npm - @drawbridge/drawbridge-utils - Versions diffs - 0.0.10 → 0.0.12 - Mend

@drawbridge/drawbridge-utils 0.0.10 → 0.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -21,7 +21,8 @@ Exports:
 - `formatNumber( number, digits )` — Intl-based number formatter with fixed-digit min/max.
 - `getPlanFeature( plan, key )` — `{ granted, message }` lookup.
 - `infinite`, `isInfinite( value )`, `megabyte`, `gigabyte` — size constants.
-- `percentage( a, b, decimals )` — `(a / b) * 100`, fixed decimals.
+- `nanoid()` — 8-char base36 random ID.
+- `percentage( value1, value2, decimals )` — `(value1 / value2) * 100`, fixed decimals (default 1).
 - `reducers.fields` — reducer for grouping fields by `additional` / `lead` type.
 - `regex.url` / `regex.protocols` / `regex.domain` — shared regex constants.
 - `shareUrls({ formUri, organization, page })` — builds share URLs from the configured form base URI. Falls back to `process.env.APP_CLIENT_FORM_URI` if `formUri` is not passed (server-only).
@@ -35,6 +36,42 @@ const { encrypt, decrypt } = require( '@drawbridge/drawbridge-utils/encrypt' );
 Server-only because it uses Node `crypto` and reads `process.env.ENCRYPT_CONNECTION_SECRET`. Exposed as a sub-export so client bundles don't pull Node built-ins.
+## Axios entry (server-only)
+```js
+const { safe, axios } = require( '@drawbridge/drawbridge-utils/axios' );
+```
+- `safe.get( url, axiosOptions )` — SSRF-protected GET request.
+- `axios` — raw axios passthrough for advanced usage.
+## Circuit entry (server-only)
+```js
+const { circuit } = require( '@drawbridge/drawbridge-utils/circuit' );
+```
+- `circuit({ name, threshold, timeout })` — circuit breaker for async operations.
+## Upload entry
+```js
+const { allowedUploadTypes, allowedMimes, resolveUploadType, isAllowedMime } = require( '@drawbridge/drawbridge-utils/upload' );
+```
+- `allowedUploadTypes` / `allowedMimes` — shared whitelist constants.
+- `resolveUploadType( type, extension )` — resolves an upload type from MIME + extension.
+- `isAllowedMime( mime )` — predicate for the MIME whitelist.
+## Nanoid entry (server-only)
+```js
+const { nanoid, retry } = require( '@drawbridge/drawbridge-utils/nanoid' );
+```
+- `nanoid()` — 8-char base36 random ID (same as the main export).
+- `retry({ field, operation, maxRetries })` — runs an async operation that generates a nanoid, retrying on Mongo duplicate-key errors.
 ## Build & publish
 ```bash

package/dist/axios.cjs CHANGED Viewed

@@ -103,7 +103,12 @@ var safeGet = async (url, axiosOptions = {}) => {
   const pinned = records[0];
   const agent = new import_https.default.Agent({
     lookup: (hostname, options, callback) => {
-      callback(null, pinned.address, pinned.family);
+      if (options == null ? void 0 : options.all) {
+        callback(null, [{ address: pinned.address, family: pinned.family }]);
+      } else {
+        callback(null, pinned.address, pinned.family);
+      }
+      ;
     }
   });
   return import_axios.default.get(url, {

package/dist/axios.d.cts CHANGED Viewed

@@ -113,8 +113,19 @@ const safeGet = async ( url, axiosOptions = {} ) => {
 	const agent = new https.Agent({
 		lookup : ( hostname, options, callback ) => {
-			callback( null, pinned.address, pinned.family );
+			// Node's https.Agent (Happy Eyeballs) calls this with options.all = true
+			// and expects callback( err, [ { address, family } ] ); the legacy
+			// callback( err, address, family ) form only applies when options.all
+			// is falsy.
+			if( options?.all ){
+				callback( null, [ { address : pinned.address, family : pinned.family } ] );
+			} else {
+				callback( null, pinned.address, pinned.family );
+			}
 		}
 	});

package/dist/axios.d.ts CHANGED Viewed

@@ -113,8 +113,19 @@ const safeGet = async ( url, axiosOptions = {} ) => {
 	const agent = new https.Agent({
 		lookup : ( hostname, options, callback ) => {
-			callback( null, pinned.address, pinned.family );
+			// Node's https.Agent (Happy Eyeballs) calls this with options.all = true
+			// and expects callback( err, [ { address, family } ] ); the legacy
+			// callback( err, address, family ) form only applies when options.all
+			// is falsy.
+			if( options?.all ){
+				callback( null, [ { address : pinned.address, family : pinned.family } ] );
+			} else {
+				callback( null, pinned.address, pinned.family );
+			}
 		}
 	});

package/dist/axios.js CHANGED Viewed

@@ -68,7 +68,12 @@ var safeGet = async (url, axiosOptions = {}) => {
   const pinned = records[0];
   const agent = new https.Agent({
     lookup: (hostname, options, callback) => {
-      callback(null, pinned.address, pinned.family);
+      if (options == null ? void 0 : options.all) {
+        callback(null, [{ address: pinned.address, family: pinned.family }]);
+      } else {
+        callback(null, pinned.address, pinned.family);
+      }
+      ;
     }
   });
   return axiosLib.get(url, {

package/dist/redirect.cjs ADDED Viewed

@@ -0,0 +1,42 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// redirect.js
+var redirect_exports = {};
+__export(redirect_exports, {
+  safeRedirect: () => safeRedirect
+});
+module.exports = __toCommonJS(redirect_exports);
+var SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+var safeRedirect = (raw, fallback = "/") => {
+  if (typeof raw !== "string") return fallback;
+  if (raw.length > 512) return fallback;
+  if (!SAFE.test(raw)) return fallback;
+  try {
+    const url = new URL(raw, "https://placeholder.invalid");
+    if (url.origin !== "https://placeholder.invalid") return fallback;
+    return url.pathname + url.search + url.hash;
+  } catch {
+    return fallback;
+  }
+  ;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  safeRedirect
+});

package/dist/redirect.d.cts ADDED Viewed

@@ -0,0 +1,32 @@
+// Internal-path-only matcher: must start with `/`, second char must not be
+// `/` (rejects protocol-relative `//evil.com`), no backslashes, no newlines.
+const SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+// Normalize an untrusted `redirectTo` value to a same-site path or the
+// fallback. Used at every /auth/* endpoint that consumes a redirect param
+// and at every web-side handler that follows the API's value.
+//
+// Rejects: http(s)://, //host (protocol-relative), \ tricks, anything over
+// 512 chars, anything that URL() can't parse back to a same-origin path.
+const safeRedirect = ( raw, fallback = '/' ) => {
+	if( typeof raw !== 'string' ) return fallback;
+	if( raw.length > 512 ) return fallback;
+	if( ! SAFE.test( raw ) ) return fallback;
+	try {
+		const url = new URL( raw, 'https://placeholder.invalid' );
+		if( url.origin !== 'https://placeholder.invalid' ) return fallback;
+		return url.pathname + url.search + url.hash;
+	} catch {
+		return fallback;
+	}
+};
+export { safeRedirect };

package/dist/redirect.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+// Internal-path-only matcher: must start with `/`, second char must not be
+// `/` (rejects protocol-relative `//evil.com`), no backslashes, no newlines.
+const SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+// Normalize an untrusted `redirectTo` value to a same-site path or the
+// fallback. Used at every /auth/* endpoint that consumes a redirect param
+// and at every web-side handler that follows the API's value.
+//
+// Rejects: http(s)://, //host (protocol-relative), \ tricks, anything over
+// 512 chars, anything that URL() can't parse back to a same-origin path.
+const safeRedirect = ( raw, fallback = '/' ) => {
+	if( typeof raw !== 'string' ) return fallback;
+	if( raw.length > 512 ) return fallback;
+	if( ! SAFE.test( raw ) ) return fallback;
+	try {
+		const url = new URL( raw, 'https://placeholder.invalid' );
+		if( url.origin !== 'https://placeholder.invalid' ) return fallback;
+		return url.pathname + url.search + url.hash;
+	} catch {
+		return fallback;
+	}
+};
+export { safeRedirect };

package/dist/redirect.js ADDED Viewed

@@ -0,0 +1,18 @@
+// redirect.js
+var SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+var safeRedirect = (raw, fallback = "/") => {
+  if (typeof raw !== "string") return fallback;
+  if (raw.length > 512) return fallback;
+  if (!SAFE.test(raw)) return fallback;
+  try {
+    const url = new URL(raw, "https://placeholder.invalid");
+    if (url.origin !== "https://placeholder.invalid") return fallback;
+    return url.pathname + url.search + url.hash;
+  } catch {
+    return fallback;
+  }
+  ;
+};
+export {
+  safeRedirect
+};

package/package.json CHANGED Viewed

@@ -37,6 +37,11 @@
       "types": "./dist/nanoid.d.ts",
       "import": "./dist/nanoid.js",
       "require": "./dist/nanoid.cjs"
+    },
+    "./redirect": {
+      "types": "./dist/redirect.d.ts",
+      "import": "./dist/redirect.js",
+      "require": "./dist/redirect.cjs"
     }
   },
   "files": [
@@ -53,5 +58,5 @@
     "build": "tsup && npm publish"
   },
   "types": "dist/index.d.ts",
-  "version": "0.0.10"
+  "version": "0.0.12"
 }