accessio 1.2.0 → 1.4.0

package/src/core/fetchAdapter.ts

@@ -18,12 +18,20 @@ async function readResponseData(
     default: {
       const contentType = fetchResponse.headers.get('content-type') || '';
       if (contentType.includes('application/json')) {
-        if (typeof fetchResponse.clone === 'function') {
-          const text = await fetchResponse.clone().text();
-          return text ? await fetchResponse.json() : '';
-        } else {
-          const text = await fetchResponse.text();
-          return text ? JSON.parse(text) : '';
+        const text = await fetchResponse.text();
+        if (!text) return '';
+        try {
+          return JSON.parse(text);
+        } catch (err) {
+          throw new AccessioError(
+            `Failed to parse JSON response: ${(err as Error).message}. Raw body: ${
+              text.length > 500 ? `${text.slice(0, 500)}…` : text
+            }`,
+            AccessioError.ERR_BAD_RESPONSE,
+            config,
+            fetchResponse,
+            null,
+          );
         }
       }
       return await fetchResponse.text();
@@ -31,17 +39,27 @@ async function readResponseData(
   }
 }
 
-export default async function fetchAdapter(
-  config: AccessioRequestConfig,
-  fullURL: string,
-  fetchOptions: RequestInit,
-  requestStartTime: number,
-): Promise<AccessioResponse> {
-  let abortController: AbortController | null = null;
-  let timeoutId: ReturnType<typeof setTimeout> | null = null;
-  let isTimedOut = false;
-  let onUserAbort: (() => void) | null = null;
+function assertValidURL(fullURL: string, config: AccessioRequestConfig): void {
+  if (!fullURL || !/^[a-z][a-z\d+\-.]*:/i.test(fullURL)) return;
+  try {
+    new URL(fullURL);
+  } catch {
+    throw new AccessioError(
+      `Invalid URL: ${fullURL}`,
+      AccessioError.ERR_INVALID_URL,
+      config,
+      null,
+      null,
+    );
+  }
+}
+
+interface AbortWiring {
+  isTimedOut: () => boolean;
+  cleanup: () => void;
+}
 
+function setupAbort(config: AccessioRequestConfig, fetchOptions: RequestInit): AbortWiring {
   if (
     config.timeout !== undefined &&
     (typeof config.timeout !== 'number' || isNaN(config.timeout) || config.timeout < 0)
@@ -56,84 +74,141 @@ export default async function fetchAdapter(
   }
 
   const timeoutValue = Number(config.timeout);
-  if (!isNaN(timeoutValue) && timeoutValue > 0) {
-    abortController = new AbortController();
-
-    timeoutId = setTimeout(() => {
-      isTimedOut = true;
-      abortController!.abort(
-        new AccessioError(
-          `timeout of ${timeoutValue}ms exceeded`,
-          AccessioError.ETIMEDOUT,
-          config,
-          null,
-          null,
-        ),
-      );
-    }, timeoutValue);
+  const hasTimeout = !isNaN(timeoutValue) && timeoutValue > 0;
+
+  if (!hasTimeout) {
+    if (config.signal) fetchOptions.signal = config.signal;
+    return { isTimedOut: () => false, cleanup: () => {} };
+  }
 
-    if (config.signal) {
-      if (typeof AbortSignal.any === 'function') {
-        fetchOptions.signal = AbortSignal.any([config.signal, abortController.signal]);
+  let timedOut = false;
+  const abortController = new AbortController();
+  const timeoutId = setTimeout(() => {
+    timedOut = true;
+    abortController.abort(
+      new AccessioError(
+        `timeout of ${timeoutValue}ms exceeded`,
+        AccessioError.ETIMEDOUT,
+        config,
+        null,
+        null,
+      ),
+    );
+  }, timeoutValue);
+
+  let onUserAbort: (() => void) | null = null;
+
+  if (config.signal) {
+    if (typeof AbortSignal.any === 'function') {
+      fetchOptions.signal = AbortSignal.any([config.signal, abortController.signal]);
+    } else {
+      if (config.signal.aborted) {
+        abortController.abort(config.signal.reason);
       } else {
-        if (config.signal.aborted) {
-          abortController.abort(config.signal.reason);
-        } else {
-          onUserAbort = () => {
-            if (!isTimedOut && abortController) {
-              abortController.abort(config.signal!.reason);
-            }
-          };
-          config.signal.addEventListener('abort', onUserAbort, {
-            once: true,
-          });
-        }
-        fetchOptions.signal = abortController.signal;
+        onUserAbort = () => {
+          if (!timedOut) abortController.abort(config.signal!.reason);
+        };
+        config.signal.addEventListener('abort', onUserAbort, { once: true });
       }
-    } else {
       fetchOptions.signal = abortController.signal;
     }
-  } else if (config.signal) {
-    fetchOptions.signal = config.signal;
+  } else {
+    fetchOptions.signal = abortController.signal;
   }
 
-  try {
-    const fetchImpl = config.fetch || fetch;
-    let fetchResponse = await fetchImpl(fullURL, fetchOptions);
-
-    if (config.onDownloadProgress && fetchResponse.body && config.responseType !== 'stream') {
-      const contentLength = fetchResponse.headers.get('content-length');
-      const total = contentLength ? parseInt(contentLength, 10) : 0;
-      let loaded = 0;
-
-      const reader = fetchResponse.body.getReader();
-      const stream = new ReadableStream({
-        async start(controller) {
-          try {
-            while (true) {
-              const { done, value } = await reader.read();
-              if (done) {
-                controller.close();
-                break;
-              }
-              loaded += value.byteLength;
-              config.onDownloadProgress!({ loaded, total });
-              controller.enqueue(value);
-            }
-          } catch (e) {
-            controller.error(e);
+  return {
+    isTimedOut: () => timedOut,
+    cleanup: () => {
+      clearTimeout(timeoutId);
+      if (onUserAbort && config.signal) {
+        config.signal.removeEventListener('abort', onUserAbort);
+      }
+    },
+  };
+}
+
+function wrapDownloadProgress(fetchResponse: Response, config: AccessioRequestConfig): Response {
+  if (!config.onDownloadProgress || !fetchResponse.body || config.responseType === 'stream') {
+    return fetchResponse;
+  }
+
+  const contentLength = fetchResponse.headers.get('content-length');
+  const total = contentLength ? parseInt(contentLength, 10) : 0;
+  let loaded = 0;
+
+  const reader = fetchResponse.body.getReader();
+  const stream = new ReadableStream({
+    async start(controller) {
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) {
+            controller.close();
+            break;
           }
-        },
-      });
-
-      fetchResponse = new Response(stream, {
-        headers: fetchResponse.headers,
-        status: fetchResponse.status,
-        statusText: fetchResponse.statusText,
-      });
-    }
+          loaded += value.byteLength;
+          config.onDownloadProgress!({ loaded, total });
+          controller.enqueue(value);
+        }
+      } catch (e) {
+        controller.error(e);
+      }
+    },
+  });
 
-    let responseData: unknown;
+  return new Response(stream, {
+    headers: fetchResponse.headers,
+    status: fetchResponse.status,
+    statusText: fetchResponse.statusText,
+  });
+}
+
+function classifyFetchError(
+  error: unknown,
+  config: AccessioRequestConfig,
+  isTimedOut: boolean,
+): AccessioError {
+  if (error instanceof AccessioError) return error;
+
+  if (isTimedOut) {
+    return new AccessioError(
+      `timeout of ${config.timeout}ms exceeded`,
+      AccessioError.ETIMEDOUT,
+      config,
+      null,
+      null,
+    );
+  }
+
+  const isAbort =
+    (error instanceof Error && error.name === 'AbortError') || !!config.signal?.aborted;
+  if (isAbort) {
+    return new AccessioError('Request aborted', AccessioError.ERR_CANCELED, config, null, null);
+  }
+
+  return AccessioError.from(
+    error instanceof Error ? error : new Error(String(error)),
+    AccessioError.ERR_NETWORK,
+    config,
+    null,
+    null,
+  );
+}
+
+export default async function fetchAdapter(
+  config: AccessioRequestConfig,
+  fullURL: string,
+  fetchOptions: RequestInit,
+  requestStartTime: number,
+): Promise<AccessioResponse> {
+  assertValidURL(fullURL, config);
+
+  const abort = setupAbort(config, fetchOptions);
+
+  try {
+    const fetchImpl = config.fetch || fetch;
+    const rawResponse = await fetchImpl(fullURL, fetchOptions);
+    const fetchResponse = wrapDownloadProgress(rawResponse, config);
 
     const contentLength = fetchResponse.headers.get('content-length');
     if (
@@ -150,6 +225,7 @@ export default async function fetchAdapter(
       );
     }
 
+    let responseData: unknown;
     try {
       responseData = await readResponseData(fetchResponse, config);
       if (config.schema) {
@@ -160,6 +236,7 @@ export default async function fetchAdapter(
         }
       }
     } catch (readError) {
+      if (readError instanceof AccessioError) throw readError;
       throw AccessioError.from(
         readError as Error,
         AccessioError.ERR_BAD_RESPONSE,
@@ -169,59 +246,18 @@ export default async function fetchAdapter(
       );
     }
 
-    const responseHeaders = parseHeaders(fetchResponse.headers);
-
     return {
       data: responseData,
       status: fetchResponse.status,
       statusText: fetchResponse.statusText,
-      headers: responseHeaders,
-      config: config,
+      headers: parseHeaders(fetchResponse.headers),
+      config,
       request: fetchResponse,
       duration: Date.now() - requestStartTime,
     };
   } catch (error) {
-    if (error instanceof AccessioError) {
-      throw error;
-    }
-
-    if (error instanceof Error && error.name === 'AbortError') {
-      if (isTimedOut) {
-        throw new AccessioError(
-          `timeout of ${config.timeout}ms exceeded`,
-          AccessioError.ETIMEDOUT,
-          config,
-          null,
-          null,
-        );
-      }
-      throw new AccessioError('Request aborted', AccessioError.ERR_CANCELED, config, null, null);
-    }
-
-    if (
-      error instanceof TypeError &&
-      (error.message.toLowerCase().includes('url') || error.message.toLowerCase().includes('fetch'))
-    ) {
-      throw new AccessioError(
-        `Invalid URL: ${fullURL}`,
-        AccessioError.ERR_INVALID_URL,
-        config,
-        null,
-        null,
-      );
-    }
-
-    throw AccessioError.from(
-      error instanceof Error ? error : new Error(String(error)),
-      AccessioError.ERR_NETWORK,
-      config,
-      null,
-      null,
-    );
+    throw classifyFetchError(error, config, abort.isTimedOut());
   } finally {
-    if (timeoutId) clearTimeout(timeoutId);
-    if (config.signal && onUserAbort) {
-      config.signal.removeEventListener('abort', onUserAbort);
-    }
+    abort.cleanup();
   }
 }

package/src/core/request.ts

@@ -1,5 +1,6 @@
 import buildURL from './buildURL';
-import AccessioError from './accessioError';
+import AccessioError, { redactConfig } from './accessioError';
+import { ERR_BAD_OPTION } from '../constants/errorCodes';
 import transformData from '../helpers/transformData';
 import settle from '../helpers/settle';
 import { flattenHeaders, removeContentType, buildFetchHeaders } from '../helpers/flattenHeaders';
@@ -9,6 +10,31 @@ import { defaultMemoryCache } from '../helpers/memoryCache';
 import type { AccessioRequestConfig, AccessioResponse, TransformFunction } from '../types';
 
 type HeadersConfig = Record<string, Record<string, string | string[]>>;
+type FlatHeaders = Record<string, string | string[]>;
+
+function lookupHeader(headers: FlatHeaders, name: string): string {
+  const target = name.toLowerCase();
+  for (const k of Object.keys(headers)) {
+    if (k.toLowerCase() === target) {
+      const v = headers[k];
+      return Array.isArray(v) ? v.join(',') : (v ?? '');
+    }
+  }
+  return '';
+}
+
+function buildCacheKey(
+  config: AccessioRequestConfig,
+  fullURL: string,
+  flatHeaders: FlatHeaders,
+): string {
+  const method = (config.method || 'GET').toUpperCase();
+  const auth = lookupHeader(flatHeaders, 'authorization');
+  const accept = lookupHeader(flatHeaders, 'accept');
+  const withCreds = config.withCredentials ? '1' : '0';
+  const respType = config.responseType || 'json';
+  return `${method}:${fullURL}|a=${auth}|x=${accept}|c=${withCreds}|t=${respType}`;
+}
 
 function buildTransformArray(
   transform: TransformFunction | TransformFunction[] | undefined,
@@ -18,7 +44,45 @@ function buildTransformArray(
   return [transform];
 }
 
+const DEFAULT_ALLOWED_PROTOCOLS = ['http:', 'https:'];
+
+function assertAllowedProtocol(fullURL: string, config: AccessioRequestConfig): void {
+  if (config.allowedProtocols === null) return;
+  const allowed = config.allowedProtocols ?? DEFAULT_ALLOWED_PROTOCOLS;
+
+  let scheme: string | null = null;
+  const match = /^([a-z][a-z\d+\-.]*):/i.exec(fullURL);
+  if (match) scheme = `${match[1].toLowerCase()}:`;
+  if (!scheme) return;
+
+  if (!allowed.includes(scheme)) {
+    throw new AccessioError(
+      `URL protocol "${scheme}" is not allowed. Allowed: ${allowed.join(', ')}. ` +
+        'Set config.allowedProtocols to extend, or null to disable the check.',
+      ERR_BAD_OPTION,
+      config,
+      null,
+      null,
+    );
+  }
+}
+
 const activeRequests = new Map<string, Promise<AccessioResponse>>();
+const MAX_ACTIVE_REQUESTS = 1024;
+
+export function __activeRequestsSize(): number {
+  return activeRequests.size;
+}
+
+function trackActiveRequest(key: string, promise: Promise<AccessioResponse>): void {
+  activeRequests.set(key, promise);
+  // Evict the oldest entry if we've grown past the cap. Map preserves insertion order.
+  while (activeRequests.size > MAX_ACTIVE_REQUESTS) {
+    const oldest = activeRequests.keys().next().value;
+    if (oldest === undefined || oldest === key) break;
+    activeRequests.delete(oldest);
+  }
+}
 
 export default async function dispatchRequest(
   config: AccessioRequestConfig,
@@ -32,32 +96,42 @@ export default async function dispatchRequest(
       config.paramsSerializer,
     );
 
+  assertAllowedProtocol(fullURL, config);
+
   if (config.hooks?.onBeforeRequest) {
     await config.hooks.onBeforeRequest(config);
   }
 
+  const flatHeaders = flattenHeaders(config.headers as HeadersConfig | undefined, config.method);
+  setBasicAuth(config, flatHeaders);
+
   const isGet = (config.method || 'GET').toUpperCase() === 'GET';
-  const cacheKey = isGet ? `GET:${fullURL}` : '';
+  const cacheKey = isGet ? buildCacheKey(config, fullURL, flatHeaders) : '';
 
   if (isGet && config.cache) {
     const cacheProvider = typeof config.cache === 'object' ? config.cache : defaultMemoryCache;
     const cached = await cacheProvider.get(cacheKey);
     if (cached) {
+      const cachedView: AccessioResponse = {
+        ...cached,
+        config: redactConfig(config) as typeof cached.config,
+      };
       if (config.hooks?.onRequestResponse) {
-        await config.hooks.onRequestResponse(cached);
+        await config.hooks.onRequestResponse(cachedView);
       }
-      return cached;
+      return cachedView;
     }
   }
 
   if (isGet && config.dedupe) {
-    if (activeRequests.has(cacheKey)) {
-      return activeRequests.get(cacheKey)!;
+    const inflight = activeRequests.get(cacheKey);
+    if (inflight) {
+      const shared = await inflight;
+      return finalizeResponse(shared, config);
     }
   }
 
-  const performRequest = async () => {
-    const flatHeaders = flattenHeaders(config.headers as HeadersConfig | undefined, config.method);
+  const performRequest = async (): Promise<AccessioResponse> => {
     const requestTransforms = buildTransformArray(config.transformRequest);
     const requestData = await transformData(requestTransforms, config.data, flatHeaders, config);
 
@@ -69,8 +143,6 @@ export default async function dispatchRequest(
       removeContentType(flatHeaders);
     }
 
-    setBasicAuth(config, flatHeaders);
-
     const fetchOptions: RequestInit = {
       method: (config.method || 'GET').toUpperCase(),
       headers: buildFetchHeaders(flatHeaders),
@@ -97,50 +169,55 @@ export default async function dispatchRequest(
     }
 
     const requestStartTime = Date.now();
-
     const response = await fetchAdapter(config, fullURL, fetchOptions, requestStartTime);
 
     const responseTransforms = buildTransformArray(config.transformResponse);
-
     response.data = await transformData(
       responseTransforms,
       response.data,
       response.headers,
       config,
+      'response',
     );
 
-    return new Promise<AccessioResponse>((resolve, reject) => {
-      settle(
-        resolve as (value: AccessioResponse) => void,
-        reject as (reason: AccessioError) => void,
-        response,
-        config,
-      );
-    });
+    return response;
   };
 
   const promise = performRequest();
 
   if (isGet && config.dedupe) {
-    activeRequests.set(cacheKey, promise);
-    promise.finally(() => {
-      activeRequests.delete(cacheKey);
-    });
+    trackActiveRequest(cacheKey, promise);
+    const cleanup = () => {
+      if (activeRequests.get(cacheKey) === promise) {
+        activeRequests.delete(cacheKey);
+      }
+    };
+    promise.then(cleanup, cleanup);
   }
 
   try {
-    const response = await promise;
+    const shared = await promise;
+    const response = finalizeResponse(shared, config);
 
     if (isGet && config.cache) {
       const cacheProvider = typeof config.cache === 'object' ? config.cache : defaultMemoryCache;
-      await cacheProvider.set(cacheKey, response, config.cacheTTL);
+      await cacheProvider.set(cacheKey, shared, config.cacheTTL);
     }
 
+    const settled = await new Promise<AccessioResponse>((resolve, reject) => {
+      settle(
+        resolve as (value: AccessioResponse) => void,
+        reject as (reason: AccessioError) => void,
+        response,
+        config,
+      );
+    });
+
     if (config.hooks?.onRequestResponse) {
-      await config.hooks.onRequestResponse(response);
+      await config.hooks.onRequestResponse(settled);
     }
 
-    return response;
+    return settled;
   } catch (error) {
     if (config.hooks?.onRequestError && error instanceof AccessioError) {
       await config.hooks.onRequestError(error);
@@ -148,3 +225,13 @@ export default async function dispatchRequest(
     throw error;
   }
 }
+
+function finalizeResponse(
+  shared: AccessioResponse,
+  config: AccessioRequestConfig,
+): AccessioResponse {
+  return {
+    ...shared,
+    config: redactConfig(config) as typeof shared.config,
+  };
+}

package/src/core/retry.ts

@@ -1,4 +1,5 @@
-import { ERR_CANCELED, ERR_NETWORK } from '../constants/errorCodes';
+import { ERR_BAD_OPTION, ERR_CANCELED, ERR_NETWORK } from '../constants/errorCodes';
+import AccessioErrorClass from './accessioError';
 import type {
   AccessioRequestConfig,
   AccessioError,
@@ -6,6 +7,12 @@ import type {
   OnRetryFunction,
 } from '../types';
 
+function isUnretriableBody(data: unknown): boolean {
+  if (data == null) return false;
+  if (typeof ReadableStream !== 'undefined' && data instanceof ReadableStream) return true;
+  return false;
+}
+
 function defaultRetryCondition(error: any): boolean {
   if (error.code === ERR_CANCELED) {
     return false;
@@ -89,6 +96,17 @@ async function retryRequest(
         throw error;
       }
 
+      if (isUnretriableBody(config.data)) {
+        throw new AccessioErrorClass(
+          'Request body is a ReadableStream and cannot be retried after consumption. ' +
+            'Buffer the stream upstream or set retry: 0 for this call.',
+          ERR_BAD_OPTION,
+          config,
+          null,
+          (error as AccessioError).response ?? null,
+        );
+      }
+
       let delay = calculateDelay(attempt, retryDelay);
 
       if (config.retryOn429 && (error as any).response?.status === 429) {

package/src/helpers/debug.ts

@@ -1,5 +1,5 @@
 import type { AccessioRequestConfig, AccessioResponse } from '../types';
-import AccessioError from '../core/accessioError';
+import AccessioError, { redactBody } from '../core/accessioError';
 
 function formatBytes(bytes: number): string {
   if (bytes === 0) return '0 B';
@@ -35,7 +35,12 @@ export function logRequest(config: AccessioRequestConfig, fullUrl: string): void
   }
 
   if (config.data && typeof config.data === 'object') {
-    const preview = JSON.stringify(config.data);
+    let preview: string;
+    try {
+      preview = JSON.stringify(redactBody(config.data));
+    } catch {
+      preview = '[unserializable body]';
+    }
     const truncated = preview.length > 200 ? `${preview.substring(0, 200)}...` : preview;
     parts.push(`   Body: ${truncated}`);
   }

package/src/helpers/flattenHeaders.ts

@@ -1,3 +1,32 @@
+import AccessioError from '../core/accessioError';
+import { ERR_BAD_OPTION } from '../constants/errorCodes';
+
+const HEADER_FORBIDDEN_CHAR = /[\r\n\0]/;
+
+function assertSafeHeader(name: string, value: string | string[]): void {
+  if (typeof name !== 'string' || HEADER_FORBIDDEN_CHAR.test(name)) {
+    throw new AccessioError(
+      `Invalid header name "${String(name)}": CR, LF and NUL are not allowed`,
+      ERR_BAD_OPTION,
+      null,
+      null,
+      null,
+    );
+  }
+  const values = Array.isArray(value) ? value : [value];
+  for (const v of values) {
+    if (typeof v === 'string' && HEADER_FORBIDDEN_CHAR.test(v)) {
+      throw new AccessioError(
+        `Invalid value for header "${name}": CR, LF and NUL are not allowed`,
+        ERR_BAD_OPTION,
+        null,
+        null,
+        null,
+      );
+    }
+  }
+}
+
 const METHOD_KEYS = new Set<string>([
   'common',
   'delete',
@@ -47,6 +76,7 @@ export function removeContentType(headers: Record<string, string | string[]>): v
 export function buildFetchHeaders(headers: Record<string, string | string[]>): Headers {
   const fetchHeaders = new Headers();
   for (const [key, value] of Object.entries(headers)) {
+    assertSafeHeader(key, value);
     if (Array.isArray(value)) {
       for (const v of value) {
         fetchHeaders.append(key, v);