@dwp/govuk-casa 8.2.1 → 8.2.2

package/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [8.2.2](https://github.com/dwp/govuk-casa/compare/8.2.1...8.2.2) (2022-05-23)
+
+
+### Bug Fixes
+
+* escape from sticky edit on return to edit origin in a proxied app ([9303af1](https://github.com/dwp/govuk-casa/commit/9303af140ec383801741d50f3404fd7cfe930d90))
+
 ### [8.2.1](https://github.com/dwp/govuk-casa/compare/8.2.0...8.2.1) (2022-05-20)
 
 

package/dist/casa.d.ts

@@ -122,6 +122,10 @@ export type MutableRouter = import('./lib/index').MutableRouter;
  * Configuration options
  */
 export type ConfigurationOptions = {
+    /**
+     * Prefix for all URLS in browser address bar
+     */
+    mountUrl?: string | undefined;
     /**
      * Template directories
      */

package/dist/casa.js

@@ -126,6 +126,7 @@ exports.nunjucksFilters = nunjucksFilters;
  * Configure some middleware for use in creating a new CASA app.
  *
  * @typedef {object} ConfigurationOptions Configuration options
+ * @property {string} [mountUrl] Prefix for all URLS in browser address bar
  * @property {string[]} [views=[]] Template directories
  * @property {SessionOptions} [session] Session configuration
  * @property {Page[]} [pages=[]] Pages the represent waypoints

package/dist/lib/configuration-ingestor.d.ts

@@ -28,12 +28,11 @@ export function validateI18nLocales(locales?: any[]): any[];
 /**
  * Validates and sanitises mount url.
  *
- * @param {string} mountUrl URL from which Express app will be served.
- * @param {string} name Name of the URL type (Mount URL, or Proxy Mount URL).
+ * @param {string} mountUrl Prefix for all URLs in the browser address bar
  * @throws {SyntaxError} For invalid URL.
- * @returns {string} Sanitised URL.
+ * @returns {string|undefined} Sanitised URL.
  */
-export function validateMountUrl(mountUrl: string, name?: string): string;
+export function validateMountUrl(mountUrl: string): string | undefined;
 /**
  * Validates and sanitises sessions object.
  *

package/dist/lib/configuration-ingestor.js

@@ -75,17 +75,16 @@ exports.validateI18nLocales = validateI18nLocales;
 /**
  * Validates and sanitises mount url.
  *
- * @param {string} mountUrl URL from which Express app will be served.
- * @param {string} name Name of the URL type (Mount URL, or Proxy Mount URL).
+ * @param {string} mountUrl Prefix for all URLs in the browser address bar
  * @throws {SyntaxError} For invalid URL.
- * @returns {string} Sanitised URL.
+ * @returns {string|undefined} Sanitised URL.
  */
-function validateMountUrl(mountUrl, name = 'Mount URL') {
+function validateMountUrl(mountUrl) {
     if (typeof mountUrl === 'undefined') {
-        return '/';
+        return undefined;
     }
     if (!mountUrl.match(/\/$/)) {
-        throw new SyntaxError(`${name} must include a trailing slash (/)`);
+        throw new SyntaxError('mountUrl must include a trailing slash (/)');
     }
     return mountUrl;
 }
@@ -382,10 +381,7 @@ function ingest(config = {}) {
             dirs: validateI18nDirs(i18n.dirs),
             locales: validateI18nLocales(i18n.locales),
         })),
-        // !!! DEPRECATION NOTICE !!!
-        // This will be removed in next major version
-        //
-        // Public URL from which the app will be served
+        // URL that will prefix all URLs in the browser address bar
         mountUrl: validateMountUrl(config.mountUrl),
         // Session
         session: validateSessionObject(config.session, (session) => ({

package/dist/lib/configure.js

@@ -16,6 +16,7 @@ const nunjucks_js_1 = __importDefault(require("./nunjucks.js"));
 const static_js_1 = __importDefault(require("../routes/static.js"));
 const ancillary_js_1 = __importDefault(require("../routes/ancillary.js"));
 const journey_js_1 = __importDefault(require("../routes/journey.js"));
+const strip_proxy_path_js_1 = __importDefault(require("../middleware/strip-proxy-path.js"));
 const pre_js_1 = __importDefault(require("../middleware/pre.js"));
 const post_js_1 = __importDefault(require("../middleware/post.js"));
 const session_js_1 = __importDefault(require("../middleware/session.js"));
@@ -23,8 +24,6 @@ const i18n_js_1 = __importDefault(require("../middleware/i18n.js"));
 const data_js_1 = __importDefault(require("../middleware/data.js"));
 const body_parser_js_1 = __importDefault(require("../middleware/body-parser.js"));
 const csrf_js_1 = __importDefault(require("../middleware/csrf.js"));
-const logger_js_1 = __importDefault(require("./logger.js"));
-const log = (0, logger_js_1.default)('lib:configure');
 /**
  * @typedef {import('../casa').ConfigurationOptions} ConfigurationOptions
  */
@@ -48,7 +47,7 @@ function configure(config = {}) {
         plugin.configure(config);
     });
     // Extract config
-    const { mountUrl = '/', views = [], session = {
+    const { mountUrl, views = [], session = {
         secret: 'secret',
         name: 'casasession',
         secure: false,
@@ -134,54 +133,10 @@ function configure(config = {}) {
     const mount = (app, { route = '/' } = {}) => {
         nunjucksEnv.express(app);
         app.set('view engine', 'njk');
-        // !!! DEPRECATION NOTICE !!!
-        // This provides a non-breaking pathway to replacing `mountUrl` with
-        // `req.baseUrl` in all internal route handlers/middleware for services
-        // that use a proxy path in their mount point.
-        //
-        // In some cases, the URL on which `app` instance is mounted might include a
-        // proxy path so that it can handle incoming requests that have had a path
-        // prepended to it by an intermediary, such as nginx. This would be common
-        // in a hosting environment that serves several separate applications.
-        //
-        // This bit of middleware removes that proxy path segment from the request
-        // so that all subsequent middleware behave as if it was never present.
-        //
-        // e.g. Where the proxy path is `my-proxy`, then a request to
-        // `/my-proxy/app` will be seen as `/app` in all subsequent middleware, and
-        // all URLs generated for the browser will use `/app`.
-        //
-        // Using `config.mountUrl` rather than `mountUrl` here to test whether the
-        // consumer explicitly set a `mountUrl`, in which case we're dealing with
-        // backwards-compatibility mode.
-        //
-        // This intervention would not be needed for apps that omit `mountUrl` as if
-        // so, it's assumed they're following the guidance for setting up a proxy
-        // as described in `docs/guides/setup-behind-a-proxy.md`.
-        if (config.mountUrl) {
-            log.warn('[DEPRECATION WARNING] Using configuration attribute, mountUrl. This will be removed in an upcoming major version');
-            app.use((req, res, next) => {
-                // Mimic what the `docs/guides/setup-behind-a-proxy.md` guidance
-                // recommends for stripping off any proxy prefixes to leave just the
-                // "mountUrl" remaining.
-                const originalBaseUrl = req.baseUrl;
-                req.baseUrl = mountUrl.replace(/\/$/, '');
-                // If the app has been mounted directly on the specific `mountUrl`, then
-                // there's nothing we need to do and can let this request pass-through.
-                if (req.baseUrl === originalBaseUrl) {
-                    next();
-                }
-                else if (req.__CASA_BASE_URL_REWRITTEN__) {
-                    delete req.__CASA_BASE_URL_REWRITTEN__;
-                    next();
-                }
-                else {
-                    // Issuing this call will re-run this same middleware, so we use this
-                    // `__CASA_BASE_URL_REWRITTEN__` flag to prevent recursion.
-                    req.__CASA_BASE_URL_REWRITTEN__ = true;
-                    req.app.handle(req, res, next);
-                }
-            });
+        // If a `mountUrl` has been defined, then we're potentially in "proxy mode",
+        // in which we strip the proxy path prefix from the incoming request URLs.
+        if (mountUrl) {
+            app.use((0, strip_proxy_path_js_1.default)({ mountUrl }));
         }
         // Attach a handler to redirect requests for `/` to the first waypoint in
         // the plan

package/dist/middleware/strip-proxy-path.d.ts

@@ -0,0 +1,4 @@
+declare function _default({ mountUrl, }: {
+    mountUrl?: string | undefined;
+}): ((req: any, res: any, next: any) => void)[];
+export default _default;

package/dist/middleware/strip-proxy-path.js

@@ -0,0 +1,52 @@
+"use strict";
+// Strip any "proxy path" prefix present on the request URL
+//
+// The default "mountUrl" will be match whatever path that the CASA app
+// instance will be mounted onto. So if you mount on `/a/b/c` then all
+// URLs generated for the browser will be prefixed with `/a/b/c`.
+//
+// Defining a `mountUrl` will change that behaviour into a "proxy mode".
+// This mode assumes you have a forwarding proxy that will alter
+// the incoming request paths from `mountUrl` to the original path you
+// have mounted this CASA app instance onto.
+//
+// For example, if you mount the app on `/a/b/c/x`, but want the browser
+// URLs to just use the `/x` prefix, then pass a `mountUrl` of `/x`.
+//
+// See docs in `docs/guides/setup-behind-a-proxy.md`
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_js_1 = __importDefault(require("../lib/logger.js"));
+const log = (0, logger_js_1.default)('casa:middleware:strip-proxy-path');
+exports.default = ({ mountUrl = '/', }) => [
+    (req, res, next) => {
+        // Assume everything before `mountUrl` is the proxy path prefix and remove it
+        const originalBaseUrl = req.baseUrl;
+        req.baseUrl = mountUrl.replace(/\/$/, '');
+        // If the app has been mounted directly on the specific `mountUrl`, then
+        // there's nothing we need to do and can let this request pass-through.
+        if (req.baseUrl === originalBaseUrl) {
+            next();
+        }
+        else if (req.__CASA_BASE_URL_REWRITTEN__) {
+            delete req.__CASA_BASE_URL_REWRITTEN__;
+            next();
+        }
+        else {
+            // Strip the proxy path prefix from the original URL so that
+            // subsequnt middleware sees the URL path as though proxy wasn't there.
+            // req.url will already have the proxy prefix and mountUrl removed.
+            /* eslint-disable security/detect-non-literal-regexp */
+            log.trace(`req.originalUrl before proxy stripping: ${req.originalUrl}`);
+            req.originalUrl = req.originalUrl.replace(new RegExp(`^/.+?${mountUrl}`), mountUrl);
+            log.trace(`req.originalUrl after proxy stripping: ${req.originalUrl}`);
+            /* eslint-enable security/detect-non-literal-regexp */
+            // Issuing this call will re-run this same middleware, so we use this
+            // `__CASA_BASE_URL_REWRITTEN__` flag to prevent recursion.
+            req.__CASA_BASE_URL_REWRITTEN__ = true;
+            req.app.handle(req, res, next);
+        }
+    },
+];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dwp/govuk-casa",
-  "version": "8.2.1",
+  "version": "8.2.2",
   "description": "A framework for building GOVUK Collect-And-Submit-Applications",
   "repository": {
     "type": "git",