@elliemae/pui-cli 8.41.3 → 8.41.5

package/dist/cjs/webpack/interceptor-middleware.js

@@ -0,0 +1,125 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var interceptor_middleware_exports = {};
+__export(interceptor_middleware_exports, {
+  addCSPNonceMiddleware: () => addCSPNonceMiddleware,
+  interceptorMiddleware: () => interceptorMiddleware
+});
+module.exports = __toCommonJS(interceptor_middleware_exports);
+const VALID_PARAMS = ["isInterceptable", "intercept", "afterSend"];
+const validateParams = (methods) => {
+  Object.keys(methods).forEach((k) => {
+    if (VALID_PARAMS.indexOf(k) < 0) {
+      throw new Error(`${k} isn't a valid param (${VALID_PARAMS.join(", ")})`);
+    }
+  });
+  if (!("isInterceptable" in methods)) {
+    throw new Error("isInterceptable is a required param (function)");
+  }
+};
+const interceptorMiddleware = (fn) => (req, res, next) => {
+  const methods = fn(req, res);
+  validateParams(methods);
+  const originalEnd = res.end;
+  const originalWrite = res.write;
+  const chunks = [];
+  let isIntercepting;
+  let isFirstWrite = true;
+  function intercept(rawChunk, encoding) {
+    if (isFirstWrite) {
+      isFirstWrite = false;
+      isIntercepting = methods.isInterceptable();
+    }
+    if (isIntercepting) {
+      if (rawChunk) {
+        let tempChunk = rawChunk;
+        if (rawChunk !== null && !Buffer.isBuffer(tempChunk)) {
+          if (!encoding) {
+            tempChunk = Buffer.from(rawChunk);
+          } else {
+            tempChunk = Buffer.from(
+              rawChunk,
+              encoding
+            );
+          }
+        }
+        chunks.push(tempChunk);
+      }
+    }
+    return isIntercepting;
+  }
+  const newResWrite = (...args) => {
+    if (!intercept(args[0], args[1])) {
+      return originalWrite.apply(res, args);
+    }
+    return true;
+  };
+  res.write = newResWrite;
+  const afterSend = (oldBody, newBody) => {
+    if (typeof methods.afterSend === "function") {
+      process.nextTick(() => {
+        methods.afterSend?.(oldBody, newBody);
+      });
+    }
+  };
+  const newResEnd = (...args) => {
+    if (intercept(args[0], args[1])) {
+      isIntercepting = false;
+      const oldBody = Buffer.concat(chunks).toString("utf-8");
+      if (methods.intercept) {
+        if (typeof methods.intercept !== "function") {
+          throw new Error(
+            "`send` must be a function with the body to be sent as the only param"
+          );
+        }
+        res.removeHeader("Content-Length");
+        methods.intercept(oldBody, (newBody) => {
+          args[0] = newBody;
+          originalEnd.apply(res, args);
+          afterSend(oldBody, newBody);
+        });
+      } else {
+        afterSend(oldBody, oldBody);
+        originalEnd.apply(res, args);
+      }
+    } else {
+      originalEnd.apply(res, args);
+    }
+  };
+  res.end = newResEnd;
+  next();
+};
+const addCSPNonceMiddleware = (middlewares) => {
+  const index = middlewares.findIndex(
+    (middleware) => middleware.name === "webpack-dev-middleware"
+  );
+  middlewares.splice(index, 0, {
+    name: "csp-nonce-middleware",
+    middleware: interceptorMiddleware((req, res) => ({
+      // Only HTML responses will be intercepted
+      isInterceptable() {
+        return /text\/html/.test(res.get("Content-Type") ?? "");
+      },
+      // Appends a paragraph at the end of the response body
+      intercept(body, send) {
+        send(body.replace(/__CSP_NONCE__/g, res.locals.cspNonce));
+      }
+    }))
+  });
+};

package/dist/cjs/webpack/webpack.dev.babel.js

@@ -39,6 +39,7 @@ var import_circular_dependency_plugin = __toESM(require("circular-dependency-plu
 var import_mini_css_extract_plugin = __toESM(require("mini-css-extract-plugin"), 1);
 var import_react_refresh_webpack_plugin = __toESM(require("@pmmmwh/react-refresh-webpack-plugin"), 1);
 var import_express_static_gzip = __toESM(require("express-static-gzip"), 1);
+var import_interceptor_middleware = require("./interceptor-middleware.js");
 var import_middlewares = require("../server/middlewares.js");
 var import_appRoutes = require("../server/appRoutes.js");
 var import_helpers = require("./helpers.js");
@@ -150,6 +151,7 @@ const devConfig = {
     open: [basePath],
     port: process.env.PORT || "auto",
     setupMiddlewares: (middlewares, devServer) => {
+      (0, import_interceptor_middleware.addCSPNonceMiddleware)(middlewares);
       if (devServer.app) {
         (0, import_middlewares.setupDefaultMiddlewares)(devServer.app);
         (0, import_appRoutes.loadRoutes)(devServer.app).then(() => {

package/dist/esm/webpack/interceptor-middleware.js

@@ -0,0 +1,105 @@
+const VALID_PARAMS = ["isInterceptable", "intercept", "afterSend"];
+const validateParams = (methods) => {
+  Object.keys(methods).forEach((k) => {
+    if (VALID_PARAMS.indexOf(k) < 0) {
+      throw new Error(`${k} isn't a valid param (${VALID_PARAMS.join(", ")})`);
+    }
+  });
+  if (!("isInterceptable" in methods)) {
+    throw new Error("isInterceptable is a required param (function)");
+  }
+};
+const interceptorMiddleware = (fn) => (req, res, next) => {
+  const methods = fn(req, res);
+  validateParams(methods);
+  const originalEnd = res.end;
+  const originalWrite = res.write;
+  const chunks = [];
+  let isIntercepting;
+  let isFirstWrite = true;
+  function intercept(rawChunk, encoding) {
+    if (isFirstWrite) {
+      isFirstWrite = false;
+      isIntercepting = methods.isInterceptable();
+    }
+    if (isIntercepting) {
+      if (rawChunk) {
+        let tempChunk = rawChunk;
+        if (rawChunk !== null && !Buffer.isBuffer(tempChunk)) {
+          if (!encoding) {
+            tempChunk = Buffer.from(rawChunk);
+          } else {
+            tempChunk = Buffer.from(
+              rawChunk,
+              encoding
+            );
+          }
+        }
+        chunks.push(tempChunk);
+      }
+    }
+    return isIntercepting;
+  }
+  const newResWrite = (...args) => {
+    if (!intercept(args[0], args[1])) {
+      return originalWrite.apply(res, args);
+    }
+    return true;
+  };
+  res.write = newResWrite;
+  const afterSend = (oldBody, newBody) => {
+    if (typeof methods.afterSend === "function") {
+      process.nextTick(() => {
+        methods.afterSend?.(oldBody, newBody);
+      });
+    }
+  };
+  const newResEnd = (...args) => {
+    if (intercept(args[0], args[1])) {
+      isIntercepting = false;
+      const oldBody = Buffer.concat(chunks).toString("utf-8");
+      if (methods.intercept) {
+        if (typeof methods.intercept !== "function") {
+          throw new Error(
+            "`send` must be a function with the body to be sent as the only param"
+          );
+        }
+        res.removeHeader("Content-Length");
+        methods.intercept(oldBody, (newBody) => {
+          args[0] = newBody;
+          originalEnd.apply(res, args);
+          afterSend(oldBody, newBody);
+        });
+      } else {
+        afterSend(oldBody, oldBody);
+        originalEnd.apply(res, args);
+      }
+    } else {
+      originalEnd.apply(res, args);
+    }
+  };
+  res.end = newResEnd;
+  next();
+};
+const addCSPNonceMiddleware = (middlewares) => {
+  const index = middlewares.findIndex(
+    (middleware) => middleware.name === "webpack-dev-middleware"
+  );
+  middlewares.splice(index, 0, {
+    name: "csp-nonce-middleware",
+    middleware: interceptorMiddleware((req, res) => ({
+      // Only HTML responses will be intercepted
+      isInterceptable() {
+        return /text\/html/.test(res.get("Content-Type") ?? "");
+      },
+      // Appends a paragraph at the end of the response body
+      intercept(body, send) {
+        send(body.replace(/__CSP_NONCE__/g, res.locals.cspNonce));
+      }
+    }))
+  });
+};
+export {
+  addCSPNonceMiddleware,
+  interceptorMiddleware
+};

package/dist/esm/webpack/webpack.dev.babel.js

@@ -6,6 +6,7 @@ import CircularDependencyPlugin from "circular-dependency-plugin";
 import MiniCssExtractPlugin from "mini-css-extract-plugin";
 import ReactRefreshWebpackPlugin from "@pmmmwh/react-refresh-webpack-plugin";
 import expressStaticGzip from "express-static-gzip";
+import { addCSPNonceMiddleware } from "./interceptor-middleware.js";
 import { setupDefaultMiddlewares } from "../server/middlewares.js";
 import { loadRoutes } from "../server/appRoutes.js";
 import {
@@ -120,6 +121,7 @@ const devConfig = {
     open: [basePath],
     port: process.env.PORT || "auto",
     setupMiddlewares: (middlewares, devServer) => {
+      addCSPNonceMiddleware(middlewares);
       if (devServer.app) {
         setupDefaultMiddlewares(devServer.app);
         loadRoutes(devServer.app).then(() => {

package/dist/types/lib/webpack/interceptor-middleware.d.ts

@@ -0,0 +1,10 @@
+import { Request, Response } from 'express';
+import { Middleware } from 'webpack-dev-server';
+type ReplacerFunction = (req: Request, res: Response) => {
+    isInterceptable: () => boolean;
+    intercept: (body: string, send: (body: string) => void) => void;
+    afterSend?: (oldBody: string, newBody: string) => void;
+};
+export declare const interceptorMiddleware: (fn: ReplacerFunction) => (req: Request, res: Response, next: () => void) => void;
+export declare const addCSPNonceMiddleware: (middlewares: Middleware[]) => void;
+export {};