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
-    debug: cloudflare.env.APPWARDEN_DEBUG === "true",
+export const middleware = [
+  createAppwardenMiddleware(() => ({
+    lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
+    appwardenApiToken: env.APPWARDEN_API_TOKEN,
+    // "debug" can be a string or boolean; the schema will normalize it
+    debug: env.DEBUG,
+    // "directives" can be a JSON string or an object; the schema will parse it
     contentSecurityPolicy: {
-      mode: "enforced",
+      // See Configuration > contentSecurityPolicy section for details
+      mode: "report-only",
       directives: {
-        "script-src": ["'self'", "{{nonce}}"],
-        "style-src": ["'self'", "{{nonce}}"],
+        "default-src": ["'self'"],
       },
     },
   })),
 ]
 ```
-See the [React Router + Cloudflare guide](https://appwarden.io/docs/guides/react-router-cloudflare) for full usage and context setup.
+See the [React Router + Cloudflare guide](https://appwarden.io/docs/guides/react-router-cloudflare) for more details.
 ##### TanStack Start on Cloudflare
 ```ts
 // start.ts
 import { createMiddleware } from "@tanstack/start"
-import { env, waitUntil } from "cloudflare:workers"
+import { env } from "cloudflare:workers"
 import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare/tanstack-start"
-const appwardenMiddleware = createAppwardenMiddleware(({ env }) => ({
-  lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
-  appwardenApiToken: env.APPWARDEN_API_TOKEN,
-  debug: env.APPWARDEN_DEBUG, // Accepts string or boolean
-  contentSecurityPolicy: {
-    mode: "enforced",
-    directives: {
-      "script-src": ["'self'", "{{nonce}}"],
-      "style-src": ["'self'", "{{nonce}}"],
+const appwardenMiddleware = createMiddleware().server(
+  createAppwardenMiddleware(() => ({
+    lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
+    appwardenApiToken: env.APPWARDEN_API_TOKEN,
+    debug: env.DEBUG, // Accepts string or boolean
+    contentSecurityPolicy: {
+      // See Configuration > contentSecurityPolicy section for details
+      mode: "report-only",
+      directives: {
+        "default-src": ["'self'"],
+      },
     },
-  },
-}))
+  })),
+)
-export default createMiddleware().server(async ({ next, request }) => {
-  return await appwardenMiddleware({
-    request,
-    next,
-    context: { env, waitUntil },
-  })
-})
+export const startInstance = createStart(() => ({
+  requestMiddleware: [appwardenMiddleware],
+}))
 ```
 See the [TanStack Start + Cloudflare guide](https://appwarden.io/docs/guides/tanstack-start-cloudflare) for more details.
@@ -227,13 +232,13 @@ export const config = {
 export default createAppwardenMiddleware((cloudflare) => ({
   lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
   appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
-  debug: cloudflare.env.APPWARDEN_DEBUG === "true",
+  debug: cloudflare.env.DEBUG,
   // Headers-only CSP (no HTML rewriting, no nonce support; do not use `{{nonce}}` here)
   contentSecurityPolicy: {
-    mode: "report-only",
+    // See Configuration > contentSecurityPolicy section for details
+    mode: "enforced",
     directives: {
-      "script-src": ["'self'"],
-      "style-src": ["'self'", "'unsafe-inline'"],
+      "default-src": ["'self'"],
     },
   },
 }))
@@ -248,25 +253,22 @@ To use Appwarden as Vercel Edge Middleware, use the `@appwarden/middleware/verce
 ```ts
 // middleware.ts (Next.js app on Vercel)
 import { createAppwardenMiddleware } from "@appwarden/middleware/vercel"
-import type { VercelMiddlewareFunction } from "@appwarden/middleware/vercel"
-const appwardenMiddleware: VercelMiddlewareFunction = createAppwardenMiddleware(
-  {
-    // Edge Config or Upstash KV URL
-    cacheUrl: process.env.APPWARDEN_CACHE_URL!,
-    // Required when using Vercel Edge Config
-    vercelApiToken: process.env.APPWARDEN_VERCEL_API_TOKEN!,
-    appwardenApiToken: process.env.APPWARDEN_API_TOKEN!,
-    lockPageSlug: "/maintenance",
-    contentSecurityPolicy: {
-      mode: "report-only",
-      directives: {
-        "script-src": ["'self'"],
-        "style-src": ["'self'", "'unsafe-inline'"],
-      },
+const appwardenMiddleware = createAppwardenMiddleware({
+  // Edge Config or Upstash KV URL
+  cacheUrl: process.env.APPWARDEN_CACHE_URL!,
+  // Required when using Vercel Edge Config
+  vercelApiToken: process.env.APPWARDEN_VERCEL_API_TOKEN!,
+  appwardenApiToken: process.env.APPWARDEN_API_TOKEN!,
+  lockPageSlug: "/maintenance",
+  contentSecurityPolicy: {
+    // See Configuration > contentSecurityPolicy section for details
+    mode: "report-only",
+    directives: {
+      "default-src": ["'self'"],
     },
   },
-)
+})
 export default appwardenMiddleware
 ```
@@ -295,7 +297,6 @@ Contributions are welcome! Please feel free to submit a Pull Request.
      - `fix: resolve issue with X`
      - `docs: update README`
      - `chore: update dependencies`
-     - `refactor: improve code structure`
      - `test: add tests for feature X`
 4. Push to the branch (`git push origin feature/amazing-feature`)
 5. Open a Pull Request

package/{chunk-G5FWKV2Q.js → chunk-MYIKUPTR.js} RENAMED Viewed

@@ -1,17 +1,17 @@
 import {
   MemoryCache,
   debug
-} from "./chunk-EPJ4ZVO6.js";
+} from "./chunk-Z7FIMIZS.js";
 import {
   APPWARDEN_CACHE_KEY,
   APPWARDEN_TEST_ROUTE
-} from "./chunk-HCGLR3Z3.js";
+} from "./chunk-UIIYORBW.js";
 import {
   deleteEdgeValue,
   getLockValue,
   store,
   syncEdgeValue
-} from "./chunk-GK6JL5NZ.js";
+} from "./chunk-QGXPAVOA.js";
 // src/core/check-lock-status.ts
 var createContext = async (config) => {

package/{chunk-GK6JL5NZ.js → chunk-QGXPAVOA.js} RENAMED Viewed

@@ -116,8 +116,7 @@ var AppwardenApiTokenSchema = z.string().refine((val) => !!val, { message: "appw
 var LockValue = z.object({
   isLocked: z.number(),
   isLockedTest: z.number(),
-  lastCheck: z.number(),
-  code: z.string()
+  lastCheck: z.number()
 });
 // src/utils/errors.ts
@@ -160,8 +159,7 @@ var getLockValue = async (context) => {
     let cacheResponse, lockValue = {
       isLocked: 0,
       isLockedTest: 0,
-      lastCheck: Date.now(),
-      code: ""
+      lastCheck: Date.now()
     };
     switch (context.provider) {
       case "cloudflare-cache": {
@@ -259,7 +257,7 @@ var syncEdgeValue = async (context) => {
   const apiHostname = context.appwardenApiHostname ?? DEFAULT_API_HOSTNAME;
   context.debug(`GET ${apiHostname}`);
   try {
-    const response = await fetch(new URL("/v1/status/check", apiHostname), {
+    const response = await fetch(new URL("/v1/appwarden/status", apiHostname), {
       method: "POST",
       headers: { "content-type": "application/json" },
       body: JSON.stringify({

package/{chunk-HCGLR3Z3.js → chunk-UIIYORBW.js} RENAMED Viewed

@@ -57,10 +57,10 @@ var CSPModeSchema = z2.union([
   z2.literal("disabled"),
   z2.literal("report-only"),
   z2.literal("enforced")
-]).optional().default("disabled");
+]);
 var UseCSPInputSchema = z2.object({
   mode: CSPModeSchema,
-  directives: CSPDirectivesSchema.optional().refine(
+  directives: CSPDirectivesSchema.refine(
     (val) => {
       try {
         if (typeof val === "string") {
@@ -75,13 +75,7 @@ var UseCSPInputSchema = z2.object({
   ).transform(
     (val) => typeof val === "string" ? JSON.parse(val) : val
   )
-}).refine(
-  (values) => (
-    // validate that directives are provided when the mode is "report-only" or "enforced"
-    ["report-only", "enforced"].includes(values.mode) ? !!values.directives : true
-  ),
-  { path: ["directives"], message: "DirectivesRequired" /* DirectivesRequired */ }
-);
+});
 export {
   LOCKDOWN_TEST_EXPIRY_MS,

package/{chunk-52NBQDQT.js → chunk-VSCXTBP6.js} RENAMED Viewed

@@ -1,10 +1,10 @@
 import {
   UseCSPInputSchema,
   isHTMLResponse
-} from "./chunk-HCGLR3Z3.js";
+} from "./chunk-UIIYORBW.js";
 import {
   makeCSPHeader
-} from "./chunk-GK6JL5NZ.js";
+} from "./chunk-QGXPAVOA.js";
 // src/middlewares/use-content-security-policy.ts
 var AppendAttribute = (attribute, nonce) => ({

package/{chunk-EPJ4ZVO6.js → chunk-Z7FIMIZS.js} RENAMED Viewed

@@ -1,9 +1,9 @@
 import {
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-HCGLR3Z3.js";
+} from "./chunk-UIIYORBW.js";
 import {
   printMessage
-} from "./chunk-GK6JL5NZ.js";
+} from "./chunk-QGXPAVOA.js";
 // src/utils/build-lock-page-url.ts
 function normalizeLockPageSlug(lockPageSlug) {