@pikku/core 0.12.3 → 0.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/dist/services/in-memory-workflow-service.d.ts +15 -2
  3. package/dist/services/in-memory-workflow-service.js +49 -0
  4. package/lcov.info +18891 -0
  5. package/package.json +1 -1
  6. package/src/crypto-utils.test.ts +0 -214
  7. package/src/crypto-utils.ts +0 -213
  8. package/src/errors/error-handler.ts +0 -62
  9. package/src/errors/error.test.ts +0 -195
  10. package/src/errors/errors.ts +0 -374
  11. package/src/errors/index.ts +0 -2
  12. package/src/factory-functions.test.ts +0 -109
  13. package/src/function/function-runner.test.ts +0 -536
  14. package/src/function/function-runner.ts +0 -365
  15. package/src/function/functions.types.ts +0 -304
  16. package/src/function/index.ts +0 -5
  17. package/src/handle-error.test.ts +0 -424
  18. package/src/handle-error.ts +0 -69
  19. package/src/index.ts +0 -118
  20. package/src/internal.ts +0 -6
  21. package/src/middleware/auth-apikey.test.ts +0 -363
  22. package/src/middleware/auth-apikey.ts +0 -47
  23. package/src/middleware/auth-bearer.test.ts +0 -450
  24. package/src/middleware/auth-bearer.ts +0 -72
  25. package/src/middleware/auth-cookie.test.ts +0 -528
  26. package/src/middleware/auth-cookie.ts +0 -80
  27. package/src/middleware/cors.test.ts +0 -424
  28. package/src/middleware/cors.ts +0 -104
  29. package/src/middleware/index.ts +0 -5
  30. package/src/middleware/remote-auth.test.ts +0 -488
  31. package/src/middleware/remote-auth.ts +0 -68
  32. package/src/middleware/timeout.ts +0 -15
  33. package/src/middleware-runner.test.ts +0 -418
  34. package/src/middleware-runner.ts +0 -234
  35. package/src/permissions.test.ts +0 -434
  36. package/src/permissions.ts +0 -319
  37. package/src/pikku-request.ts +0 -23
  38. package/src/pikku-response.ts +0 -5
  39. package/src/pikku-state.test.ts +0 -224
  40. package/src/pikku-state.ts +0 -216
  41. package/src/run-tests-script.test.ts +0 -49
  42. package/src/schema.test.ts +0 -249
  43. package/src/schema.ts +0 -151
  44. package/src/services/ai-agent-runner-service.ts +0 -41
  45. package/src/services/ai-run-state-service.ts +0 -20
  46. package/src/services/ai-storage-service.ts +0 -39
  47. package/src/services/content-service.ts +0 -76
  48. package/src/services/deployment-service.ts +0 -22
  49. package/src/services/gateway-service.ts +0 -20
  50. package/src/services/gopass-secrets.ts +0 -98
  51. package/src/services/in-memory-ai-run-state-service.ts +0 -73
  52. package/src/services/in-memory-trigger-service.ts +0 -64
  53. package/src/services/in-memory-workflow-service.test.ts +0 -351
  54. package/src/services/in-memory-workflow-service.ts +0 -438
  55. package/src/services/index.ts +0 -56
  56. package/src/services/jwt-service.ts +0 -30
  57. package/src/services/local-content.ts +0 -120
  58. package/src/services/local-gateway-service.ts +0 -62
  59. package/src/services/local-secrets.test.ts +0 -80
  60. package/src/services/local-secrets.ts +0 -94
  61. package/src/services/local-variables.test.ts +0 -61
  62. package/src/services/local-variables.ts +0 -39
  63. package/src/services/logger-console.test.ts +0 -118
  64. package/src/services/logger-console.ts +0 -98
  65. package/src/services/logger.ts +0 -57
  66. package/src/services/scheduler-service.ts +0 -86
  67. package/src/services/schema-service.ts +0 -33
  68. package/src/services/scoped-secret-service.test.ts +0 -74
  69. package/src/services/scoped-secret-service.ts +0 -41
  70. package/src/services/secret-service.ts +0 -38
  71. package/src/services/trigger-service.ts +0 -17
  72. package/src/services/typed-secret-service.test.ts +0 -93
  73. package/src/services/typed-secret-service.ts +0 -70
  74. package/src/services/typed-variables-service.test.ts +0 -73
  75. package/src/services/typed-variables-service.ts +0 -81
  76. package/src/services/user-session-service.test.ts +0 -113
  77. package/src/services/user-session-service.ts +0 -86
  78. package/src/services/variables-service.ts +0 -11
  79. package/src/services/workflow-service.ts +0 -95
  80. package/src/testing/index.ts +0 -2
  81. package/src/testing/service-tests.ts +0 -873
  82. package/src/time-utils.test.ts +0 -56
  83. package/src/time-utils.ts +0 -107
  84. package/src/types/core.types.ts +0 -478
  85. package/src/types/state.types.ts +0 -188
  86. package/src/utils/hash.test.ts +0 -68
  87. package/src/utils/hash.ts +0 -26
  88. package/src/utils.test.ts +0 -350
  89. package/src/utils.ts +0 -129
  90. package/src/version.test.ts +0 -80
  91. package/src/version.ts +0 -25
  92. package/src/wirings/ai-agent/agent-dynamic-workflow.ts +0 -469
  93. package/src/wirings/ai-agent/ai-agent-helpers.test.ts +0 -152
  94. package/src/wirings/ai-agent/ai-agent-helpers.ts +0 -76
  95. package/src/wirings/ai-agent/ai-agent-memory.ts +0 -310
  96. package/src/wirings/ai-agent/ai-agent-model-config.test.ts +0 -115
  97. package/src/wirings/ai-agent/ai-agent-model-config.ts +0 -43
  98. package/src/wirings/ai-agent/ai-agent-prepare.ts +0 -636
  99. package/src/wirings/ai-agent/ai-agent-registry.test.ts +0 -37
  100. package/src/wirings/ai-agent/ai-agent-registry.ts +0 -82
  101. package/src/wirings/ai-agent/ai-agent-runner.test.ts +0 -319
  102. package/src/wirings/ai-agent/ai-agent-runner.ts +0 -773
  103. package/src/wirings/ai-agent/ai-agent-stream.test.ts +0 -859
  104. package/src/wirings/ai-agent/ai-agent-stream.ts +0 -1153
  105. package/src/wirings/ai-agent/ai-agent.types.ts +0 -382
  106. package/src/wirings/ai-agent/index.ts +0 -37
  107. package/src/wirings/channel/channel-common.ts +0 -90
  108. package/src/wirings/channel/channel-handler.ts +0 -250
  109. package/src/wirings/channel/channel-middleware-runner.ts +0 -120
  110. package/src/wirings/channel/channel-runner.ts +0 -166
  111. package/src/wirings/channel/channel-store.ts +0 -29
  112. package/src/wirings/channel/channel.types.ts +0 -172
  113. package/src/wirings/channel/define-channel-routes.ts +0 -25
  114. package/src/wirings/channel/eventhub-service.ts +0 -34
  115. package/src/wirings/channel/eventhub-store.ts +0 -13
  116. package/src/wirings/channel/index.ts +0 -24
  117. package/src/wirings/channel/local/index.ts +0 -3
  118. package/src/wirings/channel/local/local-channel-handler.ts +0 -81
  119. package/src/wirings/channel/local/local-channel-runner.test.ts +0 -215
  120. package/src/wirings/channel/local/local-channel-runner.ts +0 -210
  121. package/src/wirings/channel/local/local-eventhub-service.test.ts +0 -95
  122. package/src/wirings/channel/local/local-eventhub-service.ts +0 -101
  123. package/src/wirings/channel/log-channels.ts +0 -20
  124. package/src/wirings/channel/pikku-abstract-channel-handler.test.ts +0 -54
  125. package/src/wirings/channel/pikku-abstract-channel-handler.ts +0 -45
  126. package/src/wirings/channel/serverless/index.ts +0 -5
  127. package/src/wirings/channel/serverless/serverless-channel-runner.ts +0 -289
  128. package/src/wirings/cli/channel/cli-channel-runner.ts +0 -136
  129. package/src/wirings/cli/channel/index.ts +0 -1
  130. package/src/wirings/cli/cli-runner.test.ts +0 -403
  131. package/src/wirings/cli/cli-runner.ts +0 -529
  132. package/src/wirings/cli/cli.types.ts +0 -358
  133. package/src/wirings/cli/command-parser.test.ts +0 -445
  134. package/src/wirings/cli/command-parser.ts +0 -504
  135. package/src/wirings/cli/define-cli-commands.ts +0 -24
  136. package/src/wirings/cli/index.ts +0 -19
  137. package/src/wirings/gateway/gateway-runner.test.ts +0 -474
  138. package/src/wirings/gateway/gateway-runner.ts +0 -411
  139. package/src/wirings/gateway/gateway.types.ts +0 -149
  140. package/src/wirings/gateway/index.ts +0 -13
  141. package/src/wirings/http/http-routes.test.ts +0 -322
  142. package/src/wirings/http/http-routes.ts +0 -197
  143. package/src/wirings/http/http-runner.test.ts +0 -144
  144. package/src/wirings/http/http-runner.ts +0 -588
  145. package/src/wirings/http/http.types.ts +0 -369
  146. package/src/wirings/http/index.ts +0 -28
  147. package/src/wirings/http/log-http-routes.ts +0 -22
  148. package/src/wirings/http/pikku-fetch-http-request.test.ts +0 -237
  149. package/src/wirings/http/pikku-fetch-http-request.ts +0 -170
  150. package/src/wirings/http/pikku-fetch-http-response.test.ts +0 -82
  151. package/src/wirings/http/pikku-fetch-http-response.ts +0 -147
  152. package/src/wirings/http/routers/http-router.ts +0 -13
  153. package/src/wirings/http/routers/path-to-regex.test.ts +0 -319
  154. package/src/wirings/http/routers/path-to-regex.ts +0 -126
  155. package/src/wirings/http/web-request.test.ts +0 -236
  156. package/src/wirings/http/web-request.ts +0 -104
  157. package/src/wirings/mcp/index.ts +0 -27
  158. package/src/wirings/mcp/mcp-endpoint-registry.test.ts +0 -389
  159. package/src/wirings/mcp/mcp-endpoint-registry.ts +0 -159
  160. package/src/wirings/mcp/mcp-runner.ts +0 -323
  161. package/src/wirings/mcp/mcp.types.ts +0 -216
  162. package/src/wirings/node/index.ts +0 -2
  163. package/src/wirings/node/node.types.ts +0 -23
  164. package/src/wirings/oauth2/index.ts +0 -3
  165. package/src/wirings/oauth2/oauth2-client.test.ts +0 -929
  166. package/src/wirings/oauth2/oauth2-client.ts +0 -335
  167. package/src/wirings/oauth2/oauth2.types.ts +0 -69
  168. package/src/wirings/oauth2/wire-oauth2-credential.ts +0 -23
  169. package/src/wirings/queue/index.ts +0 -31
  170. package/src/wirings/queue/queue-runner.test.ts +0 -710
  171. package/src/wirings/queue/queue-runner.ts +0 -192
  172. package/src/wirings/queue/queue.types.ts +0 -189
  173. package/src/wirings/queue/register-queue-helper.ts +0 -60
  174. package/src/wirings/queue/validate-worker-config.test.ts +0 -108
  175. package/src/wirings/queue/validate-worker-config.ts +0 -116
  176. package/src/wirings/rpc/index.ts +0 -4
  177. package/src/wirings/rpc/rpc-runner.ts +0 -460
  178. package/src/wirings/rpc/rpc-types.ts +0 -56
  179. package/src/wirings/rpc/wire-addon.ts +0 -21
  180. package/src/wirings/scheduler/index.ts +0 -11
  181. package/src/wirings/scheduler/log-schedulers.ts +0 -20
  182. package/src/wirings/scheduler/scheduler-runner.test.ts +0 -660
  183. package/src/wirings/scheduler/scheduler-runner.ts +0 -133
  184. package/src/wirings/scheduler/scheduler.types.ts +0 -53
  185. package/src/wirings/secret/index.ts +0 -9
  186. package/src/wirings/secret/secret.types.ts +0 -32
  187. package/src/wirings/secret/validate-secret-definitions.test.ts +0 -140
  188. package/src/wirings/secret/validate-secret-definitions.ts +0 -82
  189. package/src/wirings/trigger/index.ts +0 -10
  190. package/src/wirings/trigger/pikku-trigger-service.ts +0 -112
  191. package/src/wirings/trigger/trigger-runner.test.ts +0 -79
  192. package/src/wirings/trigger/trigger-runner.ts +0 -135
  193. package/src/wirings/trigger/trigger.types.ts +0 -178
  194. package/src/wirings/variable/index.ts +0 -8
  195. package/src/wirings/variable/validate-variable-definitions.test.ts +0 -91
  196. package/src/wirings/variable/validate-variable-definitions.ts +0 -69
  197. package/src/wirings/variable/variable.types.ts +0 -22
  198. package/src/wirings/workflow/dsl/index.ts +0 -31
  199. package/src/wirings/workflow/dsl/workflow-dsl.types.ts +0 -320
  200. package/src/wirings/workflow/dsl/workflow-runner.ts +0 -28
  201. package/src/wirings/workflow/graph/graph-node.ts +0 -222
  202. package/src/wirings/workflow/graph/graph-runner.test.ts +0 -487
  203. package/src/wirings/workflow/graph/graph-runner.ts +0 -816
  204. package/src/wirings/workflow/graph/graph-validation.test.ts +0 -170
  205. package/src/wirings/workflow/graph/graph-validation.ts +0 -237
  206. package/src/wirings/workflow/graph/index.ts +0 -19
  207. package/src/wirings/workflow/graph/template.test.ts +0 -49
  208. package/src/wirings/workflow/graph/template.ts +0 -42
  209. package/src/wirings/workflow/graph/wire-workflow-graph.ts +0 -29
  210. package/src/wirings/workflow/graph/workflow-graph.types.ts +0 -104
  211. package/src/wirings/workflow/index.ts +0 -82
  212. package/src/wirings/workflow/pikku-workflow-service.test.ts +0 -200
  213. package/src/wirings/workflow/pikku-workflow-service.ts +0 -1176
  214. package/src/wirings/workflow/workflow-helpers.test.ts +0 -129
  215. package/src/wirings/workflow/workflow-helpers.ts +0 -79
  216. package/src/wirings/workflow/workflow.types.ts +0 -274
  217. package/tsconfig.json +0 -14
  218. package/tsconfig.tsbuildinfo +0 -1
@@ -1,424 +0,0 @@
1
- import { describe, test, beforeEach } from 'node:test'
2
- import assert from 'node:assert'
3
- import { cors } from './cors.js'
4
- import { resetPikkuState } from '../pikku-state.js'
5
-
6
- beforeEach(() => {
7
- resetPikkuState()
8
- })
9
-
10
- const createMockRequest = (method = 'get', origin?: string) => ({
11
- method: () => method,
12
- header: (name: string) => {
13
- if (name === 'origin') return origin
14
- return undefined
15
- },
16
- })
17
-
18
- const createMockResponse = () => {
19
- const headers: Record<string, string> = {}
20
- let statusCode: number | undefined
21
- let jsonBody: any
22
- return {
23
- header: (name: string, value: string) => {
24
- headers[name] = value
25
- },
26
- status: (code: number) => {
27
- statusCode = code
28
- return {
29
- json: (body: any) => {
30
- jsonBody = body
31
- },
32
- }
33
- },
34
- json: (body: any) => {
35
- jsonBody = body
36
- },
37
- _headers: headers,
38
- _getStatus: () => statusCode,
39
- _getJson: () => jsonBody,
40
- }
41
- }
42
-
43
- describe('cors', () => {
44
- describe('configuration validation', () => {
45
- test('should throw when wildcard origin used with credentials', () => {
46
- assert.throws(() => cors({ origin: '*', credentials: true }), {
47
- message:
48
- 'CORS misconfiguration: wildcard origin (*) cannot be used with credentials: true',
49
- })
50
- })
51
-
52
- test('should not throw with wildcard origin and no credentials', () => {
53
- const middleware = cors({ origin: '*' })
54
- assert.ok(middleware)
55
- })
56
-
57
- test('should not throw with specific origin and credentials', () => {
58
- const middleware = cors({
59
- origin: 'https://example.com',
60
- credentials: true,
61
- })
62
- assert.ok(middleware)
63
- })
64
-
65
- test('should not throw with default options', () => {
66
- const middleware = cors()
67
- assert.ok(middleware)
68
- })
69
- })
70
-
71
- describe('wildcard origin', () => {
72
- test('should set Access-Control-Allow-Origin to * by default', async () => {
73
- const middleware = cors()
74
- const request = createMockRequest()
75
- const response = createMockResponse()
76
- let nextCalled = false
77
-
78
- await middleware(
79
- {} as any,
80
- { http: { request, response } } as any,
81
- async () => {
82
- nextCalled = true
83
- }
84
- )
85
-
86
- assert.strictEqual(response._headers['Access-Control-Allow-Origin'], '*')
87
- assert.strictEqual(nextCalled, true)
88
- })
89
- })
90
-
91
- describe('single origin', () => {
92
- test('should set Access-Control-Allow-Origin to specified origin', async () => {
93
- const middleware = cors({ origin: 'https://example.com' })
94
- const request = createMockRequest()
95
- const response = createMockResponse()
96
-
97
- await middleware(
98
- {} as any,
99
- { http: { request, response } } as any,
100
- async () => {}
101
- )
102
-
103
- assert.strictEqual(
104
- response._headers['Access-Control-Allow-Origin'],
105
- 'https://example.com'
106
- )
107
- })
108
- })
109
-
110
- describe('array of origins', () => {
111
- test('should use request origin when it matches array', async () => {
112
- const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
113
- const request = createMockRequest('get', 'https://b.com')
114
- const response = createMockResponse()
115
-
116
- await middleware(
117
- {} as any,
118
- { http: { request, response } } as any,
119
- async () => {}
120
- )
121
-
122
- assert.strictEqual(
123
- response._headers['Access-Control-Allow-Origin'],
124
- 'https://b.com'
125
- )
126
- })
127
-
128
- test('should use first origin when request origin not in array', async () => {
129
- const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
130
- const request = createMockRequest('get', 'https://unknown.com')
131
- const response = createMockResponse()
132
-
133
- await middleware(
134
- {} as any,
135
- { http: { request, response } } as any,
136
- async () => {}
137
- )
138
-
139
- assert.strictEqual(
140
- response._headers['Access-Control-Allow-Origin'],
141
- 'https://a.com'
142
- )
143
- })
144
-
145
- test('should use first origin when no request origin header', async () => {
146
- const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
147
- const request = createMockRequest('get')
148
- const response = createMockResponse()
149
-
150
- await middleware(
151
- {} as any,
152
- { http: { request, response } } as any,
153
- async () => {}
154
- )
155
-
156
- assert.strictEqual(
157
- response._headers['Access-Control-Allow-Origin'],
158
- 'https://a.com'
159
- )
160
- })
161
-
162
- test('should set Vary: Origin header when origin is array', async () => {
163
- const middleware = cors({ origin: ['https://a.com', 'https://b.com'] })
164
- const request = createMockRequest()
165
- const response = createMockResponse()
166
-
167
- await middleware(
168
- {} as any,
169
- { http: { request, response } } as any,
170
- async () => {}
171
- )
172
-
173
- assert.strictEqual(response._headers['Vary'], 'Origin')
174
- })
175
- })
176
-
177
- describe('headers', () => {
178
- test('should set default allowed methods', async () => {
179
- const middleware = cors()
180
- const request = createMockRequest()
181
- const response = createMockResponse()
182
-
183
- await middleware(
184
- {} as any,
185
- { http: { request, response } } as any,
186
- async () => {}
187
- )
188
-
189
- assert.strictEqual(
190
- response._headers['Access-Control-Allow-Methods'],
191
- 'GET, POST, PUT, PATCH, DELETE, OPTIONS'
192
- )
193
- })
194
-
195
- test('should set default allowed headers', async () => {
196
- const middleware = cors()
197
- const request = createMockRequest()
198
- const response = createMockResponse()
199
-
200
- await middleware(
201
- {} as any,
202
- { http: { request, response } } as any,
203
- async () => {}
204
- )
205
-
206
- assert.strictEqual(
207
- response._headers['Access-Control-Allow-Headers'],
208
- 'Content-Type, Authorization, x-api-key'
209
- )
210
- })
211
-
212
- test('should set custom methods', async () => {
213
- const middleware = cors({ methods: ['GET', 'POST'] })
214
- const request = createMockRequest()
215
- const response = createMockResponse()
216
-
217
- await middleware(
218
- {} as any,
219
- { http: { request, response } } as any,
220
- async () => {}
221
- )
222
-
223
- assert.strictEqual(
224
- response._headers['Access-Control-Allow-Methods'],
225
- 'GET, POST'
226
- )
227
- })
228
-
229
- test('should set custom headers', async () => {
230
- const middleware = cors({ headers: ['X-Custom'] })
231
- const request = createMockRequest()
232
- const response = createMockResponse()
233
-
234
- await middleware(
235
- {} as any,
236
- { http: { request, response } } as any,
237
- async () => {}
238
- )
239
-
240
- assert.strictEqual(
241
- response._headers['Access-Control-Allow-Headers'],
242
- 'X-Custom'
243
- )
244
- })
245
-
246
- test('should not set Vary when origin is string', async () => {
247
- const middleware = cors({ origin: 'https://example.com' })
248
- const request = createMockRequest()
249
- const response = createMockResponse()
250
-
251
- await middleware(
252
- {} as any,
253
- { http: { request, response } } as any,
254
- async () => {}
255
- )
256
-
257
- assert.strictEqual(response._headers['Vary'], undefined)
258
- })
259
- })
260
-
261
- describe('credentials', () => {
262
- test('should set Access-Control-Allow-Credentials when enabled', async () => {
263
- const middleware = cors({
264
- origin: 'https://example.com',
265
- credentials: true,
266
- })
267
- const request = createMockRequest()
268
- const response = createMockResponse()
269
-
270
- await middleware(
271
- {} as any,
272
- { http: { request, response } } as any,
273
- async () => {}
274
- )
275
-
276
- assert.strictEqual(
277
- response._headers['Access-Control-Allow-Credentials'],
278
- 'true'
279
- )
280
- })
281
-
282
- test('should not set credentials header when disabled', async () => {
283
- const middleware = cors({ credentials: false })
284
- const request = createMockRequest()
285
- const response = createMockResponse()
286
-
287
- await middleware(
288
- {} as any,
289
- { http: { request, response } } as any,
290
- async () => {}
291
- )
292
-
293
- assert.strictEqual(
294
- response._headers['Access-Control-Allow-Credentials'],
295
- undefined
296
- )
297
- })
298
- })
299
-
300
- describe('OPTIONS preflight', () => {
301
- test('should return 204 for OPTIONS requests', async () => {
302
- const middleware = cors()
303
- const request = createMockRequest('options')
304
- const response = createMockResponse()
305
- let nextCalled = false
306
-
307
- await middleware(
308
- {} as any,
309
- { http: { request, response } } as any,
310
- async () => {
311
- nextCalled = true
312
- }
313
- )
314
-
315
- assert.strictEqual(response._getStatus(), 204)
316
- assert.strictEqual(nextCalled, false)
317
- })
318
-
319
- test('should set Access-Control-Max-Age for OPTIONS', async () => {
320
- const middleware = cors({ maxAge: 3600 })
321
- const request = createMockRequest('options')
322
- const response = createMockResponse()
323
-
324
- await middleware(
325
- {} as any,
326
- { http: { request, response } } as any,
327
- async () => {}
328
- )
329
-
330
- assert.strictEqual(response._headers['Access-Control-Max-Age'], '3600')
331
- })
332
-
333
- test('should use default maxAge of 86400', async () => {
334
- const middleware = cors()
335
- const request = createMockRequest('options')
336
- const response = createMockResponse()
337
-
338
- await middleware(
339
- {} as any,
340
- { http: { request, response } } as any,
341
- async () => {}
342
- )
343
-
344
- assert.strictEqual(response._headers['Access-Control-Max-Age'], '86400')
345
- })
346
-
347
- test('should call next for non-OPTIONS requests', async () => {
348
- const middleware = cors()
349
- const request = createMockRequest('get')
350
- const response = createMockResponse()
351
- let nextCalled = false
352
-
353
- await middleware(
354
- {} as any,
355
- { http: { request, response } } as any,
356
- async () => {
357
- nextCalled = true
358
- }
359
- )
360
-
361
- assert.strictEqual(nextCalled, true)
362
- })
363
-
364
- test('should call next for POST requests', async () => {
365
- const middleware = cors()
366
- const request = createMockRequest('post')
367
- const response = createMockResponse()
368
- let nextCalled = false
369
-
370
- await middleware(
371
- {} as any,
372
- { http: { request, response } } as any,
373
- async () => {
374
- nextCalled = true
375
- }
376
- )
377
-
378
- assert.strictEqual(nextCalled, true)
379
- })
380
- })
381
-
382
- describe('missing http', () => {
383
- test('should call next when no request', async () => {
384
- const middleware = cors()
385
- let nextCalled = false
386
-
387
- await middleware(
388
- {} as any,
389
- { http: { response: createMockResponse() } } as any,
390
- async () => {
391
- nextCalled = true
392
- }
393
- )
394
-
395
- assert.strictEqual(nextCalled, true)
396
- })
397
-
398
- test('should call next when no response', async () => {
399
- const middleware = cors()
400
- let nextCalled = false
401
-
402
- await middleware(
403
- {} as any,
404
- { http: { request: createMockRequest() } } as any,
405
- async () => {
406
- nextCalled = true
407
- }
408
- )
409
-
410
- assert.strictEqual(nextCalled, true)
411
- })
412
-
413
- test('should call next when no http', async () => {
414
- const middleware = cors()
415
- let nextCalled = false
416
-
417
- await middleware({} as any, {} as any, async () => {
418
- nextCalled = true
419
- })
420
-
421
- assert.strictEqual(nextCalled, true)
422
- })
423
- })
424
- })
@@ -1,104 +0,0 @@
1
- import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
2
-
3
- /**
4
- * CORS middleware that handles cross-origin requests including OPTIONS preflight.
5
- *
6
- * Sets appropriate CORS headers on all responses and short-circuits OPTIONS
7
- * preflight requests with a 204 No Content response.
8
- *
9
- * @param options.origin - Allowed origin(s). Use `'*'` for any origin, `true` to reflect the request origin, a string for a single origin, or an array for multiple origins. Defaults to `'*'`.
10
- * @param options.methods - Allowed HTTP methods. Defaults to common methods.
11
- * @param options.headers - Allowed request headers. Defaults to common headers.
12
- * @param options.credentials - Whether to allow credentials. Defaults to `false`.
13
- * @param options.maxAge - Preflight cache duration in seconds. Defaults to `86400` (24 hours).
14
- *
15
- * @example
16
- * ```typescript
17
- * import { cors } from '@pikku/core/middleware'
18
- *
19
- * // Allow all origins
20
- * addHTTPMiddleware('*', [cors()])
21
- *
22
- * // Specific origin with credentials
23
- * addHTTPMiddleware('*', [
24
- * cors({
25
- * origin: 'https://app.example.com',
26
- * credentials: true,
27
- * })
28
- * ])
29
- *
30
- * // Multiple origins
31
- * addHTTPMiddleware('*', [
32
- * cors({
33
- * origin: ['https://app.example.com', 'https://admin.example.com'],
34
- * })
35
- * ])
36
- * ```
37
- */
38
- export const cors = pikkuMiddlewareFactory<{
39
- origin?: string | string[] | true
40
- methods?: string[]
41
- headers?: string[]
42
- credentials?: boolean
43
- maxAge?: number
44
- }>(
45
- ({
46
- origin = '*',
47
- methods = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
48
- headers = ['Content-Type', 'Authorization', 'x-api-key'],
49
- credentials = false,
50
- maxAge = 86400,
51
- } = {}) => {
52
- if (origin === '*' && credentials) {
53
- throw new Error(
54
- 'CORS misconfiguration: wildcard origin (*) cannot be used with credentials: true'
55
- )
56
- }
57
- return pikkuMiddleware({
58
- name: 'CORS',
59
- description: 'Handles cross-origin requests including OPTIONS preflight',
60
- func: async (_services, wires, next) => {
61
- const request = wires.http?.request
62
- const response = wires.http?.response
63
-
64
- if (!request || !response) {
65
- return next()
66
- }
67
-
68
- const requestOrigin = request.header('origin')
69
-
70
- let allowedOrigin: string
71
- if (origin === true) {
72
- allowedOrigin = requestOrigin || '*'
73
- } else if (Array.isArray(origin)) {
74
- allowedOrigin =
75
- requestOrigin && origin.includes(requestOrigin)
76
- ? requestOrigin
77
- : origin[0]
78
- } else {
79
- allowedOrigin = origin
80
- }
81
-
82
- response.header('Access-Control-Allow-Origin', allowedOrigin)
83
- response.header('Access-Control-Allow-Methods', methods.join(', '))
84
- response.header('Access-Control-Allow-Headers', headers.join(', '))
85
-
86
- if (credentials) {
87
- response.header('Access-Control-Allow-Credentials', 'true')
88
- }
89
-
90
- if (origin === true || Array.isArray(origin)) {
91
- response.header('Vary', 'Origin')
92
- }
93
-
94
- if (request.method() === 'options') {
95
- response.header('Access-Control-Max-Age', String(maxAge))
96
- response.status(204).json(undefined as any)
97
- return
98
- }
99
-
100
- return next()
101
- },
102
- })
103
- }
104
- )
@@ -1,5 +0,0 @@
1
- export { authAPIKey } from './auth-apikey.js'
2
- export { authCookie } from './auth-cookie.js'
3
- export { authBearer } from './auth-bearer.js'
4
- export { pikkuRemoteAuthMiddleware } from './remote-auth.js'
5
- export { cors } from './cors.js'