@midwayjs/cross-domain 3.0.0-beta.15

package/CHANGELOG.md

@@ -0,0 +1,11 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+# [3.0.0-beta.15](https://github.com/midwayjs/midway/compare/v3.0.0-beta.14...v3.0.0-beta.15) (2022-01-07)
+
+
+### Features
+
+* cross domain component ([#1493](https://github.com/midwayjs/midway/issues/1493)) ([ca81b2f](https://github.com/midwayjs/midway/commit/ca81b2fa2824fbddc7870a971fa23274c86d05df))

package/README.md

@@ -0,0 +1,45 @@
+## Cross-domain 跨域组件
+
+适用于 `@midwayjs/faas` 、`@midwayjs/web` 、`@midwayjs/koa` 和 `@midwayjs/express` 多种框架的通用跨域组件，支持 `cors` 、`jsonp` 多种模式。
+
+### Usage
+
+1. 安装依赖
+```shell
+tnpm i @midwayjs/cross-domain --save
+```
+2. 在 configuration 中引入组件,
+```ts
+import * as crossDomain from '@midwayjs/cross-domain';
+@Configuration({
+  imports: [
+    // ...other components
+    crossDomain
+  ],
+})
+export class AutoConfiguration {}
+```
+
+
+
+### CORS 配置
+```ts
+export const cors = {
+  allowMethods: string |string[];
+  origin: string|Function;
+  exposeHeaders: string |string[];
+  allowHeaders: string |string[];
+  credentials: boolean|Function;
+  keepHeadersOnError: boolean;
+  maxAge: number;
+}
+```
+
+
+### JSONP 配置
+```ts
+export const jsonp = {
+  callback: 'jsonp',
+  limit: 512,
+}
+```

package/dist/config/config.default.d.ts

@@ -0,0 +1,4 @@
+import { CORSOptions, JSONPOptions } from '../interface';
+export declare const cors: Partial<CORSOptions>;
+export declare const jsonp: JSONPOptions;
+//# sourceMappingURL=config.default.d.ts.map

package/dist/config/config.default.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.jsonp = exports.cors = void 0;
+exports.cors = {
+    allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH',
+    credentials: false,
+};
+exports.jsonp = {
+    callback: 'jsonp',
+    limit: 512,
+    csrf: false,
+};
+//# sourceMappingURL=config.default.js.map

package/dist/configuration.d.ts

@@ -0,0 +1,6 @@
+import { MidwayApplicationManager } from '@midwayjs/core';
+export declare class CrossDomainConfiguration {
+    applicationManager: MidwayApplicationManager;
+    onReady(): Promise<void>;
+}
+//# sourceMappingURL=configuration.d.ts.map

package/dist/configuration.js

@@ -0,0 +1,41 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CrossDomainConfiguration = void 0;
+const decorator_1 = require("@midwayjs/decorator");
+const DefaultConfig = require("./config/config.default");
+const core_1 = require("@midwayjs/core");
+const cors_1 = require("./middleware/cors");
+let CrossDomainConfiguration = class CrossDomainConfiguration {
+    async onReady() {
+        this.applicationManager
+            .getApplications(['koa', 'faas', 'express', 'egg'])
+            .forEach(app => {
+            app.useMiddleware(cors_1.CorsMiddleware);
+        });
+    }
+};
+__decorate([
+    (0, decorator_1.Inject)(),
+    __metadata("design:type", core_1.MidwayApplicationManager)
+], CrossDomainConfiguration.prototype, "applicationManager", void 0);
+CrossDomainConfiguration = __decorate([
+    (0, decorator_1.Configuration)({
+        namespace: 'cross-domain',
+        importConfigs: [
+            {
+                default: DefaultConfig,
+            },
+        ],
+    })
+], CrossDomainConfiguration);
+exports.CrossDomainConfiguration = CrossDomainConfiguration;
+//# sourceMappingURL=configuration.js.map

package/dist/error.d.ts

@@ -0,0 +1,5 @@
+import { httpError } from '@midwayjs/core';
+export declare class JSONPCSRFError extends httpError.ForbiddenError {
+    constructor();
+}
+//# sourceMappingURL=error.d.ts.map

package/dist/error.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JSONPCSRFError = void 0;
+const core_1 = require("@midwayjs/core");
+// csrf 403
+class JSONPCSRFError extends core_1.httpError.ForbiddenError {
+    constructor() {
+        super('jsonp request security validate failed');
+    }
+}
+exports.JSONPCSRFError = JSONPCSRFError;
+//# sourceMappingURL=error.js.map

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { CrossDomainConfiguration as Configuration } from './configuration';
+export * from './middleware/cors';
+export * from './middleware/jsonp';
+export * from './jsonp';
+export * from './interface';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Configuration = void 0;
+var configuration_1 = require("./configuration");
+Object.defineProperty(exports, "Configuration", { enumerable: true, get: function () { return configuration_1.CrossDomainConfiguration; } });
+__exportStar(require("./middleware/cors"), exports);
+__exportStar(require("./middleware/jsonp"), exports);
+__exportStar(require("./jsonp"), exports);
+__exportStar(require("./interface"), exports);
+//# sourceMappingURL=index.js.map

package/dist/interface.d.ts

@@ -0,0 +1,15 @@
+export interface CORSOptions {
+    allowMethods: string | string[];
+    origin: string | Function;
+    exposeHeaders: string | string[];
+    allowHeaders: string | string[];
+    credentials: boolean | Function;
+    keepHeadersOnError: boolean;
+    maxAge: number;
+}
+export interface JSONPOptions {
+    callback: string;
+    limit: number;
+    csrf: boolean;
+}
+//# sourceMappingURL=interface.d.ts.map

package/dist/interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=interface.js.map

package/dist/jsonp.d.ts

@@ -0,0 +1,8 @@
+import { JSONPOptions } from './interface';
+export declare class JSONPService {
+    ctx: any;
+    jsonpConfig: any;
+    res: any;
+    jsonp(body: any, config?: JSONPOptions): string;
+}
+//# sourceMappingURL=jsonp.d.ts.map

package/dist/jsonp.js

@@ -0,0 +1,51 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JSONPService = void 0;
+const decorator_1 = require("@midwayjs/decorator");
+let JSONPService = class JSONPService {
+    jsonp(body, config) {
+        this.ctx.type = 'js';
+        // https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/X-Content-Type-Options
+        if (this.ctx.set) {
+            this.ctx.set('x-content-type-options', 'nosniff');
+        }
+        else if (this.res.set) {
+            this.res.set('x-content-type-options', 'nosniff');
+        }
+        const { callback, limit } = Object.assign({}, this.jsonpConfig, config);
+        // Only allow "[","]","a-zA-Z0123456789_", "$" and "." characters.
+        let cb = (this.ctx.query[callback] || 'callback').replace(/[^[\]\w$.]+/g, '');
+        if (cb.length > limit) {
+            cb = cb.substring(0, limit);
+        }
+        const str = JSON.stringify(body === undefined ? null : body);
+        // protect from jsonp xss
+        return `/**/ typeof ${cb} === 'function' && ${cb}(${str});`;
+    }
+};
+__decorate([
+    (0, decorator_1.Inject)(),
+    __metadata("design:type", Object)
+], JSONPService.prototype, "ctx", void 0);
+__decorate([
+    (0, decorator_1.Config)('jsonp'),
+    __metadata("design:type", Object)
+], JSONPService.prototype, "jsonpConfig", void 0);
+__decorate([
+    (0, decorator_1.Inject)(),
+    __metadata("design:type", Object)
+], JSONPService.prototype, "res", void 0);
+JSONPService = __decorate([
+    (0, decorator_1.Provide)()
+], JSONPService);
+exports.JSONPService = JSONPService;
+//# sourceMappingURL=jsonp.js.map

package/dist/middleware/cors.d.ts

@@ -0,0 +1,8 @@
+import { IMiddleware } from '@midwayjs/core';
+import { CORSOptions } from '../interface';
+export declare class CorsMiddleware implements IMiddleware<any, any> {
+    cors: CORSOptions;
+    resolve(app: any): (req: any, res: any, next: any) => Promise<any>;
+    compatibleMiddleware(request: any, response: any, next: any): Promise<any>;
+}
+//# sourceMappingURL=cors.d.ts.map

package/dist/middleware/cors.js

@@ -0,0 +1,120 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CorsMiddleware = void 0;
+const decorator_1 = require("@midwayjs/decorator");
+const vary = require("vary");
+let CorsMiddleware = class CorsMiddleware {
+    resolve(app) {
+        if (app.getFrameworkType() === decorator_1.MidwayFrameworkType.WEB_EXPRESS) {
+            return async (req, res, next) => {
+                return this.compatibleMiddleware(req, res, next);
+            };
+        }
+        else {
+            return async (ctx, next) => {
+                return this.compatibleMiddleware(ctx.request, ctx, next);
+            };
+        }
+    }
+    async compatibleMiddleware(request, response, next) {
+        const requestOrigin = request.get('origin');
+        // Always set Vary header
+        response.vary('Origin');
+        if (!requestOrigin) {
+            return await next();
+        }
+        let origin;
+        if (typeof this.cors.origin === 'function') {
+            origin = await Promise.resolve(this.cors.origin(request));
+            if (!origin) {
+                return await next();
+            }
+        }
+        else {
+            origin = this.cors.origin || requestOrigin;
+        }
+        let credentials;
+        if (typeof this.cors.credentials === 'function') {
+            credentials = await Promise.resolve(this.cors.credentials(request));
+        }
+        else {
+            credentials = !!this.cors.credentials;
+        }
+        if (request.method.toUpperCase() === 'OPTIONS') {
+            if (!request.get('Access-Control-Request-Method')) {
+                return await next();
+            }
+            response.set('Access-Control-Allow-Origin', origin);
+            if (credentials === true) {
+                response.set('Access-Control-Allow-Credentials', 'true');
+            }
+            if (this.cors.maxAge) {
+                response.set('Access-Control-Max-Age', this.cors.maxAge);
+            }
+            if (this.cors.allowMethods) {
+                response.set('Access-Control-Allow-Methods', this.cors.allowMethods);
+            }
+            let allowHeaders = this.cors.allowHeaders;
+            if (!allowHeaders) {
+                allowHeaders = request.get('Access-Control-Request-Headers');
+            }
+            if (allowHeaders) {
+                response.set('Access-Control-Allow-Headers', allowHeaders);
+            }
+            if (response.sendStatus) {
+                response.sendStatus(204);
+            }
+            else {
+                response.status = 204;
+            }
+            return;
+        }
+        const headersSet = {};
+        function set(key, value) {
+            response.set(key, value);
+            headersSet[key] = value;
+        }
+        set('Access-Control-Allow-Origin', origin);
+        if (credentials === true) {
+            set('Access-Control-Allow-Credentials', 'true');
+        }
+        if (this.cors.exposeHeaders) {
+            set('Access-Control-Expose-Headers', this.cors.exposeHeaders);
+        }
+        if (!this.cors.keepHeadersOnError) {
+            return await next();
+        }
+        try {
+            return await next();
+        }
+        catch (err) {
+            const errHeadersSet = err.headers || {};
+            const varyWithOrigin = vary.append(errHeadersSet.vary || errHeadersSet.Vary || '', 'Origin');
+            delete errHeadersSet.Vary;
+            err.headers = {
+                ...errHeadersSet,
+                ...headersSet,
+                ...{ vary: varyWithOrigin },
+            };
+            throw err;
+        }
+    }
+};
+__decorate([
+    (0, decorator_1.Config)('cors'),
+    __metadata("design:type", Object)
+], CorsMiddleware.prototype, "cors", void 0);
+CorsMiddleware = __decorate([
+    (0, decorator_1.Middleware)()
+], CorsMiddleware);
+exports.CorsMiddleware = CorsMiddleware;
+//# sourceMappingURL=cors.js.map

package/dist/middleware/jsonp.d.ts

@@ -0,0 +1,11 @@
+import { IMiddleware } from '@midwayjs/core';
+import { JSONPOptions } from '../interface';
+export declare class JSONPFilter {
+    match(value: any, req: any): Promise<any>;
+}
+export declare class JSONPMiddleware implements IMiddleware<any, any> {
+    jsonp: JSONPOptions;
+    resolve(app: any): (req: any, res: any, next: any) => Promise<any>;
+    compatibleMiddleware(context: any, next: any): Promise<any>;
+}
+//# sourceMappingURL=jsonp.d.ts.map

package/dist/middleware/jsonp.js

@@ -0,0 +1,64 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JSONPMiddleware = exports.JSONPFilter = void 0;
+const decorator_1 = require("@midwayjs/decorator");
+const jsonp_1 = require("../jsonp");
+const error_1 = require("../error");
+let JSONPFilter = class JSONPFilter {
+    async match(value, req) {
+        const jsonpService = await req.requestContext.getAsync(jsonp_1.JSONPService);
+        return jsonpService.jsonp(value);
+    }
+};
+JSONPFilter = __decorate([
+    (0, decorator_1.Match)()
+], JSONPFilter);
+exports.JSONPFilter = JSONPFilter;
+let JSONPMiddleware = class JSONPMiddleware {
+    resolve(app) {
+        if (app.getFrameworkType() === decorator_1.MidwayFrameworkType.WEB_EXPRESS) {
+            app.useFilter(JSONPFilter);
+            return async (req, res, next) => {
+                return this.compatibleMiddleware(req, next);
+            };
+        }
+        else {
+            return async (ctx, next) => {
+                const result = await this.compatibleMiddleware(ctx, next);
+                const jsonpService = await ctx.requestContext.getAsync(jsonp_1.JSONPService);
+                return jsonpService.jsonp(result);
+            };
+        }
+    }
+    async compatibleMiddleware(context, next) {
+        const { csrf } = this.jsonp;
+        // midway security
+        if (csrf && context.assertCsrf) {
+            try {
+                context.assertCsrf();
+            }
+            catch (_) {
+                throw new error_1.JSONPCSRFError();
+            }
+        }
+        return await next();
+    }
+};
+__decorate([
+    (0, decorator_1.Config)('jsonp'),
+    __metadata("design:type", Object)
+], JSONPMiddleware.prototype, "jsonp", void 0);
+JSONPMiddleware = __decorate([
+    (0, decorator_1.Middleware)()
+], JSONPMiddleware);
+exports.JSONPMiddleware = JSONPMiddleware;
+//# sourceMappingURL=jsonp.js.map

package/index.d.ts

@@ -0,0 +1,9 @@
+import { CORSOptions, JSONPOptions } from './dist/index';
+export * from './dist/index';
+
+declare module '@midwayjs/core/dist/interface' {
+  interface MidwayConfig {
+    cors: Partial<CORSOptions>;
+    jsonp: Partial<JSONPOptions>;
+  }
+}

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@midwayjs/cross-domain",
+  "version": "3.0.0-beta.15",
+  "description": "Midway Component for Cross Domain",
+  "main": "dist/index.js",
+  "typings": "index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "node --require=ts-node/register ../../node_modules/.bin/jest",
+    "cov": "node --require=ts-node/register ../../node_modules/.bin/jest --coverage --forceExit",
+    "ci": "npm run test"
+  },
+  "keywords": [],
+  "author": "",
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.d.ts",
+    "index.d.ts"
+  ],
+  "engines": {
+    "node": ">=12"
+  },
+  "license": "MIT",
+  "dependencies": {
+    "vary": "^1.1.2"
+  },
+  "devDependencies": {
+    "@midwayjs/core": "^3.0.0-beta.15",
+    "@midwayjs/decorator": "^3.0.0-beta.15",
+    "@midwayjs/express": "^3.0.0-beta.15",
+    "@midwayjs/faas": "^3.0.0-beta.15",
+    "@midwayjs/koa": "^3.0.0-beta.15",
+    "@midwayjs/mock": "^3.0.0-beta.15",
+    "@midwayjs/serverless-app": "^3.0.0-beta.15",
+    "@midwayjs/web": "^3.0.0-beta.15"
+  },
+  "gitHead": "6b9778557289d9e8b562c7ce6127736db1248973"
+}