@redocly/reef 0.132.0-next.0 → 0.132.0-next.2

package/dist/server/web-server/routes/catalog/bff-catalog.js

@@ -1 +1 @@
-import{telemetryTraceStep as d}from"../../../telemetry/helpers/trace-step.js";import{CATALOG_ENTITY_KEY as g}from"../../../../constants/common.js";import{ALLOWED_CATALOG_QUERY_PARAMS as p}from"../../../constants/plugins/catalog-entities.js";import{allowlistObject as E}from"../../../../utils/object/allowlist-object.js";import{CatalogEntitiesService as b}from"../../../plugins/catalog-entities/database/catalog-entities-service.js";import{createPaginationParamsValidator as v}from"../../../providers/database/pagination/schemas.js";import{isValidIsoDate as A}from"../../../utils/is-valid-iso-date.js";import{isValidSanitizedString as q}from"../../../utils/validate-and-sanitize-string.js";import{getRbacRestrictionsDataForCatalog as l}from"../helpers/get-rbac-restrictions-data-for-catalog.js";const h=["type","key","title","summary","tags","metadata","metadata.*","git","contact","links","id","source","sourceFile","version","revision","createdAt","updatedAt","domains","owners"],w=async({catalogEntitiesService:r,ctx:e,store:n})=>d("catalog_entities.bff.get_entities",async t=>{const i=e.req.query();t?.setAttribute("queryParams",JSON.stringify(E(i,p)));const a=v(h).parse(i),{currentRbacTeamsForRead:s,excludedTypes:o,excludedEntities:u}=l({store:n,ctx:e}),m=await r.getEntitiesWithRelations({paginationParams:a,rbacTeams:s,excludedTypes:o,excludedEntities:u});return t?.setAttribute("entitiesCount",m.items.length),e.json(m)}),R=async({catalogEntitiesService:r,ctx:e,store:n})=>d("catalog_entities.bff.get_entity",async t=>{const i=e.req.param(g);if(!i)return t?.error(new Error("Entity key is required")),e.json({message:"Entity key is required"},400);const a=e.req.query("revision");let s=null;if(a){if(!A(a))return t?.error(new Error("Invalid revision parameter")),e.json({message:"Invalid revision parameter: must be a valid ISO 8601 date-time string"},400);s=a}const o=e.req.query("version");if(!q(o,{pattern:/^[a-zA-Z0-9._-]+$/,maxLength:100,allowEmpty:!0}))return t?.error(new Error("Invalid version parameter")),e.json({message:"Invalid version parameter: version must contain only alphanumeric characters, dots, hyphens, and underscores, and must not exceed 100 characters"},400);const u=e.req.query();t?.setAttribute("queryParams",JSON.stringify(u)),t?.setAttribute("pathParams",JSON.stringify({entityKey:i}));const{currentRbacTeamsForRead:m,excludedTypes:c,excludedEntities:f}=l({store:n,ctx:e}),y=await r.getEntityWithRelationsByKey({entityKey:i,filter:{revision:s,version:o},rbacTeams:m,excludedTypes:c,excludedEntities:f});return y?(t?.setAttribute("entity",JSON.stringify(y)),e.json(y)):(t?.error(new Error("Entity not found")),e.json({message:"Entity not found"},404))});function F(r){return async e=>d("catalog_entities.bff",async n=>{n?.setAttribute("method",e.req.method);const t=await b.getInstance({baseDbDir:r.serverOutDir});return e.req.param("entityKey")?R({catalogEntitiesService:t,ctx:e,store:r}):w({catalogEntitiesService:t,ctx:e,store:r})})}export{F as bffCatalogHandler};
+import{telemetryTraceStep as d}from"../../../telemetry/helpers/trace-step.js";import{CATALOG_ENTITY_KEY as g}from"../../../../constants/common.js";import{ALLOWED_CATALOG_QUERY_PARAMS as p}from"../../../constants/plugins/catalog-entities.js";import{allowlistObject as E}from"../../../../utils/object/allowlist-object.js";import{CatalogEntitiesService as b}from"../../../plugins/catalog-entities/database/catalog-entities-service.js";import{createPaginationParamsValidator as v}from"../../../providers/database/pagination/schemas.js";import{isValidIsoDate as q}from"../../../utils/is-valid-iso-date.js";import{isValidSanitizedString as A}from"../../../utils/validate-and-sanitize-string.js";import{getRbacRestrictionsDataForCatalog as l}from"../helpers/get-rbac-restrictions-data-for-catalog.js";const _=["type","key","title","summary","tags","metadata","metadata.*","git","contact","links","id","source","source_file","version","revision","created_at","updated_at","domains","owners"],h=async({catalogEntitiesService:r,ctx:e,store:n})=>d("catalog_entities.bff.get_entities",async t=>{const i=e.req.query();t?.setAttribute("queryParams",JSON.stringify(E(i,p)));const a=v(_).parse(i),{currentRbacTeamsForRead:s,excludedTypes:o,excludedEntities:u}=l({store:n,ctx:e}),m=await r.getEntitiesWithRelations({paginationParams:a,rbacTeams:s,excludedTypes:o,excludedEntities:u});return t?.setAttribute("entitiesCount",m.items.length),e.json(m)}),w=async({catalogEntitiesService:r,ctx:e,store:n})=>d("catalog_entities.bff.get_entity",async t=>{const i=e.req.param(g);if(!i)return t?.error(new Error("Entity key is required")),e.json({message:"Entity key is required"},400);const a=e.req.query("revision");let s=null;if(a){if(!q(a))return t?.error(new Error("Invalid revision parameter")),e.json({message:"Invalid revision parameter: must be a valid ISO 8601 date-time string"},400);s=a}const o=e.req.query("version");if(!A(o,{pattern:/^[a-zA-Z0-9._-]+$/,maxLength:100,allowEmpty:!0}))return t?.error(new Error("Invalid version parameter")),e.json({message:"Invalid version parameter: version must contain only alphanumeric characters, dots, hyphens, and underscores, and must not exceed 100 characters"},400);const u=e.req.query();t?.setAttribute("queryParams",JSON.stringify(u)),t?.setAttribute("pathParams",JSON.stringify({entityKey:i}));const{currentRbacTeamsForRead:m,excludedTypes:c,excludedEntities:f}=l({store:n,ctx:e}),y=await r.getEntityWithRelationsByKey({entityKey:i,filter:{revision:s,version:o},rbacTeams:m,excludedTypes:c,excludedEntities:f});return y?(t?.setAttribute("entity",JSON.stringify(y)),e.json(y)):(t?.error(new Error("Entity not found")),e.json({message:"Entity not found"},404))});function L(r){return async e=>d("catalog_entities.bff",async n=>{n?.setAttribute("method",e.req.method);const t=await b.getInstance({baseDbDir:r.serverOutDir});return e.req.param("entityKey")?w({catalogEntitiesService:t,ctx:e,store:r}):h({catalogEntitiesService:t,ctx:e,store:r})})}export{L as bffCatalogHandler};

package/dist/server/web-server/routes/catalog/helpers/has-access-to-entity.js

@@ -1 +1 @@
-import{getNotAccessibleCatalogResources as a}from"../../../../plugins/catalog-entities/utils/get-not-accessible-catalog-resources.js";import{getCurrentRbacTeams as f}from"../../helpers/get-current-rbac-teams.js";function g({ctx:e,store:t,accessLevel:s,entityType:c,entityKey:r}){const n=t.getConfig().rbac||{},o=f(e),{types:i,entities:u}=a({rbacConfig:n,currentRbacTeams:o,accessLevel:s});return!(i.includes(c)||u.includes(r))}export{g as hasAccessToEntity};
+import{getNotAccessibleCatalogResources as u}from"../../../../plugins/catalog-entities/utils/get-not-accessible-catalog-resources.js";import{getCurrentRbacTeams as f}from"../../helpers/get-current-rbac-teams.js";function g({ctx:e,store:t,accessLevel:s,entityType:c,entityKey:r}){const n=t.getConfig().access?.rbac||{},o=f(e),{types:i,entities:a}=u({rbacConfig:n,currentRbacTeams:o,accessLevel:s});return!(i.includes(c)||a.includes(r))}export{g as hasAccessToEntity};

package/dist/server/web-server/routes/dynamic-route.js

@@ -1 +1 @@
-import u from"path";import{REDOCLY_ROUTE_RBAC as L,REDOCLY_TEAMS_RBAC as P}from"@redocly/config";import{withoutPathPrefix as O,withPathPrefix as v}from"@redocly/theme/core/utils";import{CACHE_CONTROL_NO_CACHE_HEADER_VALUE as _,DEFAULT_IMMUTABLE_CACHE_MAX_AGE as F}from"../../constants/common.js";import{removeTrailingSlash as H}from"../../../utils/url/remove-trailing-slash.js";import{findInIterable as z}from"../../../utils/collection/find-in-iterable.js";import{sanitizeRedirectPathname as B}from"../../../utils/url/sanitize-redirect-pathname.js";import{envConfig as G}from"../../config/env-config.js";import{sanitizePath as Y}from"../../../utils/path/sanitize-path.js";import{normalizeRouteSlug as $}from"../../../utils/path/normalize-route-slug.js";import{isPathInFolder as k}from"../../../utils/path/is-path-in-folder.js";import{getMdAssetPathname as N}from"./helpers/get-md-asset-pathname.js";import{processRedirects as W}from"./helpers/process-redirects.js";import{renderPage as X,getServerProps as j}from"../../ssr/index.js";import{canAccessAsset as V,canAccessResource as y}from"../../utils/rbac.js";import{handleErrorPageRender as I,handleUnauthorized as U,handleUnauthorizedAsset as T}from"../utils.js";import{DEFAULT_MAX_AGE_FOR_MIME_TYPE as Z,MIME_TYPES as J}from"../mime-types.js";import{fileExistsAsync as K}from"../../utils/index.js";import{isAiAgentRequest as Q}from"../../utils/ai-agent-detection.js";import{getRedirectRoute as x}from"../utils/legacy-openapi-redirects.js";import{telemetry as ee}from"../../../cli/telemetry/index.js";import{telemetry as te}from"../../telemetry/index.js";function Ie(e,S,b){return async n=>{const R=n.get("logger"),i=n.req,a=new URL(i.url),r=O(Y(decodeURIComponent(a.pathname))),d=u.parse(r).ext===".md",g=Q({accept:i.header("accept"),signatureAgent:i.header("signature-agent"),signature:i.header("signature"),signatureInput:i.header("signature-input"),userAgent:i.header("user-agent")}),c=$(r),o=(i.method==="GET"||i.method==="HEAD")&&!d&&!g?e.getRouteBySlug(c,{followRedirect:!1})||z(e.routesBySlug?.values(),t=>t.hasClientRoutes&&(r===t.slug||r.startsWith(t.slug+"/"))):void 0,C=e.getRedirect(c);if(C){const t=W({redirect:C,reqUrlSearch:a.search});return te.sendRedirectMessage([{object:"redirect",from:c,templateId:t.type.toString()}]),n.newResponse(null,t.type,{Location:t.location})}const f=G.isProductionEnv?301:302;if(o?.metadata?.type==="openapi"){const t=x(a.pathname);if(t)return R.info("Legacy OpenAPI docs redirect from "+a.pathname),n.newResponse(null,f,{Location:encodeURI(t)});if(a.pathname.match(/[A-Z]/))return R.warn("Redirect to lowercase route to avoid 404 error"),n.newResponse(null,f,{Location:encodeURI(a.pathname.toLowerCase())})}if(r.endsWith("/")&&r!=="/"){const t=B(new URL(c||"/",n.req.url).pathname);return n.newResponse(null,f,{Location:encodeURI(v((t==="/"?"/":H(t))+a.search))})}const{isAuthenticated:l,teams:p,claims:{email:h}}=n.get("auth");if(o){if(!y(o,{isAuthenticated:l,email:h,teams:p},e.config.rbac,e.config.requiresLogin))return l?I(n,e,{slug:o.slug,[P]:o[P],[L]:o[L]},403):U(n,e,o.slug);const t=await S(o),m=await j(o,n,t,e),{html:q,statusCode:D}=await X(o,m,n,e,ee);return n.html(q,D,{"Cache-Control":_})}const E=N(r,g,d),s=u.resolve(e.outdir,"."+E);if(!k(s,e.outdir))return T(n);if(d||g){const t=r==="index.html.md"?"/":r.replace(/\.md$/,""),m=e.getRouteBySlug(t,{followRedirect:!1});if(m&&!y(m,{isAuthenticated:l,email:h,teams:p},e.config.rbac,e.config.requiresLogin))return U(n,e,r)}if(!V(E,e.getGlobalConfig("rbac"),e.getGlobalConfig("requiresLogin"),e.getGlobalConfig("directoryPaths"),{isAuthenticated:l,email:h,teams:p}))return T(n);const w=J[u.extname(s)]||"text/plain",A=s.match(/assets\/.*\.[a-f0-9]{8,}\..+/)||s.match(/runtime\/chunks\/.*/)?F:Z[w],M=A?{"Cache-Control":`public, max-age=${A}, immutable`,Expires:new Date(Date.now()+A*1e3).toUTCString()}:{"Cache-Control":_};if(await K(s)){const t=i.query("download")!=null,m=await b(s);return n.newResponse(m,200,{"Content-Type":w,"Access-Control-Allow-Origin":"*",...M,...t&&{"Content-Disposition":`attachment; filename="${u.basename(s)}"`}})}else return I(n,e,{slug:c},404)}}export{Ie as dynamicRouteHandler};
+import l from"path";import{REDOCLY_ROUTE_RBAC as y,REDOCLY_TEAMS_RBAC as I}from"@redocly/config";import{withoutPathPrefix as G,withPathPrefix as Y}from"@redocly/theme/core/utils";import{CACHE_CONTROL_NO_CACHE_HEADER_VALUE as S,DEFAULT_IMMUTABLE_CACHE_MAX_AGE as $}from"../../constants/common.js";import{removeTrailingSlash as k}from"../../../utils/url/remove-trailing-slash.js";import{findInIterable as N}from"../../../utils/collection/find-in-iterable.js";import{sanitizeRedirectPathname as W}from"../../../utils/url/sanitize-redirect-pathname.js";import{envConfig as X}from"../../config/env-config.js";import{sanitizePath as j}from"../../../utils/path/sanitize-path.js";import{normalizeRouteSlug as V}from"../../../utils/path/normalize-route-slug.js";import{isPathInFolder as Z}from"../../../utils/path/is-path-in-folder.js";import{getLlmsTxtMdPathBySlug as J}from"../../utils/llmstxt/get-llms-txt-md-path-by-slug.js";import{removeLeadingSlash as T}from"../../../utils/url/remove-leading-slash.js";import{processRedirects as K}from"./helpers/process-redirects.js";import{renderPage as Q,getServerProps as x}from"../../ssr/index.js";import{canAccessAsset as ee,canAccessResource as U}from"../../utils/rbac.js";import{handleErrorPageRender as M,handleUnauthorized as b,handleUnauthorizedAsset as q}from"../utils.js";import{DEFAULT_MAX_AGE_FOR_MIME_TYPE as te,MIME_TYPES as ne}from"../mime-types.js";import{fileExistsAsync as v}from"../../utils/index.js";import{isAiAgentRequest as oe}from"../../utils/ai-agent-detection.js";import{getRedirectRoute as re}from"../utils/legacy-openapi-redirects.js";import{telemetry as ae}from"../../../cli/telemetry/index.js";import{telemetry as ie}from"../../telemetry/index.js";function qe(e,D,O){return async n=>{const A=n.get("logger"),a=n.req,i=new URL(a.url),r=G(j(decodeURIComponent(i.pathname))),R=l.parse(r).ext===".md",C=oe({accept:a.header("accept"),signatureAgent:a.header("signature-agent"),signature:a.header("signature"),signatureInput:a.header("signature-input"),userAgent:a.header("user-agent")}),m=V(r),o=(a.method==="GET"||a.method==="HEAD")&&!R?e.getRouteBySlug(m,{followRedirect:!1})||N(e.routesBySlug?.values(),t=>t.hasClientRoutes&&(r===t.slug||r.startsWith(t.slug+"/"))):void 0,E=e.getRedirect(m);if(E){const t=K({redirect:E,reqUrlSearch:i.search});return ie.sendRedirectMessage([{object:"redirect",from:m,templateId:t.type.toString()}]),n.newResponse(null,t.type,{Location:t.location})}const f=X.isProductionEnv?301:302;if(o?.metadata?.type==="openapi"){const t=re(i.pathname);if(t)return A.info("Legacy OpenAPI docs redirect from "+i.pathname),n.newResponse(null,f,{Location:encodeURI(t)});if(i.pathname.match(/[A-Z]/))return A.warn("Redirect to lowercase route to avoid 404 error"),n.newResponse(null,f,{Location:encodeURI(i.pathname.toLowerCase())})}if(r.endsWith("/")&&r!=="/"){const t=W(new URL(m||"/",n.req.url).pathname);return n.newResponse(null,f,{Location:encodeURI(Y((t==="/"?"/":k(t))+i.search))})}const u=o&&C?J(o.slug):void 0,w=u?await v(l.resolve(e.outdir,T(u))):!1,{isAuthenticated:d,teams:g,claims:{email:p}}=n.get("auth");if(o&&!U(o,{isAuthenticated:d,email:p,teams:g},e.config.access?.rbac,e.config.access?.requiresLogin))return d?M(n,e,{slug:o.slug,[I]:o[I],[y]:o[y]},403):b(n,e,o.slug);if(o&&(!C||!w)){const t=await D(o),c=await x(o,n,t,e),{html:H,statusCode:z}=await Q(o,c,n,e,ae);return n.html(H,z,{"Cache-Control":S})}const L=u&&w?u:r,F=T(L),s=l.resolve(e.outdir,F);if(!Z(s,e.outdir))return q(n);if(R){const t=r==="index.html.md"?"/":r.replace(/\.md$/,""),c=e.getRouteBySlug(t,{followRedirect:!1});if(c&&!U(c,{isAuthenticated:d,email:p,teams:g},e.config.access?.rbac,e.config.access?.requiresLogin))return b(n,e,r)}const P=e.getGlobalConfig("access");if(!ee(L,P?.rbac||{},P?.requiresLogin||!1,e.getGlobalConfig("directoryPaths"),{isAuthenticated:d,email:p,teams:g}))return q(n);const _=ne[l.extname(s)]||"text/plain",h=s.match(/assets\/.*\.[a-f0-9]{8,}\..+/)||s.match(/runtime\/chunks\/.*/)?$:te[_],B=h?{"Cache-Control":`public, max-age=${h}, immutable`,Expires:new Date(Date.now()+h*1e3).toUTCString()}:{"Cache-Control":S};if(await v(s)){const t=a.query("download")!=null,c=await O(s);return n.newResponse(c,200,{"Content-Type":_,"Access-Control-Allow-Origin":"*",...B,...t&&{"Content-Disposition":`attachment; filename="${l.basename(s)}"`}})}else return M(n,e,{slug:m},404)}}export{qe as dynamicRouteHandler};

package/dist/server/web-server/routes/feedback.js

@@ -1 +1 @@
-import{FEEDBACK_API_URL as k}from"../../constants/common.js";import{MAX_CONTEXT_LENGTH as p,MAX_EMAIL_LENGTH as _,MAX_LANG_LENGTH as j,MAX_PATH_LENGTH as E,MAX_REASONS_COUNT as N}from"../../constants/feedback.js";import{mapObject as T}from"../../../utils/object/map-object.js";import{getClientIp as C}from"../utils/get-client-ip.js";import{canAccessResource as S}from"../../utils/rbac.js";function o(n,e){if(n!=null)return String(n).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g,"").trim().slice(0,e)||void 0}function F(n){if(!n)return n;const e=["userAgent","firstName","lastName","auth_time","platform","id","email","ipAddress"];return T(n,(r,a)=>e.includes(a)?r:"*****")}function L({component:n,path:e,location:r,lang:a,score:m,max:s,reasons:i,comment:t,metadata:f,email:u}){const l=Array.isArray(i)?i.map(c=>o(String(c),p)).filter(c=>!!c).slice(0,N):void 0;return{feedbackComponent:n.toUpperCase(),path:o(e,E),location:o(r,p),lang:o(a,j),score:typeof m=="number"?m:void 0,maxScore:typeof s=="number"?s:void 0,reasons:l?.length?l:void 0,comment:o(t,p),email:o(u,_),metadata:F(f)}}async function w(n,e){return(await fetch(k,{method:"POST",body:JSON.stringify(L(n)),headers:e})).json()}function G(n){return async e=>{const r=await e.req.json(),a=e.req.header("user-agent"),m=C(e.req.raw),s=e.req.header("Sec-Ch-Ua-Platform"),i={...r.metadata,userAgent:a,ipAddress:m,platform:s?s.replace(/"/g,""):"unknown"},t=[];(!r.path||r.path==="")&&t.push("`path` is required");const f=["sentiment","rating","comment","problem","mood","scale"];if(f.includes(r.component)||t.push(`\`component\` field should be one of ${f.join(", ")}.`),t.length)return e.json({errors:t},400);const{claims:u,isAuthenticated:l,teams:c}=e.get("auth"),b={isAuthenticated:l,email:u?.email,teams:c};if(Object.keys(n.config.rbac||{}).length>0){const d=r.path,y=new URL(d).pathname,g=n.getRouteBySlug(y);if(!g)return e.json({errors:["Resource not found"]},404);if(!S(g,b,n.config.rbac,n.config.requiresLogin))return e.json({errors:["Forbidden: no permission to send feedback for resource"]},403)}const A={"Content-Type":"application/json"},h=u?.email||r?.email||i?.email;try{const d=await w({...r,email:h,metadata:{email:h,...i}},A);return e.json({message:"Thanks for your feedback",...d},200,{})}catch(d){return e.json({errors:["Failed to send feedback",d.message]},500)}}}export{G as feedbackHandler,F as normalizeFeedbackMetadata};
+import{FEEDBACK_API_URL as _}from"../../constants/common.js";import{MAX_CONTEXT_LENGTH as g,MAX_EMAIL_LENGTH as C,MAX_LANG_LENGTH as j,MAX_PATH_LENGTH as E,MAX_REASONS_COUNT as N}from"../../constants/feedback.js";import{mapObject as T}from"../../../utils/object/map-object.js";import{getClientIp as q}from"../utils/get-client-ip.js";import{canAccessResource as w}from"../../utils/rbac.js";function a(e,n){if(e!=null)return String(e).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g,"").trim().slice(0,n)||void 0}function S(e){if(!e)return e;const n=["userAgent","firstName","lastName","auth_time","platform","id","email","ipAddress"];return T(e,(o,r)=>n.includes(r)?o:"*****")}function L({component:e,path:n,location:o,lang:r,score:u,max:s,reasons:i,comment:m,metadata:t,email:l}){const c=Array.isArray(i)?i.map(d=>a(String(d),g)).filter(d=>!!d).slice(0,N):void 0;return{feedbackComponent:e.toUpperCase(),path:a(n,E),location:a(o,g),lang:a(r,j),score:typeof u=="number"?u:void 0,maxScore:typeof s=="number"?s:void 0,reasons:c?.length?c:void 0,comment:a(m,g),email:a(l,C),metadata:S(t)}}async function R(e,n){return(await fetch(_,{method:"POST",body:JSON.stringify(L(e)),headers:n})).json()}function G(e){return async n=>{const o=n.get("logger"),r=await n.req.json(),u=n.req.header("user-agent"),s=q(n.req.raw),i=n.req.header("Sec-Ch-Ua-Platform"),m={...r.metadata,userAgent:u,ipAddress:s,platform:i?i.replace(/"/g,""):"unknown"};o.info("Feedback IP diagnostics",I(n,s??void 0));const t=[];(!r.path||r.path==="")&&t.push("`path` is required");const l=["sentiment","rating","comment","problem","mood","scale"];if(l.includes(r.component)||t.push(`\`component\` field should be one of ${l.join(", ")}.`),t.length)return n.json({errors:t},400);const{claims:c,isAuthenticated:d,teams:A}=n.get("auth"),k={isAuthenticated:d,email:c?.email,teams:A};if(Object.keys(e.config.access?.rbac||{}).length>0){const f=r.path,F=new URL(f).pathname,b=e.getRouteBySlug(F);if(!b)return n.json({errors:["Resource not found"]},404);if(!w(b,k,e.config.access?.rbac,e.config.access?.requiresLogin))return n.json({errors:["Forbidden: no permission to send feedback for resource"]},403)}const y={"Content-Type":"application/json"},h=c?.email||r?.email||m?.email;try{const f=await R({...r,email:h,metadata:{email:h,...m}},y);return n.json({message:"Thanks for your feedback",...f},200,{})}catch(f){return n.json({errors:["Failed to send feedback",f.message]},500)}}}function I(e,n){return{extractedIpAddress:n,xForwardedFor:p(e.req.header("x-forwarded-for")),xRealIp:p(e.req.header("x-real-ip")),trueClientIp:p(e.req.header("true-client-ip")),cfConnectingIp:p(e.req.header("cf-connecting-ip"))}}function p(e){if(e)return e.slice(0,256)}export{G as feedbackHandler,S as normalizeFeedbackMetadata};

package/dist/server/web-server/routes/helpers/get-rbac-restrictions-data-for-catalog.js

@@ -1 +1 @@
-import{getNotAccessibleCatalogResources as n}from"../../../plugins/catalog-entities/utils/get-not-accessible-catalog-resources.js";import{getCurrentRbacTeams as i}from"./get-current-rbac-teams.js";import{expandTeamsForRead as m}from"../../../utils/rbac.js";function b({store:o,ctx:r}){const e=o.getConfig().rbac||{},t=i(r),a=m(e,t),{types:c,entities:s}=n({rbacConfig:e,currentRbacTeams:t});return{currentRbacTeamsForRead:a,excludedTypes:c,excludedEntities:s}}export{b as getRbacRestrictionsDataForCatalog};
+import{getNotAccessibleCatalogResources as n}from"../../../plugins/catalog-entities/utils/get-not-accessible-catalog-resources.js";import{getCurrentRbacTeams as i}from"./get-current-rbac-teams.js";import{expandTeamsForRead as m}from"../../../utils/rbac.js";function b({store:o,ctx:r}){const e=o.getConfig().access?.rbac||{},t=i(r),c=m(e,t),{types:a,entities:s}=n({rbacConfig:e,currentRbacTeams:t});return{currentRbacTeamsForRead:c,excludedTypes:a,excludedEntities:s}}export{b as getRbacRestrictionsDataForCatalog};

package/dist/server/web-server/routes/page-data.js

@@ -1 +1 @@
-import{DEV_LOGIN_SLUG as U,ServerRoutes as $}from"../../../constants/common.js";import{CACHE_CONTROL_NO_CACHE_HEADER_VALUE as a,DEFAULT_TITLE as F}from"../../constants/common.js";import{findInIterable as O}from"../../../utils/collection/find-in-iterable.js";import{removeTrailingSlash as N}from"../../../utils/url/remove-trailing-slash.js";import{envConfig as b}from"../../config/env-config.js";import{canAccessResource as q,filterDataByAccessDeep as j,isResourcePubliclyAccessible as B}from"../../utils/rbac.js";import{getServerProps as H}from"../../ssr/index.js";import{readSharedData as G}from"../../utils/index.js";import{getRedirectLoginUrl as M}from"../utils/get-redirect-login-url.js";import{processRedirects as V}from"./helpers/process-redirects.js";import{removeErrorDetails as k}from"../utils/remove-error-details.js";import{telemetry as K}from"../../telemetry/index.js";function ae(e,s){return async(t,p)=>{const l=t.get("logger"),{req:u}=t,{pathname:d}=new URL(u.url),{seo:f,ssoDirect:h}=e.getConfig(),i=f?.title||F;if(e?.compilationErrors?.length&&b.isDevelopMode)return t.json({templateId:"compilation-error",props:{compilationErrors:e?.compilationErrors},sharedDataIds:{}},500,{"Cache-Control":a});const g=d.match(/page-data(.*)data.json$/);if(!g)return p();const c=decodeURI(g[1]),n=c==="/index/"?"/":N(c),o=e.getRouteBySlug(n,{followRedirect:!1})||O(e.routesBySlug.values(),r=>r.hasClientRoutes&&c.startsWith(r.slug));if(c===$.OIDC_CALLBACK+"/")return t.json({templateId:"403OIDC",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}}},200,{"Cache-Control":a});const{isAuthenticated:C,teams:D,claims:{name:v,picture:A,email:I}}=t.get("auth"),R={isAuthenticated:C,email:I,teams:D},m={isAuthenticated:C,name:v,picture:A,email:I,teams:D},L=e.getRedirect(n);if(L){const r=V({redirect:L}).location;return K.sendRedirectMessage([{object:"redirect",from:n,templateId:"404"}]),t.json({templateId:"404",redirectTo:r,sharedDataIds:{},props:{}},301,{"Cache-Control":a})}if(!o){const r=e.getRouteBySlug(n,{followRedirect:!0});return l.error(`Page not found: ${d}`),t.json({templateId:"404",redirectTo:r?.slug,sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:m},404,{"Cache-Control":a})}if(l.verbose(`Page viewed: ${o.slug}`),!q(o,R,e.config.rbac,e.config.requiresLogin)&&o.slug!==U){if(C)return t.json({templateId:"403",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}},userData:m},403,{"Cache-Control":a});const r=Object.keys(h||{}).length>0;return t.json({templateId:"404",sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:m,...r?{redirectTo:M(e,o.slug)}:{}},r?401:404,{"Cache-Control":a})}const S=j(o.versions,R,e.config.rbac,e.config.requiresLogin),P=e.routesSharedData.get(o.slug)||{},T=await s(o),y=await H(o,t,T,e),{sharedDataIds:_,...E}=y,w={templateId:o.templateId,versions:S,sharedDataIds:{...P,..._||{}},props:b.isProductionEnv?k(E):E,slug:o.slug,userData:m,isPublic:B(o,e.config)};return t.json(w,200,{"Cache-Control":a})}}function se(e){return async(s,t)=>{const p=s.get("logger"),{req:l}=s,{pathname:u}=new URL(l.url),d=u.match(/\/page-data\/shared\/(.*)\.json/);if(!d)return t();const f=decodeURIComponent(d[1]),h=await G(f,e.outdir),{isAuthenticated:i,teams:g,claims:{email:c}}=s.get("auth"),n=j(h,{isAuthenticated:i,email:c,teams:g},e.config.rbac,e.config.requiresLogin);return n?s.json(n,200,{"Cache-Control":a}):(p.error(`Shared data not found: ${u}`),s.text("Not Found",404,{"Cache-Control":a}))}}export{ae as pageDataHandler,se as sharedPageDataHandler};
+import{DEV_LOGIN_SLUG as U,ServerRoutes as $}from"../../../constants/common.js";import{CACHE_CONTROL_NO_CACHE_HEADER_VALUE as a,DEFAULT_TITLE as F}from"../../constants/common.js";import{findInIterable as O}from"../../../utils/collection/find-in-iterable.js";import{removeTrailingSlash as N}from"../../../utils/url/remove-trailing-slash.js";import{envConfig as b}from"../../config/env-config.js";import{canAccessResource as q,filterDataByAccessDeep as j,isResourcePubliclyAccessible as B}from"../../utils/rbac.js";import{getServerProps as H}from"../../ssr/index.js";import{readSharedData as G}from"../../utils/index.js";import{getRedirectLoginUrl as M}from"../utils/get-redirect-login-url.js";import{processRedirects as V}from"./helpers/process-redirects.js";import{removeErrorDetails as k}from"../utils/remove-error-details.js";import{telemetry as K}from"../../telemetry/index.js";function ae(e,s){return async(t,p)=>{const l=t.get("logger"),{req:u}=t,{pathname:d}=new URL(u.url),{seo:f,ssoDirect:h}=e.getConfig(),i=f?.title||F;if(e?.compilationErrors?.length&&b.isDevelopMode)return t.json({templateId:"compilation-error",props:{compilationErrors:e?.compilationErrors},sharedDataIds:{}},500,{"Cache-Control":a});const g=d.match(/page-data(.*)data.json$/);if(!g)return p();const c=decodeURI(g[1]),n=c==="/index/"?"/":N(c),o=e.getRouteBySlug(n,{followRedirect:!1})||O(e.routesBySlug.values(),r=>r.hasClientRoutes&&c.startsWith(r.slug));if(c===$.OIDC_CALLBACK+"/")return t.json({templateId:"403OIDC",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}}},200,{"Cache-Control":a});const{isAuthenticated:C,teams:D,claims:{name:v,picture:A,email:I}}=t.get("auth"),R={isAuthenticated:C,email:I,teams:D},m={isAuthenticated:C,name:v,picture:A,email:I,teams:D},L=e.getRedirect(n);if(L){const r=V({redirect:L}).location;return K.sendRedirectMessage([{object:"redirect",from:n,templateId:"404"}]),t.json({templateId:"404",redirectTo:r,sharedDataIds:{},props:{}},301,{"Cache-Control":a})}if(!o){const r=e.getRouteBySlug(n,{followRedirect:!0});return l.error(`Page not found: ${d}`),t.json({templateId:"404",redirectTo:r?.slug,sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:m},404,{"Cache-Control":a})}if(l.verbose(`Page viewed: ${o.slug}`),!q(o,R,e.config.access?.rbac,e.config.access?.requiresLogin)&&o.slug!==U){if(C)return t.json({templateId:"403",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}},userData:m},403,{"Cache-Control":a});const r=Object.keys(h||{}).length>0;return t.json({templateId:"404",sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:m,...r?{redirectTo:M(e,o.slug)}:{}},r?401:404,{"Cache-Control":a})}const S=j(o.versions,R,e.config.access?.rbac,e.config.access?.requiresLogin),P=e.routesSharedData.get(o.slug)||{},T=await s(o),y=await H(o,t,T,e),{sharedDataIds:_,...E}=y,w={templateId:o.templateId,versions:S,sharedDataIds:{...P,..._||{}},props:b.isProductionEnv?k(E):E,slug:o.slug,userData:m,isPublic:B(o,e.config)};return t.json(w,200,{"Cache-Control":a})}}function se(e){return async(s,t)=>{const p=s.get("logger"),{req:l}=s,{pathname:u}=new URL(l.url),d=u.match(/\/page-data\/shared\/(.*)\.json/);if(!d)return t();const f=decodeURIComponent(d[1]),h=await G(f,e.outdir),{isAuthenticated:i,teams:g,claims:{email:c}}=s.get("auth"),n=j(h,{isAuthenticated:i,email:c,teams:g},e.config.access?.rbac,e.config.access?.requiresLogin);return n?s.json(n,200,{"Cache-Control":a}):(p.error(`Shared data not found: ${u}`),s.text("Not Found",404,{"Cache-Control":a}))}}export{ae as pageDataHandler,se as sharedPageDataHandler};

package/dist/server/web-server/routes/search.js

@@ -1 +1 @@
-import{telemetryTraceStep as d}from"../../telemetry/helpers/trace-step.js";import{expandTeamsForRead as p}from"../../utils/rbac.js";function C(e){return async t=>await d("search",async s=>{const u=t.get("logger"),o=t.get("auth"),y=u.startTiming(),a=e.getConfig().requiresLogin&&!o.isAuthenticated,r={...await t.req.json(),auth:{...o,teams:p(e.config.rbac,o.teams)}};s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("query",r.query||""),s?.setAttribute("user",r.auth.claims.email??"anonymous"),s?.setAttribute("noAccess",a);const g=e.getSearchFacets(),i=a?{}:e.searchEngine?await e.searchEngine.search(r,g):{};let f=0;if(Object.keys(i).length){const h=i.documents;for(const[c,n]of Object.entries(h))f+=n.length}return u.infoTime(y,`Search with query "${r.query||""}". Total results: ${f}`),s?.setAttribute("resultsCount",f),t.json(i)})}function F(e){return async t=>await d("search.facets",async s=>{const u=t.get("logger"),o=t.get("auth"),m=e.getConfig().requiresLogin&&!o.isAuthenticated,a={...await t.req.json(),auth:o};s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("user",a.auth.claims.email??"anonymous"),s?.setAttribute("noAccess",m);const r=u.startTiming(),g=e.getSearchFacets(),i=m?{}:e.searchEngine?await e.searchEngine.countFacets(a,g):{},f=!!a.field;let h=[];if(f){const c=a.field,n=c&&g.get(c);if(n){const l={...n};l.values=i?.[c]||[],h.push(l)}}else{const c=new Map;for(const[n,l]of g){const A=i?.[n],b={...l};b.values=A||l.values.map(T=>({value:T,count:0})),c.set(n,b)}h=Array.from(c,([,n])=>n)}return u.verboseTime(r,"Search facets"),t.json(h)})}export{F as searchFacetsHandler,C as searchHandler};
+import{telemetryTraceStep as d}from"../../telemetry/helpers/trace-step.js";import{expandTeamsForRead as p}from"../../utils/rbac.js";function C(e){return async t=>await d("search",async s=>{const u=t.get("logger"),o=t.get("auth"),y=u.startTiming(),a=e.getConfig().access?.requiresLogin&&!o.isAuthenticated,r={...await t.req.json(),auth:{...o,teams:p(e.config.access?.rbac,o.teams)}};s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("query",r.query||""),s?.setAttribute("user",r.auth.claims.email??"anonymous"),s?.setAttribute("noAccess",a);const g=e.getSearchFacets(),i=a?{}:e.searchEngine?await e.searchEngine.search(r,g):{};let f=0;if(Object.keys(i).length){const h=i.documents;for(const[c,n]of Object.entries(h))f+=n.length}return u.infoTime(y,`Search with query "${r.query||""}". Total results: ${f}`),s?.setAttribute("resultsCount",f),t.json(i)})}function F(e){return async t=>await d("search.facets",async s=>{const u=t.get("logger"),o=t.get("auth"),m=e.getConfig().access?.requiresLogin&&!o.isAuthenticated,a={...await t.req.json(),auth:o};s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("user",a.auth.claims.email??"anonymous"),s?.setAttribute("noAccess",m);const r=u.startTiming(),g=e.getSearchFacets(),i=m?{}:e.searchEngine?await e.searchEngine.countFacets(a,g):{},f=!!a.field;let h=[];if(f){const c=a.field,n=c&&g.get(c);if(n){const l={...n};l.values=i?.[c]||[],h.push(l)}}else{const c=new Map;for(const[n,l]of g){const A=i?.[n],b={...l};b.values=A||l.values.map(T=>({value:T,count:0})),c.set(n,b)}h=Array.from(c,([,n])=>n)}return u.verboseTime(r,"Search facets"),t.json(h)})}export{F as searchFacetsHandler,C as searchHandler};

package/dist/server/web-server/routes/static-content.js

@@ -1 +1 @@
-import s from"path";import{REDOCLY_ROUTE_RBAC as C}from"@redocly/config";import{PUBLIC_STATIC_FOLDER as r}from"../../constants/common.js";import{isPathInFolder as g}from"../../../utils/path/is-path-in-folder.js";import{fileExistsAsync as h}from"../../utils/index.js";import{handleUnauthorizedAsset as w}from"../utils.js";import{MIME_TYPES as E}from"../mime-types.js";import{canAccessResource as R}from"../../utils/rbac.js";const O=async(t,n,o,a)=>{const c=n.req,{isAuthenticated:m,teams:l,claims:{email:u}}=n.get("auth"),i=s.join(r,r);t.startsWith(i)&&(t=t.replace(i,r));const e=s.resolve(o.outdir,t);if(!g(e,o.outdir))return null;if(await h(e)){const p={[C]:{slug:t,fsPath:e},slug:t};if(!R(p,{isAuthenticated:m,email:u,teams:l},o.config.rbac,o.config.requiresLogin))return w(n);const f=c.query("download")!=null,d=E[s.extname(e)]||"text/plain",A=await a(e);return n.newResponse(A,200,{"Content-Type":d,"Access-Control-Allow-Origin":"*",...f&&{"Content-Disposition":`attachment; filename="${s.basename(e)}"`}})}else return null};export{O as staticContentHandler};
+import s from"path";import{REDOCLY_ROUTE_RBAC as C}from"@redocly/config";import{PUBLIC_STATIC_FOLDER as r}from"../../constants/common.js";import{isPathInFolder as g}from"../../../utils/path/is-path-in-folder.js";import{fileExistsAsync as h}from"../../utils/index.js";import{handleUnauthorizedAsset as w}from"../utils.js";import{MIME_TYPES as E}from"../mime-types.js";import{canAccessResource as R}from"../../utils/rbac.js";const O=async(t,n,o,c)=>{const a=n.req,{isAuthenticated:m,teams:l,claims:{email:u}}=n.get("auth"),i=s.join(r,r);t.startsWith(i)&&(t=t.replace(i,r));const e=s.resolve(o.outdir,t);if(!g(e,o.outdir))return null;if(await h(e)){const p={[C]:{slug:t,fsPath:e},slug:t};if(!R(p,{isAuthenticated:m,email:u,teams:l},o.config.access?.rbac,o.config.access?.requiresLogin))return w(n);const f=a.query("download")!=null,d=E[s.extname(e)]||"text/plain",A=await c(e);return n.newResponse(A,200,{"Content-Type":d,"Access-Control-Allow-Origin":"*",...f&&{"Content-Disposition":`attachment; filename="${s.basename(e)}"`}})}else return null};export{O as staticContentHandler};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@redocly/reef",
-  "version": "0.132.0-next.0",
+  "version": "0.132.0-next.2",
   "description": "",
   "type": "module",
   "bin": {
@@ -16,6 +16,7 @@
   "dependencies": {
     "@babel/core": "7.23.5",
     "@dr.pogodin/react-helmet": "3.0.2",
+    "@excalidraw/excalidraw": "0.18.0",
     "@libsql/client": "0.15.4",
     "@markdoc/markdoc": "0.5.2",
     "@opentelemetry/api": "1.9.0",
@@ -29,7 +30,7 @@
     "@opentelemetry/sdk-trace-web": "2.0.1",
     "@opentelemetry/semantic-conventions": "1.34.0",
     "@redocly/ajv": "8.18.0",
-    "@redocly/openapi-core": "2.20.5",
+    "@redocly/openapi-core": "2.24.0",
     "@shikijs/transformers": "3.21.0",
     "@tanstack/react-query": "5.62.3",
     "@tanstack/react-table": "8.21.3",
@@ -53,13 +54,13 @@
     "flexsearch": "0.7.43",
     "graphql": "16.12.0",
     "gray-matter": "4.0.3",
-    "hono": "4.11.10",
+    "hono": "4.12.8",
     "htmlparser2": "8.0.2",
     "i18next": "22.4.15",
     "is-glob": "4.0.3",
     "js-yaml": "4.1.1",
     "lru-cache": "11.1.0",
-    "minimatch": "10.2.1",
+    "minimatch": "10.2.4",
     "mri": "1.2.0",
     "nanoid": "5.0.9",
     "node-fetch": "3.3.1",
@@ -91,14 +92,14 @@
     "xpath": "0.0.34",
     "yaml-ast-parser": "0.0.43",
     "zod": "^3.25.76",
-    "@redocly/asyncapi-docs": "1.9.0-next.0",
-    "@redocly/config": "0.44.1",
-    "@redocly/graphql-docs": "1.9.0-next.0",
-    "@redocly/openapi-docs": "3.20.0-next.0",
+    "@redocly/asyncapi-docs": "1.9.0-next.2",
+    "@redocly/config": "0.44.2",
+    "@redocly/graphql-docs": "1.9.0-next.2",
+    "@redocly/openapi-docs": "3.20.0-next.2",
     "@redocly/portal-legacy-ui": "0.15.0-next.0",
-    "@redocly/portal-plugin-mock-server": "0.17.0-next.0",
+    "@redocly/portal-plugin-mock-server": "0.17.0-next.2",
     "@redocly/realm-asyncapi-sdk": "0.10.0-next.0",
-    "@redocly/theme": "0.64.0-next.0"
+    "@redocly/theme": "0.64.0-next.2"
   },
   "peerDependencies": {
     "react": "^19.2.4",

package/dist/server/web-server/routes/helpers/get-md-asset-pathname.d.ts

@@ -1,2 +0,0 @@
-export declare function getMdAssetPathname(pathname: string, isAiAgent: boolean, hasMdExtension: boolean): string;
-//# sourceMappingURL=get-md-asset-pathname.d.ts.map

package/dist/server/web-server/routes/helpers/get-md-asset-pathname.js

@@ -1 +0,0 @@
-function d(t,e,r){return e&&!r?t==="/"?"index.html.md":t+".md":t}export{d as getMdAssetPathname};