@hashrytech/quick-components-kit 0.14.1 → 0.14.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/modules/api-proxy.d.ts +16 -10
- package/dist/modules/api-proxy.js +37 -28
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @hashrytech/quick-components-kit
|
|
2
2
|
|
|
3
|
+
## 0.14.3
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- patch: Adding debug and append slash to proxy
|
|
8
|
+
|
|
9
|
+
## 0.14.2
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- patch: Updating api-proxy to work with sensible defaults
|
|
14
|
+
|
|
3
15
|
## 0.14.1
|
|
4
16
|
|
|
5
17
|
### Patch Changes
|
|
@@ -2,19 +2,25 @@ import type { RequestHandler } from '@sveltejs/kit';
|
|
|
2
2
|
/**
|
|
3
3
|
* Configuration interface for the reusable proxy module.
|
|
4
4
|
*/
|
|
5
|
-
export interface
|
|
6
|
-
/** Your API
|
|
7
|
-
|
|
8
|
-
/**
|
|
9
|
-
|
|
10
|
-
/** Optional
|
|
11
|
-
|
|
12
|
-
/** Optional extra headers to
|
|
13
|
-
|
|
5
|
+
export interface RestApiProxyConfig {
|
|
6
|
+
/** Your API HOST URL (e.g. 'https://api.example.com') */
|
|
7
|
+
host: string;
|
|
8
|
+
/** Optional flag to append a trailing slash to the path */
|
|
9
|
+
appendSlash?: boolean;
|
|
10
|
+
/** Optional array of allowed path prefixes to restrict access to downstream paths. Example: v1/products */
|
|
11
|
+
allowedPaths?: string[];
|
|
12
|
+
/** Optional extra headers to forward from the request */
|
|
13
|
+
safeRequestHeaders?: string[];
|
|
14
|
+
/** Optional extra headers to forward in the response */
|
|
15
|
+
safeResponseHeaders?: string[];
|
|
14
16
|
/** Optional function to extract token from session */
|
|
15
17
|
extractToken?: (locals: App.Locals) => string | undefined;
|
|
18
|
+
/** Optional flag to enable debug logging */
|
|
19
|
+
debug?: boolean;
|
|
16
20
|
}
|
|
21
|
+
export declare const defaultRequestHeaders: string[];
|
|
22
|
+
export declare const defaultResponseHeaders: string[];
|
|
17
23
|
/**
|
|
18
24
|
* Creates a set of SvelteKit request handlers for proxying API calls securely.
|
|
19
25
|
*/
|
|
20
|
-
export declare function
|
|
26
|
+
export declare function createProxyHandlers(config: RestApiProxyConfig): Record<string, RequestHandler>;
|
|
@@ -1,29 +1,33 @@
|
|
|
1
1
|
import { error } from '@sveltejs/kit';
|
|
2
|
+
export const defaultRequestHeaders = ['authorization', 'content-type', 'accept', 'accept-language', 'cookie', 'x-csrftoken', 'referer', 'user-agent', 'x-requested-with'];
|
|
3
|
+
export const defaultResponseHeaders = ['content-type', 'content-length', 'cache-control', 'etag'];
|
|
2
4
|
/**
|
|
3
5
|
* Creates a set of SvelteKit request handlers for proxying API calls securely.
|
|
4
6
|
*/
|
|
5
|
-
export function
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
'cookie', 'x-csrftoken', 'referer', 'user-agent', 'x-requested-with',
|
|
9
|
-
...(config.extraRequestHeaders ?? [])
|
|
10
|
-
];
|
|
11
|
-
const safeResponseHeaders = [
|
|
12
|
-
'content-type', 'content-length', 'cache-control', 'etag',
|
|
13
|
-
...(config.extraResponseHeaders ?? [])
|
|
14
|
-
];
|
|
7
|
+
export function createProxyHandlers(config) {
|
|
8
|
+
if (config.debug)
|
|
9
|
+
console.debug("Creating proxy handlers with config:", config);
|
|
15
10
|
async function handler(event) {
|
|
16
11
|
const path = event.params.path;
|
|
17
|
-
const
|
|
18
|
-
const
|
|
19
|
-
const
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
12
|
+
const queryString = event.url.searchParams.toString();
|
|
13
|
+
const slash = config.appendSlash ? '/' : '';
|
|
14
|
+
const fullPath = `/${path}${slash}${queryString ? `?${queryString}` : ''}`;
|
|
15
|
+
const url = `${config.host}${fullPath}`;
|
|
16
|
+
if (config.debug)
|
|
17
|
+
console.debug(`Proxying request to: ${url}`);
|
|
18
|
+
// Validate the path against allowed prefixes if specified
|
|
19
|
+
if (config.allowedPaths && config.allowedPaths.length > 0) {
|
|
20
|
+
const isAllowed = config.allowedPaths.some((prefix) => path?.startsWith(prefix));
|
|
21
|
+
if (!isAllowed)
|
|
22
|
+
throw error(403, 'Forbidden: This proxy API path is not allowed.');
|
|
23
|
+
}
|
|
24
|
+
let headers = new Headers(event.request.headers);
|
|
25
|
+
if (config.safeRequestHeaders && config.safeRequestHeaders.length > 0) {
|
|
26
|
+
headers = new Headers();
|
|
27
|
+
for (const [key, value] of event.request.headers) {
|
|
28
|
+
if (defaultRequestHeaders.includes(key.toLowerCase()) && value != null) {
|
|
29
|
+
headers.set(key, value);
|
|
30
|
+
}
|
|
27
31
|
}
|
|
28
32
|
}
|
|
29
33
|
const token = config.extractToken?.(event.locals);
|
|
@@ -36,16 +40,21 @@ export function createApiProxyHandlers(config) {
|
|
|
36
40
|
? await event.request.clone().arrayBuffer()
|
|
37
41
|
: undefined
|
|
38
42
|
});
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
+
if (config.safeResponseHeaders && config.safeResponseHeaders.length > 0) {
|
|
44
|
+
const responseHeaders = new Headers();
|
|
45
|
+
for (const [key, value] of proxyResponse.headers) {
|
|
46
|
+
if (config.safeResponseHeaders.includes(key.toLowerCase()) && value != null) {
|
|
47
|
+
responseHeaders.set(key, value);
|
|
48
|
+
}
|
|
43
49
|
}
|
|
50
|
+
return new Response(proxyResponse.body, {
|
|
51
|
+
status: proxyResponse.status,
|
|
52
|
+
headers: responseHeaders
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
return proxyResponse;
|
|
44
57
|
}
|
|
45
|
-
return new Response(proxyResponse.body, {
|
|
46
|
-
status: proxyResponse.status,
|
|
47
|
-
headers: responseHeaders
|
|
48
|
-
});
|
|
49
58
|
}
|
|
50
59
|
return {
|
|
51
60
|
GET: handler,
|