@hashrytech/quick-components-kit 0.14.1 → 0.14.2

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @hashrytech/quick-components-kit
 
+## 0.14.2
+
+### Patch Changes
+
+- patch: Updating api-proxy to work with sensible defaults
+
 ## 0.14.1
 
 ### Patch Changes

package/dist/modules/api-proxy.d.ts

@@ -2,19 +2,21 @@ import type { RequestHandler } from '@sveltejs/kit';
 /**
  * Configuration interface for the reusable proxy module.
  */
-export interface ApiProxyConfig {
-    /** Your API base URL (e.g. 'https://api.example.com/v1') */
-    baseURL: string;
-    /** Allowed path prefixes for security */
-    allowedPaths: string[];
-    /** Optional extra headers to forward */
-    extraRequestHeaders?: string[];
-    /** Optional extra headers to return */
-    extraResponseHeaders?: string[];
+export interface RestApiProxyConfig {
+    /** Your API HOST URL (e.g. 'https://api.example.com') */
+    host: string;
+    /** Optional array of allowed path prefixes to restrict access to downstream paths. Example: v1/products */
+    allowedPaths?: string[];
+    /** Optional extra headers to forward from the request */
+    safeRequestHeaders?: string[];
+    /** Optional extra headers to forward in the response */
+    safeResponseHeaders?: string[];
     /** Optional function to extract token from session */
     extractToken?: (locals: App.Locals) => string | undefined;
 }
+export declare const defaultRequestHeaders: string[];
+export declare const defaultResponseHeaders: string[];
 /**
  * Creates a set of SvelteKit request handlers for proxying API calls securely.
  */
-export declare function createApiProxyHandlers(config: ApiProxyConfig): Record<string, RequestHandler>;
+export declare function createProxyHandlers(config: RestApiProxyConfig): Record<string, RequestHandler>;

package/dist/modules/api-proxy.js

@@ -1,29 +1,28 @@
 import { error } from '@sveltejs/kit';
+export const defaultRequestHeaders = ['authorization', 'content-type', 'accept', 'accept-language', 'cookie', 'x-csrftoken', 'referer', 'user-agent', 'x-requested-with'];
+export const defaultResponseHeaders = ['content-type', 'content-length', 'cache-control', 'etag'];
 /**
  * Creates a set of SvelteKit request handlers for proxying API calls securely.
  */
-export function createApiProxyHandlers(config) {
-    const safeRequestHeaders = [
-        'authorization', 'content-type', 'accept', 'accept-language',
-        'cookie', 'x-csrftoken', 'referer', 'user-agent', 'x-requested-with',
-        ...(config.extraRequestHeaders ?? [])
-    ];
-    const safeResponseHeaders = [
-        'content-type', 'content-length', 'cache-control', 'etag',
-        ...(config.extraResponseHeaders ?? [])
-    ];
+export function createProxyHandlers(config) {
     async function handler(event) {
         const path = event.params.path;
-        const search = event.url.searchParams.toString();
-        const fullPath = `/${path}${search ? `?${search}` : ''}`;
-        const isAllowed = config.allowedPaths.some((prefix) => path?.startsWith(prefix));
-        if (!isAllowed)
-            throw error(403, 'Forbidden: This API path is not allowed.');
-        const url = `${config.baseURL}${fullPath}`;
-        const headers = new Headers();
-        for (const [key, value] of event.request.headers) {
-            if (safeRequestHeaders.includes(key.toLowerCase()) && value != null) {
-                headers.set(key, value);
+        const queryString = event.url.searchParams.toString();
+        const fullPath = `/${path}${queryString ? `?${queryString}` : ''}`;
+        const url = `${config.host}${fullPath}`;
+        // Validate the path against allowed prefixes if specified
+        if (config.allowedPaths && config.allowedPaths.length > 0) {
+            const isAllowed = config.allowedPaths.some((prefix) => path?.startsWith(prefix));
+            if (!isAllowed)
+                throw error(403, 'Forbidden: This API path is not allowed.');
+        }
+        let headers = new Headers(event.request.headers);
+        if (config.safeRequestHeaders && config.safeRequestHeaders.length > 0) {
+            headers = new Headers();
+            for (const [key, value] of event.request.headers) {
+                if (defaultRequestHeaders.includes(key.toLowerCase()) && value != null) {
+                    headers.set(key, value);
+                }
             }
         }
         const token = config.extractToken?.(event.locals);
@@ -36,16 +35,21 @@ export function createApiProxyHandlers(config) {
                 ? await event.request.clone().arrayBuffer()
                 : undefined
         });
-        const responseHeaders = new Headers();
-        for (const [key, value] of proxyResponse.headers) {
-            if (safeResponseHeaders.includes(key.toLowerCase()) && value != null) {
-                responseHeaders.set(key, value);
+        if (config.safeResponseHeaders && config.safeResponseHeaders.length > 0) {
+            const responseHeaders = new Headers();
+            for (const [key, value] of proxyResponse.headers) {
+                if (config.safeResponseHeaders.includes(key.toLowerCase()) && value != null) {
+                    responseHeaders.set(key, value);
+                }
             }
+            return new Response(proxyResponse.body, {
+                status: proxyResponse.status,
+                headers: responseHeaders
+            });
+        }
+        else {
+            return proxyResponse;
         }
-        return new Response(proxyResponse.body, {
-            status: proxyResponse.status,
-            headers: responseHeaders
-        });
     }
     return {
         GET: handler,

package/package.json

@@ -5,7 +5,7 @@
     "type": "git",
     "url": "git+https://github.com/hashrytech/quick-components-kit.git"
   },
-  "version": "0.14.1",
+  "version": "0.14.2",
   "license": "MIT",
   "author": "Hashry Tech",
   "files": [