@hashrytech/quick-components-kit 0.14.0 → 0.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/dist/modules/api-client.js +6 -6
  3. package/dist/modules/api-proxy.d.ts +12 -10
  4. package/dist/modules/api-proxy.js +32 -28
  5. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @hashrytech/quick-components-kit
2
2
 
3
+ ## 0.14.2
4
+
5
+ ### Patch Changes
6
+
7
+ - patch: Updating api-proxy to work with sensible defaults
8
+
9
+ ## 0.14.1
10
+
11
+ ### Patch Changes
12
+
13
+ - fix: fix for sending requests without a baseurl
14
+
3
15
  ## 0.14.0
4
16
 
5
17
  ### Minor Changes
package/dist/modules/api-client.js CHANGED
@@ -97,7 +97,7 @@ export class ApiClient {
97
97
  * @returns A processed `Request` object ready for `fetch`.
98
98
  */
99
99
  async processRequest(endpoint, method, body, options) {
100
- const url = new URL(endpoint, this.baseURL); // Resolve endpoint relative to baseURL
100
+ const url = this.baseURL ? new URL(endpoint, this.baseURL).toString() : endpoint; // Resolve endpoint relative to baseURL
101
101
  const requestHeaders = new Headers(this.defaultHeaders);
102
102
  // Merge custom headers from options using Headers constructor for robustness
103
103
  if (options.headers) {
@@ -133,7 +133,7 @@ export class ApiClient {
133
133
  processedBody = body;
134
134
  }
135
135
  }
136
- let request = new Request(url.toString(), {
136
+ let request = new Request(url, {
137
137
  method: method,
138
138
  headers: requestHeaders,
139
139
  body: processedBody,
@@ -176,11 +176,11 @@ export class ApiClient {
176
176
  }
177
177
  switch (options.responseType) {
178
178
  case 'text':
179
- return (await response.text());
179
+ return await response.text();
180
180
  case 'blob':
181
- return (await response.blob());
181
+ return await response.blob();
182
182
  case 'arrayBuffer':
183
- return (await response.arrayBuffer());
183
+ return await response.arrayBuffer();
184
184
  case 'raw': return response;
185
185
  case 'json':
186
186
  default:
@@ -189,7 +189,7 @@ export class ApiClient {
189
189
  return {}; // Return an empty object for no content
190
190
  }
191
191
  try {
192
- return (await response.json());
192
+ return await response.json();
193
193
  }
194
194
  catch {
195
195
  throw new Error('Failed to parse response as JSON. Response was OK, but not valid JSON.');
package/dist/modules/api-proxy.d.ts CHANGED
@@ -2,19 +2,21 @@ import type { RequestHandler } from '@sveltejs/kit';
2
2
  /**
3
3
  * Configuration interface for the reusable proxy module.
4
4
  */
5
- export interface ApiProxyConfig {
6
- /** Your API base URL (e.g. 'https://api.example.com/v1') */
7
- baseURL: string;
8
- /** Allowed path prefixes for security */
9
- allowedPaths: string[];
10
- /** Optional extra headers to forward */
11
- extraRequestHeaders?: string[];
12
- /** Optional extra headers to return */
13
- extraResponseHeaders?: string[];
5
+ export interface RestApiProxyConfig {
6
+ /** Your API HOST URL (e.g. 'https://api.example.com') */
7
+ host: string;
8
+ /** Optional array of allowed path prefixes to restrict access to downstream paths. Example: v1/products */
9
+ allowedPaths?: string[];
10
+ /** Optional extra headers to forward from the request */
11
+ safeRequestHeaders?: string[];
12
+ /** Optional extra headers to forward in the response */
13
+ safeResponseHeaders?: string[];
14
14
  /** Optional function to extract token from session */
15
15
  extractToken?: (locals: App.Locals) => string | undefined;
16
16
  }
17
+ export declare const defaultRequestHeaders: string[];
18
+ export declare const defaultResponseHeaders: string[];
17
19
  /**
18
20
  * Creates a set of SvelteKit request handlers for proxying API calls securely.
19
21
  */
20
- export declare function createApiProxyHandlers(config: ApiProxyConfig): Record<string, RequestHandler>;
22
+ export declare function createProxyHandlers(config: RestApiProxyConfig): Record<string, RequestHandler>;
package/dist/modules/api-proxy.js CHANGED
@@ -1,29 +1,28 @@
1
1
  import { error } from '@sveltejs/kit';
2
+ export const defaultRequestHeaders = ['authorization', 'content-type', 'accept', 'accept-language', 'cookie', 'x-csrftoken', 'referer', 'user-agent', 'x-requested-with'];
3
+ export const defaultResponseHeaders = ['content-type', 'content-length', 'cache-control', 'etag'];
2
4
  /**
3
5
  * Creates a set of SvelteKit request handlers for proxying API calls securely.
4
6
  */
5
- export function createApiProxyHandlers(config) {
6
- const safeRequestHeaders = [
7
- 'authorization', 'content-type', 'accept', 'accept-language',
8
- 'cookie', 'x-csrftoken', 'referer', 'user-agent', 'x-requested-with',
9
- ...(config.extraRequestHeaders ?? [])
10
- ];
11
- const safeResponseHeaders = [
12
- 'content-type', 'content-length', 'cache-control', 'etag',
13
- ...(config.extraResponseHeaders ?? [])
14
- ];
7
+ export function createProxyHandlers(config) {
15
8
  async function handler(event) {
16
9
  const path = event.params.path;
17
- const search = event.url.searchParams.toString();
18
- const fullPath = `/${path}${search ? `?${search}` : ''}`;
19
- const isAllowed = config.allowedPaths.some((prefix) => path?.startsWith(prefix));
20
- if (!isAllowed)
21
- throw error(403, 'Forbidden: This API path is not allowed.');
22
- const url = `${config.baseURL}${fullPath}`;
23
- const headers = new Headers();
24
- for (const [key, value] of event.request.headers) {
25
- if (safeRequestHeaders.includes(key.toLowerCase()) && value != null) {
26
- headers.set(key, value);
10
+ const queryString = event.url.searchParams.toString();
11
+ const fullPath = `/${path}${queryString ? `?${queryString}` : ''}`;
12
+ const url = `${config.host}${fullPath}`;
13
+ // Validate the path against allowed prefixes if specified
14
+ if (config.allowedPaths && config.allowedPaths.length > 0) {
15
+ const isAllowed = config.allowedPaths.some((prefix) => path?.startsWith(prefix));
16
+ if (!isAllowed)
17
+ throw error(403, 'Forbidden: This API path is not allowed.');
18
+ }
19
+ let headers = new Headers(event.request.headers);
20
+ if (config.safeRequestHeaders && config.safeRequestHeaders.length > 0) {
21
+ headers = new Headers();
22
+ for (const [key, value] of event.request.headers) {
23
+ if (defaultRequestHeaders.includes(key.toLowerCase()) && value != null) {
24
+ headers.set(key, value);
25
+ }
27
26
  }
28
27
  }
29
28
  const token = config.extractToken?.(event.locals);
@@ -36,16 +35,21 @@ export function createApiProxyHandlers(config) {
36
35
  ? await event.request.clone().arrayBuffer()
37
36
  : undefined
38
37
  });
39
- const responseHeaders = new Headers();
40
- for (const [key, value] of proxyResponse.headers) {
41
- if (safeResponseHeaders.includes(key.toLowerCase()) && value != null) {
42
- responseHeaders.set(key, value);
38
+ if (config.safeResponseHeaders && config.safeResponseHeaders.length > 0) {
39
+ const responseHeaders = new Headers();
40
+ for (const [key, value] of proxyResponse.headers) {
41
+ if (config.safeResponseHeaders.includes(key.toLowerCase()) && value != null) {
42
+ responseHeaders.set(key, value);
43
+ }
43
44
  }
45
+ return new Response(proxyResponse.body, {
46
+ status: proxyResponse.status,
47
+ headers: responseHeaders
48
+ });
49
+ }
50
+ else {
51
+ return proxyResponse;
44
52
  }
45
- return new Response(proxyResponse.body, {
46
- status: proxyResponse.status,
47
- headers: responseHeaders
48
- });
49
53
  }
50
54
  return {
51
55
  GET: handler,
package/package.json CHANGED
@@ -5,7 +5,7 @@
5
5
  "type": "git",
6
6
  "url": "git+https://github.com/hashrytech/quick-components-kit.git"
7
7
  },
8
- "version": "0.14.0",
8
+ "version": "0.14.2",
9
9
  "license": "MIT",
10
10
  "author": "Hashry Tech",
11
11
  "files": [