@forge/api 6.4.2-next.0-experimental-0c74a4b → 6.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +17 -2
  2. package/out/api/permissions.d.ts.map +1 -1
  3. package/out/api/permissions.js +10 -14
  4. package/package.json +4 -5
package/CHANGELOG.md CHANGED
@@ -1,12 +1,27 @@
1
1
  # @forge/api
2
2
 
3
- ## 6.4.2-next.0-experimental-0c74a4b
3
+ ## 6.4.2
4
4
 
5
5
  ### Patch Changes
6
6
 
7
+ - 16e7d61: Fixed bug when doing checking for CSPs
8
+ - Updated dependencies [10f70c2]
7
9
  - Updated dependencies [cd0a085]
10
+ - Updated dependencies [16e7d61]
11
+ - Updated dependencies [f7c9fcc]
12
+ - Updated dependencies [b799627]
13
+ - Updated dependencies [29aa91c]
8
14
  - Updated dependencies [8b66e6f]
9
- - @forge/manifest@11.3.1-next.1-experimental-0c74a4b
15
+ - @forge/manifest@11.3.1
16
+ - @forge/egress@2.3.1
17
+
18
+ ## 6.4.2-next.1
19
+
20
+ ### Patch Changes
21
+
22
+ - 16e7d61: Fixed bug when doing checking for CSPs
23
+ - Updated dependencies [16e7d61]
24
+ - @forge/egress@2.3.1-next.0
10
25
 
11
26
  ## 6.4.2-next.0
12
27
 
package/out/api/permissions.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/api/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,sBAAsB,EAAE,kBAAkB,EAAgB,MAAM,WAAW,CAAC;AAGpG,OAAO,EAAU,QAAQ,EAAS,MAAM,iBAAiB,CAAC;AAM1D,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAQ/F;AA8BD,YAAY,EAAE,sBAAsB,EAAE,CAAC;AAKvC,YAAY,EAAE,kBAAkB,EAAE,CAAC;AAOnC,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAsMD,eAAO,MAAM,aAAa,iBAAkB,QAAQ,sBAAsB,CAAC,KAAG,gBAE7E,CAAC;AAiEF,eAAO,MAAM,QAAQ,UAAW,MAAM,KAAG,OAKxC,CAAC;AAyBF,eAAO,MAAM,YAAY,SAAU,SAAS,GAAG,QAAQ,OAAO,MAAM,KAAG,OAKtE,CAAC;AAyBF,eAAO,MAAM,eAAe,SAAU,QAAQ,MAAM,QAAQ,EAAE,OAAO,CAAC,OAAO,MAAM,KAAG,OAKrF,CAAC;AAKF,eAAO,MAAM,WAAW;kCAzIoB,QAAQ,sBAAsB,CAAC,KAAG,gBAAgB;sBAmE9D,MAAM,KAAG,OAAO;yBA8Bb,SAAS,GAAG,QAAQ,OAAO,MAAM,KAAG,OAAO;4BA8BxC,QAAQ,MAAM,QAAQ,EAAE,OAAO,CAAC,OAAO,MAAM,KAAG,OAAO;CAe5F,CAAC"}
1
+ {"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/api/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,sBAAsB,EAAE,kBAAkB,EAAgB,MAAM,WAAW,CAAC;AAEpG,OAAO,EAAU,QAAQ,EAAS,MAAM,iBAAiB,CAAC;AAM1D,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAQ/F;AAeD,YAAY,EAAE,sBAAsB,EAAE,CAAC;AAKvC,YAAY,EAAE,kBAAkB,EAAE,CAAC;AAOnC,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAmND,eAAO,MAAM,aAAa,iBAAkB,QAAQ,sBAAsB,CAAC,KAAG,gBAE7E,CAAC;AAiEF,eAAO,MAAM,QAAQ,UAAW,MAAM,KAAG,OAKxC,CAAC;AAyBF,eAAO,MAAM,YAAY,SAAU,SAAS,GAAG,QAAQ,OAAO,MAAM,KAAG,OAKtE,CAAC;AAyBF,eAAO,MAAM,eAAe,SAAU,QAAQ,MAAM,QAAQ,EAAE,OAAO,CAAC,OAAO,MAAM,KAAG,OAKrF,CAAC;AAKF,eAAO,MAAM,WAAW;kCAzIoB,QAAQ,sBAAsB,CAAC,KAAG,gBAAgB;sBAmE9D,MAAM,KAAG,OAAO;yBA8Bb,SAAS,GAAG,QAAQ,OAAO,MAAM,KAAG,OAAO;4BA8BxC,QAAQ,MAAM,QAAQ,EAAE,OAAO,CAAC,OAAO,MAAM,KAAG,OAAO;CAe5F,CAAC"}
package/out/api/permissions.js CHANGED
@@ -3,7 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.permissions = exports.canLoadResource = exports.canFetchFrom = exports.hasScope = exports.hasPermission = exports.extractUrlString = void 0;
4
4
  const runtime_1 = require("./runtime");
5
5
  const errors_1 = require("./errors");
6
- const minimatch_1 = require("minimatch");
7
6
  const egress_1 = require("@forge/egress");
8
7
  function extractUrlString(url) {
9
8
  if (typeof url === 'string') {
@@ -15,10 +14,6 @@ function extractUrlString(url) {
15
14
  return url.remote;
16
15
  }
17
16
  exports.extractUrlString = extractUrlString;
18
- function normalizeUrl(url) {
19
- const { protocol, hostname } = (0, egress_1.parseUrl)(url);
20
- return `${protocol}//${hostname}`;
21
- }
22
17
  function wrapInSyncMetrics(options, cb) {
23
18
  const metrics = (0, runtime_1.__getRuntime)().metrics;
24
19
  metrics.counter(options.name, options.tags).incr();
@@ -37,14 +32,15 @@ const getMissingScopes = (requiredScopes, currentlyGrantedScopes) => {
37
32
  }
38
33
  return undefined;
39
34
  };
40
- const getMissingUrls = (requiredUrls, currentlyGrantedUrls) => {
35
+ const getMissingUrls = (requiredUrls, currentlyGrantedUrls, useCSP) => {
36
+ const allowList = currentlyGrantedUrls.map((url) => extractUrlString(url));
37
+ const egressFilter = new egress_1.EgressFilteringService(allowList);
41
38
  const missingUrls = requiredUrls.filter((requiredUrl) => {
42
- const normalizedRequiredUrl = normalizeUrl(extractUrlString(requiredUrl));
43
- const isUrlAlreadyGranted = currentlyGrantedUrls.some((currentGrantedUrl) => {
44
- const normalizedGrantedUrl = normalizeUrl(extractUrlString(currentGrantedUrl));
45
- return (0, minimatch_1.minimatch)(normalizedRequiredUrl, normalizedGrantedUrl);
46
- });
47
- return !isUrlAlreadyGranted;
39
+ const urlString = extractUrlString(requiredUrl);
40
+ if (useCSP) {
41
+ return !egressFilter.isValidUrlCSP(urlString);
42
+ }
43
+ return !egressFilter.isValidUrl(urlString);
48
44
  });
49
45
  return missingUrls;
50
46
  };
@@ -86,7 +82,7 @@ const getMissingFetchPermissions = (requiredFetch, currentlyGrantedFetch) => {
86
82
  const requiredUrls = requiredFetch[fetchType];
87
83
  if (!requiredUrls || !Array.isArray(requiredUrls) || requiredUrls.length === 0)
88
84
  return;
89
- const missingUrls = getMissingUrls(requiredUrls, currentlyGrantedFetch?.[fetchType] ?? []);
85
+ const missingUrls = getMissingUrls(requiredUrls, currentlyGrantedFetch?.[fetchType] ?? [], fetchType === 'client');
90
86
  if (missingUrls.length) {
91
87
  missingFetch[fetchType] = missingUrls.map(extractUrlString);
92
88
  }
@@ -110,7 +106,7 @@ const getMissingExternalPermissions = (requiredExternal, currentGrantedExternal)
110
106
  if (!externalUrls || !Array.isArray(externalUrls) || externalUrls.length === 0) {
111
107
  return;
112
108
  }
113
- const missingUrls = getMissingUrls(externalUrls, currentGrantedExternal[type] || []);
109
+ const missingUrls = getMissingUrls(externalUrls, currentGrantedExternal[type] || [], true);
114
110
  if (missingUrls.length > 0) {
115
111
  if (!missingExternal) {
116
112
  missingExternal = {};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/api",
3
- "version": "6.4.2-next.0-experimental-0c74a4b",
3
+ "version": "6.4.2",
4
4
  "description": "Forge API methods",
5
5
  "author": "Atlassian",
6
6
  "license": "SEE LICENSE IN LICENSE.txt",
@@ -26,12 +26,11 @@
26
26
  },
27
27
  "dependencies": {
28
28
  "@forge/auth": "0.0.9",
29
- "@forge/egress": "2.3.0",
29
+ "@forge/egress": "2.3.1",
30
30
  "@forge/i18n": "0.0.7",
31
- "@forge/manifest": "^11.3.1-next.1-experimental-0c74a4b",
31
+ "@forge/manifest": "^11.3.1",
32
32
  "@forge/storage": "2.0.3",
33
- "headers-utils": "^3.0.2",
34
- "minimatch": "^9.0.5"
33
+ "headers-utils": "^3.0.2"
35
34
  },
36
35
  "publishConfig": {
37
36
  "registry": "https://packages.atlassian.com/api/npm/npm-public/"