npm - @salesforce/pwa-kit-runtime - Versions diffs - 3.7.0 → 3.7.1 - Mend

@salesforce/pwa-kit-runtime 3.7.0 → 3.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +5 -5
package/ssr/server/build-remote-server.js +53 -3
package/ssr/server/build-remote-server.test.js +80 -2
package/ssr/server/constants.js +2 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/pwa-kit-runtime",
-  "version": "3.7.0",
+  "version": "3.7.1",
   "description": "The PWAKit Runtime",
   "homepage": "https://github.com/SalesforceCommerceCloud/pwa-kit/tree/develop/packages/pwa-kit-runtime#readme",
   "bugs": {
@@ -46,11 +46,11 @@
   },
   "devDependencies": {
     "@loadable/component": "^5.15.3",
-    "@salesforce/pwa-kit-dev": "3.7.0",
+    "@salesforce/pwa-kit-dev": "3.7.1",
     "@serverless/event-mocks": "^1.1.1",
     "aws-lambda-mock-context": "^3.2.1",
     "fs-extra": "^11.1.1",
-    "internal-lib-build": "3.7.0",
+    "internal-lib-build": "3.7.1",
     "nock": "^13.3.0",
     "nodemon": "^2.0.22",
     "sinon": "^13.0.2",
@@ -58,7 +58,7 @@
     "supertest": "^4.0.2"
   },
   "peerDependencies": {
-    "@salesforce/pwa-kit-dev": "3.7.0"
+    "@salesforce/pwa-kit-dev": "3.7.1"
   },
   "peerDependenciesMeta": {
     "@salesforce/pwa-kit-dev": {
@@ -72,5 +72,5 @@
   "publishConfig": {
     "directory": "dist"
   },
-  "gitHead": "7a47e6b91a5a0edc69c999115345b9bd5154935f"
+  "gitHead": "9dde49caa598178c7a8dd406966f0d635fa8102c"
 }

package/ssr/server/build-remote-server.js CHANGED Viewed

@@ -641,6 +641,9 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     // to add in their projects, like in any regular Express app.
     app.use(ssrMiddleware);
     app.use(errorHandlerMiddleware);
+    if (options !== null && options !== void 0 && options.encodeNonAsciiHttpHeaders) {
+      app.use(encodeNonAsciiMiddleware);
+    }
     applyPatches(options);
   },
   /**
@@ -799,13 +802,29 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
    * @param app {Express} - an Express App
    * @private
    */
-  _createHandler(app) {
+  _createHandler(app, options) {
     // This flag is initially false, and is set true on the first request
     // handled by a Lambda. If it is true on entry to the handler function,
     // it indicates that the Lambda container has been reused.
     let lambdaContainerReused = false;
     const server = _awsServerlessExpress.default.createServer(app, null, binaryMimeTypes);
     const handler = (event, context, callback) => {
+      // encode non ASCII request headers
+      if (options !== null && options !== void 0 && options.encodeNonAsciiHttpHeaders) {
+        Object.keys(event.headers).forEach(key => {
+          if (!isASCII(event.headers[key])) {
+            event.headers[key] = encodeURIComponent(event.headers[key]);
+            // x-encoded-headers keeps track of which headers have been modified and encoded
+            if (event.headers[_constants.X_ENCODED_HEADERS]) {
+              // append header key
+              event.headers[_constants.X_ENCODED_HEADERS] = `${event.headers[_constants.X_ENCODED_HEADERS]},${key}`;
+            } else {
+              event.headers[_constants.X_ENCODED_HEADERS] = key;
+            }
+          }
+        });
+      }
       // We don't want to wait for an empty event loop once the response
       // has been sent. Setting this to false will "send the response
       // right away when the callback executes", but any pending events
@@ -907,8 +926,8 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
   createHandler(options, customizeApp) {
     process.on('unhandledRejection', _ssrServer.catchAndLog);
     const app = this._createApp(options);
-    customizeApp(app);
-    return this._createHandler(app);
+    customizeApp(app, options);
+    return this._createHandler(app, options);
   },
   /**
    * @private
@@ -991,6 +1010,37 @@ const errorHandlerMiddleware = (err, req, res, next) => {
   res.sendStatus(500);
 };
+/**
+ * Helper function that checks if a string is composed of ASCII characters
+ * We only check printable ASCII characters and not special ASCII characters
+ * such as NULL
+ *
+ * @private
+ */
+const isASCII = str => {
+  return /^[\x20-\x7E]*$/.test(str);
+};
+/**
+ * Express Middleware applied to responses that encode any non ASCII headers
+ *
+ * @private
+ */
+const encodeNonAsciiMiddleware = (req, res, next) => {
+  const originalSetHeader = res.setHeader;
+  res.setHeader = function (key, value) {
+    if (!isASCII(value)) {
+      originalSetHeader.call(this, key, encodeURIComponent(value));
+      let encodedHeaders = res.getHeader(_constants.X_ENCODED_HEADERS);
+      encodedHeaders = encodedHeaders ? `${encodedHeaders},${key}` : key;
+      originalSetHeader.call(this, _constants.X_ENCODED_HEADERS, encodedHeaders);
+    } else {
+      originalSetHeader.call(this, key, value);
+    }
+  };
+  next();
+};
 /**
  * Wrap the function fn in such a way that it will be called at most once. Subsequent
  * calls will always return the same value.

package/ssr/server/build-remote-server.test.js CHANGED Viewed

@@ -1,13 +1,25 @@
 "use strict";
 var _buildRemoteServer = require("./build-remote-server");
-/*
+var _constants = require("./constants");
+var _awsServerlessExpress = _interopRequireDefault(require("aws-serverless-express"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
+function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
+function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != typeof i) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); } /*
  * Copyright (c) 2021, salesforce.com, inc.
  * All rights reserved.
  * SPDX-License-Identifier: BSD-3-Clause
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
+jest.mock('aws-serverless-express', () => {
+  return {
+    createServer: jest.fn(),
+    proxy: jest.fn()
+  };
+});
 describe('the once function', () => {
   test('should prevent a function being called more than once', () => {
     const fn = jest.fn(() => ({
@@ -33,4 +45,70 @@ describe('remote server factory test coverage', () => {
     });
     expect(endpoint).toBeDefined();
   });
+});
+describe('encodeNonAsciiHttpHeaders flag in options to createHandler', () => {
+  test('encodes request headers', () => {
+    const mockApp = {
+      sendMetric: jest.fn()
+    };
+    const mockOptions = {
+      encodeNonAsciiHttpHeaders: true
+    };
+    const originalHeaders = {
+      'x-non-ascii-header-one': 'テスト',
+      'x-non-ascii-header-two': '测试',
+      'x-regular-header': 'ascii-str'
+    };
+    const event = {
+      headers: _objectSpread({}, originalHeaders)
+    };
+    const expectedHeaders = {
+      'x-non-ascii-header-one': '%E3%83%86%E3%82%B9%E3%83%88',
+      'x-non-ascii-header-two': '%E6%B5%8B%E8%AF%95',
+      'x-encoded-headers': 'x-non-ascii-header-one,x-non-ascii-header-two',
+      'x-regular-header': 'ascii-str'
+    };
+    const {
+      handler
+    } = _buildRemoteServer.RemoteServerFactory._createHandler(mockApp, mockOptions);
+    expect(event.headers).toEqual(originalHeaders);
+    handler(event, {}, {});
+    expect(event.headers).toEqual(expectedHeaders);
+    expect(decodeURIComponent(event.headers['x-non-ascii-header-one'])).toEqual(originalHeaders['x-non-ascii-header-one']);
+  });
+  test('encodes response headers', () => {
+    const mockApp = {
+      use: jest.fn()
+    };
+    const mockOptions = {
+      encodeNonAsciiHttpHeaders: true
+    };
+    const res = {
+      headers: {},
+      setHeader: (key, value) => {
+        res.headers[key] = value;
+      },
+      getHeader: key => {
+        return res.headers[key];
+      }
+    };
+    const nonASCIIheader = 'x-non-ascii-header';
+    const nonASCIIstr = 'テスト';
+    const expectedEncoding = '%E3%83%86%E3%82%B9%E3%83%88';
+    const regularHeaderKey = 'x-regular-header';
+    const regularHeaderValue = 'ascii-str';
+    _buildRemoteServer.RemoteServerFactory._setupCommonMiddleware(mockApp, mockOptions);
+    const encodeNonAsciiMiddleware = mockApp.use.mock.calls[3][0];
+    res.setHeader(nonASCIIheader, nonASCIIstr);
+    expect(res.getHeader(nonASCIIheader)).toEqual(nonASCIIstr);
+    encodeNonAsciiMiddleware({}, res, () => {});
+    res.setHeader(nonASCIIheader, nonASCIIstr);
+    expect(res.getHeader(nonASCIIheader)).toEqual(expectedEncoding);
+    expect(decodeURI(expectedEncoding)).toEqual(nonASCIIstr);
+    expect(res.getHeader(_constants.X_ENCODED_HEADERS)).toEqual(nonASCIIheader);
+    // confirm ASCII headers are not modified
+    res.setHeader(regularHeaderKey, regularHeaderValue);
+    expect(res.getHeader(regularHeaderKey)).toEqual(regularHeaderValue);
+  });
 });

package/ssr/server/constants.js CHANGED Viewed

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
+exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.X_ENCODED_HEADERS = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
 /*
  * Copyright (c) 2021, salesforce.com, inc.
  * All rights reserved.
@@ -23,6 +23,7 @@ const CONTENT_ENCODING = exports.CONTENT_ENCODING = 'content-encoding';
 const X_ORIGINAL_CONTENT_TYPE = exports.X_ORIGINAL_CONTENT_TYPE = 'x-original-content-type';
 const X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_QUERYSTRING = 'x-mobify-querystring';
 const X_MOBIFY_FROM_CACHE = exports.X_MOBIFY_FROM_CACHE = 'x-mobify-from-cache';
+const X_ENCODED_HEADERS = exports.X_ENCODED_HEADERS = 'x-encoded-headers';
 const SET_COOKIE = exports.SET_COOKIE = 'set-cookie';
 const CACHE_CONTROL = exports.CACHE_CONTROL = 'cache-control';
 const NO_CACHE = exports.NO_CACHE = 'max-age=0, nocache, nostore, must-revalidate';