@bleedingdev/modern-js-create-request 3.2.0-ultramodern.120 → 3.2.0-ultramodern.121

package/dist/cjs/browser.js

@@ -3,9 +3,15 @@ var __webpack_modules__ = {
     "./handleRes" (module) {
         module.exports = require("./handleRes.js");
     },
+    "./policyCore" (module) {
+        module.exports = require("./policyCore.js");
+    },
     "./requestContext" (module) {
         module.exports = require("./requestContext.js");
     },
+    "./traceparent" (module) {
+        module.exports = require("./traceparent.js");
+    },
     "./transport" (module) {
         module.exports = require("./transport.js");
     },
@@ -72,12 +78,27 @@ var __webpack_exports__ = {};
     var path_to_regexp__rspack_import_0 = __webpack_require__("path-to-regexp");
     var qs__rspack_import_1 = __webpack_require__("qs");
     var _handleRes__rspack_import_2 = __webpack_require__("./handleRes");
-    var _transport__rspack_import_3 = __webpack_require__("./transport");
-    var _types__rspack_import_4 = __webpack_require__("./types");
-    var _utiles__rspack_import_5 = __webpack_require__("./utiles");
-    var _requestContext__rspack_import_6 = __webpack_require__("./requestContext");
+    var _policyCore__rspack_import_3 = __webpack_require__("./policyCore");
+    var _transport__rspack_import_4 = __webpack_require__("./transport");
+    var _types__rspack_import_5 = __webpack_require__("./types");
+    var _utiles__rspack_import_6 = __webpack_require__("./utiles");
+    var _requestContext__rspack_import_7 = __webpack_require__("./requestContext");
+    var __rspack_reexport = {};
+    for(const __rspack_import_key in _requestContext__rspack_import_7)if ([
+        "IdentityBindingViolationError",
+        "configure",
+        "OperationContractViolationError",
+        "default",
+        "ProducerClientNotInitializedError",
+        "ProducerDomainNotConfiguredError",
+        "createUploader",
+        "CrossOriginEnvelopePolicyError",
+        "createRequest"
+    ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_requestContext__rspack_import_7[__rspack_import_key];
+    __webpack_require__.d(__webpack_exports__, __rspack_reexport);
+    var _traceparent__rspack_import_8 = __webpack_require__("./traceparent");
     var __rspack_reexport = {};
-    for(const __rspack_import_key in _requestContext__rspack_import_6)if ([
+    for(const __rspack_import_key in _traceparent__rspack_import_8)if ([
         "IdentityBindingViolationError",
         "configure",
         "OperationContractViolationError",
@@ -87,10 +108,10 @@ var __webpack_exports__ = {};
         "createUploader",
         "CrossOriginEnvelopePolicyError",
         "createRequest"
-    ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_requestContext__rspack_import_6[__rspack_import_key];
+    ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_traceparent__rspack_import_8[__rspack_import_key];
     __webpack_require__.d(__webpack_exports__, __rspack_reexport);
     var __rspack_reexport = {};
-    for(const __rspack_import_key in _types__rspack_import_4)if ([
+    for(const __rspack_import_key in _types__rspack_import_5)if ([
         "IdentityBindingViolationError",
         "configure",
         "OperationContractViolationError",
@@ -100,7 +121,7 @@ var __webpack_exports__ = {};
         "createUploader",
         "CrossOriginEnvelopePolicyError",
         "createRequest"
-    ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_types__rspack_import_4[__rspack_import_key];
+    ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_types__rspack_import_5[__rspack_import_key];
     __webpack_require__.d(__webpack_exports__, __rspack_reexport);
     const realRequest = new Map();
     const realAllowedHeaders = new Map();
@@ -110,159 +131,43 @@ var __webpack_exports__ = {};
     const realIdentityBinding = new Map();
     const realOperationContract = new Map();
     const domainMap = new Map();
-    const isEmptyDomain = (domain)=>'string' != typeof domain || '' === domain.trim();
-    const TRACEPARENT_HEADER = 'traceparent';
-    const OPERATION_CONTEXT_DETAIL_HEADER = _types__rspack_import_4.BFF_OPERATION_CONTEXT_DETAIL_HEADER;
-    const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-[0-9a-f]{2}$/i;
-    const readProcessEnv = (key)=>{
-        if ("u" < typeof process || void 0 === process.env || 'string' != typeof process.env[key]) return;
-        return process.env[key];
-    };
-    const isStrictDefaultRequestIdEnabled = ()=>'true' === readProcessEnv('MODERN_BFF_STRICT_DEFAULT_REQUEST_ID');
-    const isSecuredRequestId = (requestId)=>'default' !== requestId || isStrictDefaultRequestIdEnabled();
-    const firstHeaderValue = (value)=>Array.isArray(value) ? value[0] : value;
-    const findHeaderKey = (headers, header)=>{
-        const normalized = header.toLowerCase();
-        return Object.keys(headers).find((key)=>key.toLowerCase() === normalized);
-    };
-    const readHeader = (headers, header)=>{
-        const key = findHeaderKey(headers, header);
-        return 'string' == typeof key ? headers[key] : void 0;
-    };
-    const writeHeader = (headers, header, value)=>{
-        if (void 0 === value) return;
-        const key = findHeaderKey(headers, header);
-        if ('string' == typeof key && key !== header) delete headers[key];
-        headers[header] = value;
-    };
-    const deleteHeader = (headers, header)=>{
-        const key = findHeaderKey(headers, header);
-        if ('string' == typeof key) delete headers[key];
-    };
-    const toOrigin = (value)=>{
-        if (!value) return;
-        try {
-            return new URL(value).origin;
-        } catch (error) {
-            return;
-        }
-    };
-    const parseTraceparent = (value)=>{
-        const traceparent = firstHeaderValue(value);
-        if ('string' != typeof traceparent) return;
-        const match = traceparent.trim().match(TRACEPARENT_REGEX);
-        if (!match) return;
-        const [, traceId, spanId] = match;
-        if (!traceId || !spanId) return;
-        return {
-            traceId: traceId.toLowerCase(),
-            spanId: spanId.toLowerCase()
-        };
-    };
-    const extractPathParamNames = (path)=>Array.from(path.matchAll(/:([A-Za-z0-9_]+)/g)).flatMap(([, key])=>key ? [
-                key
-            ] : []);
+    const OPERATION_CONTEXT_DETAIL_HEADER = _types__rspack_import_5.BFF_OPERATION_CONTEXT_DETAIL_HEADER;
+    const resolveBrowserOrigin = ()=>"u" > typeof window ? window.location.origin : void 0;
     const originFetch = (...params)=>{
         const [url, init] = params;
         if (init?.method?.toLowerCase() === 'get') init.body = void 0;
         return fetch(url, init).then(_handleRes__rspack_import_2.handleRes);
     };
-    const buildOperationContext = ({ requestId, method, path, operationContext, traceparent })=>{
-        const routePath = operationContext?.routePath || path;
-        const operationMethod = (operationContext?.method || method || 'GET').toUpperCase();
-        const rawOperationId = operationContext?.operationId || `${operationMethod}:${routePath}`;
-        const operationId = rawOperationId.startsWith(`${requestId}:`) ? rawOperationId : `${requestId}:${rawOperationId}`;
-        const traceparentValue = operationContext?.traceparent || ('string' == typeof firstHeaderValue(traceparent) ? String(firstHeaderValue(traceparent)) : void 0);
-        const parsedTraceContext = operationContext?.traceId && operationContext?.spanId ? {
-            traceId: operationContext.traceId,
-            spanId: operationContext.spanId
-        } : parseTraceparent(traceparentValue);
-        return {
+    const attachEnvelopeHeaderIfRequired = (headers, requestId, finalURL)=>{
+        const shouldRequireEnvelope = realRequireEnvelope.get(requestId) ?? (0, _policyCore__rspack_import_3.isSecuredRequestId)(requestId);
+        if (!shouldRequireEnvelope) return;
+        headers[_types__rspack_import_5.BFF_ENVELOPE_HEADER] = (0, _policyCore__rspack_import_3.buildEnvelopeHeaderValue)({
             requestId,
-            operationId,
-            routePath,
-            method: operationMethod,
-            ...operationContext?.schemaHash ? {
-                schemaHash: operationContext.schemaHash
-            } : {},
-            ...'number' == typeof operationContext?.operationVersion ? {
-                operationVersion: operationContext.operationVersion
-            } : {},
-            ...traceparentValue ? {
-                traceparent: traceparentValue
-            } : {},
-            ...parsedTraceContext ? {
-                traceId: parsedTraceContext.traceId,
-                spanId: parsedTraceContext.spanId
-            } : {}
-        };
-    };
-    class ProducerClientNotInitializedError extends Error {
-        constructor(requestId){
-            super(`Producer client "${requestId}" is not initialized. Call initProducerClient() (or configure()) before using generated APIs for this requestId.`), this.code = 'BFF_PRODUCER_CLIENT_NOT_INITIALIZED';
-            this.name = 'ProducerClientNotInitializedError';
-        }
-    }
-    class ProducerDomainNotConfiguredError extends Error {
-        constructor(requestId){
-            super(`Producer client "${requestId}" must provide setDomain() during configure().`), this.code = 'BFF_PRODUCER_DOMAIN_NOT_CONFIGURED';
-            this.name = 'ProducerDomainNotConfiguredError';
-        }
-    }
-    class CrossOriginEnvelopePolicyError extends Error {
-        constructor(requestId, sourceOrigin, targetOrigin){
-            super(`Cross-origin envelope is not allowed for producer "${requestId}" (${sourceOrigin || 'unknown-origin'} -> ${targetOrigin || 'unknown-origin'}). Configure allowCrossOriginEnvelope to explicitly allow this flow.`), this.code = 'BFF_CROSS_ORIGIN_ENVELOPE_NOT_ALLOWED';
-            this.name = 'CrossOriginEnvelopePolicyError';
-        }
-    }
-    class IdentityBindingViolationError extends Error {
-        constructor(violation){
-            super(`Identity header "${violation.header}" for producer "${violation.requestId}" was rejected by server-derived identity binding.`), this.code = 'BFF_IDENTITY_BINDING_VIOLATION';
-            this.name = 'IdentityBindingViolationError';
-            this.violation = violation;
-        }
-    }
-    class OperationContractViolationError extends Error {
-        constructor(violation){
-            super(`Operation contract violation "${violation.reason}" for producer "${violation.requestId}" operation "${violation.operationId}".`), this.code = 'BFF_OPERATION_CONTRACT_VIOLATION';
-            this.name = 'OperationContractViolationError';
-            this.violation = violation;
-        }
-    }
-    const validateOperationContract = (requestId, contextPayload)=>{
-        const operationContract = realOperationContract.get(requestId);
-        const operationContractEnabled = operationContract?.enabled ?? isSecuredRequestId(requestId);
-        if (!operationContractEnabled) return;
-        const strict = operationContract?.strict ?? true;
-        const requireSchemaHash = operationContract?.requireSchemaHash ?? true;
-        const requireOperationVersion = operationContract?.requireOperationVersion ?? true;
-        const maybeReportViolation = (reason)=>{
-            const violation = {
-                requestId,
-                target: 'browser',
-                operationId: contextPayload.operationId,
-                routePath: contextPayload.routePath,
-                method: contextPayload.method,
-                schemaHash: 'string' == typeof contextPayload.schemaHash ? contextPayload.schemaHash : void 0,
-                operationVersion: 'number' == typeof contextPayload.operationVersion ? contextPayload.operationVersion : void 0,
-                reason
-            };
-            operationContract?.onViolation?.(violation);
-            if (strict) throw new OperationContractViolationError(violation);
-        };
-        if (requireSchemaHash && 'string' != typeof contextPayload.schemaHash) maybeReportViolation('missing_schema_hash');
-        if (requireOperationVersion && 'number' != typeof contextPayload.operationVersion) maybeReportViolation('missing_operation_version');
+            target: 'browser',
+            sourceOrigin: resolveBrowserOrigin(),
+            targetOrigin: (0, _policyCore__rspack_import_3.toOrigin)(finalURL),
+            traceContext: (0, _policyCore__rspack_import_3.parseTraceparentValue)((0, _policyCore__rspack_import_3.readHeader)(headers, _policyCore__rspack_import_3.TRACEPARENT_HEADER)),
+            allowCrossOriginEnvelope: realAllowCrossOriginEnvelope.get(requestId)
+        });
     };
-    const getConfiguredRequest = (requestId, fallback)=>{
-        const configuredRequest = realRequest.get(requestId);
-        if (configuredRequest) return configuredRequest;
-        if ('default' !== requestId) throw new ProducerClientNotInitializedError(requestId);
-        return fallback;
+    const attachSecuredOperationHeaders = (headers, requestId, method, path, operationContext)=>{
+        if (!(0, _policyCore__rspack_import_3.isSecuredRequestId)(requestId)) return;
+        (0, _policyCore__rspack_import_3.attachOperationContextHeaders)({
+            headers,
+            requestId,
+            target: 'browser',
+            method,
+            path,
+            operationContext,
+            operationContract: realOperationContract.get(requestId),
+            operationContextHeader: _types__rspack_import_5.BFF_OPERATION_CONTEXT_HEADER,
+            operationContextDetailHeader: OPERATION_CONTEXT_DETAIL_HEADER
+        });
     };
     const configure = (options)=>{
         const { request, interceptor, allowedHeaders, transport, requireEnvelope, allowCrossOriginEnvelope, identityBinding, operationContract, setDomain, requestId = 'default' } = options;
         const hasExistingDomain = domainMap.has(requestId);
-        if ('default' !== requestId && !setDomain && !hasExistingDomain) throw new ProducerDomainNotConfiguredError(requestId);
+        if ('default' !== requestId && !setDomain && !hasExistingDomain) throw new _policyCore__rspack_import_3.ProducerDomainNotConfiguredError(requestId);
         let configuredRequest = request || originFetch;
         if (interceptor && !request) configuredRequest = interceptor(fetch);
         if (Array.isArray(allowedHeaders)) realAllowedHeaders.set(requestId, allowedHeaders);
@@ -276,7 +181,7 @@ var __webpack_exports__ = {};
                 target: 'browser',
                 requestId
             });
-            if ('default' !== requestId && isEmptyDomain(resolvedDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+            if ('default' !== requestId && (0, _policyCore__rspack_import_3.isEmptyDomain)(resolvedDomain)) throw new _policyCore__rspack_import_3.ProducerDomainNotConfiguredError(requestId);
             if ('string' == typeof resolvedDomain) domainMap.set(requestId, resolvedDomain);
         }
         realRequest.set(requestId, configuredRequest);
@@ -299,9 +204,9 @@ var __webpack_exports__ = {};
         const getFinalPath = (0, path_to_regexp__rspack_import_0.compile)(path, {
             encode: encodeURIComponent
         });
-        const keyNames = extractPathParamNames(path);
+        const keyNames = (0, _policyCore__rspack_import_3.extractPathParamNames)(path);
         const sender = async (...args)=>{
-            const fetcher = getConfiguredRequest(requestId, fetch1);
+            const fetcher = (0, _policyCore__rspack_import_3.resolveConfiguredRequest)(realRequest, requestId, fetch1);
             let body;
             let finalURL;
             let headers;
@@ -331,9 +236,9 @@ var __webpack_exports__ = {};
                     ...payload.headers
                 } : {};
                 const identityBinding = realIdentityBinding.get(requestId);
-                const identityBindingEnabled = identityBinding?.enabled ?? isSecuredRequestId(requestId);
-                const identityBindingStrict = identityBinding?.strict ?? isSecuredRequestId(requestId);
-                const protectedIdentityHeaders = (identityBinding?.protectedHeaders || _types__rspack_import_4.BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS).map((header)=>header.toLowerCase());
+                const identityBindingEnabled = identityBinding?.enabled ?? (0, _policyCore__rspack_import_3.isSecuredRequestId)(requestId);
+                const identityBindingStrict = identityBinding?.strict ?? (0, _policyCore__rspack_import_3.isSecuredRequestId)(requestId);
+                const protectedIdentityHeaders = (identityBinding?.protectedHeaders || _types__rspack_import_5.BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS).map((header)=>header.toLowerCase());
                 if (identityBindingEnabled) {
                     const derivedIdentityHeaders = {};
                     const customDerivedHeaders = identityBinding?.deriveHeaders?.({
@@ -345,26 +250,26 @@ var __webpack_exports__ = {};
                         ]
                     });
                     if (customDerivedHeaders && 'object' == typeof customDerivedHeaders) for (const header of protectedIdentityHeaders){
-                        const customValue = readHeader(customDerivedHeaders, header);
-                        if (void 0 !== customValue) writeHeader(derivedIdentityHeaders, header, customValue);
+                        const customValue = (0, _policyCore__rspack_import_3.readHeader)(customDerivedHeaders, header);
+                        if (void 0 !== customValue) (0, _policyCore__rspack_import_3.writeHeader)(derivedIdentityHeaders, header, customValue);
                     }
                     for (const header of protectedIdentityHeaders){
-                        const attemptedValue = readHeader(headers, header);
+                        const attemptedValue = (0, _policyCore__rspack_import_3.readHeader)(headers, header);
                         if (void 0 === attemptedValue) continue;
                         const violation = {
                             requestId,
                             target: 'browser',
                             header,
                             attemptedValue,
-                            derivedValue: readHeader(derivedIdentityHeaders, header),
+                            derivedValue: (0, _policyCore__rspack_import_3.readHeader)(derivedIdentityHeaders, header),
                             reason: identityBindingStrict ? 'client_override_rejected' : 'client_override_blocked'
                         };
                         identityBinding?.onViolation?.(violation);
-                        if (identityBindingStrict) throw new IdentityBindingViolationError(violation);
-                        deleteHeader(headers, header);
+                        if (identityBindingStrict) throw new _policyCore__rspack_import_3.IdentityBindingViolationError(violation);
+                        (0, _policyCore__rspack_import_3.deleteHeader)(headers, header);
                     }
                     Object.keys(derivedIdentityHeaders).forEach((header)=>{
-                        writeHeader(headers, header, derivedIdentityHeaders[header]);
+                        (0, _policyCore__rspack_import_3.writeHeader)(headers, header, derivedIdentityHeaders[header]);
                     });
                 }
                 body = payload.data && 'object' == typeof payload.data ? JSON.stringify(payload.data) : payload.body;
@@ -382,50 +287,11 @@ var __webpack_exports__ = {};
             }
             headers.accept = "application/json,*/*;q=0.8";
             const configDomain = domainMap.get(requestId);
-            if ('default' !== requestId && isEmptyDomain(configDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+            if ('default' !== requestId && (0, _policyCore__rspack_import_3.isEmptyDomain)(configDomain)) throw new _policyCore__rspack_import_3.ProducerDomainNotConfiguredError(requestId);
             finalURL = `${configDomain || ''}${finalURL}`;
-            const shouldRequireEnvelope = realRequireEnvelope.get(requestId) ?? isSecuredRequestId(requestId);
-            if (shouldRequireEnvelope) {
-                const sourceOrigin = "u" > typeof window ? window.location.origin : void 0;
-                const targetOrigin = toOrigin(finalURL);
-                const traceContext = parseTraceparent(readHeader(headers, TRACEPARENT_HEADER));
-                const isCrossOrigin = Boolean(sourceOrigin) && Boolean(targetOrigin) && sourceOrigin !== targetOrigin;
-                if (isCrossOrigin) {
-                    const policy = realAllowCrossOriginEnvelope.get(requestId);
-                    const isAllowed = 'function' == typeof policy ? policy({
-                        requestId,
-                        sourceOrigin,
-                        targetOrigin,
-                        target: 'browser'
-                    }) : true === policy;
-                    if (!isAllowed) throw new CrossOriginEnvelopePolicyError(requestId, sourceOrigin, targetOrigin);
-                }
-                headers[_types__rspack_import_4.BFF_ENVELOPE_HEADER] = JSON.stringify({
-                    requestId,
-                    target: 'browser',
-                    timestamp: Date.now(),
-                    sourceOrigin,
-                    targetOrigin,
-                    ...traceContext ? {
-                        traceId: traceContext.traceId,
-                        spanId: traceContext.spanId
-                    } : {}
-                });
-            }
-            if (isSecuredRequestId(requestId)) {
-                if (void 0 === readHeader(headers, TRACEPARENT_HEADER) && operationContext?.traceparent) writeHeader(headers, TRACEPARENT_HEADER, operationContext.traceparent);
-                const contextPayload = buildOperationContext({
-                    requestId,
-                    method,
-                    path,
-                    operationContext,
-                    traceparent: readHeader(headers, TRACEPARENT_HEADER)
-                });
-                validateOperationContract(requestId, contextPayload);
-                if (void 0 === readHeader(headers, _types__rspack_import_4.BFF_OPERATION_CONTEXT_HEADER)) writeHeader(headers, _types__rspack_import_4.BFF_OPERATION_CONTEXT_HEADER, contextPayload.operationId);
-                writeHeader(headers, OPERATION_CONTEXT_DETAIL_HEADER, JSON.stringify(contextPayload));
-            }
-            return (0, _transport__rspack_import_3.executeWithResilience)({
+            attachEnvelopeHeaderIfRequired(headers, requestId, finalURL);
+            attachSecuredOperationHeaders(headers, requestId, method, path, operationContext);
+            return (0, _transport__rspack_import_4.executeWithResilience)({
                 requestId,
                 target: 'browser',
                 method,
@@ -441,16 +307,21 @@ var __webpack_exports__ = {};
         };
         return sender;
     };
-    const createUploader = ({ path, domain, requestId = 'default' })=>{
+    const createUploader = ({ path, domain, requestId = 'default', operationContext })=>{
         const getFinalPath = (0, path_to_regexp__rspack_import_0.compile)(path, {
             encode: encodeURIComponent
         });
         const sender = (...args)=>{
-            const fetcher = getConfiguredRequest(requestId, originFetch);
-            const { body, headers, params } = (0, _utiles__rspack_import_5.getUploadPayload)(args);
+            const fetcher = (0, _policyCore__rspack_import_3.resolveConfiguredRequest)(realRequest, requestId, originFetch);
+            const { body, headers: uploadHeaders, params } = (0, _utiles__rspack_import_6.getUploadPayload)(args);
+            const headers = {
+                ...uploadHeaders
+            };
             const finalPath = getFinalPath(params);
             const configDomain = domainMap.get(requestId);
             const finalURL = `${configDomain || domain || ''}${finalPath}`;
+            attachEnvelopeHeaderIfRequired(headers, requestId, finalURL);
+            attachSecuredOperationHeaders(headers, requestId, 'POST', path, operationContext);
             return fetcher(finalURL, {
                 method: 'POST',
                 body,
@@ -460,11 +331,11 @@ var __webpack_exports__ = {};
         return sender;
     };
     __webpack_require__.d(__webpack_exports__, {
-        CrossOriginEnvelopePolicyError: ()=>CrossOriginEnvelopePolicyError,
-        IdentityBindingViolationError: ()=>IdentityBindingViolationError,
-        OperationContractViolationError: ()=>OperationContractViolationError,
-        ProducerClientNotInitializedError: ()=>ProducerClientNotInitializedError,
-        ProducerDomainNotConfiguredError: ()=>ProducerDomainNotConfiguredError
+        CrossOriginEnvelopePolicyError: ()=>_policyCore__rspack_import_3.CrossOriginEnvelopePolicyError,
+        IdentityBindingViolationError: ()=>_policyCore__rspack_import_3.IdentityBindingViolationError,
+        OperationContractViolationError: ()=>_policyCore__rspack_import_3.OperationContractViolationError,
+        ProducerClientNotInitializedError: ()=>_policyCore__rspack_import_3.ProducerClientNotInitializedError,
+        ProducerDomainNotConfiguredError: ()=>_policyCore__rspack_import_3.ProducerDomainNotConfiguredError
     }, {
         configure: configure,
         createRequest: createRequest,