@beignet/devtools 0.0.23 → 0.0.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/README.md +4 -3
- package/dist/access.d.ts.map +1 -1
- package/dist/access.js +3 -0
- package/dist/access.js.map +1 -1
- package/package.json +1 -1
- package/src/access.ts +3 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# @beignet/devtools
|
|
2
2
|
|
|
3
|
+
## 0.0.25
|
|
4
|
+
|
|
5
|
+
## 0.0.24
|
|
6
|
+
|
|
7
|
+
### Patch Changes
|
|
8
|
+
|
|
9
|
+
- 91bc9b5: Harden framework security defaults for generated tenancy, auth secrets, CORS,
|
|
10
|
+
body limits, uploads, devtools, OpenAPI, rate-limit IP sources, public storage,
|
|
11
|
+
and Meilisearch query fields.
|
|
12
|
+
|
|
3
13
|
## 0.0.23
|
|
4
14
|
|
|
5
15
|
## 0.0.22
|
package/README.md
CHANGED
|
@@ -385,7 +385,7 @@ path.
|
|
|
385
385
|
The provider controls whether events are recorded. The HTTP route controls
|
|
386
386
|
whether those events are exposed. Both default to development-only behavior.
|
|
387
387
|
Route handlers return `404` when `NODE_ENV === "production"` unless explicitly
|
|
388
|
-
enabled:
|
|
388
|
+
enabled with an app-owned `authorize` callback:
|
|
389
389
|
|
|
390
390
|
```typescript
|
|
391
391
|
export const { GET, POST } = createDevtoolsRoute(server.ports.devtools, {
|
|
@@ -519,8 +519,9 @@ type DevtoolsRequestOptions = {
|
|
|
519
519
|
## Production safety
|
|
520
520
|
|
|
521
521
|
The HTTP handlers return `404` when `NODE_ENV === "production"` by default. The
|
|
522
|
-
|
|
523
|
-
|
|
522
|
+
Setting `enabled: true` in production still requires `authorize`; without it
|
|
523
|
+
the route remains hidden. The provider also installs a no-op devtools port in
|
|
524
|
+
production by default so app code does not need null checks.
|
|
524
525
|
|
|
525
526
|
Devtools can contain sensitive request, error, and domain data. Keep it on local
|
|
526
527
|
development routes unless you intentionally add authentication and redaction.
|
package/dist/access.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../src/access.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAC9B,GAAG,EAAE,OAAO,KACT,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC;CAC/B;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAET;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,QAAQ,CAEnD;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,OAAO,EACZ,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../src/access.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAC9B,GAAG,EAAE,OAAO,KACT,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC;CAC/B;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAET;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,QAAQ,CAEnD;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,OAAO,EACZ,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CAkB/B"}
|
package/dist/access.js
CHANGED
|
@@ -20,6 +20,9 @@ export async function authorizeDevtoolsRequest(req, options = {}) {
|
|
|
20
20
|
return devtoolsNotFoundResponse();
|
|
21
21
|
}
|
|
22
22
|
if (!options.authorize) {
|
|
23
|
+
if (process.env.NODE_ENV === "production" && options.enabled === true) {
|
|
24
|
+
return devtoolsNotFoundResponse();
|
|
25
|
+
}
|
|
23
26
|
return undefined;
|
|
24
27
|
}
|
|
25
28
|
const result = await options.authorize(req);
|
package/dist/access.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.js","sourceRoot":"","sources":["../src/access.ts"],"names":[],"mappings":"AAgCA;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAsC,EAAE;IAExC,OAAO,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAY,EACZ,UAAsC,EAAE;IAExC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,wBAAwB,EAAE,CAAC;IACpC,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,MAAM,YAAY,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,wBAAwB,EAAE,CAAC;AACzD,CAAC"}
|
|
1
|
+
{"version":3,"file":"access.js","sourceRoot":"","sources":["../src/access.ts"],"names":[],"mappings":"AAgCA;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAsC,EAAE;IAExC,OAAO,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAY,EACZ,UAAsC,EAAE;IAExC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,wBAAwB,EAAE,CAAC;IACpC,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,OAAO,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YACtE,OAAO,wBAAwB,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,MAAM,YAAY,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,wBAAwB,EAAE,CAAC;AACzD,CAAC"}
|
package/package.json
CHANGED
package/src/access.ts
CHANGED