altair-koa-middleware 8.2.7 → 8.3.0

package/.turbo/turbo-bootstrap.log

@@ -1,8 +1,8 @@
 
-> altair-koa-middleware@8.2.7 bootstrap /home/runner/work/altair/altair/packages/altair-koa-middleware
+> altair-koa-middleware@8.3.0 bootstrap /home/runner/work/altair/altair/packages/altair-koa-middleware
 > pnpm declarations
 
 
-> altair-koa-middleware@8.2.7 declarations /home/runner/work/altair/altair/packages/altair-koa-middleware
+> altair-koa-middleware@8.3.0 declarations /home/runner/work/altair/altair/packages/altair-koa-middleware
 > tsc --declaration
 

package/build/src/index.d.ts

@@ -1,8 +1,16 @@
+import { ParameterizedContext } from 'koa';
 import * as KoaRouter from '@koa/router';
 import { RenderOptions } from 'altair-static';
-export declare const createRouteExplorer: ({ router, url, opts, }: {
+export interface AltairKoaMiddlewareOptions {
     router: KoaRouter;
     url: string;
     opts: RenderOptions;
-}) => void;
+    /**
+     * Generates a Content Security Policy (CSP) nonce for the request.
+     * @param ctx The Koa context.
+     * @returns The generated CSP nonce.
+     */
+    cspNonceGenerator?: (ctx: ParameterizedContext) => string;
+}
+export declare const createRouteExplorer: ({ router, url, opts, cspNonceGenerator, }: AltairKoaMiddlewareOptions) => void;
 //# sourceMappingURL=index.d.ts.map

package/build/src/index.js

@@ -3,18 +3,27 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createRouteExplorer = void 0;
 const send_1 = require("@koa/send");
 const altair_static_1 = require("altair-static");
-const createRouteExplorer = ({ router, url, opts, }) => {
+const createRouteExplorer = ({ router, url, opts, cspNonceGenerator, }) => {
     router.get(url, async (ctx, next) => {
-        ctx.body = (0, altair_static_1.renderAltair)({ baseURL: ctx.url.replace(/\/?$/, '/'), ...opts });
+        const cspNonce = opts.cspNonce ?? cspNonceGenerator?.(ctx);
+        ctx.body = (0, altair_static_1.renderAltair)({
+            baseURL: ctx.url.replace(/\/?$/, '/'),
+            ...opts,
+            cspNonce,
+        });
         await next();
     });
     // Use the main favicon for my API subdomain.
-    router.get(`${url}/favicon.ico`, ctx => {
+    router.get(`${url}/favicon.ico`, (ctx) => {
         ctx.status = 301;
         ctx.redirect(`/favicon.ico`);
     });
-    router.get(`${url}/:path+`, async (ctx) => {
+    router.get(`${url}/*path`, async (ctx) => {
         const path = ctx.params.path;
+        // Disable CSP for the sandbox iframe
+        if (path && (0, altair_static_1.isSandboxFrame)(path)) {
+            ctx.set('Content-Security-Policy', '');
+        }
         await (0, send_1.send)(ctx, path || '', { root: (0, altair_static_1.getDistDirectory)() });
     });
 };

package/package.json

@@ -1,21 +1,21 @@
 {
   "name": "altair-koa-middleware",
   "description": "Koa middleware for altair graphql client",
-  "version": "8.2.7",
+  "version": "8.3.0",
   "author": "Samuel Imolorhe <altair@sirmuel.design> (https://sirmuel.design)",
   "bugs": "https://github.com/altair-graphql/altair/issues",
   "dependencies": {
     "@koa/send": "^6.0.0",
-    "altair-static": "8.2.7"
+    "altair-static": "8.3.0"
   },
   "devDependencies": {
     "@types/jest": "^27.0.1",
-    "@types/koa": "^2.15.0",
+    "@types/koa": "^3.0.0",
     "@types/koa__router": "^12.0.4",
     "@types/node": "^22.7.4",
     "@types/supertest": "^6.0.2",
     "jest": "29.4.1",
-    "koa": "^2.16.1",
+    "koa": "^3.0.1",
     "nodemon": "^2.0.12",
     "supertest": "^7.0.0",
     "ts-jest": "29.0.5",

package/src/index.ts

@@ -1,32 +1,55 @@
 'use strict';
 
+import { ParameterizedContext } from 'koa';
 import { send } from '@koa/send';
 import * as KoaRouter from '@koa/router';
-import { getDistDirectory, renderAltair, RenderOptions } from 'altair-static';
+import {
+  getDistDirectory,
+  renderAltair,
+  RenderOptions,
+  isSandboxFrame,
+} from 'altair-static';
 
+export interface AltairKoaMiddlewareOptions {
+  router: KoaRouter;
+  url: string;
+  opts: RenderOptions;
+  /**
+   * Generates a Content Security Policy (CSP) nonce for the request.
+   * @param ctx The Koa context.
+   * @returns The generated CSP nonce.
+   */
+  cspNonceGenerator?: (ctx: ParameterizedContext) => string;
+}
 export const createRouteExplorer = ({
   router,
   url,
   opts,
-}: {
-  router: KoaRouter;
-  url: string;
-  opts: RenderOptions;
-}) => {
+  cspNonceGenerator,
+}: AltairKoaMiddlewareOptions) => {
   router.get(url, async (ctx, next) => {
-    ctx.body = renderAltair({ baseURL: ctx.url.replace(/\/?$/, '/'), ...opts });
+    const cspNonce = opts.cspNonce ?? cspNonceGenerator?.(ctx);
+    ctx.body = renderAltair({
+      baseURL: ctx.url.replace(/\/?$/, '/'),
+      ...opts,
+      cspNonce,
+    });
 
     await next();
   });
 
   // Use the main favicon for my API subdomain.
-  router.get(`${url}/favicon.ico`, ctx => {
+  router.get(`${url}/favicon.ico`, (ctx) => {
     ctx.status = 301;
     ctx.redirect(`/favicon.ico`);
   });
 
-  router.get(`${url}/:path+`, async ctx => {
+  router.get(`${url}/*path`, async (ctx) => {
     const path = ctx.params.path;
+    // Disable CSP for the sandbox iframe
+    if (path && isSandboxFrame(path)) {
+      ctx.set('Content-Security-Policy', '');
+    }
     await send(ctx, path || '', { root: getDistDirectory() });
   });
 };

package/example/index.ts

@@ -1,25 +0,0 @@
-import * as Koa from 'koa';
-import * as KoaRouter from '@koa/router';
-import { createRouteExplorer } from '../src/index';
-
-const app = new Koa();
-const router = new KoaRouter();
-const port = 3130;
-
-// app.use(async ctx => {
-//   ctx.body = 'Hello world';
-// });
-createRouteExplorer({
-  url: '/altair',
-  router,
-  opts: {
-    endpointURL: '/graphql',
-    subscriptionsEndpoint: `ws://localhost:4000/subscriptions`,
-    initialQuery: `{ getData { id name surname } }`,
-    initialPreRequestScript: `console.log('Hello from pre request!')`,
-  },
-});
-
-app.use(router.routes()).use(router.allowedMethods());
-
-app.listen(port, () => console.log(`Listening on port ${port}`));