@drawbridge/drawbridge-utils 0.0.11 → 0.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/redirect.cjs +42 -0
  2. package/dist/redirect.d.cts +32 -0
  3. package/dist/redirect.d.ts +32 -0
  4. package/dist/redirect.js +18 -0
  5. package/package.json +6 -1
package/dist/redirect.cjs ADDED
@@ -0,0 +1,42 @@
1
+ var __defProp = Object.defineProperty;
2
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
3
+ var __getOwnPropNames = Object.getOwnPropertyNames;
4
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
5
+ var __export = (target, all) => {
6
+ for (var name in all)
7
+ __defProp(target, name, { get: all[name], enumerable: true });
8
+ };
9
+ var __copyProps = (to, from, except, desc) => {
10
+ if (from && typeof from === "object" || typeof from === "function") {
11
+ for (let key of __getOwnPropNames(from))
12
+ if (!__hasOwnProp.call(to, key) && key !== except)
13
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
14
+ }
15
+ return to;
16
+ };
17
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
18
+
19
+ // redirect.js
20
+ var redirect_exports = {};
21
+ __export(redirect_exports, {
22
+ safeRedirect: () => safeRedirect
23
+ });
24
+ module.exports = __toCommonJS(redirect_exports);
25
+ var SAFE = /^\/(?!\/)[^\\\r\n]*$/;
26
+ var safeRedirect = (raw, fallback = "/") => {
27
+ if (typeof raw !== "string") return fallback;
28
+ if (raw.length > 512) return fallback;
29
+ if (!SAFE.test(raw)) return fallback;
30
+ try {
31
+ const url = new URL(raw, "https://placeholder.invalid");
32
+ if (url.origin !== "https://placeholder.invalid") return fallback;
33
+ return url.pathname + url.search + url.hash;
34
+ } catch {
35
+ return fallback;
36
+ }
37
+ ;
38
+ };
39
+ // Annotate the CommonJS export names for ESM import in node:
40
+ 0 && (module.exports = {
41
+ safeRedirect
42
+ });
package/dist/redirect.d.cts ADDED
@@ -0,0 +1,32 @@
1
+ // Internal-path-only matcher: must start with `/`, second char must not be
2
+ // `/` (rejects protocol-relative `//evil.com`), no backslashes, no newlines.
3
+ const SAFE = /^\/(?!\/)[^\\\r\n]*$/;
4
+
5
+ // Normalize an untrusted `redirectTo` value to a same-site path or the
6
+ // fallback. Used at every /auth/* endpoint that consumes a redirect param
7
+ // and at every web-side handler that follows the API's value.
8
+ //
9
+ // Rejects: http(s)://, //host (protocol-relative), \ tricks, anything over
10
+ // 512 chars, anything that URL() can't parse back to a same-origin path.
11
+ const safeRedirect = ( raw, fallback = '/' ) => {
12
+
13
+ if( typeof raw !== 'string' ) return fallback;
14
+ if( raw.length > 512 ) return fallback;
15
+ if( ! SAFE.test( raw ) ) return fallback;
16
+
17
+ try {
18
+
19
+ const url = new URL( raw, 'https://placeholder.invalid' );
20
+
21
+ if( url.origin !== 'https://placeholder.invalid' ) return fallback;
22
+
23
+ return url.pathname + url.search + url.hash;
24
+
25
+ } catch {
26
+
27
+ return fallback;
28
+
29
+ }
30
+ };
31
+
32
+ export { safeRedirect };
package/dist/redirect.d.ts ADDED
@@ -0,0 +1,32 @@
1
+ // Internal-path-only matcher: must start with `/`, second char must not be
2
+ // `/` (rejects protocol-relative `//evil.com`), no backslashes, no newlines.
3
+ const SAFE = /^\/(?!\/)[^\\\r\n]*$/;
4
+
5
+ // Normalize an untrusted `redirectTo` value to a same-site path or the
6
+ // fallback. Used at every /auth/* endpoint that consumes a redirect param
7
+ // and at every web-side handler that follows the API's value.
8
+ //
9
+ // Rejects: http(s)://, //host (protocol-relative), \ tricks, anything over
10
+ // 512 chars, anything that URL() can't parse back to a same-origin path.
11
+ const safeRedirect = ( raw, fallback = '/' ) => {
12
+
13
+ if( typeof raw !== 'string' ) return fallback;
14
+ if( raw.length > 512 ) return fallback;
15
+ if( ! SAFE.test( raw ) ) return fallback;
16
+
17
+ try {
18
+
19
+ const url = new URL( raw, 'https://placeholder.invalid' );
20
+
21
+ if( url.origin !== 'https://placeholder.invalid' ) return fallback;
22
+
23
+ return url.pathname + url.search + url.hash;
24
+
25
+ } catch {
26
+
27
+ return fallback;
28
+
29
+ }
30
+ };
31
+
32
+ export { safeRedirect };
package/dist/redirect.js ADDED
@@ -0,0 +1,18 @@
1
+ // redirect.js
2
+ var SAFE = /^\/(?!\/)[^\\\r\n]*$/;
3
+ var safeRedirect = (raw, fallback = "/") => {
4
+ if (typeof raw !== "string") return fallback;
5
+ if (raw.length > 512) return fallback;
6
+ if (!SAFE.test(raw)) return fallback;
7
+ try {
8
+ const url = new URL(raw, "https://placeholder.invalid");
9
+ if (url.origin !== "https://placeholder.invalid") return fallback;
10
+ return url.pathname + url.search + url.hash;
11
+ } catch {
12
+ return fallback;
13
+ }
14
+ ;
15
+ };
16
+ export {
17
+ safeRedirect
18
+ };
package/package.json CHANGED
@@ -37,6 +37,11 @@
37
37
  "types": "./dist/nanoid.d.ts",
38
38
  "import": "./dist/nanoid.js",
39
39
  "require": "./dist/nanoid.cjs"
40
+ },
41
+ "./redirect": {
42
+ "types": "./dist/redirect.d.ts",
43
+ "import": "./dist/redirect.js",
44
+ "require": "./dist/redirect.cjs"
40
45
  }
41
46
  },
42
47
  "files": [
@@ -53,5 +58,5 @@
53
58
  "build": "tsup && npm publish"
54
59
  },
55
60
  "types": "dist/index.d.ts",
56
- "version": "0.0.11"
61
+ "version": "0.0.12"
57
62
  }