@hunsu/bridge 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +3 -3
- package/package.json +3 -3
- package/src/index.ts +3 -3
package/dist/index.js
CHANGED
|
@@ -167,7 +167,7 @@ function createStudioServerSecurity(options, runtimeConfig) {
|
|
|
167
167
|
allowNoOrigin: options?.allowNoOrigin ?? true
|
|
168
168
|
};
|
|
169
169
|
}
|
|
170
|
-
function evaluateStudioRequestSecurity(request, url, security) {
|
|
170
|
+
function evaluateStudioRequestSecurity(request, url, security, options = {}) {
|
|
171
171
|
const origin = requestHeader(request, "origin");
|
|
172
172
|
const corsHeaders = corsHeadersForOrigin(origin, security);
|
|
173
173
|
if (origin && corsHeaders === undefined) {
|
|
@@ -187,7 +187,7 @@ function evaluateStudioRequestSecurity(request, url, security) {
|
|
|
187
187
|
};
|
|
188
188
|
}
|
|
189
189
|
const headers = corsHeaders ?? baseCorsHeaders();
|
|
190
|
-
if (security.authToken && !isPublicBridgeRequest(url) && !hasValidBridgeApiToken(request, url, security.authToken)) {
|
|
190
|
+
if (!options.skipAuth && security.authToken && !isPublicBridgeRequest(url) && !hasValidBridgeApiToken(request, url, security.authToken)) {
|
|
191
191
|
return {
|
|
192
192
|
allowed: false,
|
|
193
193
|
status: 401,
|
|
@@ -666,7 +666,7 @@ export function createStudioServer(options = {}) {
|
|
|
666
666
|
try {
|
|
667
667
|
const url = new URL(request.url ?? "/", "http://localhost");
|
|
668
668
|
const pathname = url.pathname;
|
|
669
|
-
const requestSecurity = evaluateStudioRequestSecurity(request, url, security);
|
|
669
|
+
const requestSecurity = evaluateStudioRequestSecurity(request, url, security, { skipAuth: request.method === "OPTIONS" });
|
|
670
670
|
responseSecurityHeaders.set(response, requestSecurity.corsHeaders);
|
|
671
671
|
if (request.method === "OPTIONS") {
|
|
672
672
|
sendJson(response, requestSecurity.allowed ? 204 : requestSecurity.status ?? 403, requestSecurity.allowed ? {} : { error: requestSecurity.error ?? "Origin is not allowed." });
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hunsu/bridge",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"private": false,
|
|
5
5
|
"description": "Hunsu Bridge localhost runtime and Studio API server.",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -29,9 +29,9 @@
|
|
|
29
29
|
"dependencies": {
|
|
30
30
|
"@hunsu/codex-runner": "0.1.1",
|
|
31
31
|
"@hunsu/core": "0.1.1",
|
|
32
|
+
"@hunsu/config": "0.1.1",
|
|
32
33
|
"@hunsu/protocol": "0.1.1",
|
|
33
|
-
"@hunsu/protocol-registry": "0.1.1"
|
|
34
|
-
"@hunsu/config": "0.1.1"
|
|
34
|
+
"@hunsu/protocol-registry": "0.1.1"
|
|
35
35
|
},
|
|
36
36
|
"scripts": {
|
|
37
37
|
"dev": "node --watch src/index.ts",
|
package/src/index.ts
CHANGED
|
@@ -1170,7 +1170,7 @@ function createStudioServerSecurity(options: StudioServerSecurityOptions | undef
|
|
|
1170
1170
|
};
|
|
1171
1171
|
}
|
|
1172
1172
|
|
|
1173
|
-
function evaluateStudioRequestSecurity(request: IncomingMessage, url: URL, security: StudioServerSecurity): StudioRequestSecurity {
|
|
1173
|
+
function evaluateStudioRequestSecurity(request: IncomingMessage, url: URL, security: StudioServerSecurity, options: { skipAuth?: boolean } = {}): StudioRequestSecurity {
|
|
1174
1174
|
const origin = requestHeader(request, "origin");
|
|
1175
1175
|
const corsHeaders = corsHeadersForOrigin(origin, security);
|
|
1176
1176
|
if (origin && corsHeaders === undefined) {
|
|
@@ -1190,7 +1190,7 @@ function evaluateStudioRequestSecurity(request: IncomingMessage, url: URL, secur
|
|
|
1190
1190
|
};
|
|
1191
1191
|
}
|
|
1192
1192
|
const headers = corsHeaders ?? baseCorsHeaders();
|
|
1193
|
-
if (security.authToken && !isPublicBridgeRequest(url) && !hasValidBridgeApiToken(request, url, security.authToken)) {
|
|
1193
|
+
if (!options.skipAuth && security.authToken && !isPublicBridgeRequest(url) && !hasValidBridgeApiToken(request, url, security.authToken)) {
|
|
1194
1194
|
return {
|
|
1195
1195
|
allowed: false,
|
|
1196
1196
|
status: 401,
|
|
@@ -1700,7 +1700,7 @@ export function createStudioServer(options: StudioServerOptions = {}) {
|
|
|
1700
1700
|
try {
|
|
1701
1701
|
const url = new URL(request.url ?? "/", "http://localhost");
|
|
1702
1702
|
const pathname = url.pathname;
|
|
1703
|
-
const requestSecurity = evaluateStudioRequestSecurity(request, url, security);
|
|
1703
|
+
const requestSecurity = evaluateStudioRequestSecurity(request, url, security, { skipAuth: request.method === "OPTIONS" });
|
|
1704
1704
|
responseSecurityHeaders.set(response, requestSecurity.corsHeaders);
|
|
1705
1705
|
if (request.method === "OPTIONS") {
|
|
1706
1706
|
sendJson(response, requestSecurity.allowed ? 204 : requestSecurity.status ?? 403, requestSecurity.allowed ? {} : { error: requestSecurity.error ?? "Origin is not allowed." });
|