npm - @just-be/wildcard - Versions diffs - 0.6.0 → 0.7.0 - Mend

@just-be/wildcard 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +19 -19
package/src/handlers/path-rules.ts +1 -1
package/src/handlers/redirect.test.ts +3 -3
package/src/handlers/static.ts +4 -4
package/src/schemas.ts +3 -0
package/src/utils.test.ts +64 -0
package/src/utils.ts +35 -4

package/package.json CHANGED Viewed

@@ -1,37 +1,37 @@
 {
   "name": "@just-be/wildcard",
-  "version": "0.6.0",
+  "version": "0.7.0",
   "description": "Portable wildcard subdomain routing with pluggable storage backends",
-  "type": "module",
-  "main": "./src/index.ts",
-  "exports": {
-    ".": "./src/index.ts",
-    "./schemas": "./src/schemas.ts",
-    "./handlers": "./src/handlers/index.ts",
-    "./types": "./src/types.ts"
-  },
-  "files": [
-    "src"
-  ],
   "keywords": [
-    "wildcard",
-    "subdomain",
+    "proxy",
+    "redirect",
     "routing",
     "static-site",
-    "redirect",
-    "proxy"
+    "subdomain",
+    "wildcard"
   ],
-  "author": "Justin Bennett",
   "license": "MIT",
+  "author": "Justin Bennett",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/just-be-dev/just-be.dev.git",
     "directory": "packages/wildcard"
   },
-  "peerDependencies": {
-    "zod": "^4.0.0"
+  "files": [
+    "src"
+  ],
+  "type": "module",
+  "main": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts",
+    "./schemas": "./src/schemas.ts",
+    "./handlers": "./src/handlers/index.ts",
+    "./types": "./src/types.ts"
   },
   "publishConfig": {
     "access": "public"
+  },
+  "peerDependencies": {
+    "zod": "^4.0.0"
   }
 }

package/src/handlers/path-rules.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { matchPath, proxyRequest } from "../utils";
  */
 export async function handlePathRules(
   request: Request,
-  config: StaticConfig
+  config: StaticConfig,
 ): Promise<Response | null> {
   const url = new URL(request.url);
   const pathname = url.pathname;

package/src/handlers/redirect.test.ts CHANGED Viewed

@@ -56,10 +56,10 @@ describe("handleRedirect", () => {
       };
       const response = await handleRedirect(
         makeRequest("https://git.just-be.dev/pds?tab=readme"),
-        config
+        config,
       );
       expect(response.headers.get("location")).toBe(
-        "https://github.com/just-be-dev/pds?tab=readme"
+        "https://github.com/just-be-dev/pds?tab=readme",
       );
     });
@@ -90,7 +90,7 @@ describe("handleRedirect", () => {
       };
       const response = await handleRedirect(
         makeRequest("https://sub.just-be.dev/some/path"),
-        config
+        config,
       );
       expect(response.headers.get("location")).toBe("https://example.com");
     });

package/src/handlers/static.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { handlePathRules } from "./path-rules";
 export const handleStatic: Handler<StaticConfig, { fileLoader: FileLoader }> = async (
   request,
   config,
-  { fileLoader }
+  { fileLoader },
 ) => {
   // Check path-level redirects and rewrites first
   const pathResponse = await handlePathRules(request, config);
@@ -30,7 +30,7 @@ async function handleSpaMode(
   fileLoader: FileLoader,
   basePath: string,
   pathname: string,
-  request: Request
+  request: Request,
 ): Promise<Response> {
   // Sanitize paths to prevent directory traversal
   const sanitizedBase = sanitizePath(basePath);
@@ -79,7 +79,7 @@ async function handleStaticMode(
   basePath: string,
   pathname: string,
   request: Request,
-  fallback?: string
+  fallback?: string,
 ): Promise<Response> {
   // Sanitize paths to prevent directory traversal
   const sanitizedBase = sanitizePath(basePath);
@@ -145,7 +145,7 @@ function buildFileResponse(fileObject: FileObject, key: string, request: Request
   if (!headers.has("Content-Security-Policy")) {
     headers.set(
       "Content-Security-Policy",
-      "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
+      "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';",
     );
   }

package/src/schemas.ts CHANGED Viewed

@@ -37,6 +37,7 @@ export const StaticConfigSchema = z
     fallback: z.string().optional(), // Fallback file path for non-SPA mode (e.g., "404.html")
     redirects: z.array(PathRedirectSchema).optional(),
     rewrites: z.array(PathRewriteSchema).optional(),
+    password: z.string().optional(), // Name of the Worker secret containing the password for HTTP Basic Auth
   })
   .refine((data) => (data.spa && data.fallback ? false : true), {
     message: "fallback cannot be used with spa mode (spa: true)",
@@ -47,12 +48,14 @@ export const RedirectConfigSchema = z.object({
   url: safeUrl(),
   permanent: z.boolean().optional(),
   preservePath: z.boolean().optional(),
+  password: z.string().optional(),
 });
 export const RewriteConfigSchema = z.object({
   type: z.literal("rewrite"),
   url: safeUrl(),
   allowedMethods: z.array(HttpMethod).optional().default(["GET", "HEAD", "OPTIONS"]),
+  password: z.string().optional(),
 });
 export const RouteConfigSchema = z.discriminatedUnion("type", [

package/src/utils.test.ts CHANGED Viewed

@@ -6,6 +6,8 @@ import {
   filterSafeHeaders,
   isValidSubdomain,
   matchPath,
+  checkBasicAuth,
+  unauthorizedResponse,
   SAFE_REQUEST_HEADERS,
 } from "./utils";
@@ -343,6 +345,68 @@ describe("isValidSubdomain", () => {
   });
 });
+describe("checkBasicAuth", () => {
+  function requestWithAuth(username: string, password: string): Request {
+    const encoded = btoa(`${username}:${password}`);
+    return new Request("https://example.com", {
+      headers: { Authorization: `Basic ${encoded}` },
+    });
+  }
+  it("should return true for correct password with any username", () => {
+    expect(checkBasicAuth(requestWithAuth("user", "secret"), "secret")).toBe(true);
+    expect(checkBasicAuth(requestWithAuth("admin", "secret"), "secret")).toBe(true);
+    expect(checkBasicAuth(requestWithAuth("", "secret"), "secret")).toBe(true);
+  });
+  it("should return false for wrong password", () => {
+    expect(checkBasicAuth(requestWithAuth("user", "wrong"), "secret")).toBe(false);
+  });
+  it("should return false when no Authorization header", () => {
+    const request = new Request("https://example.com");
+    expect(checkBasicAuth(request, "secret")).toBe(false);
+  });
+  it("should return false for non-Basic auth schemes", () => {
+    const request = new Request("https://example.com", {
+      headers: { Authorization: "Bearer token123" },
+    });
+    expect(checkBasicAuth(request, "secret")).toBe(false);
+  });
+  it("should return false for malformed base64", () => {
+    const request = new Request("https://example.com", {
+      headers: { Authorization: "Basic !!!invalid!!!" },
+    });
+    expect(checkBasicAuth(request, "secret")).toBe(false);
+  });
+  it("should return false for base64 without colon separator", () => {
+    const encoded = btoa("nocolon");
+    const request = new Request("https://example.com", {
+      headers: { Authorization: `Basic ${encoded}` },
+    });
+    expect(checkBasicAuth(request, "nocolon")).toBe(false);
+  });
+  it("should handle passwords containing colons", () => {
+    expect(checkBasicAuth(requestWithAuth("user", "pass:word:here"), "pass:word:here")).toBe(true);
+  });
+});
+describe("unauthorizedResponse", () => {
+  it("should return 401 status", () => {
+    const response = unauthorizedResponse();
+    expect(response.status).toBe(401);
+  });
+  it("should include WWW-Authenticate header", () => {
+    const response = unauthorizedResponse();
+    expect(response.headers.get("WWW-Authenticate")).toBe('Basic realm="Protected"');
+  });
+});
 describe("matchPath", () => {
   describe("exact match patterns", () => {
     it("should match exact paths", () => {

package/src/utils.ts CHANGED Viewed

@@ -236,6 +236,40 @@ export function isValidSubdomain(subdomain: string): boolean {
   return true;
 }
+/**
+ * Checks if a request has valid HTTP Basic Auth credentials
+ * Any username is accepted; only the password is validated.
+ */
+export function checkBasicAuth(request: Request, expectedPassword: string): boolean {
+  const authorization = request.headers.get("Authorization");
+  if (!authorization || !authorization.startsWith("Basic ")) {
+    return false;
+  }
+  try {
+    const encoded = authorization.slice("Basic ".length);
+    const decoded = atob(encoded);
+    const colonIndex = decoded.indexOf(":");
+    if (colonIndex === -1) {
+      return false;
+    }
+    const password = decoded.slice(colonIndex + 1);
+    return password === expectedPassword;
+  } catch {
+    return false;
+  }
+}
+/**
+ * Returns a 401 Unauthorized response that triggers the browser's Basic Auth dialog
+ */
+export function unauthorizedResponse(): Response {
+  return new Response("Unauthorized", {
+    status: 401,
+    headers: { "WWW-Authenticate": 'Basic realm="Protected"' },
+  });
+}
 /**
  * Timeout for proxy requests in milliseconds
  */
@@ -248,10 +282,7 @@ const FETCH_TIMEOUT_MS = 5_000;
  * @param targetUrl - The target URL to proxy to
  * @returns Response from the proxied request
  */
-export async function proxyRequest(
-  request: Request,
-  targetUrl: URL
-): Promise<Response> {
+export async function proxyRequest(request: Request, targetUrl: URL): Promise<Response> {
   // Filter headers to only include safe ones (prevents header injection)
   const safeHeaders = filterSafeHeaders(request.headers);