@pikku/core 0.12.0 → 0.12.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +40 -0
- package/dist/errors/errors.d.ts +6 -0
- package/dist/errors/errors.js +10 -0
- package/dist/errors/index.d.ts +1 -0
- package/dist/errors/index.js +1 -0
- package/dist/function/function-runner.d.ts +3 -3
- package/dist/function/function-runner.js +66 -44
- package/dist/function/functions.types.d.ts +1 -0
- package/dist/handle-error.d.ts +2 -2
- package/dist/handle-error.js +2 -2
- package/dist/index.d.ts +5 -3
- package/dist/index.js +2 -1
- package/dist/internal.d.ts +3 -0
- package/dist/internal.js +2 -0
- package/dist/middleware/auth-bearer.d.ts +1 -1
- package/dist/middleware/auth-bearer.js +1 -1
- package/dist/middleware/auth-cookie.d.ts +2 -2
- package/dist/middleware/auth-cookie.js +1 -1
- package/dist/middleware/cors.d.ts +2 -2
- package/dist/middleware/cors.js +45 -37
- package/dist/middleware-runner.d.ts +1 -1
- package/dist/middleware-runner.js +1 -0
- package/dist/permissions.d.ts +2 -2
- package/dist/permissions.js +1 -0
- package/dist/pikku-state.d.ts +9 -8
- package/dist/pikku-state.js +34 -17
- package/dist/schema.d.ts +4 -4
- package/dist/schema.js +9 -5
- package/dist/services/ai-agent-runner-service.d.ts +22 -3
- package/dist/services/ai-run-state-service.d.ts +1 -1
- package/dist/services/ai-storage-service.d.ts +1 -1
- package/dist/services/content-service.d.ts +6 -0
- package/dist/services/gateway-service.d.ts +19 -0
- package/dist/services/gopass-secrets.d.ts +1 -1
- package/dist/services/gopass-secrets.js +3 -0
- package/dist/services/in-memory-ai-run-state-service.d.ts +15 -0
- package/dist/services/in-memory-ai-run-state-service.js +44 -0
- package/dist/services/in-memory-trigger-service.d.ts +0 -1
- package/dist/services/in-memory-trigger-service.js +6 -8
- package/dist/services/index.d.ts +5 -2
- package/dist/services/index.js +2 -0
- package/dist/services/local-content.d.ts +2 -1
- package/dist/services/local-content.js +6 -1
- package/dist/services/local-gateway-service.d.ts +22 -0
- package/dist/services/local-gateway-service.js +51 -0
- package/dist/services/local-secrets.d.ts +2 -2
- package/dist/services/local-variables.d.ts +1 -1
- package/dist/services/logger-console.d.ts +2 -1
- package/dist/services/scheduler-service.d.ts +0 -12
- package/dist/services/scheduler-service.js +0 -6
- package/dist/services/scoped-secret-service.d.ts +1 -1
- package/dist/services/trigger-service.d.ts +0 -7
- package/dist/services/user-session-service.d.ts +3 -3
- package/dist/services/workflow-service.d.ts +2 -3
- package/dist/types/core.types.d.ts +27 -19
- package/dist/types/state.types.d.ts +22 -15
- package/dist/utils.d.ts +5 -5
- package/dist/utils.js +12 -9
- package/dist/wirings/ai-agent/ai-agent-assistant-ui.d.ts +5 -0
- package/dist/wirings/ai-agent/ai-agent-assistant-ui.js +168 -0
- package/dist/wirings/ai-agent/ai-agent-helpers.d.ts +28 -0
- package/dist/wirings/ai-agent/ai-agent-helpers.js +40 -0
- package/dist/wirings/ai-agent/ai-agent-memory.js +13 -2
- package/dist/wirings/ai-agent/ai-agent-prepare.d.ts +4 -5
- package/dist/wirings/ai-agent/ai-agent-prepare.js +80 -31
- package/dist/wirings/ai-agent/ai-agent-registry.d.ts +1 -1
- package/dist/wirings/ai-agent/ai-agent-runner.js +107 -8
- package/dist/wirings/ai-agent/ai-agent-stream.d.ts +2 -1
- package/dist/wirings/ai-agent/ai-agent-stream.js +263 -89
- package/dist/wirings/ai-agent/ai-agent.types.d.ts +96 -4
- package/dist/wirings/ai-agent/index.d.ts +3 -1
- package/dist/wirings/ai-agent/index.js +2 -0
- package/dist/wirings/channel/channel-common.d.ts +2 -2
- package/dist/wirings/channel/channel-handler.d.ts +7 -4
- package/dist/wirings/channel/channel-handler.js +15 -5
- package/dist/wirings/channel/channel-middleware-runner.js +1 -0
- package/dist/wirings/channel/channel-runner.d.ts +5 -5
- package/dist/wirings/channel/channel-runner.js +3 -2
- package/dist/wirings/channel/channel-store.d.ts +1 -1
- package/dist/wirings/channel/channel.types.d.ts +10 -6
- package/dist/wirings/channel/index.d.ts +1 -1
- package/dist/wirings/channel/local/local-channel-handler.d.ts +7 -0
- package/dist/wirings/channel/local/local-channel-handler.js +17 -0
- package/dist/wirings/channel/local/local-channel-runner.d.ts +7 -2
- package/dist/wirings/channel/local/local-channel-runner.js +18 -4
- package/dist/wirings/channel/local/local-eventhub-service.d.ts +2 -2
- package/dist/wirings/channel/log-channels.d.ts +1 -1
- package/dist/wirings/channel/pikku-abstract-channel-handler.d.ts +2 -1
- package/dist/wirings/channel/pikku-abstract-channel-handler.js +1 -0
- package/dist/wirings/channel/serverless/serverless-channel-runner.d.ts +4 -4
- package/dist/wirings/channel/serverless/serverless-channel-runner.js +26 -20
- package/dist/wirings/cli/channel/cli-channel-runner.d.ts +1 -1
- package/dist/wirings/cli/cli-runner.d.ts +2 -2
- package/dist/wirings/cli/cli-runner.js +3 -0
- package/dist/wirings/cli/cli.types.d.ts +3 -3
- package/dist/wirings/cli/command-parser.d.ts +1 -1
- package/dist/wirings/gateway/gateway-runner.d.ts +24 -0
- package/dist/wirings/gateway/gateway-runner.js +325 -0
- package/dist/wirings/gateway/gateway.types.d.ts +127 -0
- package/dist/wirings/gateway/index.d.ts +2 -0
- package/dist/wirings/gateway/index.js +1 -0
- package/dist/wirings/http/http-runner.d.ts +9 -9
- package/dist/wirings/http/http-runner.js +36 -14
- package/dist/wirings/http/http.types.d.ts +2 -6
- package/dist/wirings/http/log-http-routes.d.ts +1 -1
- package/dist/wirings/http/pikku-fetch-http-request.d.ts +1 -1
- package/dist/wirings/http/pikku-fetch-http-response.d.ts +2 -2
- package/dist/wirings/http/pikku-fetch-http-response.js +6 -1
- package/dist/wirings/http/routers/http-router.d.ts +1 -1
- package/dist/wirings/http/routers/path-to-regex.d.ts +2 -2
- package/dist/wirings/mcp/mcp-endpoint-registry.d.ts +1 -1
- package/dist/wirings/mcp/mcp-runner.d.ts +0 -3
- package/dist/wirings/mcp/mcp-runner.js +4 -2
- package/dist/wirings/mcp/mcp.types.d.ts +2 -2
- package/dist/wirings/oauth2/oauth2-client.d.ts +3 -3
- package/dist/wirings/oauth2/wire-oauth2-credential.d.ts +1 -1
- package/dist/wirings/queue/index.d.ts +1 -1
- package/dist/wirings/queue/index.js +1 -1
- package/dist/wirings/queue/queue-runner.d.ts +1 -12
- package/dist/wirings/queue/queue-runner.js +4 -12
- package/dist/wirings/queue/queue.types.d.ts +3 -9
- package/dist/wirings/queue/register-queue-helper.d.ts +2 -2
- package/dist/wirings/queue/register-queue-helper.js +1 -1
- package/dist/wirings/queue/validate-worker-config.d.ts +1 -1
- package/dist/wirings/rpc/index.d.ts +2 -0
- package/dist/wirings/rpc/index.js +1 -0
- package/dist/wirings/rpc/rpc-runner.d.ts +36 -14
- package/dist/wirings/rpc/rpc-runner.js +56 -28
- package/dist/wirings/rpc/rpc-types.d.ts +14 -2
- package/dist/wirings/rpc/wire-addon.d.ts +10 -0
- package/dist/wirings/rpc/wire-addon.js +9 -0
- package/dist/wirings/scheduler/index.d.ts +1 -1
- package/dist/wirings/scheduler/index.js +1 -1
- package/dist/wirings/scheduler/log-schedulers.d.ts +1 -1
- package/dist/wirings/scheduler/scheduler-runner.d.ts +3 -10
- package/dist/wirings/scheduler/scheduler-runner.js +4 -25
- package/dist/wirings/scheduler/scheduler.types.d.ts +2 -2
- package/dist/wirings/trigger/pikku-trigger-service.d.ts +2 -6
- package/dist/wirings/trigger/pikku-trigger-service.js +11 -16
- package/dist/wirings/trigger/trigger-runner.d.ts +1 -5
- package/dist/wirings/trigger/trigger-runner.js +4 -3
- package/dist/wirings/workflow/pikku-workflow-service.d.ts +2 -6
- package/dist/wirings/workflow/pikku-workflow-service.js +20 -29
- package/dist/wirings/workflow/workflow.types.d.ts +2 -2
- package/package.json +4 -2
- package/src/crypto-utils.test.ts +116 -0
- package/src/errors/error.test.ts +143 -2
- package/src/errors/errors.ts +10 -0
- package/src/errors/index.ts +1 -0
- package/src/function/function-runner.test.ts +2 -2
- package/src/function/function-runner.ts +72 -49
- package/src/function/functions.types.ts +1 -0
- package/src/handle-error.test.ts +361 -0
- package/src/handle-error.ts +4 -4
- package/src/index.ts +3 -10
- package/src/internal.ts +6 -0
- package/src/middleware/auth-apikey.test.ts +1 -1
- package/src/middleware/auth-bearer.test.ts +1 -1
- package/src/middleware/auth-bearer.ts +2 -5
- package/src/middleware/auth-cookie.test.ts +1 -1
- package/src/middleware/auth-cookie.ts +3 -5
- package/src/middleware/cors.test.ts +424 -0
- package/src/middleware/cors.ts +14 -6
- package/src/middleware/remote-auth.test.ts +488 -0
- package/src/middleware-runner.test.ts +1 -1
- package/src/middleware-runner.ts +2 -1
- package/src/permissions.test.ts +2 -2
- package/src/permissions.ts +3 -2
- package/src/pikku-state.test.ts +224 -0
- package/src/pikku-state.ts +45 -28
- package/src/schema.test.ts +198 -6
- package/src/schema.ts +11 -7
- package/src/services/ai-agent-runner-service.ts +15 -3
- package/src/services/ai-run-state-service.ts +1 -1
- package/src/services/ai-storage-service.ts +1 -1
- package/src/services/content-service.ts +7 -0
- package/src/services/gateway-service.ts +20 -0
- package/src/services/gopass-secrets.ts +4 -1
- package/src/services/in-memory-ai-run-state-service.ts +73 -0
- package/src/services/in-memory-trigger-service.ts +6 -10
- package/src/services/in-memory-workflow-service.test.ts +351 -0
- package/src/services/index.ts +4 -1
- package/src/services/local-content.ts +9 -3
- package/src/services/local-gateway-service.ts +62 -0
- package/src/services/local-secrets.test.ts +80 -0
- package/src/services/local-secrets.ts +2 -2
- package/src/services/local-variables.test.ts +61 -0
- package/src/services/local-variables.ts +1 -1
- package/src/services/logger-console.test.ts +118 -0
- package/src/services/logger-console.ts +2 -1
- package/src/services/scheduler-service.ts +0 -18
- package/src/services/scoped-secret-service.test.ts +74 -0
- package/src/services/scoped-secret-service.ts +1 -1
- package/src/services/trigger-service.ts +0 -21
- package/src/services/typed-secret-service.test.ts +93 -0
- package/src/services/typed-variables-service.test.ts +73 -0
- package/src/services/user-session-service.test.ts +113 -0
- package/src/services/user-session-service.ts +3 -3
- package/src/services/workflow-service.ts +2 -12
- package/src/time-utils.test.ts +1 -1
- package/src/types/core.types.ts +28 -19
- package/src/types/state.types.ts +32 -15
- package/src/utils.test.ts +350 -0
- package/src/utils.ts +14 -13
- package/src/wirings/ai-agent/ai-agent-assistant-ui.test.ts +363 -0
- package/src/wirings/ai-agent/ai-agent-assistant-ui.ts +238 -0
- package/src/wirings/ai-agent/ai-agent-helpers.test.ts +152 -0
- package/src/wirings/ai-agent/ai-agent-helpers.ts +76 -0
- package/src/wirings/ai-agent/ai-agent-memory.ts +10 -1
- package/src/wirings/ai-agent/ai-agent-model-config.test.ts +115 -0
- package/src/wirings/ai-agent/ai-agent-prepare.ts +98 -46
- package/src/wirings/ai-agent/ai-agent-registry.ts +1 -1
- package/src/wirings/ai-agent/ai-agent-runner.test.ts +245 -3
- package/src/wirings/ai-agent/ai-agent-runner.ts +121 -7
- package/src/wirings/ai-agent/ai-agent-stream.test.ts +430 -24
- package/src/wirings/ai-agent/ai-agent-stream.ts +390 -104
- package/src/wirings/ai-agent/ai-agent.types.ts +91 -4
- package/src/wirings/ai-agent/index.ts +13 -0
- package/src/wirings/channel/channel-common.ts +2 -2
- package/src/wirings/channel/channel-handler.ts +43 -11
- package/src/wirings/channel/channel-middleware-runner.ts +1 -0
- package/src/wirings/channel/channel-runner.ts +6 -6
- package/src/wirings/channel/channel-store.ts +1 -1
- package/src/wirings/channel/channel.types.ts +15 -8
- package/src/wirings/channel/index.ts +1 -0
- package/src/wirings/channel/local/local-channel-handler.ts +26 -0
- package/src/wirings/channel/local/local-channel-runner.test.ts +19 -12
- package/src/wirings/channel/local/local-channel-runner.ts +33 -14
- package/src/wirings/channel/local/local-eventhub-service.test.ts +2 -2
- package/src/wirings/channel/local/local-eventhub-service.ts +2 -2
- package/src/wirings/channel/log-channels.ts +1 -1
- package/src/wirings/channel/pikku-abstract-channel-handler.test.ts +2 -0
- package/src/wirings/channel/pikku-abstract-channel-handler.ts +8 -1
- package/src/wirings/channel/serverless/serverless-channel-runner.ts +38 -33
- package/src/wirings/cli/channel/cli-channel-runner.ts +1 -1
- package/src/wirings/cli/cli-runner.test.ts +1 -1
- package/src/wirings/cli/cli-runner.ts +14 -4
- package/src/wirings/cli/cli.types.ts +3 -3
- package/src/wirings/cli/command-parser.test.ts +1 -1
- package/src/wirings/cli/command-parser.ts +1 -1
- package/src/wirings/gateway/gateway-runner.test.ts +474 -0
- package/src/wirings/gateway/gateway-runner.ts +411 -0
- package/src/wirings/gateway/gateway.types.ts +149 -0
- package/src/wirings/gateway/index.ts +13 -0
- package/src/wirings/http/http-routes.test.ts +1 -1
- package/src/wirings/http/http-runner.test.ts +9 -17
- package/src/wirings/http/http-runner.ts +46 -27
- package/src/wirings/http/http.types.ts +1 -14
- package/src/wirings/http/log-http-routes.ts +1 -1
- package/src/wirings/http/pikku-fetch-http-request.ts +1 -1
- package/src/wirings/http/pikku-fetch-http-response.ts +12 -5
- package/src/wirings/http/routers/http-router.ts +1 -1
- package/src/wirings/http/routers/path-to-regex.test.ts +1 -1
- package/src/wirings/http/routers/path-to-regex.ts +4 -3
- package/src/wirings/mcp/mcp-endpoint-registry.ts +5 -1
- package/src/wirings/mcp/mcp-runner.ts +9 -15
- package/src/wirings/mcp/mcp.types.ts +2 -2
- package/src/wirings/oauth2/oauth2-client.ts +3 -3
- package/src/wirings/oauth2/wire-oauth2-credential.ts +1 -1
- package/src/wirings/queue/index.ts +0 -1
- package/src/wirings/queue/queue-runner.test.ts +52 -25
- package/src/wirings/queue/queue-runner.ts +8 -30
- package/src/wirings/queue/queue.types.ts +3 -13
- package/src/wirings/queue/register-queue-helper.ts +3 -5
- package/src/wirings/queue/validate-worker-config.test.ts +108 -0
- package/src/wirings/queue/validate-worker-config.ts +4 -1
- package/src/wirings/rpc/index.ts +2 -0
- package/src/wirings/rpc/rpc-runner.ts +92 -49
- package/src/wirings/rpc/rpc-types.ts +17 -2
- package/src/wirings/rpc/wire-addon.ts +20 -0
- package/src/wirings/scheduler/index.ts +0 -1
- package/src/wirings/scheduler/log-schedulers.ts +1 -1
- package/src/wirings/scheduler/scheduler-runner.test.ts +49 -60
- package/src/wirings/scheduler/scheduler-runner.ts +9 -56
- package/src/wirings/scheduler/scheduler.types.ts +2 -2
- package/src/wirings/secret/validate-secret-definitions.test.ts +140 -0
- package/src/wirings/trigger/pikku-trigger-service.ts +17 -39
- package/src/wirings/trigger/trigger-runner.test.ts +79 -0
- package/src/wirings/trigger/trigger-runner.ts +8 -11
- package/src/wirings/variable/validate-variable-definitions.test.ts +91 -0
- package/src/wirings/workflow/graph/graph-runner.test.ts +14 -22
- package/src/wirings/workflow/graph/template.test.ts +49 -0
- package/src/wirings/workflow/pikku-workflow-service.test.ts +15 -27
- package/src/wirings/workflow/pikku-workflow-service.ts +29 -45
- package/src/wirings/workflow/workflow-helpers.test.ts +129 -0
- package/src/wirings/workflow/workflow.types.ts +2 -2
- package/tsconfig.tsbuildinfo +1 -1
- package/src/wirings/workflow/workflow-utils.ts +0 -0
- /package/dist/{wirings/workflow/workflow-utils.d.ts → services/gateway-service.js} +0 -0
- /package/dist/wirings/{workflow/workflow-utils.js → gateway/gateway.types.js} +0 -0
|
@@ -1,9 +1,7 @@
|
|
|
1
|
-
import { SerializeOptions } from 'cookie'
|
|
1
|
+
import type { SerializeOptions } from 'cookie'
|
|
2
2
|
import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
RelativeTimeInput,
|
|
6
|
-
} from '../time-utils.js'
|
|
3
|
+
import type { RelativeTimeInput } from '../time-utils.js'
|
|
4
|
+
import { getRelativeTimeOffsetFromNow } from '../time-utils.js'
|
|
7
5
|
|
|
8
6
|
/**
|
|
9
7
|
* Cookie-based session middleware that uses JWT for encoding/decoding session data.
|
|
@@ -0,0 +1,424 @@
|
|
|
1
|
+
import { describe, test, beforeEach } from 'node:test'
|
|
2
|
+
import assert from 'node:assert'
|
|
3
|
+
import { cors } from './cors.js'
|
|
4
|
+
import { resetPikkuState } from '../pikku-state.js'
|
|
5
|
+
|
|
6
|
+
beforeEach(() => {
|
|
7
|
+
resetPikkuState()
|
|
8
|
+
})
|
|
9
|
+
|
|
10
|
+
const createMockRequest = (method = 'get', origin?: string) => ({
|
|
11
|
+
method: () => method,
|
|
12
|
+
header: (name: string) => {
|
|
13
|
+
if (name === 'origin') return origin
|
|
14
|
+
return undefined
|
|
15
|
+
},
|
|
16
|
+
})
|
|
17
|
+
|
|
18
|
+
const createMockResponse = () => {
|
|
19
|
+
const headers: Record<string, string> = {}
|
|
20
|
+
let statusCode: number | undefined
|
|
21
|
+
let jsonBody: any
|
|
22
|
+
return {
|
|
23
|
+
header: (name: string, value: string) => {
|
|
24
|
+
headers[name] = value
|
|
25
|
+
},
|
|
26
|
+
status: (code: number) => {
|
|
27
|
+
statusCode = code
|
|
28
|
+
return {
|
|
29
|
+
json: (body: any) => {
|
|
30
|
+
jsonBody = body
|
|
31
|
+
},
|
|
32
|
+
}
|
|
33
|
+
},
|
|
34
|
+
json: (body: any) => {
|
|
35
|
+
jsonBody = body
|
|
36
|
+
},
|
|
37
|
+
_headers: headers,
|
|
38
|
+
_getStatus: () => statusCode,
|
|
39
|
+
_getJson: () => jsonBody,
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
describe('cors', () => {
|
|
44
|
+
describe('configuration validation', () => {
|
|
45
|
+
test('should throw when wildcard origin used with credentials', () => {
|
|
46
|
+
assert.throws(() => cors({ origin: '*', credentials: true }), {
|
|
47
|
+
message:
|
|
48
|
+
'CORS misconfiguration: wildcard origin (*) cannot be used with credentials: true',
|
|
49
|
+
})
|
|
50
|
+
})
|
|
51
|
+
|
|
52
|
+
test('should not throw with wildcard origin and no credentials', () => {
|
|
53
|
+
const middleware = cors({ origin: '*' })
|
|
54
|
+
assert.ok(middleware)
|
|
55
|
+
})
|
|
56
|
+
|
|
57
|
+
test('should not throw with specific origin and credentials', () => {
|
|
58
|
+
const middleware = cors({
|
|
59
|
+
origin: 'https://example.com',
|
|
60
|
+
credentials: true,
|
|
61
|
+
})
|
|
62
|
+
assert.ok(middleware)
|
|
63
|
+
})
|
|
64
|
+
|
|
65
|
+
test('should not throw with default options', () => {
|
|
66
|
+
const middleware = cors()
|
|
67
|
+
assert.ok(middleware)
|
|
68
|
+
})
|
|
69
|
+
})
|
|
70
|
+
|
|
71
|
+
describe('wildcard origin', () => {
|
|
72
|
+
test('should set Access-Control-Allow-Origin to * by default', async () => {
|
|
73
|
+
const middleware = cors()
|
|
74
|
+
const request = createMockRequest()
|
|
75
|
+
const response = createMockResponse()
|
|
76
|
+
let nextCalled = false
|
|
77
|
+
|
|
78
|
+
await middleware(
|
|
79
|
+
{} as any,
|
|
80
|
+
{ http: { request, response } } as any,
|
|
81
|
+
async () => {
|
|
82
|
+
nextCalled = true
|
|
83
|
+
}
|
|
84
|
+
)
|
|
85
|
+
|
|
86
|
+
assert.strictEqual(response._headers['Access-Control-Allow-Origin'], '*')
|
|
87
|
+
assert.strictEqual(nextCalled, true)
|
|
88
|
+
})
|
|
89
|
+
})
|
|
90
|
+
|
|
91
|
+
describe('single origin', () => {
|
|
92
|
+
test('should set Access-Control-Allow-Origin to specified origin', async () => {
|
|
93
|
+
const middleware = cors({ origin: 'https://example.com' })
|
|
94
|
+
const request = createMockRequest()
|
|
95
|
+
const response = createMockResponse()
|
|
96
|
+
|
|
97
|
+
await middleware(
|
|
98
|
+
{} as any,
|
|
99
|
+
{ http: { request, response } } as any,
|
|
100
|
+
async () => {}
|
|
101
|
+
)
|
|
102
|
+
|
|
103
|
+
assert.strictEqual(
|
|
104
|
+
response._headers['Access-Control-Allow-Origin'],
|
|
105
|
+
'https://example.com'
|
|
106
|
+
)
|
|
107
|
+
})
|
|
108
|
+
})
|
|
109
|
+
|
|
110
|
+
describe('array of origins', () => {
|
|
111
|
+
test('should use request origin when it matches array', async () => {
|
|
112
|
+
const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
|
|
113
|
+
const request = createMockRequest('get', 'https://b.com')
|
|
114
|
+
const response = createMockResponse()
|
|
115
|
+
|
|
116
|
+
await middleware(
|
|
117
|
+
{} as any,
|
|
118
|
+
{ http: { request, response } } as any,
|
|
119
|
+
async () => {}
|
|
120
|
+
)
|
|
121
|
+
|
|
122
|
+
assert.strictEqual(
|
|
123
|
+
response._headers['Access-Control-Allow-Origin'],
|
|
124
|
+
'https://b.com'
|
|
125
|
+
)
|
|
126
|
+
})
|
|
127
|
+
|
|
128
|
+
test('should use first origin when request origin not in array', async () => {
|
|
129
|
+
const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
|
|
130
|
+
const request = createMockRequest('get', 'https://unknown.com')
|
|
131
|
+
const response = createMockResponse()
|
|
132
|
+
|
|
133
|
+
await middleware(
|
|
134
|
+
{} as any,
|
|
135
|
+
{ http: { request, response } } as any,
|
|
136
|
+
async () => {}
|
|
137
|
+
)
|
|
138
|
+
|
|
139
|
+
assert.strictEqual(
|
|
140
|
+
response._headers['Access-Control-Allow-Origin'],
|
|
141
|
+
'https://a.com'
|
|
142
|
+
)
|
|
143
|
+
})
|
|
144
|
+
|
|
145
|
+
test('should use first origin when no request origin header', async () => {
|
|
146
|
+
const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
|
|
147
|
+
const request = createMockRequest('get')
|
|
148
|
+
const response = createMockResponse()
|
|
149
|
+
|
|
150
|
+
await middleware(
|
|
151
|
+
{} as any,
|
|
152
|
+
{ http: { request, response } } as any,
|
|
153
|
+
async () => {}
|
|
154
|
+
)
|
|
155
|
+
|
|
156
|
+
assert.strictEqual(
|
|
157
|
+
response._headers['Access-Control-Allow-Origin'],
|
|
158
|
+
'https://a.com'
|
|
159
|
+
)
|
|
160
|
+
})
|
|
161
|
+
|
|
162
|
+
test('should set Vary: Origin header when origin is array', async () => {
|
|
163
|
+
const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
|
|
164
|
+
const request = createMockRequest()
|
|
165
|
+
const response = createMockResponse()
|
|
166
|
+
|
|
167
|
+
await middleware(
|
|
168
|
+
{} as any,
|
|
169
|
+
{ http: { request, response } } as any,
|
|
170
|
+
async () => {}
|
|
171
|
+
)
|
|
172
|
+
|
|
173
|
+
assert.strictEqual(response._headers['Vary'], 'Origin')
|
|
174
|
+
})
|
|
175
|
+
})
|
|
176
|
+
|
|
177
|
+
describe('headers', () => {
|
|
178
|
+
test('should set default allowed methods', async () => {
|
|
179
|
+
const middleware = cors()
|
|
180
|
+
const request = createMockRequest()
|
|
181
|
+
const response = createMockResponse()
|
|
182
|
+
|
|
183
|
+
await middleware(
|
|
184
|
+
{} as any,
|
|
185
|
+
{ http: { request, response } } as any,
|
|
186
|
+
async () => {}
|
|
187
|
+
)
|
|
188
|
+
|
|
189
|
+
assert.strictEqual(
|
|
190
|
+
response._headers['Access-Control-Allow-Methods'],
|
|
191
|
+
'GET, POST, PUT, PATCH, DELETE, OPTIONS'
|
|
192
|
+
)
|
|
193
|
+
})
|
|
194
|
+
|
|
195
|
+
test('should set default allowed headers', async () => {
|
|
196
|
+
const middleware = cors()
|
|
197
|
+
const request = createMockRequest()
|
|
198
|
+
const response = createMockResponse()
|
|
199
|
+
|
|
200
|
+
await middleware(
|
|
201
|
+
{} as any,
|
|
202
|
+
{ http: { request, response } } as any,
|
|
203
|
+
async () => {}
|
|
204
|
+
)
|
|
205
|
+
|
|
206
|
+
assert.strictEqual(
|
|
207
|
+
response._headers['Access-Control-Allow-Headers'],
|
|
208
|
+
'Content-Type, Authorization, x-api-key'
|
|
209
|
+
)
|
|
210
|
+
})
|
|
211
|
+
|
|
212
|
+
test('should set custom methods', async () => {
|
|
213
|
+
const middleware = cors({ methods: ['GET', 'POST'] })
|
|
214
|
+
const request = createMockRequest()
|
|
215
|
+
const response = createMockResponse()
|
|
216
|
+
|
|
217
|
+
await middleware(
|
|
218
|
+
{} as any,
|
|
219
|
+
{ http: { request, response } } as any,
|
|
220
|
+
async () => {}
|
|
221
|
+
)
|
|
222
|
+
|
|
223
|
+
assert.strictEqual(
|
|
224
|
+
response._headers['Access-Control-Allow-Methods'],
|
|
225
|
+
'GET, POST'
|
|
226
|
+
)
|
|
227
|
+
})
|
|
228
|
+
|
|
229
|
+
test('should set custom headers', async () => {
|
|
230
|
+
const middleware = cors({ headers: ['X-Custom'] })
|
|
231
|
+
const request = createMockRequest()
|
|
232
|
+
const response = createMockResponse()
|
|
233
|
+
|
|
234
|
+
await middleware(
|
|
235
|
+
{} as any,
|
|
236
|
+
{ http: { request, response } } as any,
|
|
237
|
+
async () => {}
|
|
238
|
+
)
|
|
239
|
+
|
|
240
|
+
assert.strictEqual(
|
|
241
|
+
response._headers['Access-Control-Allow-Headers'],
|
|
242
|
+
'X-Custom'
|
|
243
|
+
)
|
|
244
|
+
})
|
|
245
|
+
|
|
246
|
+
test('should not set Vary when origin is string', async () => {
|
|
247
|
+
const middleware = cors({ origin: 'https://example.com' })
|
|
248
|
+
const request = createMockRequest()
|
|
249
|
+
const response = createMockResponse()
|
|
250
|
+
|
|
251
|
+
await middleware(
|
|
252
|
+
{} as any,
|
|
253
|
+
{ http: { request, response } } as any,
|
|
254
|
+
async () => {}
|
|
255
|
+
)
|
|
256
|
+
|
|
257
|
+
assert.strictEqual(response._headers['Vary'], undefined)
|
|
258
|
+
})
|
|
259
|
+
})
|
|
260
|
+
|
|
261
|
+
describe('credentials', () => {
|
|
262
|
+
test('should set Access-Control-Allow-Credentials when enabled', async () => {
|
|
263
|
+
const middleware = cors({
|
|
264
|
+
origin: 'https://example.com',
|
|
265
|
+
credentials: true,
|
|
266
|
+
})
|
|
267
|
+
const request = createMockRequest()
|
|
268
|
+
const response = createMockResponse()
|
|
269
|
+
|
|
270
|
+
await middleware(
|
|
271
|
+
{} as any,
|
|
272
|
+
{ http: { request, response } } as any,
|
|
273
|
+
async () => {}
|
|
274
|
+
)
|
|
275
|
+
|
|
276
|
+
assert.strictEqual(
|
|
277
|
+
response._headers['Access-Control-Allow-Credentials'],
|
|
278
|
+
'true'
|
|
279
|
+
)
|
|
280
|
+
})
|
|
281
|
+
|
|
282
|
+
test('should not set credentials header when disabled', async () => {
|
|
283
|
+
const middleware = cors({ credentials: false })
|
|
284
|
+
const request = createMockRequest()
|
|
285
|
+
const response = createMockResponse()
|
|
286
|
+
|
|
287
|
+
await middleware(
|
|
288
|
+
{} as any,
|
|
289
|
+
{ http: { request, response } } as any,
|
|
290
|
+
async () => {}
|
|
291
|
+
)
|
|
292
|
+
|
|
293
|
+
assert.strictEqual(
|
|
294
|
+
response._headers['Access-Control-Allow-Credentials'],
|
|
295
|
+
undefined
|
|
296
|
+
)
|
|
297
|
+
})
|
|
298
|
+
})
|
|
299
|
+
|
|
300
|
+
describe('OPTIONS preflight', () => {
|
|
301
|
+
test('should return 204 for OPTIONS requests', async () => {
|
|
302
|
+
const middleware = cors()
|
|
303
|
+
const request = createMockRequest('options')
|
|
304
|
+
const response = createMockResponse()
|
|
305
|
+
let nextCalled = false
|
|
306
|
+
|
|
307
|
+
await middleware(
|
|
308
|
+
{} as any,
|
|
309
|
+
{ http: { request, response } } as any,
|
|
310
|
+
async () => {
|
|
311
|
+
nextCalled = true
|
|
312
|
+
}
|
|
313
|
+
)
|
|
314
|
+
|
|
315
|
+
assert.strictEqual(response._getStatus(), 204)
|
|
316
|
+
assert.strictEqual(nextCalled, false)
|
|
317
|
+
})
|
|
318
|
+
|
|
319
|
+
test('should set Access-Control-Max-Age for OPTIONS', async () => {
|
|
320
|
+
const middleware = cors({ maxAge: 3600 })
|
|
321
|
+
const request = createMockRequest('options')
|
|
322
|
+
const response = createMockResponse()
|
|
323
|
+
|
|
324
|
+
await middleware(
|
|
325
|
+
{} as any,
|
|
326
|
+
{ http: { request, response } } as any,
|
|
327
|
+
async () => {}
|
|
328
|
+
)
|
|
329
|
+
|
|
330
|
+
assert.strictEqual(response._headers['Access-Control-Max-Age'], '3600')
|
|
331
|
+
})
|
|
332
|
+
|
|
333
|
+
test('should use default maxAge of 86400', async () => {
|
|
334
|
+
const middleware = cors()
|
|
335
|
+
const request = createMockRequest('options')
|
|
336
|
+
const response = createMockResponse()
|
|
337
|
+
|
|
338
|
+
await middleware(
|
|
339
|
+
{} as any,
|
|
340
|
+
{ http: { request, response } } as any,
|
|
341
|
+
async () => {}
|
|
342
|
+
)
|
|
343
|
+
|
|
344
|
+
assert.strictEqual(response._headers['Access-Control-Max-Age'], '86400')
|
|
345
|
+
})
|
|
346
|
+
|
|
347
|
+
test('should call next for non-OPTIONS requests', async () => {
|
|
348
|
+
const middleware = cors()
|
|
349
|
+
const request = createMockRequest('get')
|
|
350
|
+
const response = createMockResponse()
|
|
351
|
+
let nextCalled = false
|
|
352
|
+
|
|
353
|
+
await middleware(
|
|
354
|
+
{} as any,
|
|
355
|
+
{ http: { request, response } } as any,
|
|
356
|
+
async () => {
|
|
357
|
+
nextCalled = true
|
|
358
|
+
}
|
|
359
|
+
)
|
|
360
|
+
|
|
361
|
+
assert.strictEqual(nextCalled, true)
|
|
362
|
+
})
|
|
363
|
+
|
|
364
|
+
test('should call next for POST requests', async () => {
|
|
365
|
+
const middleware = cors()
|
|
366
|
+
const request = createMockRequest('post')
|
|
367
|
+
const response = createMockResponse()
|
|
368
|
+
let nextCalled = false
|
|
369
|
+
|
|
370
|
+
await middleware(
|
|
371
|
+
{} as any,
|
|
372
|
+
{ http: { request, response } } as any,
|
|
373
|
+
async () => {
|
|
374
|
+
nextCalled = true
|
|
375
|
+
}
|
|
376
|
+
)
|
|
377
|
+
|
|
378
|
+
assert.strictEqual(nextCalled, true)
|
|
379
|
+
})
|
|
380
|
+
})
|
|
381
|
+
|
|
382
|
+
describe('missing http', () => {
|
|
383
|
+
test('should call next when no request', async () => {
|
|
384
|
+
const middleware = cors()
|
|
385
|
+
let nextCalled = false
|
|
386
|
+
|
|
387
|
+
await middleware(
|
|
388
|
+
{} as any,
|
|
389
|
+
{ http: { response: createMockResponse() } } as any,
|
|
390
|
+
async () => {
|
|
391
|
+
nextCalled = true
|
|
392
|
+
}
|
|
393
|
+
)
|
|
394
|
+
|
|
395
|
+
assert.strictEqual(nextCalled, true)
|
|
396
|
+
})
|
|
397
|
+
|
|
398
|
+
test('should call next when no response', async () => {
|
|
399
|
+
const middleware = cors()
|
|
400
|
+
let nextCalled = false
|
|
401
|
+
|
|
402
|
+
await middleware(
|
|
403
|
+
{} as any,
|
|
404
|
+
{ http: { request: createMockRequest() } } as any,
|
|
405
|
+
async () => {
|
|
406
|
+
nextCalled = true
|
|
407
|
+
}
|
|
408
|
+
)
|
|
409
|
+
|
|
410
|
+
assert.strictEqual(nextCalled, true)
|
|
411
|
+
})
|
|
412
|
+
|
|
413
|
+
test('should call next when no http', async () => {
|
|
414
|
+
const middleware = cors()
|
|
415
|
+
let nextCalled = false
|
|
416
|
+
|
|
417
|
+
await middleware({} as any, {} as any, async () => {
|
|
418
|
+
nextCalled = true
|
|
419
|
+
})
|
|
420
|
+
|
|
421
|
+
assert.strictEqual(nextCalled, true)
|
|
422
|
+
})
|
|
423
|
+
})
|
|
424
|
+
})
|
package/src/middleware/cors.ts
CHANGED
|
@@ -6,7 +6,7 @@ import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
|
|
|
6
6
|
* Sets appropriate CORS headers on all responses and short-circuits OPTIONS
|
|
7
7
|
* preflight requests with a 204 No Content response.
|
|
8
8
|
*
|
|
9
|
-
* @param options.origin - Allowed origin(s). Use `'*'` for any origin, a string for a single origin, or an array for multiple origins. Defaults to `'*'`.
|
|
9
|
+
* @param options.origin - Allowed origin(s). Use `'*'` for any origin, `true` to reflect the request origin, a string for a single origin, or an array for multiple origins. Defaults to `'*'`.
|
|
10
10
|
* @param options.methods - Allowed HTTP methods. Defaults to common methods.
|
|
11
11
|
* @param options.headers - Allowed request headers. Defaults to common headers.
|
|
12
12
|
* @param options.credentials - Whether to allow credentials. Defaults to `false`.
|
|
@@ -36,7 +36,7 @@ import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
|
|
|
36
36
|
* ```
|
|
37
37
|
*/
|
|
38
38
|
export const cors = pikkuMiddlewareFactory<{
|
|
39
|
-
origin?: string | string[]
|
|
39
|
+
origin?: string | string[] | true
|
|
40
40
|
methods?: string[]
|
|
41
41
|
headers?: string[]
|
|
42
42
|
credentials?: boolean
|
|
@@ -48,8 +48,13 @@ export const cors = pikkuMiddlewareFactory<{
|
|
|
48
48
|
headers = ['Content-Type', 'Authorization', 'x-api-key'],
|
|
49
49
|
credentials = false,
|
|
50
50
|
maxAge = 86400,
|
|
51
|
-
} = {}) =>
|
|
52
|
-
|
|
51
|
+
} = {}) => {
|
|
52
|
+
if (origin === '*' && credentials) {
|
|
53
|
+
throw new Error(
|
|
54
|
+
'CORS misconfiguration: wildcard origin (*) cannot be used with credentials: true'
|
|
55
|
+
)
|
|
56
|
+
}
|
|
57
|
+
return pikkuMiddleware({
|
|
53
58
|
name: 'CORS',
|
|
54
59
|
description: 'Handles cross-origin requests including OPTIONS preflight',
|
|
55
60
|
func: async (_services, wires, next) => {
|
|
@@ -63,7 +68,9 @@ export const cors = pikkuMiddlewareFactory<{
|
|
|
63
68
|
const requestOrigin = request.header('origin')
|
|
64
69
|
|
|
65
70
|
let allowedOrigin: string
|
|
66
|
-
if (
|
|
71
|
+
if (origin === true) {
|
|
72
|
+
allowedOrigin = requestOrigin || '*'
|
|
73
|
+
} else if (Array.isArray(origin)) {
|
|
67
74
|
allowedOrigin =
|
|
68
75
|
requestOrigin && origin.includes(requestOrigin)
|
|
69
76
|
? requestOrigin
|
|
@@ -80,7 +87,7 @@ export const cors = pikkuMiddlewareFactory<{
|
|
|
80
87
|
response.header('Access-Control-Allow-Credentials', 'true')
|
|
81
88
|
}
|
|
82
89
|
|
|
83
|
-
if (Array.isArray(origin)) {
|
|
90
|
+
if (origin === true || Array.isArray(origin)) {
|
|
84
91
|
response.header('Vary', 'Origin')
|
|
85
92
|
}
|
|
86
93
|
|
|
@@ -93,4 +100,5 @@ export const cors = pikkuMiddlewareFactory<{
|
|
|
93
100
|
return next()
|
|
94
101
|
},
|
|
95
102
|
})
|
|
103
|
+
}
|
|
96
104
|
)
|