npm - @interopio/gateway-server - Versions diffs - 0.8.1-beta.2 → 0.9.0-beta.0 - Mend

@interopio/gateway-server 0.8.1-beta.2 → 0.9.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/changelog.md CHANGED Viewed

@@ -2,6 +2,14 @@
 # Change Log
+## 0.9.0-beta.0 (2025-09-02)
+### Added
+- allow disabling cors protocol handling via config
+### Fixed
+- cors config source autoconfiguration (match only by path to properly handle preflight requests)
 ## 0.8.1-beta.2 (2025-08-27)
 ### Changed

package/dist/index.cjs CHANGED Viewed

@@ -44,7 +44,7 @@ var import_node_http2 = __toESM(require("node:http"), 1);
 var import_node_https = __toESM(require("node:https"), 1);
 var import_node_fs = require("node:fs");
 var import_node_async_hooks4 = require("node:async_hooks");
-var import_gateway6 = require("@interopio/gateway");
+var import_gateway7 = require("@interopio/gateway");
 // src/logger.ts
 var import_gateway = require("@interopio/gateway");
@@ -1402,14 +1402,15 @@ upgradeMatcher.toString = () => "websocket upgrade";
 // src/app/route.ts
 var import_gateway4 = require("@interopio/gateway");
 async function configure(app, config, routes) {
-  const applyCors = (matcher, requestMethod, options) => {
+  const applyCors = (request, options) => {
     if (options?.cors) {
       const cors = options.cors === true ? {
         allowOrigins: options.origins?.allow?.map(import_gateway4.IOGateway.Filtering.regexify),
-        allowMethods: requestMethod == void 0 ? void 0 : [requestMethod],
-        allowCredentials: options.authorize?.access !== "permitted"
+        allowMethods: request.method === void 0 ? ["*"] : [request.method],
+        allowCredentials: options.authorize?.access !== "permitted" ? true : void 0
       } : options.cors;
-      routes.cors.push([matcher, cors]);
+      const path = request.path;
+      routes.cors.push([path, cors]);
     }
   };
   const configurer = new class {
@@ -1419,7 +1420,7 @@ async function configure(app, config, routes) {
         if (options?.authorize) {
           routes.authorize.push([matcher, options.authorize]);
         }
-        applyCors(matcher, request.method, options);
+        applyCors(request, options);
         const middleware = async (exchange, next) => {
           const { match: match2, variables } = await matcher(exchange);
           if (match2) {
@@ -1752,210 +1753,62 @@ var matchingCorsConfigSource = (opts) => {
   };
 };
-// src/mock/server/exchange.ts
-var import_web = __toESM(require("node:stream/web"), 1);
-var MockServerHttpRequest = class extends AbstractHttpRequest {
-  #url;
-  #body;
-  upgrade = false;
-  constructor(url, method) {
-    super(new MapHttpHeaders());
-    if (typeof url === "string") {
-      if (URL.canParse(url)) {
-        url = new URL(url);
-      } else if (URL.canParse(url, "http://localhost")) {
-        url = new URL(url, "http://localhost");
-      } else {
-        throw new TypeError("URL cannot parse url");
-      }
-    }
-    this.#url = url;
-    this.method = method ?? "GET";
-    this.setHeader("Host", this.#url.hostname);
-    this.path = this.#url.pathname ?? "/";
-  }
-  method;
-  path;
-  get host() {
-    return super.parseHost(this.#url.host);
-  }
-  get protocol() {
-    return super.parseProtocol(this.#url.protocol.slice(0, -1));
-  }
-  get body() {
-    if (this.#body !== void 0) {
-      const blob = this.#body;
-      const asyncIterator = async function* () {
-        const bytes = await blob.bytes();
-        yield bytes;
-      }();
-      return import_web.default.ReadableStream.from(asyncIterator);
-    }
-  }
-  blob() {
-    const body = this.#body;
-    return body ? Promise.resolve(body) : Promise.reject(new Error(`no body set`));
-  }
-  async text() {
-    const blob = await this.blob();
-    return await blob.text();
-  }
-  async formData() {
-    const blob = await this.blob();
-    const text = await blob.text();
-    return new URLSearchParams(text);
-  }
-  async json() {
-    const blob = await this.blob();
-    if (blob.size === 0) {
-      return void 0;
-    }
-    const text = await blob.text();
-    return JSON.parse(text);
-  }
-  async writeBody(body) {
-    if (body === void 0) {
-      this.#body = new Blob([]);
-      return;
-    }
-    if (body instanceof ReadableStream) {
-      const chunks = [];
-      const reader = body.getReader();
-      let done = false;
-      while (!done) {
-        const { value, done: readDone } = await reader.read();
-        if (readDone) {
-          done = true;
-        } else {
-          chunks.push(value);
-        }
-      }
-      this.#body = new Blob(chunks);
-    } else {
-      body = await body;
-      if (typeof body === "string") {
-        this.#body = new Blob([body], { type: "text/plain" });
-      } else {
-        this.#body = new Blob([body]);
-      }
-    }
-    if (!this.headers.has("content-type")) {
-      this.setHeader("Content-Type", this.#body.type || "application/octet-stream");
-    }
-  }
-  get URL() {
-    return new URL(this.path + this.#url.search + this.#url.hash, `${this.protocol}://${this.host}`);
-  }
-  addHeader(name, value) {
-    this.headers.add(name, value);
-    return this;
-  }
-  setHeader(name, value) {
-    this.headers.set(name, value);
-    return this;
-  }
-};
-var MockServerHttpResponse = class extends AbstractServerHttpResponse {
-  #writeHandler;
-  #body = () => {
-    throw new Error("No content was written to the response body nor end was called on this response.");
-  };
-  constructor() {
-    super(new MapHttpHeaders());
-    this.#writeHandler = async (body) => {
-      const chunks = [];
-      let bodyStream;
-      this.#body = () => {
-        bodyStream ??= import_web.default.ReadableStream.from(chunks);
-        return bodyStream;
-      };
-      const reader = body.getReader();
-      let done = false;
-      do {
-        const { value, done: readDone } = await reader.read();
-        if (readDone) {
-          done = true;
-        } else {
-          chunks.push(value);
-        }
-      } while (!done);
-      return true;
-    };
-  }
-  get statusCode() {
-    return super.statusCode;
-  }
-  set writeHandler(handler) {
-    this.#body = () => {
-      throw new Error("Not available with custom write handler");
-    };
-    this.#writeHandler = handler;
-  }
-  getNativeResponse() {
-    throw new Error("This is a mock. No running server, no native response.");
-  }
-  applyStatusCode() {
-  }
-  applyHeaders() {
-  }
-  applyCookies() {
-    for (const cookie of this.cookies) {
-      this.headers.add("Set-Cookie", super.setCookieValue(cookie));
-    }
-  }
-  bodyInternal(body) {
-    const it = async function* () {
-      const resolved = await body;
-      if (resolved === void 0) {
-        return;
-      }
-      yield resolved;
-    }();
-    return this.#writeHandler(import_web.default.ReadableStream.from(it));
-  }
-  async end() {
-    return this.doCommit(async () => {
-      return await new Promise((resolve, reject) => {
-        this.#writeHandler(import_web.default.ReadableStream.from([]));
-      });
-    });
-  }
-  getBody() {
-    return this.#body();
-  }
-};
 // src/app/cors.ts
-function mockUpgradeExchange(path) {
-  const request = new MockServerHttpRequest(path, "GET");
-  request.setHeader("Upgrade", "websocket");
-  request.upgrade = true;
-  return new DefaultWebExchange(request, new MockServerHttpResponse());
-}
-async function createCorsConfigSource(context) {
+var import_gateway6 = require("@interopio/gateway");
+function createCorsConfigSource(context) {
   const { sockets: routes, cors } = context;
-  const defaultCorsConfig = combineCorsConfig(PERMIT_DEFAULT_CONFIG, context.corsConfig);
+  const defaultCorsConfig = context.corsConfig === false ? void 0 : combineCorsConfig(PERMIT_DEFAULT_CONFIG, context.corsConfig);
   const validatedConfigs = [];
   for (const [path, route] of routes) {
     let routeCorsConfig = defaultCorsConfig;
-    const upgradeExchange = mockUpgradeExchange(path);
-    for (const [matcher, config] of cors) {
-      if ((await matcher(upgradeExchange)).match) {
-        routeCorsConfig = combineCorsConfig(routeCorsConfig, config);
+    for (const [matcher, config2] of cors) {
+      if (import_gateway6.IOGateway.Filtering.valueMatches(matcher, path)) {
+        if (config2 === void 0) {
+          routeCorsConfig = void 0;
+        } else {
+          routeCorsConfig = routeCorsConfig === void 0 ? config2 : combineCorsConfig(routeCorsConfig, config2);
+        }
       }
     }
-    routeCorsConfig = combineCorsConfig(routeCorsConfig, {
+    const config = context.corsConfig === false ? void 0 : {
       allowOrigins: route.originFilters?.allow,
-      allowMethods: ["GET", "CONNECT"],
-      allowHeaders: ["Upgrade", "Connection", "Origin", "Sec-Websocket-Key", "Sec-Websocket-Version", "Sec-Websocket-Protocol", "Sec-Websocket-Extensions"],
+      allowMethods: ["GET", "CONNECT", "OPTIONS"],
+      allowHeaders: [
+        "Upgrade",
+        "Connection",
+        "Origin",
+        "Sec-Websocket-Key",
+        "Sec-Websocket-Version",
+        "Sec-Websocket-Protocol",
+        "Sec-Websocket-Extensions"
+      ],
       exposeHeaders: ["Sec-Websocket-Accept", "Sec-Websocket-Protocol", "Sec-Websocket-Extensions"],
-      allowCredentials: route.authorize?.access !== "permitted"
-    });
-    validatedConfigs.push([and([upgradeMatcher, pattern(path)]), validateCorsConfig(routeCorsConfig)]);
+      allowCredentials: route.authorize?.access !== "permitted" ? true : void 0
+    };
+    routeCorsConfig = routeCorsConfig === void 0 ? config : combineCorsConfig(routeCorsConfig, config);
+    validatedConfigs.push([
+      and([upgradeMatcher, pattern(path)]),
+      validateCorsConfig(routeCorsConfig)
+    ]);
   }
+  const appConfigs = [];
   for (const [matcher, config] of cors) {
-    const routeCorsConfig = combineCorsConfig(defaultCorsConfig, config);
-    validatedConfigs.push([matcher, validateCorsConfig(routeCorsConfig)]);
+    let [, routeCorsConfig] = appConfigs.find(([m]) => String(m) === String(matcher)) ?? [matcher, defaultCorsConfig];
+    routeCorsConfig = routeCorsConfig === void 0 ? config : combineCorsConfig(routeCorsConfig, config);
+    let added = false;
+    for (const entry of appConfigs) {
+      if (String(entry[0]) === String(matcher)) {
+        entry[1] = routeCorsConfig;
+        added = true;
+        break;
+      }
+    }
+    if (!added) {
+      appConfigs.push([matcher, routeCorsConfig]);
+    }
+  }
+  for (const [matcher, config] of appConfigs) {
+    validatedConfigs.push([pattern(matcher), validateCorsConfig(config)]);
   }
   validatedConfigs.push([pattern(/\/api\/.*/), validateCorsConfig(defaultCorsConfig)]);
   return matchingCorsConfigSource({ mappings: validatedConfigs });
@@ -2926,6 +2779,9 @@ function createSecurityConfig(context) {
   authorize.push(["any-exchange", defaultAccess]);
   return {
     authorize,
+    cors: {
+      disabled: context.corsConfig === false
+    },
     basic: {
       disabled: context.authConfig?.type !== "basic",
       ...context.authConfig?.basic
@@ -2937,7 +2793,7 @@ function createSecurityConfig(context) {
   };
 }
 async function httpSecurity(context) {
-  const corsConfigSource = await createCorsConfigSource(context);
+  const corsConfigSource = createCorsConfigSource(context);
   const config = createSecurityConfig(context);
   const { storage } = context;
   return config_default(config, { storage, corsConfigSource });
@@ -3354,7 +3210,7 @@ var Factory = async (options) => {
     storage: new import_node_async_hooks4.AsyncLocalStorage(),
     sockets: /* @__PURE__ */ new Map()
   };
-  const gw = import_gateway6.IOGateway.Factory({ ...options.gateway });
+  const gw = import_gateway7.IOGateway.Factory({ ...options.gateway });
   if (options.gateway) {
     const config = options.gateway;
     await configure(async (configurer) => {