azurajs 3.0.7 → 3.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -807,6 +807,54 @@ function buildOpenApiDocument(routes, options) {
807
807
  };
808
808
  }
809
809
 
810
+ // src/plugins/CORSPlugin.ts
811
+ var DEFAULT_METHODS = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS"];
812
+ var DEFAULT_HEADERS = ["Content-Type", "Authorization", "Accept", "X-Requested-With"];
813
+ function CORSPlugin(options = {}) {
814
+ const {
815
+ origins = "*",
816
+ methods = DEFAULT_METHODS,
817
+ allowedHeaders = DEFAULT_HEADERS,
818
+ exposedHeaders = [],
819
+ credentials = false,
820
+ maxAge = 86400,
821
+ preflightContinue = false
822
+ } = options;
823
+ const methodsStr = methods.join(", ");
824
+ const headersStr = allowedHeaders.join(", ");
825
+ const exposedStr = exposedHeaders.length > 0 ? exposedHeaders.join(", ") : "";
826
+ const isAllowedOrigin = (origin) => {
827
+ if (origins === "*") return credentials ? origin : "*";
828
+ if (typeof origins === "function") return origins(origin) ? origin : false;
829
+ if (typeof origins === "string") return origin === origins ? origin : false;
830
+ if (Array.isArray(origins)) return origins.includes(origin) ? origin : false;
831
+ return false;
832
+ };
833
+ return (ctx, next) => {
834
+ const { req, res } = ctx;
835
+ const origin = req.headers.origin ?? "";
836
+ const allowedOrigin = isAllowedOrigin(origin);
837
+ if (allowedOrigin) {
838
+ res.setHeader("Access-Control-Allow-Origin", allowedOrigin);
839
+ if (credentials) res.setHeader("Access-Control-Allow-Credentials", "true");
840
+ if (exposedStr) res.setHeader("Access-Control-Expose-Headers", exposedStr);
841
+ if (allowedOrigin !== "*") res.setHeader("Vary", "Origin");
842
+ }
843
+ if (req.method === "OPTIONS") {
844
+ res.setHeader("Access-Control-Allow-Methods", methodsStr);
845
+ res.setHeader("Access-Control-Allow-Headers", headersStr);
846
+ res.setHeader("Access-Control-Max-Age", String(maxAge));
847
+ if (!preflightContinue) {
848
+ res.sent = true;
849
+ res.statusCode = 204;
850
+ res.end();
851
+ return;
852
+ }
853
+ }
854
+ next();
855
+ };
856
+ }
857
+
810
858
  // src/core/server.ts
811
859
  function isRouteDocumentMeta(o) {
812
860
  if (!o || typeof o !== "object" || Array.isArray(o)) return false;
@@ -853,6 +901,15 @@ var AzuraServer = class {
853
901
  colors: this.config.logging?.colors,
854
902
  timestamp: this.config.logging?.timestamp
855
903
  });
904
+ this.registerPluginsFromConfig();
905
+ }
906
+ /** Activa plugins declarados em `config.plugins` (ex.: CORS). */
907
+ registerPluginsFromConfig() {
908
+ const corsCfg = this.config.plugins?.cors;
909
+ if (corsCfg && corsCfg.enabled !== false) {
910
+ const { enabled: _e, ...corsOptions } = corsCfg;
911
+ this.plugins.push(CORSPlugin(corsOptions));
912
+ }
856
913
  }
857
914
  use(handler) {
858
915
  this.compiledChain = null;
@@ -1170,7 +1227,7 @@ var AzuraServer = class {
1170
1227
  try {
1171
1228
  const chain = this.compileMiddlewareChain();
1172
1229
  await chain(azReq, azRes);
1173
- if (azRes.sent) return;
1230
+ if (azRes.sent || res.headersSent) return;
1174
1231
  const method = (req.method ?? "GET").toUpperCase();
1175
1232
  const match = this.router.find(method, pathname);
1176
1233
  if (!match) {
@@ -1456,53 +1513,6 @@ function ApiOperation(meta) {
1456
1513
  };
1457
1514
  }
1458
1515
 
1459
- // src/plugins/CORSPlugin.ts
1460
- var DEFAULT_METHODS = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS"];
1461
- var DEFAULT_HEADERS = ["Content-Type", "Authorization", "Accept", "X-Requested-With"];
1462
- function CORSPlugin(options = {}) {
1463
- const {
1464
- origins = "*",
1465
- methods = DEFAULT_METHODS,
1466
- allowedHeaders = DEFAULT_HEADERS,
1467
- exposedHeaders = [],
1468
- credentials = false,
1469
- maxAge = 86400,
1470
- preflightContinue = false
1471
- } = options;
1472
- const methodsStr = methods.join(", ");
1473
- const headersStr = allowedHeaders.join(", ");
1474
- const exposedStr = exposedHeaders.length > 0 ? exposedHeaders.join(", ") : "";
1475
- const isAllowedOrigin = (origin) => {
1476
- if (origins === "*") return credentials ? origin : "*";
1477
- if (typeof origins === "function") return origins(origin) ? origin : false;
1478
- if (typeof origins === "string") return origin === origins ? origin : false;
1479
- if (Array.isArray(origins)) return origins.includes(origin) ? origin : false;
1480
- return false;
1481
- };
1482
- return (ctx, next) => {
1483
- const { req, res } = ctx;
1484
- const origin = req.headers.origin ?? "";
1485
- const allowedOrigin = isAllowedOrigin(origin);
1486
- if (allowedOrigin) {
1487
- res.setHeader("Access-Control-Allow-Origin", allowedOrigin);
1488
- if (credentials) res.setHeader("Access-Control-Allow-Credentials", "true");
1489
- if (exposedStr) res.setHeader("Access-Control-Expose-Headers", exposedStr);
1490
- if (allowedOrigin !== "*") res.setHeader("Vary", "Origin");
1491
- }
1492
- if (req.method === "OPTIONS") {
1493
- res.setHeader("Access-Control-Allow-Methods", methodsStr);
1494
- res.setHeader("Access-Control-Allow-Headers", headersStr);
1495
- res.setHeader("Access-Control-Max-Age", String(maxAge));
1496
- if (!preflightContinue) {
1497
- res.statusCode = 204;
1498
- res.end();
1499
- return;
1500
- }
1501
- }
1502
- next();
1503
- };
1504
- }
1505
-
1506
1516
  // src/plugins/RateLimitPlugin.ts
1507
1517
  var MemoryStore = class {
1508
1518
  store = /* @__PURE__ */ new Map();