@azteam/express 1.2.188 → 1.2.189
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/Server.js +32 -17
package/package.json
CHANGED
package/src/Server.js
CHANGED
|
@@ -10,7 +10,7 @@ import morgan from 'morgan';
|
|
|
10
10
|
import cors from 'cors';
|
|
11
11
|
import _ from 'lodash';
|
|
12
12
|
import 'express-async-errors';
|
|
13
|
-
import {errorCatch, ErrorException, NOT_FOUND, UNKNOWN
|
|
13
|
+
import {CORS, errorCatch, ErrorException, NOT_FOUND, UNKNOWN} from '@azteam/error';
|
|
14
14
|
|
|
15
15
|
const RES_TYPE = {
|
|
16
16
|
ARRAY: 'ARRAY',
|
|
@@ -19,26 +19,32 @@ const RES_TYPE = {
|
|
|
19
19
|
};
|
|
20
20
|
|
|
21
21
|
function omitItem(item, guard, allows) {
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
let guardFields = guard;
|
|
23
|
+
let itemFields = item;
|
|
24
|
+
|
|
25
|
+
if (_.isArray(guardFields)) {
|
|
26
|
+
guardFields = _.difference(guardFields, allows);
|
|
24
27
|
}
|
|
25
28
|
|
|
26
|
-
if (
|
|
27
|
-
|
|
29
|
+
if (itemFields.toJSON) {
|
|
30
|
+
itemFields = item.toJSON();
|
|
28
31
|
}
|
|
29
|
-
if (_.isObject(
|
|
30
|
-
if (
|
|
31
|
-
return _.pick(
|
|
32
|
+
if (_.isObject(itemFields)) {
|
|
33
|
+
if (guardFields === '*') {
|
|
34
|
+
return _.pick(itemFields, allows);
|
|
32
35
|
}
|
|
33
|
-
return _.omit(
|
|
36
|
+
return _.omit(itemFields, guardFields);
|
|
34
37
|
}
|
|
35
|
-
return
|
|
38
|
+
return itemFields;
|
|
36
39
|
}
|
|
37
40
|
|
|
38
41
|
class Server {
|
|
39
42
|
constructor(currentDir = '', options = {}) {
|
|
40
43
|
this.redis = null;
|
|
41
|
-
this.options =
|
|
44
|
+
this.options = {
|
|
45
|
+
isAllowEmptyOrigin: true,
|
|
46
|
+
...options,
|
|
47
|
+
};
|
|
42
48
|
|
|
43
49
|
this.cookieOptions = {
|
|
44
50
|
domain: null,
|
|
@@ -121,6 +127,7 @@ class Server {
|
|
|
121
127
|
if (!_.isEmpty(this.controllers)) {
|
|
122
128
|
const WHITE_LIST = this.whiteList;
|
|
123
129
|
const COOKIE_OPTIONS = this.cookieOptions;
|
|
130
|
+
const {isAllowEmptyOrigin} = this.options;
|
|
124
131
|
|
|
125
132
|
const app = express();
|
|
126
133
|
app.use(
|
|
@@ -141,7 +148,13 @@ class Server {
|
|
|
141
148
|
cors({
|
|
142
149
|
credentials: true,
|
|
143
150
|
origin(origin, callback) {
|
|
144
|
-
if (!origin
|
|
151
|
+
if (!origin) {
|
|
152
|
+
if (isAllowEmptyOrigin) {
|
|
153
|
+
callback(null, true);
|
|
154
|
+
} else {
|
|
155
|
+
callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
|
|
156
|
+
}
|
|
157
|
+
} else if (!WHITE_LIST.length || WHITE_LIST.some((re) => origin.endsWith(re))) {
|
|
145
158
|
callback(null, true);
|
|
146
159
|
} else {
|
|
147
160
|
callback(new ErrorException(CORS, `${origin} Not allowed by CORS`));
|
|
@@ -184,22 +197,24 @@ class Server {
|
|
|
184
197
|
}
|
|
185
198
|
}
|
|
186
199
|
|
|
200
|
+
let responseGuard = guard;
|
|
201
|
+
const responseAllows = allows;
|
|
187
202
|
if (_.isArray(guard)) {
|
|
188
|
-
|
|
203
|
+
responseGuard = [...guard, '__v', '_id', 'deleted_at', 'updated_at', 'created_id', 'modified_id'];
|
|
189
204
|
if (resType === RES_TYPE.ARRAY || resType === RES_TYPE.DOCS) {
|
|
190
|
-
|
|
205
|
+
responseGuard = [...guard, 'metadata_disable', 'metadata_keywords', 'metadata_description', 'metadata_image_url'];
|
|
191
206
|
}
|
|
192
207
|
}
|
|
193
208
|
if (resType === RES_TYPE.DOCS) {
|
|
194
209
|
guardData.docs = _.map(data.docs, (item) => {
|
|
195
|
-
return omitItem(item,
|
|
210
|
+
return omitItem(item, responseGuard, responseAllows);
|
|
196
211
|
});
|
|
197
212
|
} else if (resType === RES_TYPE.ARRAY) {
|
|
198
213
|
guardData = _.map(data, (item) => {
|
|
199
|
-
return omitItem(item,
|
|
214
|
+
return omitItem(item, responseGuard, responseAllows);
|
|
200
215
|
});
|
|
201
216
|
} else if (resType === RES_TYPE.OBJECT) {
|
|
202
|
-
guardData = omitItem(data,
|
|
217
|
+
guardData = omitItem(data, responseGuard, responseAllows);
|
|
203
218
|
}
|
|
204
219
|
}
|
|
205
220
|
|