npm - @backstage/plugin-search-backend - Versions diffs - 2.1.1 → 2.1.2-next.1 - Mend

@backstage/plugin-search-backend 2.1.1 → 2.1.2-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CHANGELOG.md +22 -0
package/dist/actions/createQueryAction.cjs.js +92 -0
package/dist/actions/createQueryAction.cjs.js.map +1 -0
package/dist/actions/index.cjs.js +13 -0
package/dist/actions/index.cjs.js.map +1 -0
package/dist/plugin.cjs.js +22 -4
package/dist/plugin.cjs.js.map +1 -1
package/dist/service/router.cjs.js +3 -52
package/dist/service/router.cjs.js.map +1 -1
package/dist/utils/search_result_utils.cjs.js +30 -0
package/dist/utils/search_result_utils.cjs.js.map +1 -0
package/package.json +14 -15

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,27 @@
 # @backstage/plugin-search-backend
+## 2.1.2-next.1
+### Patch Changes
+- 303954b: Added action for search backend to query search engine using the actions registry
+## 2.1.2-next.0
+### Patch Changes
+- 0c5e41f: Removed unused dependencies that had no imports in source code.
+- Updated dependencies
+  - @backstage/errors@1.3.1-next.0
+  - @backstage/backend-openapi-utils@0.6.9-next.0
+  - @backstage/backend-plugin-api@1.9.1-next.0
+  - @backstage/config@1.3.8-next.0
+  - @backstage/plugin-permission-common@0.9.9-next.0
+  - @backstage/plugin-permission-node@0.10.13-next.0
+  - @backstage/plugin-search-backend-node@1.4.4-next.0
+  - @backstage/types@1.2.2
+  - @backstage/plugin-search-common@1.2.24-next.0
 ## 2.1.1
 ### Patch Changes

package/dist/actions/createQueryAction.cjs.js ADDED Viewed

@@ -0,0 +1,92 @@
+'use strict';
+var v3 = require('zod/v3');
+var search_result_utils = require('../utils/search_result_utils.cjs.js');
+const jsonObjectSchema = v3.z.lazy(() => {
+  const jsonValueSchema = v3.z.lazy(
+    () => v3.z.union([
+      v3.z.string(),
+      v3.z.number(),
+      v3.z.boolean(),
+      v3.z.null(),
+      v3.z.array(jsonValueSchema),
+      jsonObjectSchema
+    ])
+  );
+  return v3.z.record(jsonValueSchema);
+});
+const createQueryAction = ({
+  engine,
+  searchIndexService,
+  actionsRegistry,
+  logger
+}) => {
+  const allTypes = Object.keys(searchIndexService.getDocumentTypes());
+  const quotedTypes = allTypes.map((t) => JSON.stringify(t)).join(", ");
+  const typesDescription = allTypes.length > 0 ? `The supported document types are: ${quotedTypes}.` : "";
+  actionsRegistry.register({
+    name: "query",
+    title: "Query Search Engine",
+    description: `
+This allows you to query the search engine for documents.
+You can search across all document types, or restrict the query to specific types.
+${typesDescription}
+Pagination is supported via the \`pageLimit\` and \`pageCursor\` parameters and is enabled by default with limit of 10.
+Results are returned in a paginated format, along with \`pageCursor\` for navigating to the next page of results.
+    `,
+    attributes: {
+      readOnly: true
+    },
+    schema: {
+      input: (z) => z.object({
+        term: z.string().describe("The search term to query for"),
+        types: (allTypes.length > 0 ? z.array(z.enum(allTypes)) : z.array(z.string())).optional().describe("The types of documents to query for"),
+        filters: jsonObjectSchema.optional().describe("The filters to apply to the query"),
+        pageLimit: z.number().optional().describe(
+          "The number of results to return per page. Defaults to 10."
+        ).default(10),
+        pageCursor: z.string().optional().describe("The cursor for the next page of results")
+      }),
+      output: (z) => z.object({
+        results: z.array(
+          z.object({
+            type: z.string().describe("Document type"),
+            document: z.object({
+              title: z.string().describe("Document title"),
+              text: z.string().describe("Document text content"),
+              location: z.string().describe("Document location, e.g. URL")
+            }).passthrough(),
+            highlight: z.object({
+              preTag: z.string(),
+              postTag: z.string(),
+              fields: z.record(z.string(), z.string())
+            }).optional().describe("Optional result highlight that matches the query"),
+            rank: z.number().optional().describe("The rank of the result")
+          })
+        ).describe("The search results"),
+        nextPageCursor: z.string().optional().describe("The cursor for the next page of results, if any"),
+        totalItems: z.number().optional().describe("The total number of results found"),
+        hasMoreResults: z.boolean().describe("Whether there are more results")
+      })
+    },
+    action: async ({ input, credentials }) => {
+      const resp = await engine.query(input, { credentials });
+      const { results, nextPageCursor, numberOfResults } = search_result_utils.filterResultSet(
+        search_result_utils.toSearchResults(resp),
+        logger
+      );
+      return {
+        output: {
+          results,
+          nextPageCursor,
+          totalItems: numberOfResults,
+          hasMoreResults: nextPageCursor !== void 0
+        }
+      };
+    }
+  });
+};
+exports.createQueryAction = createQueryAction;
+//# sourceMappingURL=createQueryAction.cjs.js.map

package/dist/actions/createQueryAction.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"createQueryAction.cjs.js","sources":["../../src/actions/createQueryAction.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { z as zv3 } from 'zod/v3';\nimport { JsonObject, JsonValue } from '@backstage/types';\nimport { ActionsRegistryService } from '@backstage/backend-plugin-api/alpha';\nimport { LoggerService } from '@backstage/backend-plugin-api';\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { SearchIndexService } from '@backstage/plugin-search-backend-node/alpha';\nimport { filterResultSet, toSearchResults } from '../utils/search_result_utils';\n\nconst jsonObjectSchema: zv3.ZodSchema<JsonObject> = zv3.lazy(() => {\n const jsonValueSchema: zv3.ZodSchema<JsonValue> = zv3.lazy(() =>\n zv3.union([\n zv3.string(),\n zv3.number(),\n zv3.boolean(),\n zv3.null(),\n zv3.array(jsonValueSchema),\n jsonObjectSchema,\n ]),\n );\n return zv3.record(jsonValueSchema);\n});\n\nexport const createQueryAction = ({\n engine,\n searchIndexService,\n actionsRegistry,\n logger,\n}: {\n engine: SearchEngine;\n searchIndexService: SearchIndexService;\n actionsRegistry: ActionsRegistryService;\n logger: LoggerService;\n}) => {\n const allTypes = Object.keys(searchIndexService.getDocumentTypes());\n const quotedTypes = allTypes.map(t => JSON.stringify(t)).join(', ');\n const typesDescription =\n allTypes.length > 0\n ? `The supported document types are: ${quotedTypes}.`\n : '';\n actionsRegistry.register({\n name: 'query',\n title: 'Query Search Engine',\n description: `\nThis allows you to query the search engine for documents.\nYou can search across all document types, or restrict the query to specific types.\n${typesDescription}\nPagination is supported via the \\`pageLimit\\` and \\`pageCursor\\` parameters and is enabled by default with limit of 10.\nResults are returned in a paginated format, along with \\`pageCursor\\` for navigating to the next page of results.\n `,\n attributes: {\n readOnly: true,\n },\n schema: {\n input: z =>\n z.object({\n term: z.string().describe('The search term to query for'),\n types: (allTypes.length > 0\n ? z.array(z.enum(allTypes as [string, ...string[]]))\n : z.array(z.string())\n )\n .optional()\n .describe('The types of documents to query for'),\n filters: jsonObjectSchema\n .optional()\n .describe('The filters to apply to the query'),\n pageLimit: z\n .number()\n .optional()\n .describe(\n 'The number of results to return per page. Defaults to 10.',\n )\n .default(10),\n pageCursor: z\n .string()\n .optional()\n .describe('The cursor for the next page of results'),\n }),\n output: z =>\n z.object({\n results: z\n .array(\n z.object({\n type: z.string().describe('Document type'),\n document: z\n .object({\n title: z.string().describe('Document title'),\n text: z.string().describe('Document text content'),\n location: z\n .string()\n .describe('Document location, e.g. URL'),\n })\n .passthrough(),\n highlight: z\n .object({\n preTag: z.string(),\n postTag: z.string(),\n fields: z.record(z.string(), z.string()),\n })\n .optional()\n .describe('Optional result highlight that matches the query'),\n rank: z.number().optional().describe('The rank of the result'),\n }),\n )\n .describe('The search results'),\n nextPageCursor: z\n .string()\n .optional()\n .describe('The cursor for the next page of results, if any'),\n totalItems: z\n .number()\n .optional()\n .describe('The total number of results found'),\n hasMoreResults: z\n .boolean()\n .describe('Whether there are more results'),\n }),\n },\n action: async ({ input, credentials }) => {\n const resp = await engine.query(input, { credentials });\n const { results, nextPageCursor, numberOfResults } = filterResultSet(\n toSearchResults(resp),\n logger,\n );\n return {\n output: {\n results,\n nextPageCursor,\n totalItems: numberOfResults,\n hasMoreResults: nextPageCursor !== undefined,\n },\n };\n },\n });\n};\n"],"names":["zv3","filterResultSet","toSearchResults"],"mappings":";;;;;AAuBA,MAAM,gBAAA,GAA8CA,IAAA,CAAI,IAAA,CAAK,MAAM;AACjE,EAAA,MAAM,kBAA4CA,IAAA,CAAI,IAAA;AAAA,IAAK,MACzDA,KAAI,KAAA,CAAM;AAAA,MACRA,KAAI,MAAA,EAAO;AAAA,MACXA,KAAI,MAAA,EAAO;AAAA,MACXA,KAAI,OAAA,EAAQ;AAAA,MACZA,KAAI,IAAA,EAAK;AAAA,MACTA,IAAA,CAAI,MAAM,eAAe,CAAA;AAAA,MACzB;AAAA,KACD;AAAA,GACH;AACA,EAAA,OAAOA,IAAA,CAAI,OAAO,eAAe,CAAA;AACnC,CAAC,CAAA;AAEM,MAAM,oBAAoB,CAAC;AAAA,EAChC,MAAA;AAAA,EACA,kBAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF,CAAA,KAKM;AACJ,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,IAAA,CAAK,kBAAA,CAAmB,kBAAkB,CAAA;AAClE,EAAA,MAAM,WAAA,GAAc,QAAA,CAAS,GAAA,CAAI,CAAA,CAAA,KAAK,IAAA,CAAK,UAAU,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAClE,EAAA,MAAM,mBACJ,QAAA,CAAS,MAAA,GAAS,CAAA,GACd,CAAA,kCAAA,EAAqC,WAAW,CAAA,CAAA,CAAA,GAChD,EAAA;AACN,EAAA,eAAA,CAAgB,QAAA,CAAS;AAAA,IACvB,IAAA,EAAM,OAAA;AAAA,IACN,KAAA,EAAO,qBAAA;AAAA,IACP,WAAA,EAAa;AAAA;AAAA;AAAA,EAGf,gBAAgB;AAAA;AAAA;AAAA,IAAA,CAAA;AAAA,IAId,UAAA,EAAY;AAAA,MACV,QAAA,EAAU;AAAA,KACZ;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,KAAA,EAAO,CAAA,CAAA,KACL,CAAA,CAAE,MAAA,CAAO;AAAA,QACP,IAAA,EAAM,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B,CAAA;AAAA,QACxD,KAAA,EAAA,CAAQ,SAAS,MAAA,GAAS,CAAA,GACtB,EAAE,KAAA,CAAM,CAAA,CAAE,KAAK,QAAiC,CAAC,IACjD,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,GAEnB,QAAA,EAAS,CACT,SAAS,qCAAqC,CAAA;AAAA,QACjD,OAAA,EAAS,gBAAA,CACN,QAAA,EAAS,CACT,SAAS,mCAAmC,CAAA;AAAA,QAC/C,SAAA,EAAW,CAAA,CACR,MAAA,EAAO,CACP,UAAS,CACT,QAAA;AAAA,UACC;AAAA,SACF,CACC,QAAQ,EAAE,CAAA;AAAA,QACb,YAAY,CAAA,CACT,MAAA,GACA,QAAA,EAAS,CACT,SAAS,yCAAyC;AAAA,OACtD,CAAA;AAAA,MACH,MAAA,EAAQ,CAAA,CAAA,KACN,CAAA,CAAE,MAAA,CAAO;AAAA,QACP,SAAS,CAAA,CACN,KAAA;AAAA,UACC,EAAE,MAAA,CAAO;AAAA,YACP,IAAA,EAAM,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,eAAe,CAAA;AAAA,YACzC,QAAA,EAAU,EACP,MAAA,CAAO;AAAA,cACN,KAAA,EAAO,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,gBAAgB,CAAA;AAAA,cAC3C,IAAA,EAAM,CAAA,CAAE,MAAA,EAAO,CAAE,SAAS,uBAAuB,CAAA;AAAA,cACjD,QAAA,EAAU,CAAA,CACP,MAAA,EAAO,CACP,SAAS,6BAA6B;AAAA,aAC1C,EACA,WAAA,EAAY;AAAA,YACf,SAAA,EAAW,EACR,MAAA,CAAO;AAAA,cACN,MAAA,EAAQ,EAAE,MAAA,EAAO;AAAA,cACjB,OAAA,EAAS,EAAE,MAAA,EAAO;AAAA,cAClB,MAAA,EAAQ,EAAE,MAAA,CAAO,CAAA,CAAE,QAAO,EAAG,CAAA,CAAE,QAAQ;AAAA,aACxC,CAAA,CACA,QAAA,EAAS,CACT,SAAS,kDAAkD,CAAA;AAAA,YAC9D,MAAM,CAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,wBAAwB;AAAA,WAC9D;AAAA,SACH,CACC,SAAS,oBAAoB,CAAA;AAAA,QAChC,gBAAgB,CAAA,CACb,MAAA,GACA,QAAA,EAAS,CACT,SAAS,iDAAiD,CAAA;AAAA,QAC7D,YAAY,CAAA,CACT,MAAA,GACA,QAAA,EAAS,CACT,SAAS,mCAAmC,CAAA;AAAA,QAC/C,cAAA,EAAgB,CAAA,CACb,OAAA,EAAQ,CACR,SAAS,gCAAgC;AAAA,OAC7C;AAAA,KACL;AAAA,IACA,MAAA,EAAQ,OAAO,EAAE,KAAA,EAAO,aAAY,KAAM;AACxC,MAAA,MAAM,OAAO,MAAM,MAAA,CAAO,MAAM,KAAA,EAAO,EAAE,aAAa,CAAA;AACtD,MAAA,MAAM,EAAE,OAAA,EAAS,cAAA,EAAgB,eAAA,EAAgB,GAAIC,mCAAA;AAAA,QACnDC,oCAAgB,IAAI,CAAA;AAAA,QACpB;AAAA,OACF;AACA,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ;AAAA,UACN,OAAA;AAAA,UACA,cAAA;AAAA,UACA,UAAA,EAAY,eAAA;AAAA,UACZ,gBAAgB,cAAA,KAAmB;AAAA;AACrC,OACF;AAAA,IACF;AAAA,GACD,CAAA;AACH;;;;"}

package/dist/actions/index.cjs.js ADDED Viewed

@@ -0,0 +1,13 @@
+'use strict';
+var createQueryAction = require('./createQueryAction.cjs.js');
+const registerActions = (options) => {
+  const { lifecycle } = options;
+  lifecycle.addStartupHook(() => {
+    createQueryAction.createQueryAction(options);
+  });
+};
+exports.registerActions = registerActions;
+//# sourceMappingURL=index.cjs.js.map

package/dist/actions/index.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.cjs.js","sources":["../../src/actions/index.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { ActionsRegistryService } from '@backstage/backend-plugin-api/alpha';\nimport { createQueryAction } from './createQueryAction.ts';\nimport { SearchIndexService } from '@backstage/plugin-search-backend-node/alpha';\nimport { LifecycleService, LoggerService } from '@backstage/backend-plugin-api';\n\nexport const registerActions = (options: {\n engine: SearchEngine;\n actionsRegistry: ActionsRegistryService;\n lifecycle: LifecycleService;\n searchIndexService: SearchIndexService;\n logger: LoggerService;\n}) => {\n const { lifecycle } = options;\n // Register after startup to ensure all document types are registered\n lifecycle.addStartupHook(() => {\n createQueryAction(options);\n });\n};\n"],"names":["createQueryAction"],"mappings":";;;;AAqBO,MAAM,eAAA,GAAkB,CAAC,OAAA,KAM1B;AACJ,EAAA,MAAM,EAAE,WAAU,GAAI,OAAA;AAEtB,EAAA,SAAA,CAAU,eAAe,MAAM;AAC7B,IAAAA,mCAAA,CAAkB,OAAO,CAAA;AAAA,EAC3B,CAAC,CAAA;AACH;;;;"}

package/dist/plugin.cjs.js CHANGED Viewed

@@ -6,6 +6,9 @@ var backendPluginApi = require('@backstage/backend-plugin-api');
 var pluginSearchBackendNode = require('@backstage/plugin-search-backend-node');
 var alpha = require('@backstage/plugin-search-backend-node/alpha');
 var router = require('./service/router.cjs.js');
+var AuthorizedSearchEngine = require('./service/AuthorizedSearchEngine.cjs.js');
+var index = require('./actions/index.cjs.js');
+var alpha$1 = require('@backstage/backend-plugin-api/alpha');
 class SearchIndexRegistry {
   collators = [];
@@ -58,7 +61,8 @@ var feature = backendPluginApi.createBackendPlugin({
         http: backendPluginApi.coreServices.httpRouter,
         httpAuth: backendPluginApi.coreServices.httpAuth,
         lifecycle: backendPluginApi.coreServices.rootLifecycle,
-        searchIndexService: alpha.searchIndexServiceRef
+        searchIndexService: alpha.searchIndexServiceRef,
+        actionsRegistry: alpha$1.actionsRegistryServiceRef
       },
       async init({
         config,
@@ -69,7 +73,8 @@ var feature = backendPluginApi.createBackendPlugin({
         http,
         httpAuth,
         lifecycle,
-        searchIndexService
+        searchIndexService,
+        actionsRegistry
       }) {
         let searchEngine = searchEngineRegistry.getSearchEngine();
         if (!searchEngine) {
@@ -90,16 +95,29 @@ var feature = backendPluginApi.createBackendPlugin({
         lifecycle.addShutdownHook(async () => {
           await searchIndexService.stop();
         });
+        const engine = config.getOptionalBoolean("permission.enabled") ? new AuthorizedSearchEngine.AuthorizedSearchEngine(
+          searchEngine,
+          searchIndexService.getDocumentTypes(),
+          permissions,
+          auth,
+          config
+        ) : searchEngine;
         const router$1 = await router.createRouter({
           config,
-          permissions,
           auth,
           httpAuth,
           logger,
-          engine: searchEngine,
+          engine,
           types: searchIndexService.getDocumentTypes()
         });
         http.use(router$1);
+        index.registerActions({
+          engine,
+          actionsRegistry,
+          lifecycle,
+          searchIndexService,
+          logger
+        });
       }
     });
   }

package/dist/plugin.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n coreServices,\n createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport {\n LunrSearchEngine,\n RegisterCollatorParameters,\n RegisterDecoratorParameters,\n SearchEngine,\n} from '@backstage/plugin-search-backend-node';\nimport {\n SearchEngineRegistryExtensionPoint,\n searchEngineRegistryExtensionPoint,\n searchIndexRegistryExtensionPoint,\n SearchIndexRegistryExtensionPoint,\n searchIndexServiceRef,\n} from '@backstage/plugin-search-backend-node/alpha';\n\nimport { createRouter } from './service/router';\n\nclass SearchIndexRegistry implements SearchIndexRegistryExtensionPoint {\n private collators: RegisterCollatorParameters[] = [];\n private decorators: RegisterDecoratorParameters[] = [];\n\n public addCollator(options: RegisterCollatorParameters): void {\n this.collators.push(options);\n }\n\n public addDecorator(options: RegisterDecoratorParameters): void {\n this.decorators.push(options);\n }\n\n public getCollators(): RegisterCollatorParameters[] {\n return this.collators;\n }\n\n public getDecorators(): RegisterDecoratorParameters[] {\n return this.decorators;\n }\n}\n\nclass SearchEngineRegistry implements SearchEngineRegistryExtensionPoint {\n private searchEngine: SearchEngine \| null = null;\n\n public setSearchEngine(searchEngine: SearchEngine): void {\n if (this.searchEngine) {\n throw new Error('Multiple Search engines is not supported at this time');\n }\n this.searchEngine = searchEngine;\n }\n\n public getSearchEngine(): SearchEngine \| null {\n return this.searchEngine;\n }\n}\n\n/\n The Search plugin is responsible for starting search indexing processes and return search results.\n * @public\n */\nexport default createBackendPlugin({\n pluginId: 'search',\n register(env) {\n const searchIndexRegistry = new SearchIndexRegistry();\n env.registerExtensionPoint(\n searchIndexRegistryExtensionPoint,\n searchIndexRegistry,\n );\n\n const searchEngineRegistry = new SearchEngineRegistry();\n env.registerExtensionPoint(\n searchEngineRegistryExtensionPoint,\n searchEngineRegistry,\n );\n\n env.registerInit({\n deps: {\n logger: coreServices.logger,\n config: coreServices.rootConfig,\n discovery: coreServices.discovery,\n permissions: coreServices.permissions,\n auth: coreServices.auth,\n http: coreServices.httpRouter,\n httpAuth: coreServices.httpAuth,\n lifecycle: coreServices.rootLifecycle,\n searchIndexService: searchIndexServiceRef,\n },\n async init({\n config,\n logger,\n discovery,\n permissions,\n auth,\n http,\n httpAuth,\n lifecycle,\n searchIndexService,\n }) {\n let searchEngine = searchEngineRegistry.getSearchEngine();\n if (!searchEngine) {\n searchEngine = new LunrSearchEngine({\n logger,\n });\n }\n\n const collators = searchIndexRegistry.getCollators();\n const decorators = searchIndexRegistry.getDecorators();\n searchIndexService.init({\n searchEngine: searchEngine!,\n collators,\n decorators,\n });\n\n lifecycle.addStartupHook(async () => {\n await searchIndexService.start();\n });\n\n lifecycle.addShutdownHook(async () => {\n await searchIndexService.stop();\n });\n\n const router = await createRouter({\n config,\n discovery,\n permissions,\n auth,\n httpAuth,\n logger,\n engine~~: searchEngine~~,\n types: searchIndexService.getDocumentTypes(),\n });\n\n http.use(router);\n },\n });\n },\n});\n"],"names":["createBackendPlugin","searchIndexRegistryExtensionPoint","searchEngineRegistryExtensionPoint","coreServices","searchIndexServiceRef","LunrSearchEngine","router","createRouter"],"mappings":"~~;;;;;;;;;AAoCA~~,MAAM,mBAAA,CAAiE;AAAA,EAC7D,YAA0C,EAAC;AAAA,EAC3C,aAA4C,EAAC;AAAA,EAE9C,YAAY,OAAA,EAA2C;AAC5D,IAAA,IAAA,CAAK,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,EAC7B;AAAA,EAEO,aAAa,OAAA,EAA4C;AAC9D,IAAA,IAAA,CAAK,UAAA,CAAW,KAAK,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEO,YAAA,GAA6C;AAClD,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AAAA,EAEO,aAAA,GAA+C;AACpD,IAAA,OAAO,IAAA,CAAK,UAAA;AAAA,EACd;AACF;AAEA,MAAM,oBAAA,CAAmE;AAAA,EAC/D,YAAA,GAAoC,IAAA;AAAA,EAErC,gBAAgB,YAAA,EAAkC;AACvD,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,IACzE;AACA,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AAAA,EAEO,eAAA,GAAuC;AAC5C,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AACF;AAMA,cAAeA,oCAAA,CAAoB;AAAA,EACjC,QAAA,EAAU,QAAA;AAAA,EACV,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,mBAAA,GAAsB,IAAI,mBAAA,EAAoB;AACpD,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,uCAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,oBAAA,GAAuB,IAAI,oBAAA,EAAqB;AACtD,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,wCAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,GAAA,CAAI,YAAA,CAAa;AAAA,MACf,IAAA,EAAM;AAAA,QACJ,QAAQC,6BAAA,CAAa,MAAA;AAAA,QACrB,QAAQA,6BAAA,CAAa,UAAA;AAAA,QACrB,WAAWA,6BAAA,CAAa,SAAA;AAAA,QACxB,aAAaA,6BAAA,CAAa,WAAA;AAAA,QAC1B,MAAMA,6BAAA,CAAa,IAAA;AAAA,QACnB,MAAMA,6BAAA,CAAa,UAAA;AAAA,QACnB,UAAUA,6BAAA,CAAa,QAAA;AAAA,QACvB,WAAWA,6BAAA,CAAa,aAAA;AAAA,QACxB,kBAAA,EAAoBC;AAAA,~~OACtB~~;AAAA,MACA,MAAM,IAAA,CAAK;AAAA,QACT,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,QAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF,EAAG;AACD,QAAA,IAAI,YAAA,GAAe,qBAAqB,eAAA,EAAgB;AACxD,QAAA,IAAI,CAAC,YAAA,EAAc;AACjB,UAAA,YAAA,GAAe,IAAIC,wCAAA,CAAiB;AAAA,YAClC;AAAA,WACD,CAAA;AAAA,QACH;AAEA,QAAA,MAAM,SAAA,GAAY,oBAAoB,YAAA,EAAa;AACnD,QAAA,MAAM,UAAA,GAAa,oBAAoB,aAAA,EAAc;AACrD,QAAA,kBAAA,CAAmB,IAAA,CAAK;AAAA,UACtB,YAAA;AAAA,UACA,SAAA;AAAA,UACA;AAAA,SACD,CAAA;AAED,QAAA,SAAA,CAAU,eAAe,YAAY;AACnC,UAAA,MAAM,mBAAmB,KAAA,EAAM;AAAA,QACjC,CAAC,CAAA;AAED,QAAA,SAAA,CAAU,gBAAgB,YAAY;AACpC,UAAA,MAAM,mBAAmB,IAAA,EAAK;AAAA,QAChC,CAAC,CAAA;AAED,QAAA,MAAMC,QAAA,GAAS,MAAMC,mBAAA,CAAa;AAAA,UAChC,MAAA;AAAA,~~UAEA~~,~~WAAA;AAAA,UACA,~~IAAA;AAAA,UACA,QAAA;AAAA,UACA,MAAA;AAAA,UACA,MAAA~~,EAAQ,YAAA~~;AAAA,~~UACR~~,KAAA,EAAO,mBAAmB,gBAAA;AAAiB,SAC5C,CAAA;~~AAED~~,QAAA,IAAA,CAAK,IAAID,QAAM,CAAA;AAAA,~~MACjB~~;AAAA,KACD,CAAA;AAAA,EACH;AACF,CAAC,CAAA;;;;"}
1	+ {"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/\n Copyright 2023 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport {\n coreServices,\n createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport {\n LunrSearchEngine,\n RegisterCollatorParameters,\n RegisterDecoratorParameters,\n SearchEngine,\n} from '@backstage/plugin-search-backend-node';\nimport {\n SearchEngineRegistryExtensionPoint,\n searchEngineRegistryExtensionPoint,\n searchIndexRegistryExtensionPoint,\n SearchIndexRegistryExtensionPoint,\n searchIndexServiceRef,\n} from '@backstage/plugin-search-backend-node/alpha';\n\nimport { createRouter } from './service/router';\nimport { AuthorizedSearchEngine } from './service/AuthorizedSearchEngine.ts';\nimport { registerActions } from './actions';\nimport { actionsRegistryServiceRef } from '@backstage/backend-plugin-api/alpha';\n\nclass SearchIndexRegistry implements SearchIndexRegistryExtensionPoint {\n private collators: RegisterCollatorParameters[] = [];\n private decorators: RegisterDecoratorParameters[] = [];\n\n public addCollator(options: RegisterCollatorParameters): void {\n this.collators.push(options);\n }\n\n public addDecorator(options: RegisterDecoratorParameters): void {\n this.decorators.push(options);\n }\n\n public getCollators(): RegisterCollatorParameters[] {\n return this.collators;\n }\n\n public getDecorators(): RegisterDecoratorParameters[] {\n return this.decorators;\n }\n}\n\nclass SearchEngineRegistry implements SearchEngineRegistryExtensionPoint {\n private searchEngine: SearchEngine \| null = null;\n\n public setSearchEngine(searchEngine: SearchEngine): void {\n if (this.searchEngine) {\n throw new Error('Multiple Search engines is not supported at this time');\n }\n this.searchEngine = searchEngine;\n }\n\n public getSearchEngine(): SearchEngine \| null {\n return this.searchEngine;\n }\n}\n\n/\n The Search plugin is responsible for starting search indexing processes and return search results.\n * @public\n */\nexport default createBackendPlugin({\n pluginId: 'search',\n register(env) {\n const searchIndexRegistry = new SearchIndexRegistry();\n env.registerExtensionPoint(\n searchIndexRegistryExtensionPoint,\n searchIndexRegistry,\n );\n\n const searchEngineRegistry = new SearchEngineRegistry();\n env.registerExtensionPoint(\n searchEngineRegistryExtensionPoint,\n searchEngineRegistry,\n );\n\n env.registerInit({\n deps: {\n logger: coreServices.logger,\n config: coreServices.rootConfig,\n discovery: coreServices.discovery,\n permissions: coreServices.permissions,\n auth: coreServices.auth,\n http: coreServices.httpRouter,\n httpAuth: coreServices.httpAuth,\n lifecycle: coreServices.rootLifecycle,\n searchIndexService: searchIndexServiceRef,\n actionsRegistry: actionsRegistryServiceRef,\n },\n async init({\n config,\n logger,\n discovery,\n permissions,\n auth,\n http,\n httpAuth,\n lifecycle,\n searchIndexService,\n actionsRegistry,\n }) {\n let searchEngine = searchEngineRegistry.getSearchEngine();\n if (!searchEngine) {\n searchEngine = new LunrSearchEngine({\n logger,\n });\n }\n\n const collators = searchIndexRegistry.getCollators();\n const decorators = searchIndexRegistry.getDecorators();\n searchIndexService.init({\n searchEngine: searchEngine!,\n collators,\n decorators,\n });\n\n lifecycle.addStartupHook(async () => {\n await searchIndexService.start();\n });\n\n lifecycle.addShutdownHook(async () => {\n await searchIndexService.stop();\n });\n\n const engine = config.getOptionalBoolean('permission.enabled')\n ? new AuthorizedSearchEngine(\n searchEngine,\n searchIndexService.getDocumentTypes(),\n permissions,\n auth,\n config,\n )\n : searchEngine;\n\n const router = await createRouter({\n config,\n discovery,\n permissions,\n auth,\n httpAuth,\n logger,\n engine,\n types: searchIndexService.getDocumentTypes(),\n });\n http.use(router);\n\n registerActions({\n engine,\n actionsRegistry,\n lifecycle,\n searchIndexService,\n logger,\n });\n },\n });\n },\n});\n"],"names":["createBackendPlugin","searchIndexRegistryExtensionPoint","searchEngineRegistryExtensionPoint","coreServices","searchIndexServiceRef","actionsRegistryServiceRef","LunrSearchEngine","AuthorizedSearchEngine","router","createRouter","registerActions"],"mappings":";;;;;;;;;;;;AAuCA,MAAM,mBAAA,CAAiE;AAAA,EAC7D,YAA0C,EAAC;AAAA,EAC3C,aAA4C,EAAC;AAAA,EAE9C,YAAY,OAAA,EAA2C;AAC5D,IAAA,IAAA,CAAK,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,EAC7B;AAAA,EAEO,aAAa,OAAA,EAA4C;AAC9D,IAAA,IAAA,CAAK,UAAA,CAAW,KAAK,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEO,YAAA,GAA6C;AAClD,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AAAA,EAEO,aAAA,GAA+C;AACpD,IAAA,OAAO,IAAA,CAAK,UAAA;AAAA,EACd;AACF;AAEA,MAAM,oBAAA,CAAmE;AAAA,EAC/D,YAAA,GAAoC,IAAA;AAAA,EAErC,gBAAgB,YAAA,EAAkC;AACvD,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,IACzE;AACA,IAAA,IAAA,CAAK,YAAA,GAAe,YAAA;AAAA,EACtB;AAAA,EAEO,eAAA,GAAuC;AAC5C,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AACF;AAMA,cAAeA,oCAAA,CAAoB;AAAA,EACjC,QAAA,EAAU,QAAA;AAAA,EACV,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,mBAAA,GAAsB,IAAI,mBAAA,EAAoB;AACpD,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,uCAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,oBAAA,GAAuB,IAAI,oBAAA,EAAqB;AACtD,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,wCAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,GAAA,CAAI,YAAA,CAAa;AAAA,MACf,IAAA,EAAM;AAAA,QACJ,QAAQC,6BAAA,CAAa,MAAA;AAAA,QACrB,QAAQA,6BAAA,CAAa,UAAA;AAAA,QACrB,WAAWA,6BAAA,CAAa,SAAA;AAAA,QACxB,aAAaA,6BAAA,CAAa,WAAA;AAAA,QAC1B,MAAMA,6BAAA,CAAa,IAAA;AAAA,QACnB,MAAMA,6BAAA,CAAa,UAAA;AAAA,QACnB,UAAUA,6BAAA,CAAa,QAAA;AAAA,QACvB,WAAWA,6BAAA,CAAa,aAAA;AAAA,QACxB,kBAAA,EAAoBC,2BAAA;AAAA,QACpB,eAAA,EAAiBC;AAAA,OACnB;AAAA,MACA,MAAM,IAAA,CAAK;AAAA,QACT,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,QAAA;AAAA,QACA,SAAA;AAAA,QACA,kBAAA;AAAA,QACA;AAAA,OACF,EAAG;AACD,QAAA,IAAI,YAAA,GAAe,qBAAqB,eAAA,EAAgB;AACxD,QAAA,IAAI,CAAC,YAAA,EAAc;AACjB,UAAA,YAAA,GAAe,IAAIC,wCAAA,CAAiB;AAAA,YAClC;AAAA,WACD,CAAA;AAAA,QACH;AAEA,QAAA,MAAM,SAAA,GAAY,oBAAoB,YAAA,EAAa;AACnD,QAAA,MAAM,UAAA,GAAa,oBAAoB,aAAA,EAAc;AACrD,QAAA,kBAAA,CAAmB,IAAA,CAAK;AAAA,UACtB,YAAA;AAAA,UACA,SAAA;AAAA,UACA;AAAA,SACD,CAAA;AAED,QAAA,SAAA,CAAU,eAAe,YAAY;AACnC,UAAA,MAAM,mBAAmB,KAAA,EAAM;AAAA,QACjC,CAAC,CAAA;AAED,QAAA,SAAA,CAAU,gBAAgB,YAAY;AACpC,UAAA,MAAM,mBAAmB,IAAA,EAAK;AAAA,QAChC,CAAC,CAAA;AAED,QAAA,MAAM,MAAA,GAAS,MAAA,CAAO,kBAAA,CAAmB,oBAAoB,IACzD,IAAIC,6CAAA;AAAA,UACF,YAAA;AAAA,UACA,mBAAmB,gBAAA,EAAiB;AAAA,UACpC,WAAA;AAAA,UACA,IAAA;AAAA,UACA;AAAA,SACF,GACA,YAAA;AAEJ,QAAA,MAAMC,QAAA,GAAS,MAAMC,mBAAA,CAAa;AAAA,UAChC,MAAA;AAAA,UAGA,IAAA;AAAA,UACA,QAAA;AAAA,UACA,MAAA;AAAA,UACA,MAAA;AAAA,UACA,KAAA,EAAO,mBAAmB,gBAAA;AAAiB,SAC5C,CAAA;AACD,QAAA,IAAA,CAAK,IAAID,QAAM,CAAA;AAEf,QAAAE,qBAAA,CAAgB;AAAA,UACd,MAAA;AAAA,UACA,eAAA;AAAA,UACA,SAAA;AAAA,UACA,kBAAA;AAAA,UACA;AAAA,SACD,CAAA;AAAA,MACH;AAAA,KACD,CAAA;AAAA,EACH;AACF,CAAC,CAAA;;;;"}

package/dist/service/router.cjs.js CHANGED Viewed

@@ -2,8 +2,7 @@
 var v3 = require('zod/v3');
 var errors = require('@backstage/errors');
-var pluginPermissionCommon = require('@backstage/plugin-permission-common');
-var AuthorizedSearchEngine = require('./AuthorizedSearchEngine.cjs.js');
+var search_result_utils = require('../utils/search_result_utils.cjs.js');
 var router = require('../schema/openapi/generated/router.cjs.js');
 const jsonObjectSchema = v3.z.lazy(() => {
@@ -21,18 +20,9 @@ const jsonObjectSchema = v3.z.lazy(() => {
 });
 const defaultMaxPageLimit = 100;
 const defaultMaxTermLength = 100;
-const allowedLocationProtocols = ["http:", "https:"];
 async function createRouter(options) {
   const router$1 = await router.createOpenApiRouter();
-  const {
-    engine: inputEngine,
-    types,
-    permissions,
-    config,
-    logger,
-    auth,
-    httpAuth
-  } = options;
+  const { engine, types, config, logger, auth, httpAuth } = options;
   const maxPageLimit = config.getOptionalNumber("search.maxPageLimit") ?? defaultMaxPageLimit;
   const maxTermLength = config.getOptionalNumber("search.maxTermLength") ?? defaultMaxTermLength;
   const requestSchema = v3.z.object({
@@ -52,45 +42,6 @@ async function createRouter(options) {
       })
     ).optional()
   });
-  let permissionEvaluator;
-  if ("authorizeConditional" in permissions) {
-    permissionEvaluator = permissions;
-  } else {
-    logger.warn(
-      "PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions"
-    );
-    permissionEvaluator = pluginPermissionCommon.toPermissionEvaluator(permissions);
-  }
-  const engine = config.getOptionalBoolean("permission.enabled") ? new AuthorizedSearchEngine.AuthorizedSearchEngine(
-    inputEngine,
-    types,
-    permissionEvaluator,
-    auth,
-    config
-  ) : inputEngine;
-  const filterResultSet = ({ results, ...resultSet }) => ({
-    ...resultSet,
-    results: results.filter((result) => {
-      const protocol = new URL(result.document.location, "https://example.com").protocol;
-      const isAllowed = allowedLocationProtocols.includes(protocol);
-      if (!isAllowed) {
-        logger.info(
-          `Rejected search result for "${result.document.title}" as location protocol "${protocol}" is unsafe`
-        );
-      }
-      return isAllowed;
-    })
-  });
-  const toSearchResults = (resultSet) => ({
-    ...resultSet,
-    results: resultSet.results.map((result) => ({
-      ...result,
-      document: {
-        ...result.document,
-        authorization: void 0
-      }
-    }))
-  });
   router$1.get("/query", async (req, res) => {
     const parseResult = requestSchema.passthrough().safeParse(req.query);
     if (!parseResult.success) {
@@ -112,7 +63,7 @@ async function createRouter(options) {
         token,
         credentials
       });
-      res.json(filterResultSet(toSearchResults(resultSet)));
+      res.json(search_result_utils.filterResultSet(search_result_utils.toSearchResults(resultSet), logger));
     } catch (error) {
       logger.error(
         `There was a problem performing the search query: ${error.message}`

package/dist/service/router.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express from 'express';\nimport { z } from 'zod/v3';\nimport { InputError } from '@backstage/errors';\nimport { Config } from '@backstage/config';\nimport { JsonObject, JsonValue } from '@backstage/types';\nimport {\n PermissionAuthorizer,\n PermissionEvaluator,\n toPermissionEvaluator,\n} from '@backstage/plugin-permission-common';\nimport {\n DocumentTypeInfo,\n IndexableResultSet,\n SearchResultSet,\n} from '@backstage/plugin-search-common';\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { AuthorizedSearchEngine } from './AuthorizedSearchEngine';\nimport { createOpenApiRouter } from '../schema/openapi';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\n\nconst jsonObjectSchema: z.ZodSchema<JsonObject> = z.lazy(() => {\n const jsonValueSchema: z.ZodSchema<JsonValue> = z.lazy(() =>\n z.union([\n z.string(),\n z.number(),\n z.boolean(),\n z.null(),\n z.array(jsonValueSchema),\n jsonObjectSchema,\n ]),\n );\n\n return z.record(jsonValueSchema);\n});\n\n/\n @internal\n /\nexport type RouterOptions = {\n engine: SearchEngine;\n types: Record<string, DocumentTypeInfo>;\n discovery?: DiscoveryService;\n permissions: PermissionEvaluator \| PermissionAuthorizer;\n config: Config;\n logger: LoggerService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n};\n\nconst defaultMaxPageLimit = 100;\nconst defaultMaxTermLength = 100;\nconst allowedLocationProtocols = ['http:', 'https:'];\n\n/\n @internal\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const router = await createOpenApiRouter();\n const {\n engine: inputEngine,\n types,\n permissions,\n config,\n logger,\n auth,\n httpAuth,\n } = options;\n\n const maxPageLimit =\n config.getOptionalNumber('search.maxPageLimit') ?? defaultMaxPageLimit;\n\n const maxTermLength =\n config.getOptionalNumber('search.maxTermLength') ?? defaultMaxTermLength;\n\n const requestSchema = z.object({\n term: z\n .string()\n .refine(\n term => term.length <= maxTermLength,\n term => ({\n message: `The term length \"${term.length}\" is greater than \"${maxTermLength}\"`,\n }),\n )\n .default(''),\n filters: jsonObjectSchema.optional(),\n types: z\n .array(z.string().refine(type => Object.keys(types).includes(type)))\n .optional(),\n pageCursor: z.string().optional(),\n pageLimit: z\n .number()\n .refine(\n pageLimit => pageLimit <= maxPageLimit,\n pageLimit => ({\n message: `The page limit \"${pageLimit}\" is greater than \"${maxPageLimit}\"`,\n }),\n )\n .optional(),\n });\n\n let permissionEvaluator: PermissionEvaluator;\n if ('authorizeConditional' in permissions) {\n permissionEvaluator = permissions as PermissionEvaluator;\n } else {\n logger.warn(\n 'PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions',\n );\n permissionEvaluator = toPermissionEvaluator(permissions);\n }\n\n const engine = config.getOptionalBoolean('permission.enabled')\n ? new AuthorizedSearchEngine(\n inputEngine,\n types,\n permissionEvaluator,\n auth,\n config,\n )\n : inputEngine;\n\n const filterResultSet = ({ results, ...resultSet }: SearchResultSet) => ({\n ...resultSet,\n results: results.filter(result => {\n const protocol = new URL(result.document.location, 'https://example.com')\n .protocol;\n const isAllowed = allowedLocationProtocols.includes(protocol);\n if (!isAllowed) {\n logger.info(\n `Rejected search result for \"${result.document.title}\" as location protocol \"${protocol}\" is unsafe`,\n );\n }\n return isAllowed;\n }),\n });\n\n const toSearchResults = (resultSet: IndexableResultSet): SearchResultSet => ({\n ...resultSet,\n results: resultSet.results.map(result => ({\n ...result,\n document: {\n ...result.document,\n authorization: undefined,\n },\n })),\n });\n\n router.get('/query', async (req, res) => {\n const parseResult = requestSchema.passthrough().safeParse(req.query);\n\n if (!parseResult.success) {\n throw new InputError(`Invalid query string: ${parseResult.error}`);\n }\n\n const query = parseResult.data;\n\n logger.info(\n `Search request received: term=\"${query.term}\", filters=${JSON.stringify(\n query.filters,\n )}, types=${query.types ? query.types.join(',') : ''}, pageCursor=${\n query.pageCursor ?? ''\n }`,\n );\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { token } = await auth.getPluginRequestToken({\n onBehalfOf: credentials,\n targetPluginId: 'search',\n });\n const resultSet = await engine?.query(query, {\n token,\n credentials,\n });\n\n res.json(filterResultSet(toSearchResults(resultSet)));\n } catch (error) {\n // Log the error message here, but don't expose it to the user in the response\n logger.error(\n `There was a problem performing the search query: ${error.message}`,\n );\n if (error.name === 'MissingIndexError') {\n // re-throw and let the default error handler middleware captures it and serializes it with the right response code on the standard form\n throw error;\n }\n\n // If the error is not a MissingIndexError, we want to throw a generic error without the error message as it may leak internal information\n throw new Error(`There was a problem performing the search query`);\n }\n });\n\n return router;\n}\n"],"names":["z","router","createOpenApiRouter","toPermissionEvaluator","AuthorizedSearchEngine","InputError"],"mappings":";;;;;;;;AAyCA,MAAM,gBAAA,GAA4CA,IAAA,CAAE,IAAA,CAAK,MAAM;AAC7D,EAAA,MAAM,kBAA0CA,IAAA,CAAE,IAAA;AAAA,IAAK,MACrDA,KAAE,KAAA,CAAM;AAAA,MACNA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,OAAA,EAAQ;AAAA,MACVA,KAAE,IAAA,EAAK;AAAA,MACPA,IAAA,CAAE,MAAM,eAAe,CAAA;AAAA,MACvB;AAAA,KACD;AAAA,GACH;AAEA,EAAA,OAAOA,IAAA,CAAE,OAAO,eAAe,CAAA;AACjC,CAAC,CAAA;AAgBD,MAAM,mBAAA,GAAsB,GAAA;AAC5B,MAAM,oBAAA,GAAuB,GAAA;AAC7B,MAAM,wBAAA,GAA2B,CAAC,OAAA,EAAS,QAAQ,CAAA;AAKnD,eAAsB,aACpB,OAAA,EACyB;AACzB,EAAA,MAAMC,QAAA,GAAS,MAAMC,0BAAA,EAAoB;AACzC,EAAA,MAAM;AAAA,IACJ,MAAA,EAAQ,WAAA;AAAA,IACR,KAAA;AAAA,IACA,WAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAEJ,EAAA,MAAM,YAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,qBAAqB,CAAA,IAAK,mBAAA;AAErD,EAAA,MAAM,aAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,sBAAsB,CAAA,IAAK,oBAAA;AAEtD,EAAA,MAAM,aAAA,GAAgBF,KAAE,MAAA,CAAO;AAAA,IAC7B,IAAA,EAAMA,IAAA,CACH,MAAA,EAAO,CACP,MAAA;AAAA,MACC,CAAA,IAAA,KAAQ,KAAK,MAAA,IAAU,aAAA;AAAA,MACvB,CAAA,IAAA,MAAS;AAAA,QACP,OAAA,EAAS,CAAA,iBAAA,EAAoB,IAAA,CAAK,MAAM,sBAAsB,aAAa,CAAA,CAAA;AAAA,OAC7E;AAAA,KACF,CACC,QAAQ,EAAE,CAAA;AAAA,IACb,OAAA,EAAS,iBAAiB,QAAA,EAAS;AAAA,IACnC,OAAOA,IAAA,CACJ,KAAA,CAAMA,IAAA,CAAE,MAAA,GAAS,MAAA,CAAO,CAAA,IAAA,KAAQ,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,QAAA,CAAS,IAAI,CAAC,CAAC,EAClE,QAAA,EAAS;AAAA,IACZ,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,SAAA,EAAWA,IAAA,CACR,MAAA,EAAO,CACP,MAAA;AAAA,MACC,eAAa,SAAA,IAAa,YAAA;AAAA,MAC1B,CAAA,SAAA,MAAc;AAAA,QACZ,OAAA,EAAS,CAAA,gBAAA,EAAmB,SAAS,CAAA,mBAAA,EAAsB,YAAY,CAAA,CAAA;AAAA,OACzE;AAAA,MAED,QAAA;AAAS,GACb,CAAA;AAED,EAAA,IAAI,mBAAA;AACJ,EAAA,IAAI,0BAA0B,WAAA,EAAa;AACzC,IAAA,mBAAA,GAAsB,WAAA;AAAA,EACxB,CAAA,MAAO;AACL,IAAA,MAAA,CAAO,IAAA;AAAA,MACL;AAAA,KACF;AACA,IAAA,mBAAA,GAAsBG,6CAAsB,WAAW,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,kBAAA,CAAmB,oBAAoB,IACzD,IAAIC,6CAAA;AAAA,IACF,WAAA;AAAA,IACA,KAAA;AAAA,IACA,mBAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GACA,WAAA;AAEJ,EAAA,MAAM,kBAAkB,CAAC,EAAE,OAAA,EAAS,GAAG,WAAU,MAAwB;AAAA,IACvE,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,OAAA,CAAQ,MAAA,CAAO,CAAA,MAAA,KAAU;AAChC,MAAA,MAAM,WAAW,IAAI,GAAA,CAAI,OAAO,QAAA,CAAS,QAAA,EAAU,qBAAqB,CAAA,CACrE,QAAA;AACH,MAAA,MAAM,SAAA,GAAY,wBAAA,CAAyB,QAAA,CAAS,QAAQ,CAAA;AAC5D,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAA,CAAO,IAAA;AAAA,UACL,CAAA,4BAAA,EAA+B,MAAA,CAAO,QAAA,CAAS,KAAK,2BAA2B,QAAQ,CAAA,WAAA;AAAA,SACzF;AAAA,MACF;AACA,MAAA,OAAO,SAAA;AAAA,IACT,CAAC;AAAA,GACH,CAAA;AAEA,EAAA,MAAM,eAAA,GAAkB,CAAC,SAAA,MAAoD;AAAA,IAC3E,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,SAAA,CAAU,OAAA,CAAQ,GAAA,CAAI,CAAA,MAAA,MAAW;AAAA,MACxC,GAAG,MAAA;AAAA,MACH,QAAA,EAAU;AAAA,QACR,GAAG,MAAA,CAAO,QAAA;AAAA,QACV,aAAA,EAAe;AAAA;AACjB,KACF,CAAE;AAAA,GACJ,CAAA;AAEA,EAAAH,QAAA,CAAO,GAAA,CAAI,QAAA,EAAU,OAAO,GAAA,EAAK,GAAA,KAAQ;AACvC,IAAA,MAAM,cAAc,aAAA,CAAc,WAAA,EAAY,CAAE,SAAA,CAAU,IAAI,KAAK,CAAA;AAEnE,IAAA,IAAI,CAAC,YAAY,OAAA,EAAS;AACxB,MAAA,MAAM,IAAII,iBAAA,CAAW,CAAA,sBAAA,EAAyB,WAAA,CAAY,KAAK,CAAA,CAAE,CAAA;AAAA,IACnE;AAEA,IAAA,MAAM,QAAQ,WAAA,CAAY,IAAA;AAE1B,IAAA,MAAA,CAAO,IAAA;AAAA,MACL,CAAA,+BAAA,EAAkC,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,IAAA,CAAK,SAAA;AAAA,QAC7D,KAAA,CAAM;AAAA,OACP,CAAA,QAAA,EAAW,KAAA,CAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA,GAAI,EAAE,CAAA,aAAA,EAClD,KAAA,CAAM,cAAc,EACtB,CAAA;AAAA,KACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAc,MAAM,QAAA,CAAS,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,KAAK,qBAAA,CAAsB;AAAA,QACjD,UAAA,EAAY,WAAA;AAAA,QACZ,cAAA,EAAgB;AAAA,OACjB,CAAA;AACD,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,EAAQ,KAAA,CAAM,KAAA,EAAO;AAAA,QAC3C,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,GAAA,CAAI,IAAA,CAAK,eAAA,CAAgB,eAAA,CAAgB,SAAS,CAAC,CAAC,CAAA;AAAA,IACtD,SAAS,KAAA,EAAO;AAEd,MAAA,MAAA,CAAO,KAAA;AAAA,QACL,CAAA,iDAAA,EAAoD,MAAM,OAAO,CAAA;AAAA,OACnE;AACA,MAAA,IAAI,KAAA,CAAM,SAAS,mBAAA,EAAqB;AAEtC,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,MAAM,IAAI,MAAM,CAAA,+CAAA,CAAiD,CAAA;AAAA,IACnE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAOJ,QAAA;AACT;;;;"}
1	+ {"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport express from 'express';\nimport { z } from 'zod/v3';\nimport { InputError } from '@backstage/errors';\nimport { Config } from '@backstage/config';\nimport { JsonObject, JsonValue } from '@backstage/types';\nimport { PermissionEvaluator } from '@backstage/plugin-permission-common';\nimport { DocumentTypeInfo } from '@backstage/plugin-search-common';\nimport { filterResultSet, toSearchResults } from '../utils/search_result_utils';\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { createOpenApiRouter } from '../schema/openapi';\nimport {\n AuthService,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n} from '@backstage/backend-plugin-api';\n\nconst jsonObjectSchema: z.ZodSchema<JsonObject> = z.lazy(() => {\n const jsonValueSchema: z.ZodSchema<JsonValue> = z.lazy(() =>\n z.union([\n z.string(),\n z.number(),\n z.boolean(),\n z.null(),\n z.array(jsonValueSchema),\n jsonObjectSchema,\n ]),\n );\n\n return z.record(jsonValueSchema);\n});\n\n/\n @internal\n /\nexport type RouterOptions = {\n engine: SearchEngine;\n types: Record<string, DocumentTypeInfo>;\n discovery?: DiscoveryService;\n permissions: PermissionEvaluator;\n config: Config;\n logger: LoggerService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n};\n\nconst defaultMaxPageLimit = 100;\nconst defaultMaxTermLength = 100;\n/\n @internal\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const router = await createOpenApiRouter();\n const { engine, types, config, logger, auth, httpAuth } = options;\n\n const maxPageLimit =\n config.getOptionalNumber('search.maxPageLimit') ?? defaultMaxPageLimit;\n\n const maxTermLength =\n config.getOptionalNumber('search.maxTermLength') ?? defaultMaxTermLength;\n\n const requestSchema = z.object({\n term: z\n .string()\n .refine(\n term => term.length <= maxTermLength,\n term => ({\n message: `The term length \"${term.length}\" is greater than \"${maxTermLength}\"`,\n }),\n )\n .default(''),\n filters: jsonObjectSchema.optional(),\n types: z\n .array(z.string().refine(type => Object.keys(types).includes(type)))\n .optional(),\n pageCursor: z.string().optional(),\n pageLimit: z\n .number()\n .refine(\n pageLimit => pageLimit <= maxPageLimit,\n pageLimit => ({\n message: `The page limit \"${pageLimit}\" is greater than \"${maxPageLimit}\"`,\n }),\n )\n .optional(),\n });\n\n router.get('/query', async (req, res) => {\n const parseResult = requestSchema.passthrough().safeParse(req.query);\n\n if (!parseResult.success) {\n throw new InputError(`Invalid query string: ${parseResult.error}`);\n }\n\n const query = parseResult.data;\n\n logger.info(\n `Search request received: term=\"${query.term}\", filters=${JSON.stringify(\n query.filters,\n )}, types=${query.types ? query.types.join(',') : ''}, pageCursor=${\n query.pageCursor ?? ''\n }`,\n );\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { token } = await auth.getPluginRequestToken({\n onBehalfOf: credentials,\n targetPluginId: 'search',\n });\n const resultSet = await engine?.query(query, {\n token,\n credentials,\n });\n\n res.json(filterResultSet(toSearchResults(resultSet), logger));\n } catch (error) {\n // Log the error message here, but don't expose it to the user in the response\n logger.error(\n `There was a problem performing the search query: ${error.message}`,\n );\n if (error.name === 'MissingIndexError') {\n // re-throw and let the default error handler middleware captures it and serializes it with the right response code on the standard form\n throw error;\n }\n\n // If the error is not a MissingIndexError, we want to throw a generic error without the error message as it may leak internal information\n throw new Error(`There was a problem performing the search query`);\n }\n });\n\n return router;\n}\n"],"names":["z","router","createOpenApiRouter","InputError","filterResultSet","toSearchResults"],"mappings":";;;;;;;AAiCA,MAAM,gBAAA,GAA4CA,IAAA,CAAE,IAAA,CAAK,MAAM;AAC7D,EAAA,MAAM,kBAA0CA,IAAA,CAAE,IAAA;AAAA,IAAK,MACrDA,KAAE,KAAA,CAAM;AAAA,MACNA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,OAAA,EAAQ;AAAA,MACVA,KAAE,IAAA,EAAK;AAAA,MACPA,IAAA,CAAE,MAAM,eAAe,CAAA;AAAA,MACvB;AAAA,KACD;AAAA,GACH;AAEA,EAAA,OAAOA,IAAA,CAAE,OAAO,eAAe,CAAA;AACjC,CAAC,CAAA;AAgBD,MAAM,mBAAA,GAAsB,GAAA;AAC5B,MAAM,oBAAA,GAAuB,GAAA;AAI7B,eAAsB,aACpB,OAAA,EACyB;AACzB,EAAA,MAAMC,QAAA,GAAS,MAAMC,0BAAA,EAAoB;AACzC,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,QAAQ,MAAA,EAAQ,IAAA,EAAM,UAAS,GAAI,OAAA;AAE1D,EAAA,MAAM,YAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,qBAAqB,CAAA,IAAK,mBAAA;AAErD,EAAA,MAAM,aAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,sBAAsB,CAAA,IAAK,oBAAA;AAEtD,EAAA,MAAM,aAAA,GAAgBF,KAAE,MAAA,CAAO;AAAA,IAC7B,IAAA,EAAMA,IAAA,CACH,MAAA,EAAO,CACP,MAAA;AAAA,MACC,CAAA,IAAA,KAAQ,KAAK,MAAA,IAAU,aAAA;AAAA,MACvB,CAAA,IAAA,MAAS;AAAA,QACP,OAAA,EAAS,CAAA,iBAAA,EAAoB,IAAA,CAAK,MAAM,sBAAsB,aAAa,CAAA,CAAA;AAAA,OAC7E;AAAA,KACF,CACC,QAAQ,EAAE,CAAA;AAAA,IACb,OAAA,EAAS,iBAAiB,QAAA,EAAS;AAAA,IACnC,OAAOA,IAAA,CACJ,KAAA,CAAMA,IAAA,CAAE,MAAA,GAAS,MAAA,CAAO,CAAA,IAAA,KAAQ,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,QAAA,CAAS,IAAI,CAAC,CAAC,EAClE,QAAA,EAAS;AAAA,IACZ,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,SAAA,EAAWA,IAAA,CACR,MAAA,EAAO,CACP,MAAA;AAAA,MACC,eAAa,SAAA,IAAa,YAAA;AAAA,MAC1B,CAAA,SAAA,MAAc;AAAA,QACZ,OAAA,EAAS,CAAA,gBAAA,EAAmB,SAAS,CAAA,mBAAA,EAAsB,YAAY,CAAA,CAAA;AAAA,OACzE;AAAA,MAED,QAAA;AAAS,GACb,CAAA;AAED,EAAAC,QAAA,CAAO,GAAA,CAAI,QAAA,EAAU,OAAO,GAAA,EAAK,GAAA,KAAQ;AACvC,IAAA,MAAM,cAAc,aAAA,CAAc,WAAA,EAAY,CAAE,SAAA,CAAU,IAAI,KAAK,CAAA;AAEnE,IAAA,IAAI,CAAC,YAAY,OAAA,EAAS;AACxB,MAAA,MAAM,IAAIE,iBAAA,CAAW,CAAA,sBAAA,EAAyB,WAAA,CAAY,KAAK,CAAA,CAAE,CAAA;AAAA,IACnE;AAEA,IAAA,MAAM,QAAQ,WAAA,CAAY,IAAA;AAE1B,IAAA,MAAA,CAAO,IAAA;AAAA,MACL,CAAA,+BAAA,EAAkC,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,IAAA,CAAK,SAAA;AAAA,QAC7D,KAAA,CAAM;AAAA,OACP,CAAA,QAAA,EAAW,KAAA,CAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA,GAAI,EAAE,CAAA,aAAA,EAClD,KAAA,CAAM,cAAc,EACtB,CAAA;AAAA,KACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAc,MAAM,QAAA,CAAS,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,KAAK,qBAAA,CAAsB;AAAA,QACjD,UAAA,EAAY,WAAA;AAAA,QACZ,cAAA,EAAgB;AAAA,OACjB,CAAA;AACD,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,EAAQ,KAAA,CAAM,KAAA,EAAO;AAAA,QAC3C,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,GAAA,CAAI,KAAKC,mCAAA,CAAgBC,mCAAA,CAAgB,SAAS,CAAA,EAAG,MAAM,CAAC,CAAA;AAAA,IAC9D,SAAS,KAAA,EAAO;AAEd,MAAA,MAAA,CAAO,KAAA;AAAA,QACL,CAAA,iDAAA,EAAoD,MAAM,OAAO,CAAA;AAAA,OACnE;AACA,MAAA,IAAI,KAAA,CAAM,SAAS,mBAAA,EAAqB;AAEtC,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,MAAM,IAAI,MAAM,CAAA,+CAAA,CAAiD,CAAA;AAAA,IACnE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAOJ,QAAA;AACT;;;;"}

package/dist/utils/search_result_utils.cjs.js ADDED Viewed

@@ -0,0 +1,30 @@
+'use strict';
+const allowedLocationProtocols = ["http:", "https:"];
+const toSearchResults = (resultSet) => ({
+  ...resultSet,
+  results: resultSet.results.map((result) => ({
+    ...result,
+    document: {
+      ...result.document,
+      authorization: void 0
+    }
+  }))
+});
+const filterResultSet = ({ results, ...resultSet }, logger) => ({
+  ...resultSet,
+  results: results.filter((result) => {
+    const protocol = new URL(result.document.location, "https://example.com").protocol;
+    const isAllowed = allowedLocationProtocols.includes(protocol);
+    if (!isAllowed) {
+      logger.info(
+        `Rejected search result for "${result.document.title}" as location protocol "${protocol}" is unsafe`
+      );
+    }
+    return isAllowed;
+  })
+});
+exports.filterResultSet = filterResultSet;
+exports.toSearchResults = toSearchResults;
+//# sourceMappingURL=search_result_utils.cjs.js.map

package/dist/utils/search_result_utils.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"search_result_utils.cjs.js","sources":["../../src/utils/search_result_utils.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n IndexableResultSet,\n SearchResultSet,\n} from '@backstage/plugin-search-common';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\nconst allowedLocationProtocols = ['http:', 'https:'];\n\n/**\n * Converts an IndexableResultSet to a SearchResultSet by stripping internal\n * fields (e.g. authorization) that must not be exposed to callers.\n * @internal\n */\nexport const toSearchResults = (resultSet: IndexableResultSet) => ({\n ...resultSet,\n results: resultSet.results.map(result => ({\n ...result,\n document: {\n ...result.document,\n authorization: undefined,\n },\n })),\n});\n\n/**\n * Filters a SearchResultSet to remove results whose document location uses an\n * unsafe protocol (anything other than http: or https:).\n * @internal\n */\nexport const filterResultSet = <T extends SearchResultSet>(\n { results, ...resultSet }: T,\n logger: LoggerService,\n): T =>\n ({\n ...resultSet,\n results: results.filter(result => {\n const protocol = new URL(result.document.location, 'https://example.com')\n .protocol;\n const isAllowed = allowedLocationProtocols.includes(protocol);\n if (!isAllowed) {\n logger.info(\n `Rejected search result for \"${result.document.title}\" as location protocol \"${protocol}\" is unsafe`,\n );\n }\n return isAllowed;\n }),\n } as T);\n"],"names":[],"mappings":";;AAqBA,MAAM,wBAAA,GAA2B,CAAC,OAAA,EAAS,QAAQ,CAAA;AAO5C,MAAM,eAAA,GAAkB,CAAC,SAAA,MAAmC;AAAA,EACjE,GAAG,SAAA;AAAA,EACH,OAAA,EAAS,SAAA,CAAU,OAAA,CAAQ,GAAA,CAAI,CAAA,MAAA,MAAW;AAAA,IACxC,GAAG,MAAA;AAAA,IACH,QAAA,EAAU;AAAA,MACR,GAAG,MAAA,CAAO,QAAA;AAAA,MACV,aAAA,EAAe;AAAA;AACjB,GACF,CAAE;AACJ,CAAA;AAOO,MAAM,kBAAkB,CAC7B,EAAE,SAAS,GAAG,SAAA,IACd,MAAA,MAEC;AAAA,EACC,GAAG,SAAA;AAAA,EACH,OAAA,EAAS,OAAA,CAAQ,MAAA,CAAO,CAAA,MAAA,KAAU;AAChC,IAAA,MAAM,WAAW,IAAI,GAAA,CAAI,OAAO,QAAA,CAAS,QAAA,EAAU,qBAAqB,CAAA,CACrE,QAAA;AACH,IAAA,MAAM,SAAA,GAAY,wBAAA,CAAyB,QAAA,CAAS,QAAQ,CAAA;AAC5D,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,MAAA,CAAO,IAAA;AAAA,QACL,CAAA,4BAAA,EAA+B,MAAA,CAAO,QAAA,CAAS,KAAK,2BAA2B,QAAQ,CAAA,WAAA;AAAA,OACzF;AAAA,IACF;AACA,IAAA,OAAO,SAAA;AAAA,EACT,CAAC;AACH,CAAA;;;;;"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-search-backend",
-  "version": "2.1.1",
+  "version": "2.1.2-next.1",
   "description": "The Backstage backend plugin that provides your backstage app with search",
   "backstage": {
     "role": "backend-plugin",
@@ -70,27 +70,26 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-openapi-utils": "^0.6.8",
-    "@backstage/backend-plugin-api": "^1.9.0",
-    "@backstage/config": "^1.3.7",
-    "@backstage/errors": "^1.3.0",
-    "@backstage/plugin-permission-common": "^0.9.8",
-    "@backstage/plugin-permission-node": "^0.10.12",
-    "@backstage/plugin-search-backend-node": "^1.4.3",
-    "@backstage/plugin-search-common": "^1.2.23",
-    "@backstage/types": "^1.2.2",
+    "@backstage/backend-openapi-utils": "0.6.9-next.0",
+    "@backstage/backend-plugin-api": "1.9.1-next.0",
+    "@backstage/config": "1.3.8-next.0",
+    "@backstage/errors": "1.3.1-next.0",
+    "@backstage/plugin-permission-common": "0.9.9-next.1",
+    "@backstage/plugin-permission-node": "0.10.13-next.0",
+    "@backstage/plugin-search-backend-node": "1.4.4-next.1",
+    "@backstage/plugin-search-common": "1.2.24-next.0",
+    "@backstage/types": "1.2.2",
     "dataloader": "^2.0.0",
     "express": "^4.22.0",
     "lodash": "^4.17.21",
     "qs": "^6.10.1",
-    "yn": "^4.0.0",
     "zod": "^3.25.76 || ^4.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "^0.17.0",
-    "@backstage/backend-test-utils": "^1.11.2",
-    "@backstage/cli": "^0.36.1",
-    "@backstage/repo-tools": "^0.17.1",
+    "@backstage/backend-defaults": "0.17.1-next.1",
+    "@backstage/backend-test-utils": "1.11.3-next.1",
+    "@backstage/cli": "0.36.2-next.1",
+    "@backstage/repo-tools": "0.17.2-next.0",
     "@types/express": "^4.17.6",
     "@types/supertest": "^2.0.8",
     "supertest": "^7.0.0"