npm - @kaito-http/core - Versions diffs - 3.0.0-beta.8 → 3.0.2 - Mend

@kaito-http/core 3.0.0-beta.8 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/cors/cors.cjs ADDED Viewed

@@ -0,0 +1,60 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/cors/cors.ts
+var cors_exports = {};
+__export(cors_exports, {
+  experimental_createCORSTransform: () => experimental_createCORSTransform,
+  experimental_createOriginMatcher: () => experimental_createOriginMatcher
+});
+module.exports = __toCommonJS(cors_exports);
+function experimental_createOriginMatcher(origins) {
+  if (origins.length === 0) {
+    return () => false;
+  }
+  const source = origins.map((origin) => {
+    if (origin.startsWith("*.")) {
+      const escapedDomain = origin.slice(2).replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+      return `^(?:https?://)[^.]+\\.${escapedDomain}$`;
+    } else {
+      const escapedOrigin = origin.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+      return `^${escapedOrigin}$`;
+    }
+  }).join("|");
+  const regex = new RegExp(source);
+  return (origin) => regex.test(origin);
+}
+function experimental_createCORSTransform(origins) {
+  const matcher = experimental_createOriginMatcher(origins);
+  return (request, response) => {
+    const origin = request.headers.get("Origin");
+    if (origin && matcher(origin)) {
+      response.headers.set("Access-Control-Allow-Origin", origin);
+      response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+      response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+      response.headers.set("Access-Control-Max-Age", "86400");
+      response.headers.set("Access-Control-Allow-Credentials", "true");
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  experimental_createCORSTransform,
+  experimental_createOriginMatcher
+});

package/dist/cors/cors.d.cts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Creates a function that matches origins against a predefined set of patterns, supporting wildcards.
+ * The matcher handles both exact matches and wildcard subdomain patterns (e.g., '*.example.com').
+ *
+ * **⚠️ This API is experimental and may change or even be removed in the future. ⚠️**
+ *
+ * @param origins Array of origin patterns to match against.
+ * Patterns can be exact origins (e.g., 'https://example.com') or wildcard patterns (e.g., '*.example.com') that match subdomains.
+ * @returns A function that tests if an origin matches any of the patterns
+ *
+ * @example
+ * ```typescript
+ * const allowedOrigins = [
+ *   'https://example.com',
+ *   '*.trusted-domain.com' // Won't match https://evil-domain.com, only subdomains
+ * ];
+ *
+ * const matcher = createOriginMatcher(allowedOrigins);
+ *
+ * // Exact match
+ * console.log(matcher('https://example.com')); // true
+ * console.log(matcher('http://example.com')); // false
+ *
+ * // Wildcard subdomain matches
+ * console.log(matcher('https://app.trusted-domain.com')); // true
+ * console.log(matcher('https://staging.trusted-domain.com')); // true
+ * console.log(matcher('https://trusted-domain.com')); // false, because it's not a subdomain
+ * console.log(matcher('https://evil-domain.com')); // false
+ * ```
+ */
+declare function experimental_createOriginMatcher(origins: string[]): (origin: string) => boolean;
+/**
+ * Create a function to apply CORS headers with sane defaults for most apps.
+ *
+ * **⚠️ This API is experimental and may change or even be removed in the future. ⚠️**
+ *
+ * @param options Options object
+ * @returns A function that will mutate the Response object by applying the CORS headers
+ * @example
+ * ```ts
+ * const cors = createCORSHandler({
+ *   origins: ['https://example.com', "*.allows-subdomains.com", "http://localhost:3000"],
+ * });
+ *
+ * const handler = createKaitoHandler({
+ *  // ...
+ *  transform: async (request, response) => {
+ *    cors(request, response);
+ *  }
+ * });
+ * ```
+ */
+declare function experimental_createCORSTransform(origins: string[]): (request: Request, response: Response) => void;
+export { experimental_createCORSTransform, experimental_createOriginMatcher };

package/dist/cors/cors.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Creates a function that matches origins against a predefined set of patterns, supporting wildcards.
+ * The matcher handles both exact matches and wildcard subdomain patterns (e.g., '*.example.com').
+ *
+ * **⚠️ This API is experimental and may change or even be removed in the future. ⚠️**
+ *
+ * @param origins Array of origin patterns to match against.
+ * Patterns can be exact origins (e.g., 'https://example.com') or wildcard patterns (e.g., '*.example.com') that match subdomains.
+ * @returns A function that tests if an origin matches any of the patterns
+ *
+ * @example
+ * ```typescript
+ * const allowedOrigins = [
+ *   'https://example.com',
+ *   '*.trusted-domain.com' // Won't match https://evil-domain.com, only subdomains
+ * ];
+ *
+ * const matcher = createOriginMatcher(allowedOrigins);
+ *
+ * // Exact match
+ * console.log(matcher('https://example.com')); // true
+ * console.log(matcher('http://example.com')); // false
+ *
+ * // Wildcard subdomain matches
+ * console.log(matcher('https://app.trusted-domain.com')); // true
+ * console.log(matcher('https://staging.trusted-domain.com')); // true
+ * console.log(matcher('https://trusted-domain.com')); // false, because it's not a subdomain
+ * console.log(matcher('https://evil-domain.com')); // false
+ * ```
+ */
+declare function experimental_createOriginMatcher(origins: string[]): (origin: string) => boolean;
+/**
+ * Create a function to apply CORS headers with sane defaults for most apps.
+ *
+ * **⚠️ This API is experimental and may change or even be removed in the future. ⚠️**
+ *
+ * @param options Options object
+ * @returns A function that will mutate the Response object by applying the CORS headers
+ * @example
+ * ```ts
+ * const cors = createCORSHandler({
+ *   origins: ['https://example.com', "*.allows-subdomains.com", "http://localhost:3000"],
+ * });
+ *
+ * const handler = createKaitoHandler({
+ *  // ...
+ *  transform: async (request, response) => {
+ *    cors(request, response);
+ *  }
+ * });
+ * ```
+ */
+declare function experimental_createCORSTransform(origins: string[]): (request: Request, response: Response) => void;
+export { experimental_createCORSTransform, experimental_createOriginMatcher };

package/dist/cors/cors.js ADDED Viewed

@@ -0,0 +1,34 @@
+// src/cors/cors.ts
+function experimental_createOriginMatcher(origins) {
+  if (origins.length === 0) {
+    return () => false;
+  }
+  const source = origins.map((origin) => {
+    if (origin.startsWith("*.")) {
+      const escapedDomain = origin.slice(2).replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+      return `^(?:https?://)[^.]+\\.${escapedDomain}$`;
+    } else {
+      const escapedOrigin = origin.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+      return `^${escapedOrigin}$`;
+    }
+  }).join("|");
+  const regex = new RegExp(source);
+  return (origin) => regex.test(origin);
+}
+function experimental_createCORSTransform(origins) {
+  const matcher = experimental_createOriginMatcher(origins);
+  return (request, response) => {
+    const origin = request.headers.get("Origin");
+    if (origin && matcher(origin)) {
+      response.headers.set("Access-Control-Allow-Origin", origin);
+      response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+      response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+      response.headers.set("Access-Control-Max-Age", "86400");
+      response.headers.set("Access-Control-Allow-Credentials", "true");
+    }
+  };
+}
+export {
+  experimental_createCORSTransform,
+  experimental_createOriginMatcher
+};