@drawbridge/drawbridge-utils 0.0.11 → 0.0.13

package/dist/cdn.cjs

@@ -0,0 +1,37 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// cdn.js
+var cdn_exports = {};
+__export(cdn_exports, {
+  cdnSrc: () => cdnSrc
+});
+module.exports = __toCommonJS(cdn_exports);
+var cdnSrc = (asset, size, timestamp) => {
+  var _a;
+  const src = (_a = asset == null ? void 0 : asset.sizes) == null ? void 0 : _a[size];
+  if (!src || !timestamp) return void 0;
+  return [
+    src,
+    "?query=" + timestamp
+  ].join("");
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  cdnSrc
+});

package/dist/cdn.d.cts

@@ -0,0 +1,20 @@
+// Build a DigitalOcean Spaces CDN URL with a cache-busting query string.
+// `asset` is any object with a `sizes` map. `size` is the sizes key (e.g.
+// '100x100', 'original', 'hsl'). `timestamp` is required — without it the
+// URL would never change across uploads and the CDN/browser would serve a
+// stale asset. Pass the asset's own `updatedAt` when it has one, or the
+// parent document's `updatedAt` for embedded assets like `user.image`.
+const cdnSrc = ( asset, size, timestamp ) => {
+
+	const src = asset?.sizes?.[ size ];
+
+	if( ! src || ! timestamp ) return undefined;
+
+	return [
+		src,
+		'?query=' + timestamp
+	].join( '' );
+
+};
+
+export { cdnSrc };

package/dist/cdn.d.ts

@@ -0,0 +1,20 @@
+// Build a DigitalOcean Spaces CDN URL with a cache-busting query string.
+// `asset` is any object with a `sizes` map. `size` is the sizes key (e.g.
+// '100x100', 'original', 'hsl'). `timestamp` is required — without it the
+// URL would never change across uploads and the CDN/browser would serve a
+// stale asset. Pass the asset's own `updatedAt` when it has one, or the
+// parent document's `updatedAt` for embedded assets like `user.image`.
+const cdnSrc = ( asset, size, timestamp ) => {
+
+	const src = asset?.sizes?.[ size ];
+
+	if( ! src || ! timestamp ) return undefined;
+
+	return [
+		src,
+		'?query=' + timestamp
+	].join( '' );
+
+};
+
+export { cdnSrc };

package/dist/cdn.js

@@ -0,0 +1,13 @@
+// cdn.js
+var cdnSrc = (asset, size, timestamp) => {
+  var _a;
+  const src = (_a = asset == null ? void 0 : asset.sizes) == null ? void 0 : _a[size];
+  if (!src || !timestamp) return void 0;
+  return [
+    src,
+    "?query=" + timestamp
+  ].join("");
+};
+export {
+  cdnSrc
+};

package/dist/redirect.cjs

@@ -0,0 +1,42 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// redirect.js
+var redirect_exports = {};
+__export(redirect_exports, {
+  safeRedirect: () => safeRedirect
+});
+module.exports = __toCommonJS(redirect_exports);
+var SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+var safeRedirect = (raw, fallback = "/") => {
+  if (typeof raw !== "string") return fallback;
+  if (raw.length > 512) return fallback;
+  if (!SAFE.test(raw)) return fallback;
+  try {
+    const url = new URL(raw, "https://placeholder.invalid");
+    if (url.origin !== "https://placeholder.invalid") return fallback;
+    return url.pathname + url.search + url.hash;
+  } catch {
+    return fallback;
+  }
+  ;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  safeRedirect
+});

package/dist/redirect.d.cts

@@ -0,0 +1,32 @@
+// Internal-path-only matcher: must start with `/`, second char must not be
+// `/` (rejects protocol-relative `//evil.com`), no backslashes, no newlines.
+const SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+
+// Normalize an untrusted `redirectTo` value to a same-site path or the
+// fallback. Used at every /auth/* endpoint that consumes a redirect param
+// and at every web-side handler that follows the API's value.
+//
+// Rejects: http(s)://, //host (protocol-relative), \ tricks, anything over
+// 512 chars, anything that URL() can't parse back to a same-origin path.
+const safeRedirect = ( raw, fallback = '/' ) => {
+
+	if( typeof raw !== 'string' ) return fallback;
+	if( raw.length > 512 ) return fallback;
+	if( ! SAFE.test( raw ) ) return fallback;
+
+	try {
+
+		const url = new URL( raw, 'https://placeholder.invalid' );
+
+		if( url.origin !== 'https://placeholder.invalid' ) return fallback;
+
+		return url.pathname + url.search + url.hash;
+
+	} catch {
+
+		return fallback;
+
+	}
+};
+
+export { safeRedirect };

package/dist/redirect.d.ts

@@ -0,0 +1,32 @@
+// Internal-path-only matcher: must start with `/`, second char must not be
+// `/` (rejects protocol-relative `//evil.com`), no backslashes, no newlines.
+const SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+
+// Normalize an untrusted `redirectTo` value to a same-site path or the
+// fallback. Used at every /auth/* endpoint that consumes a redirect param
+// and at every web-side handler that follows the API's value.
+//
+// Rejects: http(s)://, //host (protocol-relative), \ tricks, anything over
+// 512 chars, anything that URL() can't parse back to a same-origin path.
+const safeRedirect = ( raw, fallback = '/' ) => {
+
+	if( typeof raw !== 'string' ) return fallback;
+	if( raw.length > 512 ) return fallback;
+	if( ! SAFE.test( raw ) ) return fallback;
+
+	try {
+
+		const url = new URL( raw, 'https://placeholder.invalid' );
+
+		if( url.origin !== 'https://placeholder.invalid' ) return fallback;
+
+		return url.pathname + url.search + url.hash;
+
+	} catch {
+
+		return fallback;
+
+	}
+};
+
+export { safeRedirect };

package/dist/redirect.js

@@ -0,0 +1,18 @@
+// redirect.js
+var SAFE = /^\/(?!\/)[^\\\r\n]*$/;
+var safeRedirect = (raw, fallback = "/") => {
+  if (typeof raw !== "string") return fallback;
+  if (raw.length > 512) return fallback;
+  if (!SAFE.test(raw)) return fallback;
+  try {
+    const url = new URL(raw, "https://placeholder.invalid");
+    if (url.origin !== "https://placeholder.invalid") return fallback;
+    return url.pathname + url.search + url.hash;
+  } catch {
+    return fallback;
+  }
+  ;
+};
+export {
+  safeRedirect
+};

package/package.json

@@ -37,6 +37,16 @@
       "types": "./dist/nanoid.d.ts",
       "import": "./dist/nanoid.js",
       "require": "./dist/nanoid.cjs"
+    },
+    "./redirect": {
+      "types": "./dist/redirect.d.ts",
+      "import": "./dist/redirect.js",
+      "require": "./dist/redirect.cjs"
+    },
+    "./cdn": {
+      "types": "./dist/cdn.d.ts",
+      "import": "./dist/cdn.js",
+      "require": "./dist/cdn.cjs"
     }
   },
   "files": [
@@ -53,5 +63,5 @@
     "build": "tsup && npm publish"
   },
   "types": "dist/index.d.ts",
-  "version": "0.0.11"
+  "version": "0.0.13"
 }