@bleedingdev/modern-js-create-request 3.2.0-ultramodern.99 → 3.4.0-ultramodern.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/dist/cjs/browser.js +100 -224
  2. package/dist/cjs/handleRes.js +12 -8
  3. package/dist/cjs/node.js +118 -234
  4. package/dist/cjs/policyCore.js +275 -0
  5. package/dist/cjs/qs.js +9 -5
  6. package/dist/cjs/requestContext.js +11 -18
  7. package/dist/cjs/traceparent.js +56 -0
  8. package/dist/cjs/transport.js +12 -8
  9. package/dist/cjs/types.js +15 -11
  10. package/dist/cjs/utiles.js +12 -8
  11. package/dist/esm/browser.mjs +37 -185
  12. package/dist/esm/node.mjs +44 -184
  13. package/dist/esm/policyCore.mjs +174 -0
  14. package/dist/esm/requestContext.mjs +1 -12
  15. package/dist/esm/traceparent.mjs +18 -0
  16. package/dist/esm-node/browser.mjs +37 -185
  17. package/dist/esm-node/node.mjs +44 -184
  18. package/dist/esm-node/policyCore.mjs +175 -0
  19. package/dist/esm-node/requestContext.mjs +1 -12
  20. package/dist/esm-node/traceparent.mjs +19 -0
  21. package/dist/types/browser.d.ts +3 -23
  22. package/dist/types/node.d.ts +3 -23
  23. package/dist/types/policyCore.d.ts +108 -0
  24. package/dist/types/traceparent.d.ts +10 -0
  25. package/dist/types/types.d.ts +2 -1
  26. package/package.json +12 -9
package/dist/cjs/node.js CHANGED
@@ -3,9 +3,15 @@ var __webpack_modules__ = {
3
3
  "./handleRes" (module) {
4
4
  module.exports = require("./handleRes.js");
5
5
  },
6
+ "./policyCore" (module) {
7
+ module.exports = require("./policyCore.js");
8
+ },
6
9
  "./requestContext" (module) {
7
10
  module.exports = require("./requestContext.js");
8
11
  },
12
+ "./traceparent" (module) {
13
+ module.exports = require("./traceparent.js");
14
+ },
9
15
  "./transport" (module) {
10
16
  module.exports = require("./transport.js");
11
17
  },
@@ -45,11 +51,15 @@ function __webpack_require__(moduleId) {
45
51
  };
46
52
  })();
47
53
  (()=>{
48
- __webpack_require__.d = (exports1, definition)=>{
49
- for(var key in definition)if (__webpack_require__.o(definition, key) && !__webpack_require__.o(exports1, key)) Object.defineProperty(exports1, key, {
50
- enumerable: true,
51
- get: definition[key]
52
- });
54
+ __webpack_require__.d = (exports1, getters, values)=>{
55
+ var define = (defs, kind)=>{
56
+ for(var key in defs)if (__webpack_require__.o(defs, key) && !__webpack_require__.o(exports1, key)) Object.defineProperty(exports1, key, {
57
+ enumerable: true,
58
+ [kind]: defs[key]
59
+ });
60
+ };
61
+ define(getters, "get");
62
+ define(values, "value");
53
63
  };
54
64
  })();
55
65
  (()=>{
@@ -68,26 +78,17 @@ function __webpack_require__(moduleId) {
68
78
  var __webpack_exports__ = {};
69
79
  (()=>{
70
80
  __webpack_require__.r(__webpack_exports__);
71
- __webpack_require__.d(__webpack_exports__, {
72
- CrossOriginEnvelopePolicyError: ()=>CrossOriginEnvelopePolicyError,
73
- IdentityBindingViolationError: ()=>IdentityBindingViolationError,
74
- OperationContractViolationError: ()=>OperationContractViolationError,
75
- ProducerClientNotInitializedError: ()=>ProducerClientNotInitializedError,
76
- ProducerDomainNotConfiguredError: ()=>ProducerDomainNotConfiguredError,
77
- configure: ()=>configure,
78
- createRequest: ()=>createRequest,
79
- createUploader: ()=>createUploader
80
- });
81
81
  var _modern_js_runtime_utils_node__rspack_import_0 = __webpack_require__("@modern-js/runtime-utils/node");
82
82
  var path_to_regexp__rspack_import_1 = __webpack_require__("path-to-regexp");
83
83
  var qs__rspack_import_2 = __webpack_require__("qs");
84
84
  var _handleRes__rspack_import_3 = __webpack_require__("./handleRes");
85
- var _transport__rspack_import_4 = __webpack_require__("./transport");
86
- var _types__rspack_import_5 = __webpack_require__("./types");
87
- var _utiles__rspack_import_6 = __webpack_require__("./utiles");
88
- var _requestContext__rspack_import_7 = __webpack_require__("./requestContext");
85
+ var _policyCore__rspack_import_4 = __webpack_require__("./policyCore");
86
+ var _transport__rspack_import_5 = __webpack_require__("./transport");
87
+ var _types__rspack_import_6 = __webpack_require__("./types");
88
+ var _utiles__rspack_import_7 = __webpack_require__("./utiles");
89
+ var _requestContext__rspack_import_8 = __webpack_require__("./requestContext");
89
90
  var __rspack_reexport = {};
90
- for(const __rspack_import_key in _requestContext__rspack_import_7)if ([
91
+ for(const __rspack_import_key in _requestContext__rspack_import_8)if ([
91
92
  "IdentityBindingViolationError",
92
93
  "configure",
93
94
  "OperationContractViolationError",
@@ -97,10 +98,11 @@ var __webpack_exports__ = {};
97
98
  "createUploader",
98
99
  "CrossOriginEnvelopePolicyError",
99
100
  "createRequest"
100
- ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_requestContext__rspack_import_7[__rspack_import_key];
101
+ ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_requestContext__rspack_import_8[__rspack_import_key];
101
102
  __webpack_require__.d(__webpack_exports__, __rspack_reexport);
103
+ var _traceparent__rspack_import_9 = __webpack_require__("./traceparent");
102
104
  var __rspack_reexport = {};
103
- for(const __rspack_import_key in _types__rspack_import_5)if ([
105
+ for(const __rspack_import_key in _traceparent__rspack_import_9)if ([
104
106
  "IdentityBindingViolationError",
105
107
  "configure",
106
108
  "OperationContractViolationError",
@@ -110,7 +112,20 @@ var __webpack_exports__ = {};
110
112
  "createUploader",
111
113
  "CrossOriginEnvelopePolicyError",
112
114
  "createRequest"
113
- ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_types__rspack_import_5[__rspack_import_key];
115
+ ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_traceparent__rspack_import_9[__rspack_import_key];
116
+ __webpack_require__.d(__webpack_exports__, __rspack_reexport);
117
+ var __rspack_reexport = {};
118
+ for(const __rspack_import_key in _types__rspack_import_6)if ([
119
+ "IdentityBindingViolationError",
120
+ "configure",
121
+ "OperationContractViolationError",
122
+ "default",
123
+ "ProducerClientNotInitializedError",
124
+ "ProducerDomainNotConfiguredError",
125
+ "createUploader",
126
+ "CrossOriginEnvelopePolicyError",
127
+ "createRequest"
128
+ ].indexOf(__rspack_import_key) < 0) __rspack_reexport[__rspack_import_key] = ()=>_types__rspack_import_6[__rspack_import_key];
114
129
  __webpack_require__.d(__webpack_exports__, __rspack_reexport);
115
130
  const realRequest = new Map();
116
131
  const realAllowedHeaders = new Map();
@@ -121,163 +136,59 @@ var __webpack_exports__ = {};
121
136
  const realIdentityBinding = new Map();
122
137
  const realOperationContract = new Map();
123
138
  const domainMap = new Map();
124
- const isEmptyDomain = (domain)=>'string' != typeof domain || '' === domain.trim();
125
- const TRACEPARENT_HEADER = 'traceparent';
126
- const OPERATION_CONTEXT_DETAIL_HEADER = _types__rspack_import_5.BFF_OPERATION_CONTEXT_DETAIL_HEADER;
127
- const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-[0-9a-f]{2}$/i;
128
- const isStrictDefaultRequestIdEnabled = ()=>'true' === process.env.MODERN_BFF_STRICT_DEFAULT_REQUEST_ID;
129
- const isSecuredRequestId = (requestId)=>'default' !== requestId || isStrictDefaultRequestIdEnabled();
130
- const firstHeaderValue = (value)=>Array.isArray(value) ? value[0] : value;
131
- const findHeaderKey = (headers, header)=>{
132
- const normalized = header.toLowerCase();
133
- return Object.keys(headers).find((key)=>key.toLowerCase() === normalized);
134
- };
135
- const readHeader = (headers, header)=>{
136
- const key = findHeaderKey(headers, header);
137
- return 'string' == typeof key ? headers[key] : void 0;
138
- };
139
- const writeHeader = (headers, header, value)=>{
140
- if (void 0 === value) return;
141
- const key = findHeaderKey(headers, header);
142
- if ('string' == typeof key && key !== header) delete headers[key];
143
- headers[header] = value;
144
- };
145
- const deleteHeader = (headers, header)=>{
146
- const key = findHeaderKey(headers, header);
147
- if ('string' == typeof key) delete headers[key];
148
- };
149
- const toOrigin = (value)=>{
150
- if (!value) return;
151
- try {
152
- return new URL(value).origin;
153
- } catch (error) {
154
- return;
155
- }
156
- };
157
- const parseTraceparent = (value)=>{
158
- const traceparent = firstHeaderValue(value);
159
- if ('string' != typeof traceparent) return;
160
- const match = traceparent.trim().match(TRACEPARENT_REGEX);
161
- if (!match) return;
162
- const [, traceId, spanId] = match;
163
- if (!traceId || !spanId) return;
164
- return {
165
- traceId: traceId.toLowerCase(),
166
- spanId: spanId.toLowerCase()
167
- };
168
- };
139
+ const OPERATION_CONTEXT_DETAIL_HEADER = _types__rspack_import_6.BFF_OPERATION_CONTEXT_DETAIL_HEADER;
169
140
  const resolveSourceOrigin = (headers)=>{
170
- const origin = toOrigin(firstHeaderValue(headers.origin));
141
+ const origin = (0, _policyCore__rspack_import_4.toOrigin)((0, _policyCore__rspack_import_4.firstHeaderValue)(headers.origin));
171
142
  if (origin) return origin;
172
- const referer = toOrigin(firstHeaderValue(headers.referer));
143
+ const referer = (0, _policyCore__rspack_import_4.toOrigin)((0, _policyCore__rspack_import_4.firstHeaderValue)(headers.referer));
173
144
  if (referer) return referer;
174
- const host = firstHeaderValue(headers.host);
145
+ const host = (0, _policyCore__rspack_import_4.firstHeaderValue)(headers.host);
175
146
  if (!host) return;
176
- const proto = firstHeaderValue(headers['x-forwarded-proto']) || 'http';
147
+ const proto = (0, _policyCore__rspack_import_4.firstHeaderValue)(headers['x-forwarded-proto']) || 'http';
177
148
  return `${proto}://${host}`;
178
149
  };
179
- const extractPathParamNames = (path)=>Array.from(path.matchAll(/:([A-Za-z0-9_]+)/g)).map(([, key])=>key);
150
+ const readIncomingWebHeaders = ()=>{
151
+ try {
152
+ return _modern_js_runtime_utils_node__rspack_import_0.storage.useContext().headers || {};
153
+ } catch (error) {
154
+ return {};
155
+ }
156
+ };
180
157
  const originFetch = (...params)=>{
181
158
  const [, init] = params;
182
159
  if (init?.method?.toLowerCase() === 'get') init.body = void 0;
183
160
  return fetch(...params).then(_handleRes__rspack_import_3.handleRes);
184
161
  };
185
- const buildOperationContext = ({ requestId, method, path, operationContext, traceparent })=>{
186
- const routePath = operationContext?.routePath || path;
187
- const operationMethod = (operationContext?.method || method || 'GET').toUpperCase();
188
- const rawOperationId = operationContext?.operationId || `${operationMethod}:${routePath}`;
189
- const operationId = rawOperationId.startsWith(`${requestId}:`) ? rawOperationId : `${requestId}:${rawOperationId}`;
190
- const traceparentValue = operationContext?.traceparent || ('string' == typeof firstHeaderValue(traceparent) ? String(firstHeaderValue(traceparent)) : void 0);
191
- const parsedTraceContext = operationContext?.traceId && operationContext?.spanId ? {
192
- traceId: operationContext.traceId,
193
- spanId: operationContext.spanId
194
- } : parseTraceparent(traceparentValue);
195
- return {
162
+ const attachEnvelopeHeaderIfRequired = (headers, requestId, url, webRequestHeaders)=>{
163
+ const shouldRequireEnvelope = realRequireEnvelope.get(requestId) ?? (0, _policyCore__rspack_import_4.isSecuredRequestId)(requestId);
164
+ if (!shouldRequireEnvelope) return;
165
+ headers[_types__rspack_import_6.BFF_ENVELOPE_HEADER] = (0, _policyCore__rspack_import_4.buildEnvelopeHeaderValue)({
196
166
  requestId,
197
- operationId,
198
- routePath,
199
- method: operationMethod,
200
- ...operationContext?.schemaHash ? {
201
- schemaHash: operationContext.schemaHash
202
- } : {},
203
- ...'number' == typeof operationContext?.operationVersion ? {
204
- operationVersion: operationContext.operationVersion
205
- } : {},
206
- ...traceparentValue ? {
207
- traceparent: traceparentValue
208
- } : {},
209
- ...parsedTraceContext ? {
210
- traceId: parsedTraceContext.traceId,
211
- spanId: parsedTraceContext.spanId
212
- } : {}
213
- };
214
- };
215
- class ProducerClientNotInitializedError extends Error {
216
- constructor(requestId){
217
- super(`Producer client "${requestId}" is not initialized. Call initProducerClient() (or configure()) before using generated APIs for this requestId.`), this.code = 'BFF_PRODUCER_CLIENT_NOT_INITIALIZED';
218
- this.name = 'ProducerClientNotInitializedError';
219
- }
220
- }
221
- class ProducerDomainNotConfiguredError extends Error {
222
- constructor(requestId){
223
- super(`Producer client "${requestId}" must provide setDomain() during configure().`), this.code = 'BFF_PRODUCER_DOMAIN_NOT_CONFIGURED';
224
- this.name = 'ProducerDomainNotConfiguredError';
225
- }
226
- }
227
- class CrossOriginEnvelopePolicyError extends Error {
228
- constructor(requestId, sourceOrigin, targetOrigin){
229
- super(`Cross-origin envelope is not allowed for producer "${requestId}" (${sourceOrigin || 'unknown-origin'} -> ${targetOrigin || 'unknown-origin'}). Configure allowCrossOriginEnvelope to explicitly allow this flow.`), this.code = 'BFF_CROSS_ORIGIN_ENVELOPE_NOT_ALLOWED';
230
- this.name = 'CrossOriginEnvelopePolicyError';
231
- }
232
- }
233
- class IdentityBindingViolationError extends Error {
234
- constructor(violation){
235
- super(`Identity header "${violation.header}" for producer "${violation.requestId}" was rejected by server-derived identity binding.`), this.code = 'BFF_IDENTITY_BINDING_VIOLATION';
236
- this.name = 'IdentityBindingViolationError';
237
- this.violation = violation;
238
- }
239
- }
240
- class OperationContractViolationError extends Error {
241
- constructor(violation){
242
- super(`Operation contract violation "${violation.reason}" for producer "${violation.requestId}" operation "${violation.operationId}".`), this.code = 'BFF_OPERATION_CONTRACT_VIOLATION';
243
- this.name = 'OperationContractViolationError';
244
- this.violation = violation;
245
- }
246
- }
247
- const validateOperationContract = (requestId, contextPayload)=>{
248
- const operationContract = realOperationContract.get(requestId);
249
- const operationContractEnabled = operationContract?.enabled ?? isSecuredRequestId(requestId);
250
- if (!operationContractEnabled) return;
251
- const strict = operationContract?.strict ?? true;
252
- const requireSchemaHash = operationContract?.requireSchemaHash ?? true;
253
- const requireOperationVersion = operationContract?.requireOperationVersion ?? true;
254
- const maybeReportViolation = (reason)=>{
255
- const violation = {
256
- requestId,
257
- target: 'server',
258
- operationId: contextPayload.operationId,
259
- routePath: contextPayload.routePath,
260
- method: contextPayload.method,
261
- schemaHash: 'string' == typeof contextPayload.schemaHash ? contextPayload.schemaHash : void 0,
262
- operationVersion: 'number' == typeof contextPayload.operationVersion ? contextPayload.operationVersion : void 0,
263
- reason
264
- };
265
- operationContract?.onViolation?.(violation);
266
- if (strict) throw new OperationContractViolationError(violation);
267
- };
268
- if (requireSchemaHash && 'string' != typeof contextPayload.schemaHash) maybeReportViolation('missing_schema_hash');
269
- if (requireOperationVersion && 'number' != typeof contextPayload.operationVersion) maybeReportViolation('missing_operation_version');
167
+ target: 'server',
168
+ sourceOrigin: resolveSourceOrigin(webRequestHeaders),
169
+ targetOrigin: (0, _policyCore__rspack_import_4.toOrigin)(url),
170
+ traceContext: (0, _policyCore__rspack_import_4.parseTraceparentValue)((0, _policyCore__rspack_import_4.readHeader)(headers, _policyCore__rspack_import_4.TRACEPARENT_HEADER)),
171
+ allowCrossOriginEnvelope: realAllowCrossOriginEnvelope.get(requestId)
172
+ });
270
173
  };
271
- const getConfiguredRequest = (requestId, fallback)=>{
272
- const configuredRequest = realRequest.get(requestId);
273
- if (configuredRequest) return configuredRequest;
274
- if ('default' !== requestId) throw new ProducerClientNotInitializedError(requestId);
275
- return fallback;
174
+ const attachSecuredOperationHeaders = (headers, requestId, method, path, operationContext)=>{
175
+ if (!(0, _policyCore__rspack_import_4.isSecuredRequestId)(requestId)) return;
176
+ (0, _policyCore__rspack_import_4.attachOperationContextHeaders)({
177
+ headers,
178
+ requestId,
179
+ target: 'server',
180
+ method,
181
+ path,
182
+ operationContext,
183
+ operationContract: realOperationContract.get(requestId),
184
+ operationContextHeader: _types__rspack_import_6.BFF_OPERATION_CONTEXT_HEADER,
185
+ operationContextDetailHeader: OPERATION_CONTEXT_DETAIL_HEADER
186
+ });
276
187
  };
277
188
  const configure = (options)=>{
278
189
  const { request, interceptor, allowedHeaders, resolveHeaders, transport, requireEnvelope, allowCrossOriginEnvelope, identityBinding, operationContract, setDomain, requestId = 'default' } = options;
279
190
  const hasExistingDomain = domainMap.has(requestId);
280
- if ('default' !== requestId && !setDomain && !hasExistingDomain) throw new ProducerDomainNotConfiguredError(requestId);
191
+ if ('default' !== requestId && !setDomain && !hasExistingDomain) throw new _policyCore__rspack_import_4.ProducerDomainNotConfiguredError(requestId);
281
192
  let configuredRequest = request || originFetch;
282
193
  if (interceptor && !request) configuredRequest = interceptor(fetch);
283
194
  if (Array.isArray(allowedHeaders)) realAllowedHeaders.set(requestId, allowedHeaders);
@@ -292,7 +203,7 @@ var __webpack_exports__ = {};
292
203
  target: 'server',
293
204
  requestId
294
205
  });
295
- if ('default' !== requestId && isEmptyDomain(resolvedDomain)) throw new ProducerDomainNotConfiguredError(requestId);
206
+ if ('default' !== requestId && (0, _policyCore__rspack_import_4.isEmptyDomain)(resolvedDomain)) throw new _policyCore__rspack_import_4.ProducerDomainNotConfiguredError(requestId);
296
207
  if ('string' == typeof resolvedDomain) domainMap.set(requestId, resolvedDomain);
297
208
  }
298
209
  realRequest.set(requestId, configuredRequest);
@@ -315,21 +226,16 @@ var __webpack_exports__ = {};
315
226
  const getFinalPath = (0, path_to_regexp__rspack_import_1.compile)(path, {
316
227
  encode: encodeURIComponent
317
228
  });
318
- const keyNames = extractPathParamNames(path);
229
+ const keyNames = (0, _policyCore__rspack_import_4.extractPathParamNames)(path);
319
230
  const sender = (...args)=>{
320
- const fetcher = getConfiguredRequest(requestId, fetch1);
321
- let webRequestHeaders = {};
322
- try {
323
- webRequestHeaders = _modern_js_runtime_utils_node__rspack_import_0.storage.useContext().headers || {};
324
- } catch (error) {
325
- webRequestHeaders = {};
326
- }
231
+ const fetcher = (0, _policyCore__rspack_import_4.resolveConfiguredRequest)(realRequest, requestId, fetch1);
232
+ const webRequestHeaders = readIncomingWebHeaders();
327
233
  let body;
328
234
  let headers;
329
235
  let url;
330
236
  if ('inputParams' === httpMethodDecider) {
331
237
  const configDomain = domainMap.get(requestId);
332
- if ('default' !== requestId && isEmptyDomain(configDomain)) throw new ProducerDomainNotConfiguredError(requestId);
238
+ if ('default' !== requestId && (0, _policyCore__rspack_import_4.isEmptyDomain)(configDomain)) throw new _policyCore__rspack_import_4.ProducerDomainNotConfiguredError(requestId);
333
239
  url = `${configDomain || `http://127.0.0.1:${port}`}${path}`;
334
240
  body = args;
335
241
  headers = {
@@ -353,17 +259,17 @@ var __webpack_exports__ = {};
353
259
  ...payload.headers
354
260
  } : {};
355
261
  const identityBinding = realIdentityBinding.get(requestId);
356
- const identityBindingEnabled = identityBinding?.enabled ?? isSecuredRequestId(requestId);
357
- const identityBindingStrict = identityBinding?.strict ?? isSecuredRequestId(requestId);
358
- const protectedIdentityHeaders = (identityBinding?.protectedHeaders || _types__rspack_import_5.BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS).map((header)=>header.toLowerCase());
262
+ const identityBindingEnabled = identityBinding?.enabled ?? (0, _policyCore__rspack_import_4.isSecuredRequestId)(requestId);
263
+ const identityBindingStrict = identityBinding?.strict ?? (0, _policyCore__rspack_import_4.isSecuredRequestId)(requestId);
264
+ const protectedIdentityHeaders = (identityBinding?.protectedHeaders || _types__rspack_import_6.BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS).map((header)=>header.toLowerCase());
359
265
  const targetAllowedHeaders = realAllowedHeaders.get(requestId) || [];
360
266
  const forwardedHeaders = {};
361
267
  for (const key of targetAllowedHeaders)if (void 0 !== webRequestHeaders[key]) forwardedHeaders[key] = webRequestHeaders[key];
362
268
  if (identityBindingEnabled) {
363
269
  const derivedIdentityHeaders = {};
364
270
  for (const header of protectedIdentityHeaders){
365
- const incomingHeaderValue = readHeader(webRequestHeaders, header);
366
- if (void 0 !== incomingHeaderValue) writeHeader(derivedIdentityHeaders, header, incomingHeaderValue);
271
+ const incomingHeaderValue = (0, _policyCore__rspack_import_4.readHeader)(webRequestHeaders, header);
272
+ if (void 0 !== incomingHeaderValue) (0, _policyCore__rspack_import_4.writeHeader)(derivedIdentityHeaders, header, incomingHeaderValue);
367
273
  }
368
274
  const customDerivedHeaders = identityBinding?.deriveHeaders?.({
369
275
  requestId,
@@ -376,26 +282,26 @@ var __webpack_exports__ = {};
376
282
  ]
377
283
  });
378
284
  if (customDerivedHeaders && 'object' == typeof customDerivedHeaders) for (const header of protectedIdentityHeaders){
379
- const customValue = readHeader(customDerivedHeaders, header);
380
- if (void 0 !== customValue) writeHeader(derivedIdentityHeaders, header, customValue);
285
+ const customValue = (0, _policyCore__rspack_import_4.readHeader)(customDerivedHeaders, header);
286
+ if (void 0 !== customValue) (0, _policyCore__rspack_import_4.writeHeader)(derivedIdentityHeaders, header, customValue);
381
287
  }
382
288
  for (const header of protectedIdentityHeaders){
383
- const attemptedValue = readHeader(headers, header);
289
+ const attemptedValue = (0, _policyCore__rspack_import_4.readHeader)(headers, header);
384
290
  if (void 0 === attemptedValue) continue;
385
291
  const violation = {
386
292
  requestId,
387
293
  target: 'server',
388
294
  header,
389
295
  attemptedValue,
390
- derivedValue: readHeader(derivedIdentityHeaders, header),
296
+ derivedValue: (0, _policyCore__rspack_import_4.readHeader)(derivedIdentityHeaders, header),
391
297
  reason: identityBindingStrict ? 'client_override_rejected' : 'client_override_blocked'
392
298
  };
393
299
  identityBinding?.onViolation?.(violation);
394
- if (identityBindingStrict) throw new IdentityBindingViolationError(violation);
395
- deleteHeader(headers, header);
300
+ if (identityBindingStrict) throw new _policyCore__rspack_import_4.IdentityBindingViolationError(violation);
301
+ (0, _policyCore__rspack_import_4.deleteHeader)(headers, header);
396
302
  }
397
303
  Object.keys(derivedIdentityHeaders).forEach((header)=>{
398
- writeHeader(forwardedHeaders, header, derivedIdentityHeaders[header]);
304
+ (0, _policyCore__rspack_import_4.writeHeader)(forwardedHeaders, header, derivedIdentityHeaders[header]);
399
305
  });
400
306
  }
401
307
  const resolveHeaders = realResolveHeaders.get(requestId);
@@ -427,57 +333,19 @@ var __webpack_exports__ = {};
427
333
  body = 'object' == typeof payload.formUrlencoded ? (0, qs__rspack_import_2.stringify)(payload.formUrlencoded) : payload.formUrlencoded;
428
334
  }
429
335
  const configDomain = domainMap.get(requestId);
430
- if ('default' !== requestId && isEmptyDomain(configDomain)) throw new ProducerDomainNotConfiguredError(requestId);
336
+ if ('default' !== requestId && (0, _policyCore__rspack_import_4.isEmptyDomain)(configDomain)) throw new _policyCore__rspack_import_4.ProducerDomainNotConfiguredError(requestId);
431
337
  url = `${configDomain || `http://127.0.0.1:${port}`}${finalPath}`;
432
338
  }
433
- if (void 0 === readHeader(headers, TRACEPARENT_HEADER)) {
434
- const incomingTraceparent = firstHeaderValue(readHeader(webRequestHeaders, TRACEPARENT_HEADER));
435
- if ('string' == typeof incomingTraceparent) writeHeader(headers, TRACEPARENT_HEADER, incomingTraceparent);
436
- }
437
- if (void 0 === readHeader(headers, TRACEPARENT_HEADER) && operationContext?.traceparent) writeHeader(headers, TRACEPARENT_HEADER, operationContext.traceparent);
438
- const shouldRequireEnvelope = realRequireEnvelope.get(requestId) ?? isSecuredRequestId(requestId);
439
- if (shouldRequireEnvelope) {
440
- const sourceOrigin = resolveSourceOrigin(webRequestHeaders);
441
- const targetOrigin = toOrigin(url);
442
- const traceContext = parseTraceparent(readHeader(headers, TRACEPARENT_HEADER));
443
- const isCrossOrigin = Boolean(sourceOrigin) && Boolean(targetOrigin) && sourceOrigin !== targetOrigin;
444
- if (isCrossOrigin) {
445
- const policy = realAllowCrossOriginEnvelope.get(requestId);
446
- const isAllowed = 'function' == typeof policy ? policy({
447
- requestId,
448
- sourceOrigin,
449
- targetOrigin,
450
- target: 'server'
451
- }) : true === policy;
452
- if (!isAllowed) throw new CrossOriginEnvelopePolicyError(requestId, sourceOrigin, targetOrigin);
453
- }
454
- headers[_types__rspack_import_5.BFF_ENVELOPE_HEADER] = JSON.stringify({
455
- requestId,
456
- target: 'server',
457
- timestamp: Date.now(),
458
- sourceOrigin,
459
- targetOrigin,
460
- ...traceContext ? {
461
- traceId: traceContext.traceId,
462
- spanId: traceContext.spanId
463
- } : {}
464
- });
465
- }
466
- if (isSecuredRequestId(requestId)) {
467
- const contextPayload = buildOperationContext({
468
- requestId,
469
- method,
470
- path,
471
- operationContext,
472
- traceparent: readHeader(headers, TRACEPARENT_HEADER)
473
- });
474
- validateOperationContract(requestId, contextPayload);
475
- if (void 0 === readHeader(headers, _types__rspack_import_5.BFF_OPERATION_CONTEXT_HEADER)) writeHeader(headers, _types__rspack_import_5.BFF_OPERATION_CONTEXT_HEADER, contextPayload.operationId);
476
- writeHeader(headers, OPERATION_CONTEXT_DETAIL_HEADER, JSON.stringify(contextPayload));
339
+ if (void 0 === (0, _policyCore__rspack_import_4.readHeader)(headers, _policyCore__rspack_import_4.TRACEPARENT_HEADER)) {
340
+ const incomingTraceparent = (0, _policyCore__rspack_import_4.firstHeaderValue)((0, _policyCore__rspack_import_4.readHeader)(webRequestHeaders, _policyCore__rspack_import_4.TRACEPARENT_HEADER));
341
+ if ('string' == typeof incomingTraceparent) (0, _policyCore__rspack_import_4.writeHeader)(headers, _policyCore__rspack_import_4.TRACEPARENT_HEADER, incomingTraceparent);
477
342
  }
343
+ if (void 0 === (0, _policyCore__rspack_import_4.readHeader)(headers, _policyCore__rspack_import_4.TRACEPARENT_HEADER) && operationContext?.traceparent) (0, _policyCore__rspack_import_4.writeHeader)(headers, _policyCore__rspack_import_4.TRACEPARENT_HEADER, operationContext.traceparent);
344
+ attachEnvelopeHeaderIfRequired(headers, requestId, url, webRequestHeaders);
345
+ attachSecuredOperationHeaders(headers, requestId, method, path, operationContext);
478
346
  if ('get' === method.toLowerCase()) body = void 0;
479
347
  headers.accept = "application/json,*/*;q=0.8";
480
- return (0, _transport__rspack_import_4.executeWithResilience)({
348
+ return (0, _transport__rspack_import_5.executeWithResilience)({
481
349
  requestId,
482
350
  target: 'server',
483
351
  method,
@@ -493,12 +361,17 @@ var __webpack_exports__ = {};
493
361
  };
494
362
  return sender;
495
363
  };
496
- const createUploader = ({ path, requestId = 'default' })=>{
364
+ const createUploader = ({ path, requestId = 'default', operationContext })=>{
497
365
  const sender = (...args)=>{
498
- const fetcher = getConfiguredRequest(requestId, originFetch);
499
- const { body, headers } = (0, _utiles__rspack_import_6.getUploadPayload)(args);
366
+ const fetcher = (0, _policyCore__rspack_import_4.resolveConfiguredRequest)(realRequest, requestId, originFetch);
367
+ const { body, headers: uploadHeaders } = (0, _utiles__rspack_import_7.getUploadPayload)(args);
368
+ const headers = {
369
+ ...uploadHeaders
370
+ };
500
371
  const configDomain = domainMap.get(requestId);
501
372
  const finalURL = `${configDomain || ''}${path}`;
373
+ attachEnvelopeHeaderIfRequired(headers, requestId, finalURL, readIncomingWebHeaders());
374
+ attachSecuredOperationHeaders(headers, requestId, 'POST', path, operationContext);
502
375
  return fetcher(finalURL, {
503
376
  method: 'POST',
504
377
  body,
@@ -507,6 +380,17 @@ var __webpack_exports__ = {};
507
380
  };
508
381
  return sender;
509
382
  };
383
+ __webpack_require__.d(__webpack_exports__, {
384
+ CrossOriginEnvelopePolicyError: ()=>_policyCore__rspack_import_4.CrossOriginEnvelopePolicyError,
385
+ IdentityBindingViolationError: ()=>_policyCore__rspack_import_4.IdentityBindingViolationError,
386
+ OperationContractViolationError: ()=>_policyCore__rspack_import_4.OperationContractViolationError,
387
+ ProducerClientNotInitializedError: ()=>_policyCore__rspack_import_4.ProducerClientNotInitializedError,
388
+ ProducerDomainNotConfiguredError: ()=>_policyCore__rspack_import_4.ProducerDomainNotConfiguredError
389
+ }, {
390
+ configure: configure,
391
+ createRequest: createRequest,
392
+ createUploader: createUploader
393
+ });
510
394
  })();
511
395
  exports.CrossOriginEnvelopePolicyError = __webpack_exports__.CrossOriginEnvelopePolicyError;
512
396
  exports.IdentityBindingViolationError = __webpack_exports__.IdentityBindingViolationError;