azurajs 2.7.0 → 2.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -87,24 +87,34 @@ export class AzuraClient {
87
87
  }
88
88
 
89
89
  if (this.opts.plugins?.cors?.enabled) {
90
- cors({
90
+ const corsPlugin = cors({
91
91
  origin: this.opts.plugins.cors.origins,
92
92
  methods: this.opts.plugins.cors.methods,
93
93
  allowedHeaders: this.opts.plugins.cors.allowedHeaders,
94
+ credentials: this.opts.plugins.cors.credentials,
94
95
  });
96
+
97
+ this.middlewares.unshift((ctx: any) => corsPlugin(ctx, ctx.next));
95
98
  logger("info", "CORS plugin enabled");
96
99
  }
97
100
 
98
101
  if (this.opts.plugins?.rateLimit?.enabled) {
99
- rateLimit(this.opts.plugins.rateLimit.limit, this.opts.plugins.rateLimit.timeframe);
102
+ const rateLimitPlugin = rateLimit(
103
+ this.opts.plugins.rateLimit.limit,
104
+ this.opts.plugins.rateLimit.timeframe,
105
+ );
106
+
107
+ if (typeof rateLimitPlugin === "function") {
108
+ this.middlewares.unshift((ctx: any) => rateLimitPlugin(ctx, ctx.next));
109
+ }
100
110
  logger("info", "Rate Limit plugin enabled");
101
111
  }
102
112
 
103
113
  // Create server WITHOUT handler to allow upgrade events to work properly
104
114
  this.server = http.createServer();
105
-
115
+
106
116
  // Add request handler manually
107
- this.server.on('request', (req, res) => {
117
+ this.server.on("request", (req, res) => {
108
118
  this.handle(req as any, res as any);
109
119
  });
110
120
  }
@@ -45,6 +45,7 @@ export type ConfigTypes = {
45
45
  origins: string | string[];
46
46
  methods: string | string[];
47
47
  allowedHeaders: string | string[];
48
+ credentials: boolean;
48
49
  };
49
50
  };
50
51
  logging?: {
@@ -135,4 +136,4 @@ export class ConfigModule {
135
136
  get<T extends keyof ConfigTypes>(key: T): ConfigTypes[T] {
136
137
  return this.config[key];
137
138
  }
138
- }
139
+ }
@@ -2,25 +2,50 @@ import type { HttpContext } from "../../types/common.type";
2
2
  import type { CorsOptions } from "../../types/plugins/cors.type";
3
3
 
4
4
  export function cors(opts: CorsOptions) {
5
- const { origin, methods, allowedHeaders } = opts;
5
+ const allowedOrigin = opts.origin ?? "*";
6
+ const methods = opts.methods ?? "GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS";
7
+ const allowedHeaders =
8
+ opts.allowedHeaders ?? "Content-Type,Authorization,Cookie,X-Requested-With,Accept";
9
+ const credentials = opts.credentials === true;
10
+
11
+ return async (ctx: HttpContext, next: () => Promise<void>) => {
12
+ const requestOrigin = ctx.request.headers["origin"] as string;
13
+
14
+ if (allowedOrigin === "*") {
15
+ if (credentials && requestOrigin) {
16
+ ctx.response.setHeader("Access-Control-Allow-Origin", requestOrigin);
17
+ } else {
18
+ ctx.response.setHeader("Access-Control-Allow-Origin", "*");
19
+ }
20
+ } else if (Array.isArray(allowedOrigin)) {
21
+ if (requestOrigin && allowedOrigin.includes(requestOrigin)) {
22
+ ctx.response.setHeader("Access-Control-Allow-Origin", requestOrigin);
23
+ }
24
+ } else if (allowedOrigin) {
25
+ ctx.response.setHeader("Access-Control-Allow-Origin", allowedOrigin as string);
26
+ }
27
+
28
+ if (credentials) {
29
+ ctx.response.setHeader("Access-Control-Allow-Credentials", "true");
30
+ }
6
31
 
7
- return (ctx: HttpContext, next: () => Promise<void>) => {
8
- ctx.response.setHeader(
9
- "Access-Control-Allow-Origin",
10
- Array.isArray(origin) ? origin.join(",") : origin,
11
- );
12
32
  ctx.response.setHeader(
13
33
  "Access-Control-Allow-Methods",
14
34
  Array.isArray(methods) ? methods.join(",") : methods,
15
35
  );
36
+
16
37
  ctx.response.setHeader(
17
38
  "Access-Control-Allow-Headers",
18
39
  Array.isArray(allowedHeaders) ? allowedHeaders.join(",") : allowedHeaders,
19
40
  );
20
41
 
42
+ ctx.response.setHeader("Vary", "Origin");
43
+
21
44
  if (ctx.request.method === "OPTIONS") {
22
- ctx.response.writeHead(204);
23
- return ctx.response.end();
45
+ ctx.response.statusCode = 204;
46
+ ctx.response.setHeader("Content-Length", "0");
47
+ ctx.response.end();
48
+ return;
24
49
  }
25
50
 
26
51
  return next();
@@ -2,4 +2,5 @@ export interface CorsOptions {
2
2
  origin: string | string[];
3
3
  methods: string | string[];
4
4
  allowedHeaders: string | string[];
5
+ credentials: boolean;
5
6
  }