@syncular/server-hono 0.0.6-221 → 0.0.6-224
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -4
- package/dist/create-server.d.ts.map +1 -1
- package/dist/create-server.js +3 -2
- package/dist/create-server.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/routes.d.ts +44 -18
- package/dist/routes.d.ts.map +1 -1
- package/dist/routes.js +121 -29
- package/dist/routes.js.map +1 -1
- package/dist/websocket-origin.d.ts +1 -0
- package/dist/websocket-origin.d.ts.map +1 -1
- package/dist/websocket-origin.js +20 -10
- package/dist/websocket-origin.js.map +1 -1
- package/package.json +6 -6
- package/src/__tests__/create-server.test.ts +99 -16
- package/src/create-server.ts +5 -1
- package/src/index.ts +6 -0
- package/src/routes.ts +226 -56
- package/src/websocket-origin.ts +31 -9
package/README.md
CHANGED
|
@@ -22,7 +22,21 @@ npm install @syncular/console
|
|
|
22
22
|
|
|
23
23
|
## Sync CORS
|
|
24
24
|
|
|
25
|
-
`createSyncRoutes` and `createSyncServer` accept a simple
|
|
25
|
+
`createSyncRoutes` and `createSyncServer` accept a simple Hono-style sync CORS config.
|
|
26
|
+
The common case is just an origin string:
|
|
27
|
+
|
|
28
|
+
```ts
|
|
29
|
+
const { syncRoutes } = createSyncServer({
|
|
30
|
+
db,
|
|
31
|
+
dialect,
|
|
32
|
+
sync,
|
|
33
|
+
routes: {
|
|
34
|
+
cors: 'https://app.example.com',
|
|
35
|
+
},
|
|
36
|
+
});
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
Or use an object when you need extra exposed/allowed headers:
|
|
26
40
|
|
|
27
41
|
```ts
|
|
28
42
|
const { syncRoutes } = createSyncServer({
|
|
@@ -31,15 +45,16 @@ const { syncRoutes } = createSyncServer({
|
|
|
31
45
|
sync,
|
|
32
46
|
routes: {
|
|
33
47
|
cors: {
|
|
34
|
-
|
|
48
|
+
origin: ['https://app.example.com'],
|
|
49
|
+
allowHeaders: ['x-custom-header'],
|
|
35
50
|
},
|
|
36
51
|
},
|
|
37
52
|
});
|
|
38
53
|
```
|
|
39
54
|
|
|
40
|
-
Use
|
|
55
|
+
Use a function origin only when you need dynamic policy logic.
|
|
41
56
|
When `routes.websocket.allowedOrigins` is unset, realtime websocket upgrades
|
|
42
|
-
inherit `routes.cors.
|
|
57
|
+
inherit static `routes.cors` origins automatically.
|
|
43
58
|
|
|
44
59
|
## Links
|
|
45
60
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../src/create-server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,UAAU,EACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAEL,mBAAmB,EAEpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,gBAAgB,
|
|
1
|
+
{"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../src/create-server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,UAAU,EACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAEL,mBAAmB,EAEpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,gBAAgB,EAGhB,KAAK,cAAc,EACnB,KAAK,6BAA6B,EACnC,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,iBAAiB,CAChC,EAAE,SAAS,UAAU,GAAG,UAAU,EAClC,IAAI,SAAS,cAAc,GAAG,cAAc,EAC5C,CAAC,SAAS,SAAS,GAAG,SAAS;IAE/B,+BAA+B;IAC/B,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAEf,0BAA0B;IAC1B,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAE9B,+CAA+C;IAC/C,IAAI,EAAE,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IAEjC,iEAAiE;IACjE,YAAY,CAAC,EAAE,oBAAoB,CAAC;IAEpC,sDAAsD;IACtD,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAE/B,+BAA+B;IAC/B,MAAM,CAAC,EAAE,6BAA6B,CAAC;IAEvC,sCAAsC;IACtC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;OAGG;IACH,OAAO,CAAC,EACJ,KAAK,GACL,CAAC;QACC,0FAA0F;QAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,oBAAoB,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,2BAA2B;IAC3B,UAAU,EAAE,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;IAChD,2CAA2C;IAC3C,aAAa,CAAC,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;IACvD,iDAAiD;IACjD,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C;AAED,wBAAgB,qCAAqC,CACnD,MAAM,EAAE,6BAA6B,GAAG,SAAS,GAChD,MAAM,EAAE,GAAG,GAAG,GAAG,SAAS,CAK5B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,gBAAgB,CAC9B,EAAE,SAAS,UAAU,GAAG,UAAU,EAClC,IAAI,SAAS,cAAc,GAAG,cAAc,EAC5C,CAAC,SAAS,SAAS,GAAG,SAAS,EAC/B,OAAO,EAAE,iBAAiB,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,gBAAgB,CA0G3D"}
|
package/dist/create-server.js
CHANGED
|
@@ -7,9 +7,10 @@
|
|
|
7
7
|
*/
|
|
8
8
|
import { createConsoleEventEmitter, createConsoleRoutes, createTokenAuthenticator, } from './console/routes.js';
|
|
9
9
|
import { isBenignConsoleSchemaError } from './console/schema-errors.js';
|
|
10
|
-
import { createSyncRoutes, getSyncWebSocketConnectionManager, } from './routes.js';
|
|
10
|
+
import { createSyncRoutes, getSyncWebSocketConnectionManager, normalizeSyncCorsConfig, } from './routes.js';
|
|
11
11
|
export function resolveDefaultWebSocketAllowedOrigins(routes) {
|
|
12
|
-
return routes?.websocket?.allowedOrigins ??
|
|
12
|
+
return (routes?.websocket?.allowedOrigins ??
|
|
13
|
+
normalizeSyncCorsConfig(routes?.cors)?.staticAllowedOrigins);
|
|
13
14
|
}
|
|
14
15
|
/**
|
|
15
16
|
* Create a simplified sync server with sync and optional console routes.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-server.js","sourceRoot":"","sources":["../src/create-server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAKrE,OAAO,EACL,gBAAgB,EAChB,iCAAiC,
|
|
1
|
+
{"version":3,"file":"create-server.js","sourceRoot":"","sources":["../src/create-server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAKrE,OAAO,EACL,gBAAgB,EAChB,iCAAiC,EACjC,uBAAuB,GAGxB,MAAM,UAAU,CAAC;AAiDlB,MAAM,UAAU,qCAAqC,CACnD,MAAiD,EACrB;IAC5B,OAAO,CACL,MAAM,EAAE,SAAS,EAAE,cAAc;QACjC,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,oBAAoB,CAC5D,CAAC;AAAA,CACH;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,gBAAgB,CAI9B,OAAuC,EAAoB;IAC3D,MAAM,EACJ,EAAE,EACF,OAAO,EACP,IAAI,EACJ,YAAY,EACZ,UAAU,EACV,MAAM,EACN,gBAAgB,EAChB,OAAO,EAAE,aAAa,GACvB,GAAG,OAAO,CAAC;IAEZ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,qBAAqB,GACzB,aAAa,KAAK,KAAK,IAAI,aAAa,KAAK,SAAS;QACpD,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,aAAa,CAAC;IACpB,MAAM,gBAAgB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,gBAAgB;QACnC,CAAC,CAAC,CAAC,qBAAqB,EAAE,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAClE,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,gBAAgB,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,gBAAgB;QAC1C,CAAC,CAAC,yBAAyB,EAAE;QAC7B,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,kBAAkB,GACtB,gBAAgB,IAAI,OAAO,CAAC,mBAAmB;QAC7C,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/C,IAAI,0BAA0B,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,MAAM,KAAK,CAAC;QAAA,CACb,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,8BAA8B,GAClC,qCAAqC,CAAC,MAAM,CAAC,CAAC;IAEhD,qBAAqB;IACrB,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,EAAE;QACF,OAAO;QACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,YAAY,EAAE,KAAK,EAAE,OAAO,EAAwB,EAAE,CACpD,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;QACpC,YAAY;QACZ,UAAU;QACV,kBAAkB,EAAE,mBAAmB;QACvC,kBAAkB;QAClB,IAAI,EAAE;YACJ,GAAG,MAAM;YACT,SAAS,EAAE,gBAAgB;gBACzB,CAAC,CAAC;oBACE,GAAG,MAAM,EAAE,SAAS;oBACpB,cAAc,EAAE,8BAA8B;oBAC9C,OAAO,EAAE,IAAI;oBACb,gBAAgB;iBACjB;gBACH,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE;SACvB;KACF,CAAC,CAAC;IAEH,2DAA2D;IAC3D,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,OAAO,EAAE,UAAU,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,aAAa,GAAG,mBAAmB,CAAC;QACxC,EAAE;QACF,OAAO;QACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,YAAY,EAAE,wBAAwB,CAAC,YAAY,CAAC;QACpD,WAAW,EAAE,qBAAqB,CAAC,WAAW;QAC9C,YAAY,EAAE,mBAAmB;QACjC,kBAAkB;QAClB,mBAAmB,EAAE,iCAAiC,CAAC,UAAU,CAAC;QAClE,OAAO,EAAE,qBAAqB,CAAC,OAAO;QACtC,WAAW,EAAE,qBAAqB,CAAC,WAAW;QAC9C,UAAU,EAAE,qBAAqB,CAAC,UAAU;QAC5C,GAAG,CAAC,gBAAgB,IAAI;YACtB,SAAS,EAAE;gBACT,OAAO,EAAE,IAAI;gBACb,gBAAgB;gBAChB,mBAAmB,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB;gBAC3D,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe;gBACnD,oBAAoB,EAAE,MAAM,EAAE,SAAS,EAAE,oBAAoB;gBAC7D,mBAAmB,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB;gBAC3D,cAAc,EAAE,8BAA8B;aAC/C;SACF,CAAC;KACH,CAAC,CAAC;IAEH,OAAO;QACL,UAAU;QACV,aAAa;QACb,mBAAmB;KACpB,CAAC;AAAA,CACH"}
|
package/dist/index.d.ts
CHANGED
|
@@ -11,6 +11,6 @@ export { createSyncServer, type SyncServerOptions, type SyncServerResult, } from
|
|
|
11
11
|
export * from './openapi';
|
|
12
12
|
export * from './proxy';
|
|
13
13
|
export * from './rate-limit';
|
|
14
|
-
export { type CreateSyncRoutesOptions, createSyncRoutes, getSyncRealtimeUnsubscribe, getSyncWebSocketConnectionManager, } from './routes';
|
|
14
|
+
export { type CreateSyncRoutesOptions, createSyncRoutes, getSyncRealtimeUnsubscribe, getSyncWebSocketConnectionManager, type LegacySyncCorsOptions, type NormalizedSyncCorsConfig, normalizeSyncCorsConfig, type SyncCorsOptions, type SyncCorsOrigin, type SyncCorsOriginResolver, } from './routes';
|
|
15
15
|
export * from './ws';
|
|
16
16
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,cAAc,gBAAgB,CAAC;AAG/B,OAAO,EAAE,KAAK,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAGzE,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,gBAAgB,EAChB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,GACtB,MAAM,iBAAiB,CAAC;AAGzB,cAAc,WAAW,CAAC;AAG1B,cAAc,SAAS,CAAC;AAGxB,cAAc,cAAc,CAAC;AAG7B,OAAO,EACL,KAAK,uBAAuB,EAC5B,gBAAgB,EAChB,0BAA0B,EAC1B,iCAAiC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,cAAc,gBAAgB,CAAC;AAG/B,OAAO,EAAE,KAAK,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAGzE,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,gBAAgB,EAChB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,GACtB,MAAM,iBAAiB,CAAC;AAGzB,cAAc,WAAW,CAAC;AAG1B,cAAc,SAAS,CAAC;AAGxB,cAAc,cAAc,CAAC;AAG7B,OAAO,EACL,KAAK,uBAAuB,EAC5B,gBAAgB,EAChB,0BAA0B,EAC1B,iCAAiC,EACjC,KAAK,qBAAqB,EAC1B,KAAK,wBAAwB,EAC7B,uBAAuB,EACvB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,sBAAsB,GAC5B,MAAM,UAAU,CAAC;AAGlB,cAAc,MAAM,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -19,7 +19,7 @@ export * from './proxy/index.js';
|
|
|
19
19
|
// Rate limiting
|
|
20
20
|
export * from './rate-limit.js';
|
|
21
21
|
// Route types and factory
|
|
22
|
-
export { createSyncRoutes, getSyncRealtimeUnsubscribe, getSyncWebSocketConnectionManager, } from './routes.js';
|
|
22
|
+
export { createSyncRoutes, getSyncRealtimeUnsubscribe, getSyncWebSocketConnectionManager, normalizeSyncCorsConfig, } from './routes.js';
|
|
23
23
|
// WebSocket helpers for realtime sync
|
|
24
24
|
export * from './ws.js';
|
|
25
25
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAe;AACf,cAAc,gBAAgB,CAAC;AAE/B,cAAc;AACd,OAAO,EAAgC,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEzE,UAAU;AACV,cAAc,WAAW,CAAC;AAE1B,4BAA4B;AAC5B,OAAO,EACL,gBAAgB,GAGjB,MAAM,iBAAiB,CAAC;AAEzB,oBAAoB;AACpB,cAAc,WAAW,CAAC;AAE1B,QAAQ;AACR,cAAc,SAAS,CAAC;AAExB,gBAAgB;AAChB,cAAc,cAAc,CAAC;AAE7B,0BAA0B;AAC1B,OAAO,EAEL,gBAAgB,EAChB,0BAA0B,EAC1B,iCAAiC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAe;AACf,cAAc,gBAAgB,CAAC;AAE/B,cAAc;AACd,OAAO,EAAgC,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEzE,UAAU;AACV,cAAc,WAAW,CAAC;AAE1B,4BAA4B;AAC5B,OAAO,EACL,gBAAgB,GAGjB,MAAM,iBAAiB,CAAC;AAEzB,oBAAoB;AACpB,cAAc,WAAW,CAAC;AAE1B,QAAQ;AACR,cAAc,SAAS,CAAC;AAExB,gBAAgB;AAChB,cAAc,cAAc,CAAC;AAE7B,0BAA0B;AAC1B,OAAO,EAEL,gBAAgB,EAChB,0BAA0B,EAC1B,iCAAiC,EAGjC,uBAAuB,GAIxB,MAAM,UAAU,CAAC;AAElB,sCAAsC;AACtC,cAAc,MAAM,CAAC"}
|
package/dist/routes.d.ts
CHANGED
|
@@ -62,30 +62,46 @@ export interface SyncWebSocketConfig {
|
|
|
62
62
|
*/
|
|
63
63
|
allowedOrigins?: string[] | '*';
|
|
64
64
|
}
|
|
65
|
+
export type SyncCorsOriginResolver = (origin: string | undefined, context: Context) => boolean | string | null | undefined | Promise<boolean | string | null | undefined>;
|
|
66
|
+
export type SyncCorsOrigin = string | string[] | '*' | SyncCorsOriginResolver;
|
|
67
|
+
export interface SyncCorsOptions {
|
|
68
|
+
/**
|
|
69
|
+
* Hono-style origin config.
|
|
70
|
+
* - string / string[]: exact or wildcard origin patterns
|
|
71
|
+
* - '*': allow all origins
|
|
72
|
+
* - function: dynamic allow/deny decision
|
|
73
|
+
*/
|
|
74
|
+
origin?: SyncCorsOrigin;
|
|
75
|
+
/**
|
|
76
|
+
* Additional request headers to allow. These are appended to the built-in
|
|
77
|
+
* Syncular transport and tracing headers, not used as a replacement.
|
|
78
|
+
*/
|
|
79
|
+
allowHeaders?: string[];
|
|
80
|
+
/**
|
|
81
|
+
* Additional response headers exposed to the browser.
|
|
82
|
+
*/
|
|
83
|
+
exposeHeaders?: string[];
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Legacy sync CORS config.
|
|
87
|
+
* @deprecated Prefer `cors: 'https://app.example.com'` or
|
|
88
|
+
* `cors: { origin: ['https://app.example.com'] }`.
|
|
89
|
+
*/
|
|
90
|
+
export interface LegacySyncCorsOptions {
|
|
91
|
+
allowedOrigins?: string[] | '*';
|
|
92
|
+
resolveOrigin?: (origin: string | undefined, context: Context) => string | null | Promise<string | null>;
|
|
93
|
+
allowCredentials?: boolean;
|
|
94
|
+
allowHeaders?: string[];
|
|
95
|
+
allowMethods?: string[];
|
|
96
|
+
maxAgeSeconds?: number;
|
|
97
|
+
}
|
|
65
98
|
export interface SyncRoutesConfigWithRateLimit {
|
|
66
99
|
/**
|
|
67
100
|
* Optional browser CORS handling for sync routes.
|
|
68
101
|
* When configured, sync route responses and preflights include matching
|
|
69
102
|
* CORS headers directly from the generated sync app.
|
|
70
103
|
*/
|
|
71
|
-
cors?:
|
|
72
|
-
/**
|
|
73
|
-
* Simple exact-match origin allowlist.
|
|
74
|
-
* Use `'*'` to allow all origins.
|
|
75
|
-
* When omitted, provide `resolveOrigin` for custom logic.
|
|
76
|
-
*/
|
|
77
|
-
allowedOrigins?: string[] | '*';
|
|
78
|
-
/**
|
|
79
|
-
* Advanced origin resolver for dynamic CORS decisions.
|
|
80
|
-
* When both `allowedOrigins` and `resolveOrigin` are provided,
|
|
81
|
-
* `resolveOrigin` takes precedence.
|
|
82
|
-
*/
|
|
83
|
-
resolveOrigin?: (origin: string | undefined, context: Context) => string | null | Promise<string | null>;
|
|
84
|
-
allowCredentials?: boolean;
|
|
85
|
-
allowHeaders?: string[];
|
|
86
|
-
allowMethods?: string[];
|
|
87
|
-
maxAgeSeconds?: number;
|
|
88
|
-
};
|
|
104
|
+
cors?: SyncCorsOrigin | SyncCorsOptions | LegacySyncCorsOptions;
|
|
89
105
|
/**
|
|
90
106
|
* Max commits per pull request.
|
|
91
107
|
* Default: 100
|
|
@@ -202,6 +218,16 @@ export interface CreateSyncRoutesOptions<DB extends SyncCoreDb = SyncCoreDb, Aut
|
|
|
202
218
|
*/
|
|
203
219
|
consoleSchemaReady?: Promise<void>;
|
|
204
220
|
}
|
|
221
|
+
export type NormalizedSyncCorsConfig = {
|
|
222
|
+
resolveOrigin: (origin: string | undefined, context: Context) => Promise<string | null>;
|
|
223
|
+
staticAllowedOrigins?: string[] | '*';
|
|
224
|
+
allowHeaders: string[];
|
|
225
|
+
exposeHeaders: string[];
|
|
226
|
+
allowMethods: string[];
|
|
227
|
+
allowCredentials: boolean;
|
|
228
|
+
maxAgeSeconds: number;
|
|
229
|
+
};
|
|
230
|
+
export declare function normalizeSyncCorsConfig(config: SyncRoutesConfigWithRateLimit['cors']): NormalizedSyncCorsConfig | null;
|
|
205
231
|
export declare function createSyncRoutes<DB extends SyncCoreDb = SyncCoreDb, Auth extends SyncAuthResult = SyncAuthResult, F extends SqlFamily = SqlFamily>(options: CreateSyncRoutesOptions<DB, Auth, F>): Hono;
|
|
206
232
|
export declare function getSyncWebSocketConnectionManager(routes: Hono): WebSocketConnectionManager | undefined;
|
|
207
233
|
export declare function getSyncRealtimeUnsubscribe(routes: Hono): (() => void) | undefined;
|
package/dist/routes.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH,OAAO,KAAK,EACV,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,UAAU,EACV,uBAAuB,EAEvB,cAAc,EACd,oBAAoB,EACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,KAAK,cAAc,EAKnB,KAAK,YAAY,EAUlB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,OAAO,EAAqB,MAAM,MAAM,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEhD,OAAO,EAAE,KAAK,MAAM,EAAO,MAAM,QAAQ,CAAC;AAG1C,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH,OAAO,KAAK,EACV,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,UAAU,EACV,uBAAuB,EAEvB,cAAc,EACd,oBAAoB,EACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,KAAK,cAAc,EAKnB,KAAK,YAAY,EAUlB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,OAAO,EAAqB,MAAM,MAAM,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEhD,OAAO,EAAE,KAAK,MAAM,EAAO,MAAM,QAAQ,CAAC;AAG1C,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,cAAc,CAAC;AAKtB,OAAO,EAIL,0BAA0B,EAC3B,MAAM,MAAM,CAAC;AAQd,MAAM,WAAW,cAAe,SAAQ,cAAc;CAAG;AAEzD;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;CACjC;AAED,MAAM,MAAM,sBAAsB,GAAG,CACnC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,OAAO,EAAE,OAAO,KAEd,OAAO,GACP,MAAM,GACN,IAAI,GACJ,SAAS,GACT,OAAO,CAAC,OAAO,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;AAEjD,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,GAAG,GAAG,sBAAsB,CAAC;AAE9E,MAAM,WAAW,eAAe;IAC9B;;;;;OAKG;IACH,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IAChC,aAAa,CAAC,EAAE,CACd,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,OAAO,EAAE,OAAO,KACb,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C;;;;OAIG;IACH,IAAI,CAAC,EAAE,cAAc,GAAG,eAAe,GAAG,qBAAqB,CAAC;IAChE;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,uBAAuB,CAAC,EAAE;QACxB;;;WAGG;QACH,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB;;;;WAIG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF;;;OAGG;IACH,SAAS,CAAC,EAAE,mBAAmB,GAAG,KAAK,CAAC;IACxC;;OAEG;IACH,SAAS,CAAC,EAAE,mBAAmB,CAAC;IAEhC;;;OAGG;IACH,KAAK,CAAC,EAAE;QACN,2DAA2D;QAC3D,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,iCAAiC;QACjC,OAAO,CAAC,EAAE,YAAY,CAAC;KACxB,CAAC;IAEF;;;OAGG;IACH,OAAO,CAAC,EAAE;QACR,iEAAiE;QACjE,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,0BAA0B;QAC1B,OAAO,CAAC,EAAE,cAAc,CAAC;KAC1B,CAAC;IAEF;;;OAGG;IACH,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,uBAAuB,CAAC;QACrC,qDAAqD;QACrD,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,uBAAuB,CACtC,EAAE,SAAS,UAAU,GAAG,UAAU,EAClC,IAAI,SAAS,cAAc,GAAG,cAAc,EAC5C,CAAC,SAAS,SAAS,GAAG,SAAS;IAE/B,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAC9B,QAAQ,EAAE,kBAAkB,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;IACzC,OAAO,CAAC,EAAE,oBAAoB,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;IAC3C,YAAY,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACnD,IAAI,CAAC,EAAE,6BAA6B,CAAC;IACrC,mBAAmB,CAAC,EAAE,0BAA0B,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,oBAAoB,CAAC;IACpC;;;OAGG;IACH,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/B;;;OAGG;IACH,kBAAkB,CAAC,EAAE;QACnB,IAAI,CAAC,KAAK,EAAE;YACV,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,eAAe,CAAC;YACnD,SAAS,EAAE,MAAM,CAAC;YAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SAC/B,GAAG,IAAI,CAAC;KACV,CAAC;IACF;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AA0FD,MAAM,MAAM,wBAAwB,GAAG;IACrC,aAAa,EAAE,CACb,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,OAAO,EAAE,OAAO,KACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IACtC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AA4GF,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,6BAA6B,CAAC,MAAM,CAAC,GAC5C,wBAAwB,GAAG,IAAI,CA8EjC;AAkQD,wBAAgB,gBAAgB,CAC9B,EAAE,SAAS,UAAU,GAAG,UAAU,EAClC,IAAI,SAAS,cAAc,GAAG,cAAc,EAC5C,CAAC,SAAS,SAAS,GAAG,SAAS,EAC/B,OAAO,EAAE,uBAAuB,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CA8kErD;AAED,wBAAgB,iCAAiC,CAC/C,MAAM,EAAE,IAAI,GACX,0BAA0B,GAAG,SAAS,CAExC;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,IAAI,GACX,CAAC,MAAM,IAAI,CAAC,GAAG,SAAS,CAE1B"}
|
package/dist/routes.js
CHANGED
|
@@ -14,7 +14,7 @@ import { sql } from 'kysely';
|
|
|
14
14
|
import { z } from 'zod';
|
|
15
15
|
import { isBenignConsoleSchemaError } from './console/schema-errors.js';
|
|
16
16
|
import { createRateLimiter, DEFAULT_SYNC_RATE_LIMITS, } from './rate-limit.js';
|
|
17
|
-
import { isWebSocketOriginAllowed } from './websocket-origin.js';
|
|
17
|
+
import { isWebSocketOriginAllowed, resolveAllowedOriginFromPatterns, } from './websocket-origin.js';
|
|
18
18
|
import { createWebSocketConnection, createWebSocketConnectionOwnerKey, WebSocketConnectionManager, } from './ws.js';
|
|
19
19
|
/**
|
|
20
20
|
* WeakMaps for storing Hono-instance-specific data without augmenting the type.
|
|
@@ -91,11 +91,15 @@ const DEFAULT_SYNC_CORS_ALLOW_METHODS = [
|
|
|
91
91
|
'DELETE',
|
|
92
92
|
'OPTIONS',
|
|
93
93
|
];
|
|
94
|
+
const DEFAULT_SYNC_CORS_EXPOSE_HEADERS = [];
|
|
94
95
|
function applySyncCorsHeaders(args) {
|
|
95
96
|
args.headers.set('Access-Control-Allow-Origin', args.allowedOrigin);
|
|
96
97
|
args.headers.set('Access-Control-Allow-Headers', args.allowHeaders.join(', '));
|
|
97
98
|
args.headers.set('Access-Control-Allow-Methods', args.allowMethods.join(', '));
|
|
98
99
|
args.headers.set('Access-Control-Max-Age', String(args.maxAgeSeconds));
|
|
100
|
+
if (args.exposeHeaders.length > 0) {
|
|
101
|
+
args.headers.set('Access-Control-Expose-Headers', args.exposeHeaders.join(', '));
|
|
102
|
+
}
|
|
99
103
|
if (args.allowedOrigin !== '*') {
|
|
100
104
|
args.headers.append('Vary', 'Origin');
|
|
101
105
|
if (args.allowCredentials) {
|
|
@@ -109,21 +113,114 @@ function createSyncCorsOriginDeniedResponse(origin) {
|
|
|
109
113
|
message: `Origin ${origin} is not allowed for sync access.`,
|
|
110
114
|
}, { status: 403 });
|
|
111
115
|
}
|
|
112
|
-
|
|
113
|
-
const
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
116
|
+
function mergeUniqueHeaders(...lists) {
|
|
117
|
+
const seen = new Set();
|
|
118
|
+
const merged = [];
|
|
119
|
+
for (const list of lists) {
|
|
120
|
+
for (const header of list ?? []) {
|
|
121
|
+
const trimmed = header.trim();
|
|
122
|
+
if (trimmed.length === 0)
|
|
123
|
+
continue;
|
|
124
|
+
const key = trimmed.toLowerCase();
|
|
125
|
+
if (seen.has(key))
|
|
126
|
+
continue;
|
|
127
|
+
seen.add(key);
|
|
128
|
+
merged.push(trimmed);
|
|
129
|
+
}
|
|
119
130
|
}
|
|
120
|
-
|
|
121
|
-
|
|
131
|
+
return merged;
|
|
132
|
+
}
|
|
133
|
+
function normalizeOriginResolver(resolver) {
|
|
134
|
+
return async (origin, context) => {
|
|
135
|
+
const resolved = await resolver(origin, context);
|
|
136
|
+
if (resolved === true) {
|
|
137
|
+
return origin ?? null;
|
|
138
|
+
}
|
|
139
|
+
if (resolved === false || resolved == null) {
|
|
122
140
|
return null;
|
|
123
141
|
}
|
|
124
|
-
return
|
|
142
|
+
return resolved;
|
|
143
|
+
};
|
|
144
|
+
}
|
|
145
|
+
function createStaticOriginResolver(allowedOrigins) {
|
|
146
|
+
return async (origin) => {
|
|
147
|
+
if (allowedOrigins === '*') {
|
|
148
|
+
return '*';
|
|
149
|
+
}
|
|
150
|
+
return resolveAllowedOriginFromPatterns(origin, allowedOrigins);
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
function toStaticAllowedOrigins(origin) {
|
|
154
|
+
return origin === '*' ? '*' : typeof origin === 'string' ? [origin] : origin;
|
|
155
|
+
}
|
|
156
|
+
function isLegacySyncCorsOptions(value) {
|
|
157
|
+
return (!!value &&
|
|
158
|
+
typeof value === 'object' &&
|
|
159
|
+
!Array.isArray(value) &&
|
|
160
|
+
('allowedOrigins' in value ||
|
|
161
|
+
'resolveOrigin' in value ||
|
|
162
|
+
'allowCredentials' in value ||
|
|
163
|
+
'allowMethods' in value ||
|
|
164
|
+
'maxAgeSeconds' in value));
|
|
165
|
+
}
|
|
166
|
+
export function normalizeSyncCorsConfig(config) {
|
|
167
|
+
if (!config) {
|
|
168
|
+
return null;
|
|
125
169
|
}
|
|
126
|
-
|
|
170
|
+
if (typeof config === 'string' ||
|
|
171
|
+
Array.isArray(config) ||
|
|
172
|
+
typeof config === 'function') {
|
|
173
|
+
const originResolver = typeof config === 'function'
|
|
174
|
+
? normalizeOriginResolver(config)
|
|
175
|
+
: createStaticOriginResolver(toStaticAllowedOrigins(config));
|
|
176
|
+
const staticAllowedOrigins = typeof config === 'function' ? undefined : toStaticAllowedOrigins(config);
|
|
177
|
+
return {
|
|
178
|
+
resolveOrigin: originResolver,
|
|
179
|
+
staticAllowedOrigins,
|
|
180
|
+
allowHeaders: [...DEFAULT_SYNC_CORS_ALLOW_HEADERS],
|
|
181
|
+
exposeHeaders: [...DEFAULT_SYNC_CORS_EXPOSE_HEADERS],
|
|
182
|
+
allowMethods: [...DEFAULT_SYNC_CORS_ALLOW_METHODS],
|
|
183
|
+
allowCredentials: true,
|
|
184
|
+
maxAgeSeconds: 86_400,
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
if (isLegacySyncCorsOptions(config)) {
|
|
188
|
+
const staticAllowedOrigins = config.allowedOrigins;
|
|
189
|
+
const resolveOrigin = typeof config.resolveOrigin === 'function'
|
|
190
|
+
? async (origin, context) => (await config.resolveOrigin?.(origin, context)) ?? null
|
|
191
|
+
: config.allowedOrigins
|
|
192
|
+
? createStaticOriginResolver(config.allowedOrigins)
|
|
193
|
+
: async () => null;
|
|
194
|
+
return {
|
|
195
|
+
resolveOrigin,
|
|
196
|
+
staticAllowedOrigins,
|
|
197
|
+
allowHeaders: mergeUniqueHeaders(DEFAULT_SYNC_CORS_ALLOW_HEADERS, config.allowHeaders),
|
|
198
|
+
exposeHeaders: [...DEFAULT_SYNC_CORS_EXPOSE_HEADERS],
|
|
199
|
+
allowMethods: config.allowMethods ?? [...DEFAULT_SYNC_CORS_ALLOW_METHODS],
|
|
200
|
+
allowCredentials: config.allowCredentials ?? true,
|
|
201
|
+
maxAgeSeconds: config.maxAgeSeconds ?? 86_400,
|
|
202
|
+
};
|
|
203
|
+
}
|
|
204
|
+
const staticOrigin = config.origin;
|
|
205
|
+
const resolveOrigin = typeof staticOrigin === 'function'
|
|
206
|
+
? normalizeOriginResolver(staticOrigin)
|
|
207
|
+
: staticOrigin
|
|
208
|
+
? createStaticOriginResolver(toStaticAllowedOrigins(staticOrigin))
|
|
209
|
+
: async () => null;
|
|
210
|
+
const staticAllowedOrigins = typeof staticOrigin === 'function'
|
|
211
|
+
? undefined
|
|
212
|
+
: staticOrigin
|
|
213
|
+
? toStaticAllowedOrigins(staticOrigin)
|
|
214
|
+
: undefined;
|
|
215
|
+
return {
|
|
216
|
+
resolveOrigin,
|
|
217
|
+
staticAllowedOrigins,
|
|
218
|
+
allowHeaders: mergeUniqueHeaders(DEFAULT_SYNC_CORS_ALLOW_HEADERS, config.allowHeaders),
|
|
219
|
+
exposeHeaders: mergeUniqueHeaders(DEFAULT_SYNC_CORS_EXPOSE_HEADERS, config.exposeHeaders),
|
|
220
|
+
allowMethods: [...DEFAULT_SYNC_CORS_ALLOW_METHODS],
|
|
221
|
+
allowCredentials: true,
|
|
222
|
+
maxAgeSeconds: 86_400,
|
|
223
|
+
};
|
|
127
224
|
}
|
|
128
225
|
function createOpaqueId(prefix) {
|
|
129
226
|
const randomPart = typeof crypto !== 'undefined' && 'randomUUID' in crypto
|
|
@@ -330,31 +427,25 @@ export function createSyncRoutes(options) {
|
|
|
330
427
|
});
|
|
331
428
|
return c.text('Internal Server Error', 500);
|
|
332
429
|
});
|
|
333
|
-
const corsConfig = config.cors;
|
|
430
|
+
const corsConfig = normalizeSyncCorsConfig(config.cors);
|
|
334
431
|
if (corsConfig) {
|
|
335
432
|
routes.use('*', async (c, next) => {
|
|
336
433
|
const origin = readOriginHeader(c);
|
|
337
|
-
const allowedOrigin = await
|
|
338
|
-
config: corsConfig,
|
|
339
|
-
origin,
|
|
340
|
-
context: c,
|
|
341
|
-
});
|
|
434
|
+
const allowedOrigin = await corsConfig.resolveOrigin(origin, c);
|
|
342
435
|
if (origin && !allowedOrigin) {
|
|
343
436
|
return createSyncCorsOriginDeniedResponse(origin);
|
|
344
437
|
}
|
|
345
438
|
const resolvedOrigin = allowedOrigin ?? '*';
|
|
346
|
-
const allowHeaders = corsConfig.allowHeaders ?? DEFAULT_SYNC_CORS_ALLOW_HEADERS;
|
|
347
|
-
const allowMethods = corsConfig.allowMethods ?? DEFAULT_SYNC_CORS_ALLOW_METHODS;
|
|
348
|
-
const maxAgeSeconds = corsConfig.maxAgeSeconds ?? 86_400;
|
|
349
439
|
if (c.req.method === 'OPTIONS') {
|
|
350
440
|
const headers = new Headers();
|
|
351
441
|
applySyncCorsHeaders({
|
|
352
442
|
headers,
|
|
353
443
|
allowedOrigin: resolvedOrigin,
|
|
354
|
-
allowCredentials: corsConfig.allowCredentials
|
|
355
|
-
allowHeaders,
|
|
356
|
-
|
|
357
|
-
|
|
444
|
+
allowCredentials: corsConfig.allowCredentials,
|
|
445
|
+
allowHeaders: corsConfig.allowHeaders,
|
|
446
|
+
exposeHeaders: corsConfig.exposeHeaders,
|
|
447
|
+
allowMethods: corsConfig.allowMethods,
|
|
448
|
+
maxAgeSeconds: corsConfig.maxAgeSeconds,
|
|
358
449
|
});
|
|
359
450
|
return new Response(null, { status: 204, headers });
|
|
360
451
|
}
|
|
@@ -362,10 +453,11 @@ export function createSyncRoutes(options) {
|
|
|
362
453
|
applySyncCorsHeaders({
|
|
363
454
|
headers: c.res.headers,
|
|
364
455
|
allowedOrigin: resolvedOrigin,
|
|
365
|
-
allowCredentials: corsConfig.allowCredentials
|
|
366
|
-
allowHeaders,
|
|
367
|
-
|
|
368
|
-
|
|
456
|
+
allowCredentials: corsConfig.allowCredentials,
|
|
457
|
+
allowHeaders: corsConfig.allowHeaders,
|
|
458
|
+
exposeHeaders: corsConfig.exposeHeaders,
|
|
459
|
+
allowMethods: corsConfig.allowMethods,
|
|
460
|
+
maxAgeSeconds: corsConfig.maxAgeSeconds,
|
|
369
461
|
});
|
|
370
462
|
return c.res;
|
|
371
463
|
});
|