@middy/http-cors 7.1.0 → 7.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/index.d.ts +1 -0
  3. package/index.js +38 -4
  4. package/package.json +4 -3
package/README.md CHANGED
@@ -1,5 +1,5 @@
1
1
  <div align="center">
2
- <h1>Middy CORS middleware</h1>
2
+ <h1>Middy `http-cors` middleware</h1>
3
3
  <img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.svg"/>
4
4
  <p><strong>CORS middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda</strong></p>
5
5
  <p>
package/index.d.ts CHANGED
@@ -15,6 +15,7 @@ export interface Options {
15
15
  requestHeaders?: string[];
16
16
  requestMethods?: string[];
17
17
  cacheControl?: string;
18
+ vary?: string;
18
19
  }
19
20
 
20
21
  declare function httpCors(options?: Options): middy.MiddlewareObj;
package/index.js CHANGED
@@ -2,6 +2,25 @@
2
2
  // SPDX-License-Identifier: MIT
3
3
  import { normalizeHttpResponse } from "@middy/util";
4
4
 
5
+ const hostnameToPunycode = (hostname) => {
6
+ const placeholder = "-_ANY_-";
7
+ const tempHostname = hostname.replace(/\*/g, placeholder);
8
+ try {
9
+ const url = new URL(`https://${tempHostname}`);
10
+ return url.host.replaceAll(placeholder.toLowerCase(), "*");
11
+ } catch {
12
+ return hostname;
13
+ }
14
+ };
15
+
16
+ const originToPunycode = (origin) => {
17
+ if (!origin || origin === "*") return origin;
18
+ const match = origin.match(/^(https?:\/\/)(.+)$/);
19
+ if (!match) return origin;
20
+ const [, protocol, host] = match;
21
+ return protocol + hostnameToPunycode(host);
22
+ };
23
+
5
24
  // CORS-safelisted request headers
6
25
  // https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header
7
26
  const corsSafelistedRequestHeaders = [
@@ -43,7 +62,6 @@ const httpCorsMiddleware = (opts = {}) => {
43
62
  if (originDynamic.some((regExp) => regExp.test(incomingOrigin))) {
44
63
  return incomingOrigin;
45
64
  }
46
- // TODO v8 deprecate `else`
47
65
  } else {
48
66
  if (incomingOrigin && options.credentials && options.origin === "*") {
49
67
  return incomingOrigin;
@@ -58,6 +76,22 @@ const httpCorsMiddleware = (opts = {}) => {
58
76
  ...opts,
59
77
  };
60
78
 
79
+ if (
80
+ options.requestHeaders !== undefined &&
81
+ !Array.isArray(options.requestHeaders)
82
+ ) {
83
+ throw new Error("requestHeaders must be an array", {
84
+ cause: { package: "@middy/http-cors" },
85
+ });
86
+ }
87
+ if (
88
+ options.requestMethods !== undefined &&
89
+ !Array.isArray(options.requestMethods)
90
+ ) {
91
+ throw new Error("requestMethods must be an array", {
92
+ cause: { package: "@middy/http-cors" },
93
+ });
94
+ }
61
95
  options.requestHeaders = options.requestHeaders?.map((v) => v.toLowerCase());
62
96
  options.requestMethods = options.requestMethods?.map((v) => v.toUpperCase());
63
97
 
@@ -66,10 +100,11 @@ const httpCorsMiddleware = (opts = {}) => {
66
100
  const originStatic = {};
67
101
  const originDynamic = [];
68
102
 
69
- for (const origin of [options.origin, ...options.origins]) {
103
+ for (let origin of [options.origin, ...options.origins]) {
70
104
  if (!origin) {
71
105
  continue;
72
106
  }
107
+ origin = originToPunycode(origin);
73
108
  // All
74
109
  if (origin === "*") {
75
110
  originAny = true;
@@ -82,7 +117,6 @@ const httpCorsMiddleware = (opts = {}) => {
82
117
  }
83
118
  originMany = true;
84
119
  // Dynamic
85
- // TODO: IDN -> puncycode not handled, add in if requested
86
120
  const regExpStr = origin
87
121
  .replace(/[.+?^${}()|[\]\\]/g, "\\$&")
88
122
  .replaceAll("*", "[^.]*");
@@ -227,7 +261,7 @@ const getVersionHttpMethod = {
227
261
  "2.0": (event) => event.requestContext.http.method,
228
262
  };
229
263
 
230
- // header in offical name, lowercase varient handeled
264
+ // header in official name, lowercase variant handled
231
265
  const addHeaderPart = (headers, header, value) => {
232
266
  if (!value) return;
233
267
  const headerLower = header.toLowerCase();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@middy/http-cors",
3
- "version": "7.1.0",
3
+ "version": "7.1.2",
4
4
  "description": "CORS (Cross-Origin Resource Sharing) middleware for the middy framework",
5
5
  "type": "module",
6
6
  "engines": {
@@ -65,9 +65,10 @@
65
65
  },
66
66
  "gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
67
67
  "dependencies": {
68
- "@middy/util": "7.1.0"
68
+ "@middy/util": "7.1.2"
69
69
  },
70
70
  "devDependencies": {
71
- "@middy/core": "7.1.0"
71
+ "@middy/core": "7.1.2",
72
+ "@types/aws-lambda": "^8.0.0"
72
73
  }
73
74
  }