@bleedingdev/modern-js-create-request 3.2.0-ultramodern.0

package/dist/esm/utiles.mjs

@@ -0,0 +1,18 @@
+const getUploadPayload = (args)=>{
+    const payload = 'object' == typeof args[args.length - 1] ? args[args.length - 1] : {};
+    const files = payload.files;
+    if (!files) throw new Error('no files');
+    const formdata = new FormData();
+    for (const [key, value] of Object.entries(files))if (value instanceof FileList) for(let i = 0; i < value.length; i++){
+        const file = value.item(i);
+        if (file) formdata.append(key, file);
+    }
+    else formdata.append(key, value);
+    const body = formdata;
+    return {
+        body,
+        headers: payload.headers,
+        params: payload.params
+    };
+};
+export { getUploadPayload };

package/dist/esm-node/browser.mjs

@@ -0,0 +1,367 @@
+import "node:module";
+import { compile } from "path-to-regexp";
+import { stringify } from "qs";
+import { handleRes } from "./handleRes.mjs";
+import { executeWithResilience } from "./transport.mjs";
+import { BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS, BFF_ENVELOPE_HEADER, BFF_OPERATION_CONTEXT_DETAIL_HEADER, BFF_OPERATION_CONTEXT_HEADER } from "./types.mjs";
+import { getUploadPayload } from "./utiles.mjs";
+export * from "./requestContext.mjs";
+export * from "./types.mjs";
+const realRequest = new Map();
+const realAllowedHeaders = new Map();
+const realRequireEnvelope = new Map();
+const realAllowCrossOriginEnvelope = new Map();
+const realTransportResilience = new Map();
+const realIdentityBinding = new Map();
+const realOperationContract = new Map();
+const domainMap = new Map();
+const isEmptyDomain = (domain)=>'string' != typeof domain || '' === domain.trim();
+const TRACEPARENT_HEADER = 'traceparent';
+const OPERATION_CONTEXT_DETAIL_HEADER = BFF_OPERATION_CONTEXT_DETAIL_HEADER;
+const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-[0-9a-f]{2}$/i;
+const readProcessEnv = (key)=>{
+    if ("u" < typeof process || void 0 === process.env || 'string' != typeof process.env[key]) return;
+    return process.env[key];
+};
+const isStrictDefaultRequestIdEnabled = ()=>'true' === readProcessEnv('MODERN_BFF_STRICT_DEFAULT_REQUEST_ID');
+const isSecuredRequestId = (requestId)=>'default' !== requestId || isStrictDefaultRequestIdEnabled();
+const firstHeaderValue = (value)=>Array.isArray(value) ? value[0] : value;
+const findHeaderKey = (headers, header)=>{
+    const normalized = header.toLowerCase();
+    return Object.keys(headers).find((key)=>key.toLowerCase() === normalized);
+};
+const readHeader = (headers, header)=>{
+    const key = findHeaderKey(headers, header);
+    return 'string' == typeof key ? headers[key] : void 0;
+};
+const writeHeader = (headers, header, value)=>{
+    if (void 0 === value) return;
+    const key = findHeaderKey(headers, header);
+    if ('string' == typeof key && key !== header) delete headers[key];
+    headers[header] = value;
+};
+const deleteHeader = (headers, header)=>{
+    const key = findHeaderKey(headers, header);
+    if ('string' == typeof key) delete headers[key];
+};
+const toOrigin = (value)=>{
+    if (!value) return;
+    try {
+        return new URL(value).origin;
+    } catch (error) {
+        return;
+    }
+};
+const parseTraceparent = (value)=>{
+    const traceparent = firstHeaderValue(value);
+    if ('string' != typeof traceparent) return;
+    const match = traceparent.trim().match(TRACEPARENT_REGEX);
+    if (!match) return;
+    const [, traceId, spanId] = match;
+    if (!traceId || !spanId) return;
+    return {
+        traceId: traceId.toLowerCase(),
+        spanId: spanId.toLowerCase()
+    };
+};
+const extractPathParamNames = (path)=>Array.from(path.matchAll(/:([A-Za-z0-9_]+)/g)).flatMap(([, key])=>key ? [
+            key
+        ] : []);
+const originFetch = (...params)=>{
+    const [url, init] = params;
+    if (init?.method?.toLowerCase() === 'get') init.body = void 0;
+    return fetch(url, init).then(handleRes);
+};
+const buildOperationContext = ({ requestId, method, path, operationContext, traceparent })=>{
+    const routePath = operationContext?.routePath || path;
+    const operationMethod = (operationContext?.method || method || 'GET').toUpperCase();
+    const rawOperationId = operationContext?.operationId || `${operationMethod}:${routePath}`;
+    const operationId = rawOperationId.startsWith(`${requestId}:`) ? rawOperationId : `${requestId}:${rawOperationId}`;
+    const traceparentValue = operationContext?.traceparent || ('string' == typeof firstHeaderValue(traceparent) ? String(firstHeaderValue(traceparent)) : void 0);
+    const parsedTraceContext = operationContext?.traceId && operationContext?.spanId ? {
+        traceId: operationContext.traceId,
+        spanId: operationContext.spanId
+    } : parseTraceparent(traceparentValue);
+    return {
+        requestId,
+        operationId,
+        routePath,
+        method: operationMethod,
+        ...operationContext?.schemaHash ? {
+            schemaHash: operationContext.schemaHash
+        } : {},
+        ...'number' == typeof operationContext?.operationVersion ? {
+            operationVersion: operationContext.operationVersion
+        } : {},
+        ...traceparentValue ? {
+            traceparent: traceparentValue
+        } : {},
+        ...parsedTraceContext ? {
+            traceId: parsedTraceContext.traceId,
+            spanId: parsedTraceContext.spanId
+        } : {}
+    };
+};
+class ProducerClientNotInitializedError extends Error {
+    constructor(requestId){
+        super(`Producer client "${requestId}" is not initialized. Call initProducerClient() (or configure()) before using generated APIs for this requestId.`), this.code = 'BFF_PRODUCER_CLIENT_NOT_INITIALIZED';
+        this.name = 'ProducerClientNotInitializedError';
+    }
+}
+class ProducerDomainNotConfiguredError extends Error {
+    constructor(requestId){
+        super(`Producer client "${requestId}" must provide setDomain() during configure().`), this.code = 'BFF_PRODUCER_DOMAIN_NOT_CONFIGURED';
+        this.name = 'ProducerDomainNotConfiguredError';
+    }
+}
+class CrossOriginEnvelopePolicyError extends Error {
+    constructor(requestId, sourceOrigin, targetOrigin){
+        super(`Cross-origin envelope is not allowed for producer "${requestId}" (${sourceOrigin || 'unknown-origin'} -> ${targetOrigin || 'unknown-origin'}). Configure allowCrossOriginEnvelope to explicitly allow this flow.`), this.code = 'BFF_CROSS_ORIGIN_ENVELOPE_NOT_ALLOWED';
+        this.name = 'CrossOriginEnvelopePolicyError';
+    }
+}
+class IdentityBindingViolationError extends Error {
+    constructor(violation){
+        super(`Identity header "${violation.header}" for producer "${violation.requestId}" was rejected by server-derived identity binding.`), this.code = 'BFF_IDENTITY_BINDING_VIOLATION';
+        this.name = 'IdentityBindingViolationError';
+        this.violation = violation;
+    }
+}
+class OperationContractViolationError extends Error {
+    constructor(violation){
+        super(`Operation contract violation "${violation.reason}" for producer "${violation.requestId}" operation "${violation.operationId}".`), this.code = 'BFF_OPERATION_CONTRACT_VIOLATION';
+        this.name = 'OperationContractViolationError';
+        this.violation = violation;
+    }
+}
+const validateOperationContract = (requestId, contextPayload)=>{
+    const operationContract = realOperationContract.get(requestId);
+    const operationContractEnabled = operationContract?.enabled ?? isSecuredRequestId(requestId);
+    if (!operationContractEnabled) return;
+    const strict = operationContract?.strict ?? true;
+    const requireSchemaHash = operationContract?.requireSchemaHash ?? true;
+    const requireOperationVersion = operationContract?.requireOperationVersion ?? true;
+    const maybeReportViolation = (reason)=>{
+        const violation = {
+            requestId,
+            target: 'browser',
+            operationId: contextPayload.operationId,
+            routePath: contextPayload.routePath,
+            method: contextPayload.method,
+            schemaHash: 'string' == typeof contextPayload.schemaHash ? contextPayload.schemaHash : void 0,
+            operationVersion: 'number' == typeof contextPayload.operationVersion ? contextPayload.operationVersion : void 0,
+            reason
+        };
+        operationContract?.onViolation?.(violation);
+        if (strict) throw new OperationContractViolationError(violation);
+    };
+    if (requireSchemaHash && 'string' != typeof contextPayload.schemaHash) maybeReportViolation('missing_schema_hash');
+    if (requireOperationVersion && 'number' != typeof contextPayload.operationVersion) maybeReportViolation('missing_operation_version');
+};
+const getConfiguredRequest = (requestId, fallback)=>{
+    const configuredRequest = realRequest.get(requestId);
+    if (configuredRequest) return configuredRequest;
+    if ('default' !== requestId) throw new ProducerClientNotInitializedError(requestId);
+    return fallback;
+};
+const configure = (options)=>{
+    const { request, interceptor, allowedHeaders, transport, requireEnvelope, allowCrossOriginEnvelope, identityBinding, operationContract, setDomain, requestId = 'default' } = options;
+    const hasExistingDomain = domainMap.has(requestId);
+    if ('default' !== requestId && !setDomain && !hasExistingDomain) throw new ProducerDomainNotConfiguredError(requestId);
+    let configuredRequest = request || originFetch;
+    if (interceptor && !request) configuredRequest = interceptor(fetch);
+    if (Array.isArray(allowedHeaders)) realAllowedHeaders.set(requestId, allowedHeaders);
+    if (transport && 'object' == typeof transport) realTransportResilience.set(requestId, transport);
+    if (identityBinding && 'object' == typeof identityBinding) realIdentityBinding.set(requestId, identityBinding);
+    if (operationContract && 'object' == typeof operationContract) realOperationContract.set(requestId, operationContract);
+    if ('boolean' == typeof requireEnvelope) realRequireEnvelope.set(requestId, requireEnvelope);
+    if ('boolean' == typeof allowCrossOriginEnvelope || 'function' == typeof allowCrossOriginEnvelope) realAllowCrossOriginEnvelope.set(requestId, allowCrossOriginEnvelope);
+    if (setDomain) {
+        const resolvedDomain = setDomain({
+            target: 'browser',
+            requestId
+        });
+        if ('default' !== requestId && isEmptyDomain(resolvedDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+        if ('string' == typeof resolvedDomain) domainMap.set(requestId, resolvedDomain);
+    }
+    realRequest.set(requestId, configuredRequest);
+};
+const normalizeRequestOptions = (...args)=>{
+    if ('object' == typeof args[0] && null !== args[0]) return args[0];
+    const [path, method, port, httpMethodDecider, fetch1, requestId, operationContext] = args;
+    return {
+        path,
+        method,
+        port,
+        httpMethodDecider,
+        fetch: fetch1,
+        requestId,
+        operationContext
+    };
+};
+const createRequest = (...args)=>{
+    const { path, method, port, httpMethodDecider = 'functionName', fetch: fetch1 = originFetch, domain, requestId = 'default', operationContext } = normalizeRequestOptions(...args);
+    const getFinalPath = compile(path, {
+        encode: encodeURIComponent
+    });
+    const keyNames = extractPathParamNames(path);
+    const sender = async (...args)=>{
+        const fetcher = getConfiguredRequest(requestId, fetch1);
+        let body;
+        let finalURL;
+        let headers;
+        if ('inputParams' === httpMethodDecider) {
+            finalURL = path;
+            body = JSON.stringify({
+                args
+            });
+            headers = {
+                'Content-Type': 'application/json'
+            };
+        } else {
+            const payload = 'object' == typeof args[args.length - 1] ? args[args.length - 1] : {};
+            payload.params = payload.params || {};
+            const requestParams = args[0];
+            if ('object' == typeof requestParams && requestParams.params) {
+                const { params } = requestParams;
+                keyNames.forEach((keyName)=>{
+                    payload.params[keyName] = params[keyName];
+                });
+            } else keyNames.forEach((keyName, index)=>{
+                payload.params[keyName] = args[index];
+            });
+            const finalPath = getFinalPath(payload.params);
+            finalURL = payload.query ? `${finalPath}?${stringify(payload.query)}` : finalPath;
+            headers = payload.headers ? {
+                ...payload.headers
+            } : {};
+            const identityBinding = realIdentityBinding.get(requestId);
+            const identityBindingEnabled = identityBinding?.enabled ?? isSecuredRequestId(requestId);
+            const identityBindingStrict = identityBinding?.strict ?? isSecuredRequestId(requestId);
+            const protectedIdentityHeaders = (identityBinding?.protectedHeaders || BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS).map((header)=>header.toLowerCase());
+            if (identityBindingEnabled) {
+                const derivedIdentityHeaders = {};
+                const customDerivedHeaders = identityBinding?.deriveHeaders?.({
+                    requestId,
+                    target: 'browser',
+                    incomingHeaders: {},
+                    protectedHeaders: [
+                        ...protectedIdentityHeaders
+                    ]
+                });
+                if (customDerivedHeaders && 'object' == typeof customDerivedHeaders) for (const header of protectedIdentityHeaders){
+                    const customValue = readHeader(customDerivedHeaders, header);
+                    if (void 0 !== customValue) writeHeader(derivedIdentityHeaders, header, customValue);
+                }
+                for (const header of protectedIdentityHeaders){
+                    const attemptedValue = readHeader(headers, header);
+                    if (void 0 === attemptedValue) continue;
+                    const violation = {
+                        requestId,
+                        target: 'browser',
+                        header,
+                        attemptedValue,
+                        derivedValue: readHeader(derivedIdentityHeaders, header),
+                        reason: identityBindingStrict ? 'client_override_rejected' : 'client_override_blocked'
+                    };
+                    identityBinding?.onViolation?.(violation);
+                    if (identityBindingStrict) throw new IdentityBindingViolationError(violation);
+                    deleteHeader(headers, header);
+                }
+                Object.keys(derivedIdentityHeaders).forEach((header)=>{
+                    writeHeader(headers, header, derivedIdentityHeaders[header]);
+                });
+            }
+            body = payload.data && 'object' == typeof payload.data ? JSON.stringify(payload.data) : payload.body;
+            if (payload.data) {
+                headers['Content-Type'] = 'application/json';
+                body = 'object' == typeof payload.data ? JSON.stringify(payload.data) : payload.body;
+            } else if (payload.body) {
+                headers['Content-Type'] = 'text/plain';
+                body = payload.body;
+            } else if (payload.formData) body = payload.formData;
+            else if (payload.formUrlencoded) {
+                headers['Content-Type'] = 'application/x-www-form-urlencoded';
+                body = 'object' != typeof payload.formUrlencoded || payload.formUrlencoded instanceof URLSearchParams ? payload.formUrlencoded : stringify(payload.formUrlencoded);
+            }
+        }
+        headers.accept = "application/json,*/*;q=0.8";
+        const configDomain = domainMap.get(requestId);
+        if ('default' !== requestId && isEmptyDomain(configDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+        finalURL = `${configDomain || ''}${finalURL}`;
+        const shouldRequireEnvelope = realRequireEnvelope.get(requestId) ?? isSecuredRequestId(requestId);
+        if (shouldRequireEnvelope) {
+            const sourceOrigin = "u" > typeof window ? window.location.origin : void 0;
+            const targetOrigin = toOrigin(finalURL);
+            const traceContext = parseTraceparent(readHeader(headers, TRACEPARENT_HEADER));
+            const isCrossOrigin = Boolean(sourceOrigin) && Boolean(targetOrigin) && sourceOrigin !== targetOrigin;
+            if (isCrossOrigin) {
+                const policy = realAllowCrossOriginEnvelope.get(requestId);
+                const isAllowed = 'function' == typeof policy ? policy({
+                    requestId,
+                    sourceOrigin,
+                    targetOrigin,
+                    target: 'browser'
+                }) : true === policy;
+                if (!isAllowed) throw new CrossOriginEnvelopePolicyError(requestId, sourceOrigin, targetOrigin);
+            }
+            headers[BFF_ENVELOPE_HEADER] = JSON.stringify({
+                requestId,
+                target: 'browser',
+                timestamp: Date.now(),
+                sourceOrigin,
+                targetOrigin,
+                ...traceContext ? {
+                    traceId: traceContext.traceId,
+                    spanId: traceContext.spanId
+                } : {}
+            });
+        }
+        if (isSecuredRequestId(requestId)) {
+            if (void 0 === readHeader(headers, TRACEPARENT_HEADER) && operationContext?.traceparent) writeHeader(headers, TRACEPARENT_HEADER, operationContext.traceparent);
+            const contextPayload = buildOperationContext({
+                requestId,
+                method,
+                path,
+                operationContext,
+                traceparent: readHeader(headers, TRACEPARENT_HEADER)
+            });
+            validateOperationContract(requestId, contextPayload);
+            if (void 0 === readHeader(headers, BFF_OPERATION_CONTEXT_HEADER)) writeHeader(headers, BFF_OPERATION_CONTEXT_HEADER, contextPayload.operationId);
+            writeHeader(headers, OPERATION_CONTEXT_DETAIL_HEADER, JSON.stringify(contextPayload));
+        }
+        return executeWithResilience({
+            requestId,
+            target: 'browser',
+            method,
+            url: finalURL,
+            init: {
+                method,
+                body,
+                headers
+            },
+            fetcher,
+            transport: realTransportResilience.get(requestId)
+        });
+    };
+    return sender;
+};
+const createUploader = ({ path, domain, requestId = 'default' })=>{
+    const getFinalPath = compile(path, {
+        encode: encodeURIComponent
+    });
+    const sender = (...args)=>{
+        const fetcher = getConfiguredRequest(requestId, originFetch);
+        const { body, headers, params } = getUploadPayload(args);
+        const finalPath = getFinalPath(params);
+        const configDomain = domainMap.get(requestId);
+        const finalURL = `${configDomain || domain || ''}${finalPath}`;
+        return fetcher(finalURL, {
+            method: 'POST',
+            body,
+            headers
+        });
+    };
+    return sender;
+};
+export { CrossOriginEnvelopePolicyError, IdentityBindingViolationError, OperationContractViolationError, ProducerClientNotInitializedError, ProducerDomainNotConfiguredError, configure, createRequest, createUploader };

package/dist/esm-node/handleRes.mjs

@@ -0,0 +1,16 @@
+import "node:module";
+const handleRes = async (res)=>{
+    const contentType = res.headers.get('content-type');
+    if (!res.ok) {
+        const data = await res.json();
+        res.data = data;
+        throw res;
+    }
+    if (contentType?.includes('application/json') || contentType?.includes('text/json')) return res.json();
+    if (contentType?.includes('text/html') || contentType?.includes('text/plain')) return res.text();
+    if ((contentType?.includes('application/x-www-form-urlencoded') || contentType?.includes('multipart/form-data')) && res instanceof Response) return res.formData();
+    if (contentType?.includes('application/octet-stream')) return res.arrayBuffer();
+    if (contentType?.includes('image/png')) return res;
+    return res.text();
+};
+export { handleRes };