@elliemae/pui-cli 8.41.3 → 8.41.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/webpack/interceptor-middleware.js +125 -0
- package/dist/cjs/webpack/webpack.dev.babel.js +2 -0
- package/dist/esm/webpack/interceptor-middleware.js +105 -0
- package/dist/esm/webpack/webpack.dev.babel.js +2 -0
- package/dist/types/lib/webpack/interceptor-middleware.d.ts +10 -0
- package/dist/types/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -3
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
var interceptor_middleware_exports = {};
|
|
20
|
+
__export(interceptor_middleware_exports, {
|
|
21
|
+
addCSPNonceMiddleware: () => addCSPNonceMiddleware,
|
|
22
|
+
interceptorMiddleware: () => interceptorMiddleware
|
|
23
|
+
});
|
|
24
|
+
module.exports = __toCommonJS(interceptor_middleware_exports);
|
|
25
|
+
const VALID_PARAMS = ["isInterceptable", "intercept", "afterSend"];
|
|
26
|
+
const validateParams = (methods) => {
|
|
27
|
+
Object.keys(methods).forEach((k) => {
|
|
28
|
+
if (VALID_PARAMS.indexOf(k) < 0) {
|
|
29
|
+
throw new Error(`${k} isn't a valid param (${VALID_PARAMS.join(", ")})`);
|
|
30
|
+
}
|
|
31
|
+
});
|
|
32
|
+
if (!("isInterceptable" in methods)) {
|
|
33
|
+
throw new Error("isInterceptable is a required param (function)");
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
const interceptorMiddleware = (fn) => (req, res, next) => {
|
|
37
|
+
const methods = fn(req, res);
|
|
38
|
+
validateParams(methods);
|
|
39
|
+
const originalEnd = res.end;
|
|
40
|
+
const originalWrite = res.write;
|
|
41
|
+
const chunks = [];
|
|
42
|
+
let isIntercepting;
|
|
43
|
+
let isFirstWrite = true;
|
|
44
|
+
function intercept(rawChunk, encoding) {
|
|
45
|
+
if (isFirstWrite) {
|
|
46
|
+
isFirstWrite = false;
|
|
47
|
+
isIntercepting = methods.isInterceptable();
|
|
48
|
+
}
|
|
49
|
+
if (isIntercepting) {
|
|
50
|
+
if (rawChunk) {
|
|
51
|
+
let tempChunk = rawChunk;
|
|
52
|
+
if (rawChunk !== null && !Buffer.isBuffer(tempChunk)) {
|
|
53
|
+
if (!encoding) {
|
|
54
|
+
tempChunk = Buffer.from(rawChunk);
|
|
55
|
+
} else {
|
|
56
|
+
tempChunk = Buffer.from(
|
|
57
|
+
rawChunk,
|
|
58
|
+
encoding
|
|
59
|
+
);
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
chunks.push(tempChunk);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
return isIntercepting;
|
|
66
|
+
}
|
|
67
|
+
const newResWrite = (...args) => {
|
|
68
|
+
if (!intercept(args[0], args[1])) {
|
|
69
|
+
return originalWrite.apply(res, args);
|
|
70
|
+
}
|
|
71
|
+
return true;
|
|
72
|
+
};
|
|
73
|
+
res.write = newResWrite;
|
|
74
|
+
const afterSend = (oldBody, newBody) => {
|
|
75
|
+
if (typeof methods.afterSend === "function") {
|
|
76
|
+
process.nextTick(() => {
|
|
77
|
+
methods.afterSend?.(oldBody, newBody);
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
};
|
|
81
|
+
const newResEnd = (...args) => {
|
|
82
|
+
if (intercept(args[0], args[1])) {
|
|
83
|
+
isIntercepting = false;
|
|
84
|
+
const oldBody = Buffer.concat(chunks).toString("utf-8");
|
|
85
|
+
if (methods.intercept) {
|
|
86
|
+
if (typeof methods.intercept !== "function") {
|
|
87
|
+
throw new Error(
|
|
88
|
+
"`send` must be a function with the body to be sent as the only param"
|
|
89
|
+
);
|
|
90
|
+
}
|
|
91
|
+
res.removeHeader("Content-Length");
|
|
92
|
+
methods.intercept(oldBody, (newBody) => {
|
|
93
|
+
args[0] = newBody;
|
|
94
|
+
originalEnd.apply(res, args);
|
|
95
|
+
afterSend(oldBody, newBody);
|
|
96
|
+
});
|
|
97
|
+
} else {
|
|
98
|
+
afterSend(oldBody, oldBody);
|
|
99
|
+
originalEnd.apply(res, args);
|
|
100
|
+
}
|
|
101
|
+
} else {
|
|
102
|
+
originalEnd.apply(res, args);
|
|
103
|
+
}
|
|
104
|
+
};
|
|
105
|
+
res.end = newResEnd;
|
|
106
|
+
next();
|
|
107
|
+
};
|
|
108
|
+
const addCSPNonceMiddleware = (middlewares) => {
|
|
109
|
+
const index = middlewares.findIndex(
|
|
110
|
+
(middleware) => middleware.name === "webpack-dev-middleware"
|
|
111
|
+
);
|
|
112
|
+
middlewares.splice(index, 0, {
|
|
113
|
+
name: "csp-nonce-middleware",
|
|
114
|
+
middleware: interceptorMiddleware((req, res) => ({
|
|
115
|
+
// Only HTML responses will be intercepted
|
|
116
|
+
isInterceptable() {
|
|
117
|
+
return /text\/html/.test(res.get("Content-Type") ?? "");
|
|
118
|
+
},
|
|
119
|
+
// Appends a paragraph at the end of the response body
|
|
120
|
+
intercept(body, send) {
|
|
121
|
+
send(body.replace(/__CSP_NONCE__/g, res.locals.cspNonce));
|
|
122
|
+
}
|
|
123
|
+
}))
|
|
124
|
+
});
|
|
125
|
+
};
|
|
@@ -39,6 +39,7 @@ var import_circular_dependency_plugin = __toESM(require("circular-dependency-plu
|
|
|
39
39
|
var import_mini_css_extract_plugin = __toESM(require("mini-css-extract-plugin"), 1);
|
|
40
40
|
var import_react_refresh_webpack_plugin = __toESM(require("@pmmmwh/react-refresh-webpack-plugin"), 1);
|
|
41
41
|
var import_express_static_gzip = __toESM(require("express-static-gzip"), 1);
|
|
42
|
+
var import_interceptor_middleware = require("./interceptor-middleware.js");
|
|
42
43
|
var import_middlewares = require("../server/middlewares.js");
|
|
43
44
|
var import_appRoutes = require("../server/appRoutes.js");
|
|
44
45
|
var import_helpers = require("./helpers.js");
|
|
@@ -150,6 +151,7 @@ const devConfig = {
|
|
|
150
151
|
open: [basePath],
|
|
151
152
|
port: process.env.PORT || "auto",
|
|
152
153
|
setupMiddlewares: (middlewares, devServer) => {
|
|
154
|
+
(0, import_interceptor_middleware.addCSPNonceMiddleware)(middlewares);
|
|
153
155
|
if (devServer.app) {
|
|
154
156
|
(0, import_middlewares.setupDefaultMiddlewares)(devServer.app);
|
|
155
157
|
(0, import_appRoutes.loadRoutes)(devServer.app).then(() => {
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
const VALID_PARAMS = ["isInterceptable", "intercept", "afterSend"];
|
|
2
|
+
const validateParams = (methods) => {
|
|
3
|
+
Object.keys(methods).forEach((k) => {
|
|
4
|
+
if (VALID_PARAMS.indexOf(k) < 0) {
|
|
5
|
+
throw new Error(`${k} isn't a valid param (${VALID_PARAMS.join(", ")})`);
|
|
6
|
+
}
|
|
7
|
+
});
|
|
8
|
+
if (!("isInterceptable" in methods)) {
|
|
9
|
+
throw new Error("isInterceptable is a required param (function)");
|
|
10
|
+
}
|
|
11
|
+
};
|
|
12
|
+
const interceptorMiddleware = (fn) => (req, res, next) => {
|
|
13
|
+
const methods = fn(req, res);
|
|
14
|
+
validateParams(methods);
|
|
15
|
+
const originalEnd = res.end;
|
|
16
|
+
const originalWrite = res.write;
|
|
17
|
+
const chunks = [];
|
|
18
|
+
let isIntercepting;
|
|
19
|
+
let isFirstWrite = true;
|
|
20
|
+
function intercept(rawChunk, encoding) {
|
|
21
|
+
if (isFirstWrite) {
|
|
22
|
+
isFirstWrite = false;
|
|
23
|
+
isIntercepting = methods.isInterceptable();
|
|
24
|
+
}
|
|
25
|
+
if (isIntercepting) {
|
|
26
|
+
if (rawChunk) {
|
|
27
|
+
let tempChunk = rawChunk;
|
|
28
|
+
if (rawChunk !== null && !Buffer.isBuffer(tempChunk)) {
|
|
29
|
+
if (!encoding) {
|
|
30
|
+
tempChunk = Buffer.from(rawChunk);
|
|
31
|
+
} else {
|
|
32
|
+
tempChunk = Buffer.from(
|
|
33
|
+
rawChunk,
|
|
34
|
+
encoding
|
|
35
|
+
);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
chunks.push(tempChunk);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
return isIntercepting;
|
|
42
|
+
}
|
|
43
|
+
const newResWrite = (...args) => {
|
|
44
|
+
if (!intercept(args[0], args[1])) {
|
|
45
|
+
return originalWrite.apply(res, args);
|
|
46
|
+
}
|
|
47
|
+
return true;
|
|
48
|
+
};
|
|
49
|
+
res.write = newResWrite;
|
|
50
|
+
const afterSend = (oldBody, newBody) => {
|
|
51
|
+
if (typeof methods.afterSend === "function") {
|
|
52
|
+
process.nextTick(() => {
|
|
53
|
+
methods.afterSend?.(oldBody, newBody);
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
};
|
|
57
|
+
const newResEnd = (...args) => {
|
|
58
|
+
if (intercept(args[0], args[1])) {
|
|
59
|
+
isIntercepting = false;
|
|
60
|
+
const oldBody = Buffer.concat(chunks).toString("utf-8");
|
|
61
|
+
if (methods.intercept) {
|
|
62
|
+
if (typeof methods.intercept !== "function") {
|
|
63
|
+
throw new Error(
|
|
64
|
+
"`send` must be a function with the body to be sent as the only param"
|
|
65
|
+
);
|
|
66
|
+
}
|
|
67
|
+
res.removeHeader("Content-Length");
|
|
68
|
+
methods.intercept(oldBody, (newBody) => {
|
|
69
|
+
args[0] = newBody;
|
|
70
|
+
originalEnd.apply(res, args);
|
|
71
|
+
afterSend(oldBody, newBody);
|
|
72
|
+
});
|
|
73
|
+
} else {
|
|
74
|
+
afterSend(oldBody, oldBody);
|
|
75
|
+
originalEnd.apply(res, args);
|
|
76
|
+
}
|
|
77
|
+
} else {
|
|
78
|
+
originalEnd.apply(res, args);
|
|
79
|
+
}
|
|
80
|
+
};
|
|
81
|
+
res.end = newResEnd;
|
|
82
|
+
next();
|
|
83
|
+
};
|
|
84
|
+
const addCSPNonceMiddleware = (middlewares) => {
|
|
85
|
+
const index = middlewares.findIndex(
|
|
86
|
+
(middleware) => middleware.name === "webpack-dev-middleware"
|
|
87
|
+
);
|
|
88
|
+
middlewares.splice(index, 0, {
|
|
89
|
+
name: "csp-nonce-middleware",
|
|
90
|
+
middleware: interceptorMiddleware((req, res) => ({
|
|
91
|
+
// Only HTML responses will be intercepted
|
|
92
|
+
isInterceptable() {
|
|
93
|
+
return /text\/html/.test(res.get("Content-Type") ?? "");
|
|
94
|
+
},
|
|
95
|
+
// Appends a paragraph at the end of the response body
|
|
96
|
+
intercept(body, send) {
|
|
97
|
+
send(body.replace(/__CSP_NONCE__/g, res.locals.cspNonce));
|
|
98
|
+
}
|
|
99
|
+
}))
|
|
100
|
+
});
|
|
101
|
+
};
|
|
102
|
+
export {
|
|
103
|
+
addCSPNonceMiddleware,
|
|
104
|
+
interceptorMiddleware
|
|
105
|
+
};
|
|
@@ -6,6 +6,7 @@ import CircularDependencyPlugin from "circular-dependency-plugin";
|
|
|
6
6
|
import MiniCssExtractPlugin from "mini-css-extract-plugin";
|
|
7
7
|
import ReactRefreshWebpackPlugin from "@pmmmwh/react-refresh-webpack-plugin";
|
|
8
8
|
import expressStaticGzip from "express-static-gzip";
|
|
9
|
+
import { addCSPNonceMiddleware } from "./interceptor-middleware.js";
|
|
9
10
|
import { setupDefaultMiddlewares } from "../server/middlewares.js";
|
|
10
11
|
import { loadRoutes } from "../server/appRoutes.js";
|
|
11
12
|
import {
|
|
@@ -120,6 +121,7 @@ const devConfig = {
|
|
|
120
121
|
open: [basePath],
|
|
121
122
|
port: process.env.PORT || "auto",
|
|
122
123
|
setupMiddlewares: (middlewares, devServer) => {
|
|
124
|
+
addCSPNonceMiddleware(middlewares);
|
|
123
125
|
if (devServer.app) {
|
|
124
126
|
setupDefaultMiddlewares(devServer.app);
|
|
125
127
|
loadRoutes(devServer.app).then(() => {
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { Request, Response } from 'express';
|
|
2
|
+
import { Middleware } from 'webpack-dev-server';
|
|
3
|
+
type ReplacerFunction = (req: Request, res: Response) => {
|
|
4
|
+
isInterceptable: () => boolean;
|
|
5
|
+
intercept: (body: string, send: (body: string) => void) => void;
|
|
6
|
+
afterSend?: (oldBody: string, newBody: string) => void;
|
|
7
|
+
};
|
|
8
|
+
export declare const interceptorMiddleware: (fn: ReplacerFunction) => (req: Request, res: Response, next: () => void) => void;
|
|
9
|
+
export declare const addCSPNonceMiddleware: (middlewares: Middleware[]) => void;
|
|
10
|
+
export {};
|