@tstdl/base 0.90.35 → 0.90.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/api/server/middlewares/cors.middleware.js +41 -37
  2. package/package.json +1 -1
package/api/server/middlewares/cors.middleware.js CHANGED
@@ -4,46 +4,50 @@ import { isDefined } from '../../../utils/type-guards.js';
4
4
  export function corsMiddleware(options = {}) {
5
5
  // eslint-disable-next-line max-statements, @typescript-eslint/no-shadow
6
6
  async function corsMiddleware(context, next) {
7
- await next();
8
- const { request, response } = context;
9
- const requestMethod = request.headers.tryGetSingle('Access-Control-Request-Method') ?? request.method;
10
- const isOptions = (request.method == 'OPTIONS');
11
- const endpointDefinition = context.api.endpoints.get(requestMethod)?.definition;
12
- const cors = { ...options.default, ...endpointDefinition?.cors };
13
- if (isOptions) {
14
- const allowMethods = (await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowMethods)) ?? [...context.api.endpoints.keys()].join(', ');
15
- response.headers.setIfMissing('Access-Control-Allow-Methods', allowMethods);
16
- if (isDefined(cors.accessControlAllowHeaders) && !request.headers.has('Access-Control-Allow-Headers')) {
17
- const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowHeaders);
18
- response.headers.setIfMissing('Access-Control-Allow-Headers', value);
19
- }
20
- if (isDefined(cors.accessControlExposeHeaders) && !request.headers.has('Access-Control-Expose-Headers')) {
21
- const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlExposeHeaders);
22
- response.headers.setIfMissing('Access-Control-Expose-Headers', value);
7
+ try {
8
+ await next();
9
+ }
10
+ finally {
11
+ const { request, response } = context;
12
+ const requestMethod = request.headers.tryGetSingle('Access-Control-Request-Method') ?? request.method;
13
+ const isOptions = (request.method == 'OPTIONS');
14
+ const endpointDefinition = context.api.endpoints.get(requestMethod)?.definition;
15
+ const cors = { ...options.default, ...endpointDefinition?.cors };
16
+ if (isOptions) {
17
+ const allowMethods = (await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowMethods)) ?? [...context.api.endpoints.keys()].join(', ');
18
+ response.headers.setIfMissing('Access-Control-Allow-Methods', allowMethods);
19
+ if (isDefined(cors.accessControlAllowHeaders) && !request.headers.has('Access-Control-Allow-Headers')) {
20
+ const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowHeaders);
21
+ response.headers.setIfMissing('Access-Control-Allow-Headers', value);
22
+ }
23
+ if (isDefined(cors.accessControlExposeHeaders) && !request.headers.has('Access-Control-Expose-Headers')) {
24
+ const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlExposeHeaders);
25
+ response.headers.setIfMissing('Access-Control-Expose-Headers', value);
26
+ }
27
+ if (isDefined(cors.accessControlMaxAge) && !request.headers.has('Access-Control-Max-Age')) {
28
+ const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlMaxAge);
29
+ response.headers.setIfMissing('Access-Control-Max-Age', value);
30
+ }
23
31
  }
24
- if (isDefined(cors.accessControlMaxAge) && !request.headers.has('Access-Control-Max-Age')) {
25
- const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlMaxAge);
26
- response.headers.setIfMissing('Access-Control-Max-Age', value);
32
+ if (!request.headers.has('Access-Control-Allow-Credentials')) {
33
+ const allowCredentials = isDefined(cors.accessControlAllowCredentials)
34
+ ? await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowCredentials)
35
+ : endpointDefinition?.credentials;
36
+ if (allowCredentials == true) {
37
+ response.headers.setIfMissing('Access-Control-Allow-Credentials', 'true');
38
+ }
27
39
  }
28
- }
29
- if (!request.headers.has('Access-Control-Allow-Credentials')) {
30
- const allowCredentials = isDefined(cors.accessControlAllowCredentials)
31
- ? await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowCredentials)
32
- : endpointDefinition?.credentials;
33
- if (allowCredentials == true) {
34
- response.headers.setIfMissing('Access-Control-Allow-Credentials', 'true');
40
+ if (isDefined(cors.accessControlAllowOrigin) && !response.headers.has('Access-Control-Allow-Origin')) {
41
+ const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowOrigin);
42
+ response.headers.setIfMissing('Access-Control-Allow-Origin', value);
35
43
  }
36
- }
37
- if (isDefined(cors.accessControlAllowOrigin) && !response.headers.has('Access-Control-Allow-Origin')) {
38
- const value = await resolveApiEndpointDataProvider(request, context, cors.accessControlAllowOrigin);
39
- response.headers.setIfMissing('Access-Control-Allow-Origin', value);
40
- }
41
- if (isDefined(cors.autoAccessControlAllowOrigin) && !response.headers.has('Access-Control-Allow-Origin')) {
42
- const value = await resolveApiEndpointDataProvider(request, context, cors.autoAccessControlAllowOrigin);
43
- const origin = request.headers.tryGetSingle('Origin');
44
- const allowed = isDefined(value) && toArray(value).includes(origin);
45
- if (allowed) {
46
- response.headers.setIfMissing('Access-Control-Allow-Origin', origin);
44
+ if (isDefined(cors.autoAccessControlAllowOrigin) && !response.headers.has('Access-Control-Allow-Origin')) {
45
+ const value = await resolveApiEndpointDataProvider(request, context, cors.autoAccessControlAllowOrigin);
46
+ const origin = request.headers.tryGetSingle('Origin');
47
+ const allowed = isDefined(value) && toArray(value).includes(origin);
48
+ if (allowed) {
49
+ response.headers.setIfMissing('Access-Control-Allow-Origin', origin);
50
+ }
47
51
  }
48
52
  }
49
53
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tstdl/base",
3
- "version": "0.90.35",
3
+ "version": "0.90.36",
4
4
  "author": "Patrick Hein",
5
5
  "publishConfig": {
6
6
  "access": "public"