@marvalt/madapter 2.1.0 â 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +109 -2
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +47 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.esm.js +110 -4
- package/dist/index.esm.js.map +1 -1
- package/dist/react/components/MauticForm.d.ts.map +1 -1
- package/dist/react/components/TurnstileWidget.d.ts +47 -0
- package/dist/react/components/TurnstileWidget.d.ts.map +1 -0
- package/dist/server/index.d.ts +1 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/mautic-proxy.d.ts.map +1 -1
- package/dist/server/turnstile.d.ts +24 -0
- package/dist/server/turnstile.d.ts.map +1 -0
- package/dist/server.cjs +137 -0
- package/dist/server.cjs.map +1 -1
- package/dist/server.esm.js +137 -1
- package/dist/server.esm.js.map +1 -1
- package/package.json +1 -1
- package/scripts/postinstall.cjs +13 -0
- package/templates/MAUTIC_SECURITY.md +308 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MauticForm.d.ts","sourceRoot":"","sources":["../../../src/react/components/MauticForm.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAA8B,MAAM,OAAO,CAAC;AAEnD,OAAO,EAAE,UAAU,IAAI,cAAc,EAAmB,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"MauticForm.d.ts","sourceRoot":"","sources":["../../../src/react/components/MauticForm.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAA8B,MAAM,OAAO,CAAC;AAEnD,OAAO,EAAE,UAAU,IAAI,cAAc,EAAmB,MAAM,oBAAoB,CAAC;AAGnF,UAAU,eAAe;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,CAAC;IAC/B,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAClC;AAUD,eAAO,MAAM,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC,eAAe,CA4YhD,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license GPL-3.0-or-later
|
|
3
|
+
*
|
|
4
|
+
* This file is part of the MarVAlt Open SDK.
|
|
5
|
+
* Copyright (c) 2025 Vibune Pty Ltd.
|
|
6
|
+
*
|
|
7
|
+
* This program is free software: you can redistribute it and/or modify
|
|
8
|
+
* it under the terms of the GNU General Public License as published by
|
|
9
|
+
* the Free Software Foundation, either version 3 of the License, or
|
|
10
|
+
* (at your option) any later version.
|
|
11
|
+
*
|
|
12
|
+
* This program is distributed in the hope that it will be useful,
|
|
13
|
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14
|
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
15
|
+
* See the GNU General Public License for more details.
|
|
16
|
+
*/
|
|
17
|
+
import React from 'react';
|
|
18
|
+
declare global {
|
|
19
|
+
interface Window {
|
|
20
|
+
turnstile?: {
|
|
21
|
+
render: (element: HTMLElement, options: TurnstileOptions) => string;
|
|
22
|
+
remove: (widgetId: string) => void;
|
|
23
|
+
reset: (widgetId: string) => void;
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
interface TurnstileOptions {
|
|
28
|
+
sitekey: string;
|
|
29
|
+
callback?: (token: string) => void;
|
|
30
|
+
'error-callback'?: () => void;
|
|
31
|
+
'expired-callback'?: () => void;
|
|
32
|
+
theme?: 'light' | 'dark' | 'auto';
|
|
33
|
+
size?: 'normal' | 'compact';
|
|
34
|
+
tabindex?: number;
|
|
35
|
+
}
|
|
36
|
+
export interface TurnstileWidgetProps {
|
|
37
|
+
siteKey: string;
|
|
38
|
+
onSuccess: (token: string) => void;
|
|
39
|
+
onError?: () => void;
|
|
40
|
+
onExpire?: () => void;
|
|
41
|
+
theme?: 'light' | 'dark' | 'auto';
|
|
42
|
+
size?: 'normal' | 'compact';
|
|
43
|
+
tabIndex?: number;
|
|
44
|
+
}
|
|
45
|
+
export declare const TurnstileWidget: React.FC<TurnstileWidgetProps>;
|
|
46
|
+
export {};
|
|
47
|
+
//# sourceMappingURL=TurnstileWidget.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TurnstileWidget.d.ts","sourceRoot":"","sources":["../../../src/react/components/TurnstileWidget.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAA4B,MAAM,OAAO,CAAC;AAEjD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,SAAS,CAAC,EAAE;YACV,MAAM,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,KAAK,MAAM,CAAC;YACpE,MAAM,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;YACnC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;SACnC,CAAC;KACH;CACF;AAED,UAAU,gBAAgB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACnC,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,IAAI,CAAC;IAChC,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,IAAI,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;IACtB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,IAAI,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,EAAE,CAAC,oBAAoB,CAkE1D,CAAC"}
|
package/dist/server/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,cAAc,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mautic-proxy.d.ts","sourceRoot":"","sources":["../../src/server/mautic-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;
|
|
1
|
+
{"version":3,"file":"mautic-proxy.d.ts","sourceRoot":"","sources":["../../src/server/mautic-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAkFH;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,GAAG,qBAyMnD"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license GPL-3.0-or-later
|
|
3
|
+
*
|
|
4
|
+
* This file is part of the MarVAlt Open SDK.
|
|
5
|
+
* Copyright (c) 2025 Vibune Pty Ltd.
|
|
6
|
+
*
|
|
7
|
+
* This program is free software: you can redistribute it and/or modify
|
|
8
|
+
* it under the terms of the GNU General Public License as published by
|
|
9
|
+
* the Free Software Foundation, either version 3 of the License, or
|
|
10
|
+
* (at your option) any later version.
|
|
11
|
+
*
|
|
12
|
+
* This program is distributed in the hope that it will be useful,
|
|
13
|
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14
|
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
15
|
+
* See the GNU General Public License for more details.
|
|
16
|
+
*/
|
|
17
|
+
/**
|
|
18
|
+
* Verify Cloudflare Turnstile token server-side
|
|
19
|
+
* @param token - The Turnstile response token from the client
|
|
20
|
+
* @param secretKey - Your Turnstile secret key
|
|
21
|
+
* @returns Promise<boolean> - True if verification succeeds
|
|
22
|
+
*/
|
|
23
|
+
export declare function verifyTurnstile(token: string, secretKey: string): Promise<boolean>;
|
|
24
|
+
//# sourceMappingURL=turnstile.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"turnstile.d.ts","sourceRoot":"","sources":["../../src/server/turnstile.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AASH;;;;;GAKG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAoClB"}
|
package/dist/server.cjs
CHANGED
|
@@ -1,5 +1,58 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
/**
|
|
4
|
+
* @license GPL-3.0-or-later
|
|
5
|
+
*
|
|
6
|
+
* This file is part of the MarVAlt Open SDK.
|
|
7
|
+
* Copyright (c) 2025 Vibune Pty Ltd.
|
|
8
|
+
*
|
|
9
|
+
* This program is free software: you can redistribute it and/or modify
|
|
10
|
+
* it under the terms of the GNU General Public License as published by
|
|
11
|
+
* the Free Software Foundation, either version 3 of the License, or
|
|
12
|
+
* (at your option) any later version.
|
|
13
|
+
*
|
|
14
|
+
* This program is distributed in the hope that it will be useful,
|
|
15
|
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
16
|
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
17
|
+
* See the GNU General Public License for more details.
|
|
18
|
+
*/
|
|
19
|
+
/**
|
|
20
|
+
* Verify Cloudflare Turnstile token server-side
|
|
21
|
+
* @param token - The Turnstile response token from the client
|
|
22
|
+
* @param secretKey - Your Turnstile secret key
|
|
23
|
+
* @returns Promise<boolean> - True if verification succeeds
|
|
24
|
+
*/
|
|
25
|
+
async function verifyTurnstile(token, secretKey) {
|
|
26
|
+
if (!token || !secretKey) {
|
|
27
|
+
console.error('Missing Turnstile token or secret key');
|
|
28
|
+
return false;
|
|
29
|
+
}
|
|
30
|
+
try {
|
|
31
|
+
const response = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
|
|
32
|
+
method: 'POST',
|
|
33
|
+
headers: { 'Content-Type': 'application/json' },
|
|
34
|
+
body: JSON.stringify({
|
|
35
|
+
secret: secretKey,
|
|
36
|
+
response: token,
|
|
37
|
+
}),
|
|
38
|
+
});
|
|
39
|
+
if (!response.ok) {
|
|
40
|
+
console.error('Turnstile verification request failed:', response.status);
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
const data = await response.json();
|
|
44
|
+
if (!data.success) {
|
|
45
|
+
console.warn('Turnstile verification failed:', data['error-codes']);
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
return true;
|
|
49
|
+
}
|
|
50
|
+
catch (error) {
|
|
51
|
+
console.error('Turnstile verification error:', error);
|
|
52
|
+
return false;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
3
56
|
/**
|
|
4
57
|
* @license GPL-3.0-or-later
|
|
5
58
|
*
|
|
@@ -77,6 +130,89 @@ async function handleMauticProxy(context) {
|
|
|
77
130
|
if (!endpoint) {
|
|
78
131
|
return new Response('Missing endpoint parameter', { status: 400 });
|
|
79
132
|
}
|
|
133
|
+
// ============================================
|
|
134
|
+
// SECURITY LAYER 1: Origin Validation
|
|
135
|
+
// ============================================
|
|
136
|
+
const origin = request.headers.get('Origin');
|
|
137
|
+
const referer = request.headers.get('Referer');
|
|
138
|
+
// Get allowed origins from environment (comma-separated)
|
|
139
|
+
const allowedOriginsStr = env.ALLOWED_ORIGINS || env.VITE_ALLOWED_ORIGINS || '';
|
|
140
|
+
const allowedOrigins = allowedOriginsStr
|
|
141
|
+
.split(',')
|
|
142
|
+
.map((o) => o.trim())
|
|
143
|
+
.filter(Boolean);
|
|
144
|
+
// Default to localhost if no origins configured (development mode)
|
|
145
|
+
if (allowedOrigins.length === 0) {
|
|
146
|
+
allowedOrigins.push('http://localhost:8080', 'http://localhost:5173');
|
|
147
|
+
console.log('â ī¸ No ALLOWED_ORIGINS configured, defaulting to localhost');
|
|
148
|
+
}
|
|
149
|
+
const isAllowedOrigin = allowedOrigins.some((allowed) => origin?.startsWith(allowed) || referer?.startsWith(allowed));
|
|
150
|
+
// Block if origin/referer present but not allowed
|
|
151
|
+
if ((origin || referer) && !isAllowedOrigin) {
|
|
152
|
+
console.warn('đĢ Blocked request from unauthorized origin:', origin || referer);
|
|
153
|
+
return new Response(JSON.stringify({
|
|
154
|
+
error: 'Forbidden origin',
|
|
155
|
+
message: 'This endpoint can only be accessed from authorized domains'
|
|
156
|
+
}), {
|
|
157
|
+
status: 403,
|
|
158
|
+
headers: { 'Content-Type': 'application/json' }
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
// ============================================
|
|
162
|
+
// SECURITY LAYER 2: Endpoint Whitelisting
|
|
163
|
+
// ============================================
|
|
164
|
+
const allowedPatterns = [
|
|
165
|
+
/^\/form\/submit/, // Form submissions
|
|
166
|
+
/^\/forms\/\d+\/submit/, // Legacy form endpoint
|
|
167
|
+
/^\/mtc\.js$/, // Tracking script (optional)
|
|
168
|
+
/^\/mtc\//, // Tracking API (optional)
|
|
169
|
+
/^\/mtracking\.gif$/, // Tracking pixel (optional)
|
|
170
|
+
];
|
|
171
|
+
const isAllowedEndpoint = allowedPatterns.some(pattern => pattern.test(endpoint));
|
|
172
|
+
if (!isAllowedEndpoint) {
|
|
173
|
+
console.warn('đĢ Blocked unauthorized endpoint:', endpoint);
|
|
174
|
+
return new Response(JSON.stringify({
|
|
175
|
+
error: 'Forbidden endpoint',
|
|
176
|
+
message: 'Only form submission endpoints are allowed'
|
|
177
|
+
}), {
|
|
178
|
+
status: 403,
|
|
179
|
+
headers: { 'Content-Type': 'application/json' }
|
|
180
|
+
});
|
|
181
|
+
}
|
|
182
|
+
// ============================================
|
|
183
|
+
// SECURITY LAYER 3: Turnstile Verification
|
|
184
|
+
// ============================================
|
|
185
|
+
const turnstileSecretKey = env.TURNSTILE_SECRET_KEY || env.VITE_TURNSTILE_SECRET_KEY;
|
|
186
|
+
const turnstileEnabled = !!turnstileSecretKey;
|
|
187
|
+
// Only verify Turnstile for POST requests (form submissions)
|
|
188
|
+
if (turnstileEnabled && request.method === 'POST') {
|
|
189
|
+
const turnstileToken = request.headers.get('cf-turnstile-response');
|
|
190
|
+
if (!turnstileToken) {
|
|
191
|
+
console.warn('đĢ Missing Turnstile token for POST request');
|
|
192
|
+
return new Response(JSON.stringify({
|
|
193
|
+
error: 'Missing verification',
|
|
194
|
+
message: 'Bot verification required'
|
|
195
|
+
}), {
|
|
196
|
+
status: 403,
|
|
197
|
+
headers: { 'Content-Type': 'application/json' }
|
|
198
|
+
});
|
|
199
|
+
}
|
|
200
|
+
const isValid = await verifyTurnstile(turnstileToken, turnstileSecretKey);
|
|
201
|
+
if (!isValid) {
|
|
202
|
+
console.warn('đĢ Invalid Turnstile token');
|
|
203
|
+
return new Response(JSON.stringify({
|
|
204
|
+
error: 'Verification failed',
|
|
205
|
+
message: 'Bot verification failed'
|
|
206
|
+
}), {
|
|
207
|
+
status: 403,
|
|
208
|
+
headers: { 'Content-Type': 'application/json' }
|
|
209
|
+
});
|
|
210
|
+
}
|
|
211
|
+
console.log('â
Turnstile verification passed');
|
|
212
|
+
}
|
|
213
|
+
else if (turnstileEnabled) {
|
|
214
|
+
console.log('âšī¸ Turnstile enabled but skipped for non-POST request');
|
|
215
|
+
}
|
|
80
216
|
// Get server-side credentials (prefer non-VITE_ prefixed env vars)
|
|
81
217
|
const mauticUrl = env.MAUTIC_URL || env.VITE_MAUTIC_URL;
|
|
82
218
|
const clientId = env.MAUTIC_API_PUBLIC_KEY || env.VITE_MAUTIC_API_PUBLIC_KEY;
|
|
@@ -153,4 +289,5 @@ async function handleMauticProxy(context) {
|
|
|
153
289
|
}
|
|
154
290
|
|
|
155
291
|
exports.handleMauticProxy = handleMauticProxy;
|
|
292
|
+
exports.verifyTurnstile = verifyTurnstile;
|
|
156
293
|
//# sourceMappingURL=server.cjs.map
|
package/dist/server.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.cjs","sources":["../src/server/mautic-proxy.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;;;;;;;;;;;;;AAeG;
|
|
1
|
+
{"version":3,"file":"server.cjs","sources":["../src/server/turnstile.ts","../src/server/mautic-proxy.ts"],"sourcesContent":[null,null],"names":[],"mappings":";;AAAA;;;;;;;;;;;;;;;AAeG;AASH;;;;;AAKG;AACI,eAAe,eAAe,CACnC,KAAa,EACb,SAAiB,EAAA;AAEjB,IAAA,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE;AACxB,QAAA,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC;AACtD,QAAA,OAAO,KAAK;IACd;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,2DAA2D,EAC3D;AACE,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,YAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AACnB,gBAAA,MAAM,EAAE,SAAS;AACjB,gBAAA,QAAQ,EAAE,KAAK;aAChB,CAAC;AACH,SAAA,CACF;AAED,QAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,QAAQ,CAAC,MAAM,CAAC;AACxE,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,MAAM,IAAI,GAAsB,MAAM,QAAQ,CAAC,IAAI,EAAE;AAErD,QAAA,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,OAAO,CAAC,IAAI,CAAC,gCAAgC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;AACnE,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,OAAO,IAAI;IACb;IAAE,OAAO,KAAK,EAAE;AACd,QAAA,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC;AACrD,QAAA,OAAO,KAAK;IACd;AACF;;ACrEA;;;;;;;;;;;;;;;AAeG;AAwBH;AACA,IAAI,WAAW,GAAwD,IAAI;AAE3E,eAAe,cAAc,CAC3B,SAAiB,EACjB,QAAgB,EAChB,YAAoB,EACpB,gBAAyB,EACzB,oBAA6B,EAAA;;AAG7B,IAAA,IAAI,WAAW,IAAI,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE;AAC/D,QAAA,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;QAC3C,OAAO,WAAW,CAAC,YAAY;IACjC;AAEA,IAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC;AAC9C,IAAA,MAAM,QAAQ,GAAG,CAAA,EAAG,SAAS,iBAAiB;AAC9C,IAAA,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;AAC/B,QAAA,UAAU,EAAE,oBAAoB;AAChC,QAAA,SAAS,EAAE,QAAQ;AACnB,QAAA,aAAa,EAAE,YAAY;AAC5B,KAAA,CAAC;AAEF,IAAA,MAAM,OAAO,GAA2B;AACtC,QAAA,cAAc,EAAE,mCAAmC;KACpD;;AAGD,IAAA,IAAI,gBAAgB,IAAI,oBAAoB,EAAE;AAC5C,QAAA,OAAO,CAAC,qBAAqB,CAAC,GAAG,gBAAgB;AACjD,QAAA,OAAO,CAAC,yBAAyB,CAAC,GAAG,oBAAoB;AACzD,QAAA,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC;IAC7D;AAEA,IAAA,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;AACrC,QAAA,MAAM,EAAE,MAAM;QACd,OAAO;AACP,QAAA,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;AACtB,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,CAAA,6BAAA,EAAgC,QAAQ,CAAC,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAC;IACjF;AAEA,IAAA,MAAM,IAAI,GAAwB,MAAM,QAAQ,CAAC,IAAI,EAAE;;AAGvD,IAAA,WAAW,GAAG;QACZ,YAAY,EAAE,IAAI,CAAC,YAAY;AAC/B,QAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;KAClD;AAED,IAAA,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACpC,OAAO,WAAW,CAAC,YAAY;AACjC;AAEA;;;;;;;;;AASG;AACI,eAAe,iBAAiB,CAAC,OAAY,EAAA;AAClD,IAAA,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,OAAO;AAEhC,IAAA,IAAI;;QAEF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;QAEjD,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,IAAI,QAAQ,CAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QACpE;;;;QAKA,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;;QAG9C,MAAM,iBAAiB,GAAG,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,oBAAoB,IAAI,EAAE;QAC/E,MAAM,cAAc,GAAG;aACpB,KAAK,CAAC,GAAG;aACT,GAAG,CAAC,CAAC,CAAS,KAAK,CAAC,CAAC,IAAI,EAAE;aAC3B,MAAM,CAAC,OAAO,CAAC;;AAGlB,QAAA,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;AAC/B,YAAA,cAAc,CAAC,IAAI,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;AACrE,YAAA,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC;QAC3E;QAEA,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAe,KAC1D,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,CAC5D;;QAGD,IAAI,CAAC,MAAM,IAAI,OAAO,KAAK,CAAC,eAAe,EAAE;YAC3C,OAAO,CAAC,IAAI,CAAC,8CAA8C,EAAE,MAAM,IAAI,OAAO,CAAC;AAC/E,YAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,gBAAA,KAAK,EAAE,kBAAkB;AACzB,gBAAA,OAAO,EAAE;AACV,aAAA,CAAC,EAAE;AACF,gBAAA,MAAM,EAAE,GAAG;AACX,gBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,aAAA,CAAC;QACJ;;;;AAKA,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,iBAAiB;AACjB,YAAA,uBAAuB;AACvB,YAAA,aAAa;AACb,YAAA,UAAU;AACV,YAAA,oBAAoB;SACrB;AAED,QAAA,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEjF,IAAI,CAAC,iBAAiB,EAAE;AACtB,YAAA,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE,QAAQ,CAAC;AAC3D,YAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,gBAAA,KAAK,EAAE,oBAAoB;AAC3B,gBAAA,OAAO,EAAE;AACV,aAAA,CAAC,EAAE;AACF,gBAAA,MAAM,EAAE,GAAG;AACX,gBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,aAAA,CAAC;QACJ;;;;QAKA,MAAM,kBAAkB,GAAG,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC,yBAAyB;AACpF,QAAA,MAAM,gBAAgB,GAAG,CAAC,CAAC,kBAAkB;;QAG7C,IAAI,gBAAgB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE;YACjD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;YAEnE,IAAI,CAAC,cAAc,EAAE;AACnB,gBAAA,OAAO,CAAC,IAAI,CAAC,6CAA6C,CAAC;AAC3D,gBAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,oBAAA,KAAK,EAAE,sBAAsB;AAC7B,oBAAA,OAAO,EAAE;AACV,iBAAA,CAAC,EAAE;AACF,oBAAA,MAAM,EAAE,GAAG;AACX,oBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,iBAAA,CAAC;YACJ;YAEA,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,kBAAkB,CAAC;YAEzE,IAAI,CAAC,OAAO,EAAE;AACZ,gBAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC;AAC1C,gBAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,oBAAA,KAAK,EAAE,qBAAqB;AAC5B,oBAAA,OAAO,EAAE;AACV,iBAAA,CAAC,EAAE;AACF,oBAAA,MAAM,EAAE,GAAG;AACX,oBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,iBAAA,CAAC;YACJ;AAEA,YAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC;QAChD;aAAO,IAAI,gBAAgB,EAAE;AAC3B,YAAA,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC;QACvE;;QAGA,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,eAAe;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,0BAA0B;QAC5E,MAAM,YAAY,GAAG,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,0BAA0B;QAChF,MAAM,gBAAgB,GAAG,GAAG,CAAC,mBAAmB,IAAI,GAAG,CAAC,wBAAwB;QAChF,MAAM,oBAAoB,GAAG,GAAG,CAAC,uBAAuB,IAAI,GAAG,CAAC,4BAA4B;QAE5F,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;AAC5C,YAAA,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBACnD,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,YAAY,EAAE,CAAC,CAAC;AACjB,aAAA,CAAC;YACF,OAAO,IAAI,QAAQ,CAAC,mCAAmC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC3E;;AAGA,QAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CACtC,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,CACrB;;;QAID,MAAM,gBAAgB,GAAG,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC;QAC5D,MAAM,SAAS,GAAG;AAChB,cAAE,CAAA,EAAG,SAAS,GAAG,QAAQ,CAAA,CAAE;cACzB,GAAG,SAAS,CAAA,IAAA,EAAO,QAAQ,CAAA,CAAE,CAAC;;AAGlC,QAAA,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,CAAA,OAAA,EAAU,WAAW,CAAA,CAAE;SACzC;;QAGD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvD,IAAI,WAAW,EAAE;AACf,YAAA,OAAO,CAAC,cAAc,CAAC,GAAG,WAAW;QACvC;;AAGA,QAAA,IAAI,gBAAgB,IAAI,oBAAoB,EAAE;AAC5C,YAAA,OAAO,CAAC,qBAAqB,CAAC,GAAG,gBAAgB;AACjD,YAAA,OAAO,CAAC,yBAAyB,CAAC,GAAG,oBAAoB;QAC3D;;AAGA,QAAA,MAAM,IAAI,GAAgB;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;SACR;;AAGD,QAAA,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE;YACzD,IAAI,CAAC,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE;QAClC;QAEA,OAAO,CAAC,GAAG,CAAC,CAAA,YAAA,EAAe,OAAO,CAAC,MAAM,qBAAqB,EAAE;YAC9D,QAAQ;YACR,SAAS;YACT;AACD,SAAA,CAAC;;QAGF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC;AAE7C,QAAA,OAAO,CAAC,GAAG,CAAC,CAAA,oBAAA,EAAuB,QAAQ,CAAC,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAC,UAAU,CAAA,CAAE,CAAC;;AAG5E,QAAA,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AAC1C,QAAA,OAAO,IAAI,QAAQ,CAAC,YAAY,EAAE;YAChC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;AAC/B,YAAA,OAAO,EAAE;gBACP,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kBAAkB;AAC3E,aAAA;AACF,SAAA,CAAC;IAEJ;IAAE,OAAO,KAAU,EAAE;AACnB,QAAA,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC;AAC7C,QAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,KAAK,EAAE,KAAK,EAAE,OAAO,IAAI,eAAe;AACzC,SAAA,CAAC,EAAE;AACF,YAAA,MAAM,EAAE,GAAG;AACX,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAChD,SAAA,CAAC;IACJ;AACF;;;;;"}
|
package/dist/server.esm.js
CHANGED
|
@@ -1,3 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license GPL-3.0-or-later
|
|
3
|
+
*
|
|
4
|
+
* This file is part of the MarVAlt Open SDK.
|
|
5
|
+
* Copyright (c) 2025 Vibune Pty Ltd.
|
|
6
|
+
*
|
|
7
|
+
* This program is free software: you can redistribute it and/or modify
|
|
8
|
+
* it under the terms of the GNU General Public License as published by
|
|
9
|
+
* the Free Software Foundation, either version 3 of the License, or
|
|
10
|
+
* (at your option) any later version.
|
|
11
|
+
*
|
|
12
|
+
* This program is distributed in the hope that it will be useful,
|
|
13
|
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14
|
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
15
|
+
* See the GNU General Public License for more details.
|
|
16
|
+
*/
|
|
17
|
+
/**
|
|
18
|
+
* Verify Cloudflare Turnstile token server-side
|
|
19
|
+
* @param token - The Turnstile response token from the client
|
|
20
|
+
* @param secretKey - Your Turnstile secret key
|
|
21
|
+
* @returns Promise<boolean> - True if verification succeeds
|
|
22
|
+
*/
|
|
23
|
+
async function verifyTurnstile(token, secretKey) {
|
|
24
|
+
if (!token || !secretKey) {
|
|
25
|
+
console.error('Missing Turnstile token or secret key');
|
|
26
|
+
return false;
|
|
27
|
+
}
|
|
28
|
+
try {
|
|
29
|
+
const response = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
|
|
30
|
+
method: 'POST',
|
|
31
|
+
headers: { 'Content-Type': 'application/json' },
|
|
32
|
+
body: JSON.stringify({
|
|
33
|
+
secret: secretKey,
|
|
34
|
+
response: token,
|
|
35
|
+
}),
|
|
36
|
+
});
|
|
37
|
+
if (!response.ok) {
|
|
38
|
+
console.error('Turnstile verification request failed:', response.status);
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
const data = await response.json();
|
|
42
|
+
if (!data.success) {
|
|
43
|
+
console.warn('Turnstile verification failed:', data['error-codes']);
|
|
44
|
+
return false;
|
|
45
|
+
}
|
|
46
|
+
return true;
|
|
47
|
+
}
|
|
48
|
+
catch (error) {
|
|
49
|
+
console.error('Turnstile verification error:', error);
|
|
50
|
+
return false;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
|
|
1
54
|
/**
|
|
2
55
|
* @license GPL-3.0-or-later
|
|
3
56
|
*
|
|
@@ -75,6 +128,89 @@ async function handleMauticProxy(context) {
|
|
|
75
128
|
if (!endpoint) {
|
|
76
129
|
return new Response('Missing endpoint parameter', { status: 400 });
|
|
77
130
|
}
|
|
131
|
+
// ============================================
|
|
132
|
+
// SECURITY LAYER 1: Origin Validation
|
|
133
|
+
// ============================================
|
|
134
|
+
const origin = request.headers.get('Origin');
|
|
135
|
+
const referer = request.headers.get('Referer');
|
|
136
|
+
// Get allowed origins from environment (comma-separated)
|
|
137
|
+
const allowedOriginsStr = env.ALLOWED_ORIGINS || env.VITE_ALLOWED_ORIGINS || '';
|
|
138
|
+
const allowedOrigins = allowedOriginsStr
|
|
139
|
+
.split(',')
|
|
140
|
+
.map((o) => o.trim())
|
|
141
|
+
.filter(Boolean);
|
|
142
|
+
// Default to localhost if no origins configured (development mode)
|
|
143
|
+
if (allowedOrigins.length === 0) {
|
|
144
|
+
allowedOrigins.push('http://localhost:8080', 'http://localhost:5173');
|
|
145
|
+
console.log('â ī¸ No ALLOWED_ORIGINS configured, defaulting to localhost');
|
|
146
|
+
}
|
|
147
|
+
const isAllowedOrigin = allowedOrigins.some((allowed) => origin?.startsWith(allowed) || referer?.startsWith(allowed));
|
|
148
|
+
// Block if origin/referer present but not allowed
|
|
149
|
+
if ((origin || referer) && !isAllowedOrigin) {
|
|
150
|
+
console.warn('đĢ Blocked request from unauthorized origin:', origin || referer);
|
|
151
|
+
return new Response(JSON.stringify({
|
|
152
|
+
error: 'Forbidden origin',
|
|
153
|
+
message: 'This endpoint can only be accessed from authorized domains'
|
|
154
|
+
}), {
|
|
155
|
+
status: 403,
|
|
156
|
+
headers: { 'Content-Type': 'application/json' }
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
// ============================================
|
|
160
|
+
// SECURITY LAYER 2: Endpoint Whitelisting
|
|
161
|
+
// ============================================
|
|
162
|
+
const allowedPatterns = [
|
|
163
|
+
/^\/form\/submit/, // Form submissions
|
|
164
|
+
/^\/forms\/\d+\/submit/, // Legacy form endpoint
|
|
165
|
+
/^\/mtc\.js$/, // Tracking script (optional)
|
|
166
|
+
/^\/mtc\//, // Tracking API (optional)
|
|
167
|
+
/^\/mtracking\.gif$/, // Tracking pixel (optional)
|
|
168
|
+
];
|
|
169
|
+
const isAllowedEndpoint = allowedPatterns.some(pattern => pattern.test(endpoint));
|
|
170
|
+
if (!isAllowedEndpoint) {
|
|
171
|
+
console.warn('đĢ Blocked unauthorized endpoint:', endpoint);
|
|
172
|
+
return new Response(JSON.stringify({
|
|
173
|
+
error: 'Forbidden endpoint',
|
|
174
|
+
message: 'Only form submission endpoints are allowed'
|
|
175
|
+
}), {
|
|
176
|
+
status: 403,
|
|
177
|
+
headers: { 'Content-Type': 'application/json' }
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
// ============================================
|
|
181
|
+
// SECURITY LAYER 3: Turnstile Verification
|
|
182
|
+
// ============================================
|
|
183
|
+
const turnstileSecretKey = env.TURNSTILE_SECRET_KEY || env.VITE_TURNSTILE_SECRET_KEY;
|
|
184
|
+
const turnstileEnabled = !!turnstileSecretKey;
|
|
185
|
+
// Only verify Turnstile for POST requests (form submissions)
|
|
186
|
+
if (turnstileEnabled && request.method === 'POST') {
|
|
187
|
+
const turnstileToken = request.headers.get('cf-turnstile-response');
|
|
188
|
+
if (!turnstileToken) {
|
|
189
|
+
console.warn('đĢ Missing Turnstile token for POST request');
|
|
190
|
+
return new Response(JSON.stringify({
|
|
191
|
+
error: 'Missing verification',
|
|
192
|
+
message: 'Bot verification required'
|
|
193
|
+
}), {
|
|
194
|
+
status: 403,
|
|
195
|
+
headers: { 'Content-Type': 'application/json' }
|
|
196
|
+
});
|
|
197
|
+
}
|
|
198
|
+
const isValid = await verifyTurnstile(turnstileToken, turnstileSecretKey);
|
|
199
|
+
if (!isValid) {
|
|
200
|
+
console.warn('đĢ Invalid Turnstile token');
|
|
201
|
+
return new Response(JSON.stringify({
|
|
202
|
+
error: 'Verification failed',
|
|
203
|
+
message: 'Bot verification failed'
|
|
204
|
+
}), {
|
|
205
|
+
status: 403,
|
|
206
|
+
headers: { 'Content-Type': 'application/json' }
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
console.log('â
Turnstile verification passed');
|
|
210
|
+
}
|
|
211
|
+
else if (turnstileEnabled) {
|
|
212
|
+
console.log('âšī¸ Turnstile enabled but skipped for non-POST request');
|
|
213
|
+
}
|
|
78
214
|
// Get server-side credentials (prefer non-VITE_ prefixed env vars)
|
|
79
215
|
const mauticUrl = env.MAUTIC_URL || env.VITE_MAUTIC_URL;
|
|
80
216
|
const clientId = env.MAUTIC_API_PUBLIC_KEY || env.VITE_MAUTIC_API_PUBLIC_KEY;
|
|
@@ -150,5 +286,5 @@ async function handleMauticProxy(context) {
|
|
|
150
286
|
}
|
|
151
287
|
}
|
|
152
288
|
|
|
153
|
-
export { handleMauticProxy };
|
|
289
|
+
export { handleMauticProxy, verifyTurnstile };
|
|
154
290
|
//# sourceMappingURL=server.esm.js.map
|
package/dist/server.esm.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.esm.js","sources":["../src/server/mautic-proxy.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;AAeG;
|
|
1
|
+
{"version":3,"file":"server.esm.js","sources":["../src/server/turnstile.ts","../src/server/mautic-proxy.ts"],"sourcesContent":[null,null],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;AAeG;AASH;;;;;AAKG;AACI,eAAe,eAAe,CACnC,KAAa,EACb,SAAiB,EAAA;AAEjB,IAAA,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE;AACxB,QAAA,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC;AACtD,QAAA,OAAO,KAAK;IACd;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,2DAA2D,EAC3D;AACE,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,YAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AACnB,gBAAA,MAAM,EAAE,SAAS;AACjB,gBAAA,QAAQ,EAAE,KAAK;aAChB,CAAC;AACH,SAAA,CACF;AAED,QAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,QAAQ,CAAC,MAAM,CAAC;AACxE,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,MAAM,IAAI,GAAsB,MAAM,QAAQ,CAAC,IAAI,EAAE;AAErD,QAAA,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,OAAO,CAAC,IAAI,CAAC,gCAAgC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;AACnE,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,OAAO,IAAI;IACb;IAAE,OAAO,KAAK,EAAE;AACd,QAAA,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC;AACrD,QAAA,OAAO,KAAK;IACd;AACF;;ACrEA;;;;;;;;;;;;;;;AAeG;AAwBH;AACA,IAAI,WAAW,GAAwD,IAAI;AAE3E,eAAe,cAAc,CAC3B,SAAiB,EACjB,QAAgB,EAChB,YAAoB,EACpB,gBAAyB,EACzB,oBAA6B,EAAA;;AAG7B,IAAA,IAAI,WAAW,IAAI,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE;AAC/D,QAAA,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;QAC3C,OAAO,WAAW,CAAC,YAAY;IACjC;AAEA,IAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC;AAC9C,IAAA,MAAM,QAAQ,GAAG,CAAA,EAAG,SAAS,iBAAiB;AAC9C,IAAA,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;AAC/B,QAAA,UAAU,EAAE,oBAAoB;AAChC,QAAA,SAAS,EAAE,QAAQ;AACnB,QAAA,aAAa,EAAE,YAAY;AAC5B,KAAA,CAAC;AAEF,IAAA,MAAM,OAAO,GAA2B;AACtC,QAAA,cAAc,EAAE,mCAAmC;KACpD;;AAGD,IAAA,IAAI,gBAAgB,IAAI,oBAAoB,EAAE;AAC5C,QAAA,OAAO,CAAC,qBAAqB,CAAC,GAAG,gBAAgB;AACjD,QAAA,OAAO,CAAC,yBAAyB,CAAC,GAAG,oBAAoB;AACzD,QAAA,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC;IAC7D;AAEA,IAAA,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;AACrC,QAAA,MAAM,EAAE,MAAM;QACd,OAAO;AACP,QAAA,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;AACtB,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,CAAA,6BAAA,EAAgC,QAAQ,CAAC,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAC;IACjF;AAEA,IAAA,MAAM,IAAI,GAAwB,MAAM,QAAQ,CAAC,IAAI,EAAE;;AAGvD,IAAA,WAAW,GAAG;QACZ,YAAY,EAAE,IAAI,CAAC,YAAY;AAC/B,QAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;KAClD;AAED,IAAA,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACpC,OAAO,WAAW,CAAC,YAAY;AACjC;AAEA;;;;;;;;;AASG;AACI,eAAe,iBAAiB,CAAC,OAAY,EAAA;AAClD,IAAA,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,OAAO;AAEhC,IAAA,IAAI;;QAEF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;QAEjD,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,IAAI,QAAQ,CAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QACpE;;;;QAKA,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;;QAG9C,MAAM,iBAAiB,GAAG,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,oBAAoB,IAAI,EAAE;QAC/E,MAAM,cAAc,GAAG;aACpB,KAAK,CAAC,GAAG;aACT,GAAG,CAAC,CAAC,CAAS,KAAK,CAAC,CAAC,IAAI,EAAE;aAC3B,MAAM,CAAC,OAAO,CAAC;;AAGlB,QAAA,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;AAC/B,YAAA,cAAc,CAAC,IAAI,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;AACrE,YAAA,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC;QAC3E;QAEA,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAe,KAC1D,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,CAC5D;;QAGD,IAAI,CAAC,MAAM,IAAI,OAAO,KAAK,CAAC,eAAe,EAAE;YAC3C,OAAO,CAAC,IAAI,CAAC,8CAA8C,EAAE,MAAM,IAAI,OAAO,CAAC;AAC/E,YAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,gBAAA,KAAK,EAAE,kBAAkB;AACzB,gBAAA,OAAO,EAAE;AACV,aAAA,CAAC,EAAE;AACF,gBAAA,MAAM,EAAE,GAAG;AACX,gBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,aAAA,CAAC;QACJ;;;;AAKA,QAAA,MAAM,eAAe,GAAG;AACtB,YAAA,iBAAiB;AACjB,YAAA,uBAAuB;AACvB,YAAA,aAAa;AACb,YAAA,UAAU;AACV,YAAA,oBAAoB;SACrB;AAED,QAAA,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEjF,IAAI,CAAC,iBAAiB,EAAE;AACtB,YAAA,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE,QAAQ,CAAC;AAC3D,YAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,gBAAA,KAAK,EAAE,oBAAoB;AAC3B,gBAAA,OAAO,EAAE;AACV,aAAA,CAAC,EAAE;AACF,gBAAA,MAAM,EAAE,GAAG;AACX,gBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,aAAA,CAAC;QACJ;;;;QAKA,MAAM,kBAAkB,GAAG,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC,yBAAyB;AACpF,QAAA,MAAM,gBAAgB,GAAG,CAAC,CAAC,kBAAkB;;QAG7C,IAAI,gBAAgB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE;YACjD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;YAEnE,IAAI,CAAC,cAAc,EAAE;AACnB,gBAAA,OAAO,CAAC,IAAI,CAAC,6CAA6C,CAAC;AAC3D,gBAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,oBAAA,KAAK,EAAE,sBAAsB;AAC7B,oBAAA,OAAO,EAAE;AACV,iBAAA,CAAC,EAAE;AACF,oBAAA,MAAM,EAAE,GAAG;AACX,oBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,iBAAA,CAAC;YACJ;YAEA,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,kBAAkB,CAAC;YAEzE,IAAI,CAAC,OAAO,EAAE;AACZ,gBAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC;AAC1C,gBAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,oBAAA,KAAK,EAAE,qBAAqB;AAC5B,oBAAA,OAAO,EAAE;AACV,iBAAA,CAAC,EAAE;AACF,oBAAA,MAAM,EAAE,GAAG;AACX,oBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC9C,iBAAA,CAAC;YACJ;AAEA,YAAA,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC;QAChD;aAAO,IAAI,gBAAgB,EAAE;AAC3B,YAAA,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC;QACvE;;QAGA,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,eAAe;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,0BAA0B;QAC5E,MAAM,YAAY,GAAG,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,0BAA0B;QAChF,MAAM,gBAAgB,GAAG,GAAG,CAAC,mBAAmB,IAAI,GAAG,CAAC,wBAAwB;QAChF,MAAM,oBAAoB,GAAG,GAAG,CAAC,uBAAuB,IAAI,GAAG,CAAC,4BAA4B;QAE5F,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;AAC5C,YAAA,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBACnD,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,YAAY,EAAE,CAAC,CAAC;AACjB,aAAA,CAAC;YACF,OAAO,IAAI,QAAQ,CAAC,mCAAmC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC3E;;AAGA,QAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CACtC,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,CACrB;;;QAID,MAAM,gBAAgB,GAAG,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC;QAC5D,MAAM,SAAS,GAAG;AAChB,cAAE,CAAA,EAAG,SAAS,GAAG,QAAQ,CAAA,CAAE;cACzB,GAAG,SAAS,CAAA,IAAA,EAAO,QAAQ,CAAA,CAAE,CAAC;;AAGlC,QAAA,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,CAAA,OAAA,EAAU,WAAW,CAAA,CAAE;SACzC;;QAGD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvD,IAAI,WAAW,EAAE;AACf,YAAA,OAAO,CAAC,cAAc,CAAC,GAAG,WAAW;QACvC;;AAGA,QAAA,IAAI,gBAAgB,IAAI,oBAAoB,EAAE;AAC5C,YAAA,OAAO,CAAC,qBAAqB,CAAC,GAAG,gBAAgB;AACjD,YAAA,OAAO,CAAC,yBAAyB,CAAC,GAAG,oBAAoB;QAC3D;;AAGA,QAAA,MAAM,IAAI,GAAgB;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;SACR;;AAGD,QAAA,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE;YACzD,IAAI,CAAC,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE;QAClC;QAEA,OAAO,CAAC,GAAG,CAAC,CAAA,YAAA,EAAe,OAAO,CAAC,MAAM,qBAAqB,EAAE;YAC9D,QAAQ;YACR,SAAS;YACT;AACD,SAAA,CAAC;;QAGF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC;AAE7C,QAAA,OAAO,CAAC,GAAG,CAAC,CAAA,oBAAA,EAAuB,QAAQ,CAAC,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAC,UAAU,CAAA,CAAE,CAAC;;AAG5E,QAAA,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AAC1C,QAAA,OAAO,IAAI,QAAQ,CAAC,YAAY,EAAE;YAChC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;AAC/B,YAAA,OAAO,EAAE;gBACP,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kBAAkB;AAC3E,aAAA;AACF,SAAA,CAAC;IAEJ;IAAE,OAAO,KAAU,EAAE;AACnB,QAAA,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC;AAC7C,QAAA,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACjC,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,KAAK,EAAE,KAAK,EAAE,OAAO,IAAI,eAAe;AACzC,SAAA,CAAC,EAAE;AACF,YAAA,MAAM,EAAE,GAAG;AACX,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAChD,SAAA,CAAC;IACJ;AACF;;;;"}
|
package/package.json
CHANGED
package/scripts/postinstall.cjs
CHANGED
|
@@ -90,10 +90,21 @@ function setupMauticFunction() {
|
|
|
90
90
|
const templateContent = fs.readFileSync(templateFile, 'utf8');
|
|
91
91
|
fs.writeFileSync(targetFile, templateContent);
|
|
92
92
|
|
|
93
|
+
// Copy security documentation
|
|
94
|
+
const docsTargetFile = path.join(projectRoot, 'MAUTIC_SECURITY.md');
|
|
95
|
+
const docsTemplateFile = path.join(__dirname, '..', 'templates', 'MAUTIC_SECURITY.md');
|
|
96
|
+
|
|
97
|
+
if (fs.existsSync(docsTemplateFile) && !fs.existsSync(docsTargetFile)) {
|
|
98
|
+
const docsContent = fs.readFileSync(docsTemplateFile, 'utf8');
|
|
99
|
+
fs.writeFileSync(docsTargetFile, docsContent);
|
|
100
|
+
log('đ Installed: /MAUTIC_SECURITY.md', 'blue');
|
|
101
|
+
}
|
|
102
|
+
|
|
93
103
|
log('', 'reset');
|
|
94
104
|
log('â
@marvalt/madapter setup complete!', 'green');
|
|
95
105
|
log('', 'reset');
|
|
96
106
|
log('đ Installed: /functions/api/mautic-submit.ts', 'blue');
|
|
107
|
+
log('đ Installed: /MAUTIC_SECURITY.md (security hardening guide)', 'blue');
|
|
97
108
|
log('', 'reset');
|
|
98
109
|
log('đ Next steps:', 'blue');
|
|
99
110
|
log(' 1. Add to .env.local:', 'reset');
|
|
@@ -101,6 +112,8 @@ function setupMauticFunction() {
|
|
|
101
112
|
log(' VITE_MAUTIC_API_SECRET_KEY=your_client_secret', 'yellow');
|
|
102
113
|
log(' 2. Add to .env:', 'reset');
|
|
103
114
|
log(' VITE_MAUTIC_URL=https://your-mautic-instance.com', 'yellow');
|
|
115
|
+
log(' VITE_ALLOWED_ORIGINS=https://your-app.pages.dev', 'yellow');
|
|
116
|
+
log(' 3. đ Read MAUTIC_SECURITY.md for security hardening!', 'green');
|
|
104
117
|
log('', 'reset');
|
|
105
118
|
|
|
106
119
|
} catch (error) {
|