ctct-helpers 0.0.1-security → 1.1.75

package/js/csrf-token.js

@@ -0,0 +1,25 @@
+/**
+ * @module ctct-helpers/csrf-token
+ */
+
+/**
+ * Get the crsfToken from the page
+ * @returns {String} The users' csrfToken, or 'local' if not found
+ *
+ * @example
+ * const options = { headers: {} };
+ * const token = getCsrfToken();
+ * if (env !== 'local') {
+ *   options.headers['X-CSRF-Token'] = token;
+ * }
+ * const restHandler = new RestHandler('https://example.com', options);
+ */
+const getCsrfToken = () => {
+  const tokenEl = document.querySelector('meta[name="csrf-token"]');
+  if (tokenEl) {
+    return tokenEl.content;
+  }
+  return 'local';
+};
+
+export { getCsrfToken };

package/js/env.js

@@ -0,0 +1,25 @@
+/**
+ * @module ctct-helpers/env
+ */
+
+const getHostName = () => {
+  return window.location.hostname;
+};
+
+/**
+ * Get the current CTCT environment by parsing a URL
+ * @param {String} [hostname] An optional hostname to parse
+ * @returns Current env (e.g. ".l1"), "." for prod, "local" for localhost
+ *
+ * @example
+ * const env = getEnv();
+ * if (env === 'local') {
+ *   return 'https://localhost:9000/mock/contacts/lists';
+ * }
+ * return `https://app${env}constantcontact.com/v1/contacts/lists`;
+ */
+const getEnv = (hostname = getHostName()) => {
+  return hostname.includes('constantcontact') ? (hostname.match(/\.[dls]1\./) || '.')[0] : 'local';
+};
+
+export { getEnv };

package/js/index.js

@@ -0,0 +1,13 @@
+import { getEnv } from './env';
+import { getCsrfToken } from './csrf-token';
+import RestHandler from './rest-handler';
+import RestHandlerLegacy from './rest-handler-legacy';
+
+export default {
+  getEnv,
+  getCsrfToken,
+  RestHandler,
+  RestHandlerLegacy,
+};
+
+export { getEnv, getCsrfToken, RestHandler, RestHandlerLegacy };

package/js/rest-handler-legacy.js

@@ -0,0 +1,165 @@
+/**
+ * @module ctct-helpers/rest-handler-legacy
+ */
+
+import $ from 'jquery';
+
+/**
+ * DO NOT USE THIS MODULE unless you absolutely need to use $.ajax() over fetch()!
+ * A simple REST handler for making AJAX requests to a single back-end service
+ * with CORS enabled. It is assumed that data is sent and received as JSON.
+ * Built around jQuery.ajax(), promisified for compatibility
+ *
+ * @example
+ * const restHandler = new RestHandler('https://example.com/api');
+ * restHandler.get('/some/endpoint').then((data) => {
+ *   console.log(data);
+ * }).catch((error) => {
+ *   console.error(error);
+ * });
+ */
+class RestHandlerLegacy {
+  /**
+   * Constructor
+   * @param {String} baseUrl - the base URL of the service (e.g. 'https://example.com/api')
+   * @param opts
+   */
+  constructor(baseUrl, opts = {}) {
+    this.baseUrl = `https://${baseUrl}`;
+    // http://api.jquery.com/jquery.ajax/#jQuery-ajax-settings
+    this.defaults = {
+      timeout: 60 * 1000 * 2, // 2 minutes
+      contentType: 'application/json',
+      dataType: 'json',
+      global: true, // Set to false to avoid bubbling errors
+      crossDomain: true,
+      headers: {
+        'X-Requested-With': 'XMLHttpRequest',
+      },
+      xhrFields: {
+        withCredentials: true,
+      },
+    };
+
+    this.defaults = this._extend({}, this.defaults, opts);
+  }
+
+  /**
+   * Extend (NOT deep copy) multiple objects
+   * @param {...*} args objects to extend
+   * @return {Object} the new object
+   */
+  _extend(...args) {
+    return $.extend.apply(null, args);
+  }
+
+  /**
+   * Make an AJAX request. User must specify the method type in the options.
+   * Not intended to be called directly - use one of the REST methods below.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} opts - options to override the defaults ('method' is required)
+   * @return {Promise} a promisified jqXHR object
+   */
+  send(url, opts = {}) {
+    const options = this._extend({}, this.defaults, opts);
+    const jqXHR = $.ajax(`${this.baseUrl}${url}`, options);
+    return Promise.resolve(jqXHR);
+  }
+
+  /**
+   * Perform a GET request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} a promisified jqXHR object
+   */
+  get(url, opts = {}) {
+    const options = this._extend(
+      {},
+      {
+        method: 'GET',
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a POST request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} data - the request body as a JS object
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} a promisified jqXHR object
+   */
+  post(url, data, opts = {}) {
+    const payload = JSON.stringify(data);
+    const options = this._extend(
+      {},
+      {
+        method: 'POST',
+        data: payload,
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a PATCH request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} data - the request body as a JS object
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} a promisified jqXHR object
+   */
+  patch(url, data, opts = {}) {
+    const payload = JSON.stringify(data);
+    const options = this._extend(
+      {},
+      {
+        method: 'PATCH',
+        data: payload,
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a PUT request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} data - the request body as a JS object
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} a promisified jqXHR object
+   */
+  put(url, data, opts = {}) {
+    const payload = JSON.stringify(data);
+    const options = this._extend(
+      {},
+      {
+        method: 'PUT',
+        data: payload,
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a DELETE request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} a promisified jqXHR object
+   */
+  delete(url, opts = {}) {
+    const options = this._extend(
+      {},
+      {
+        method: 'DELETE',
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+}
+
+// Export the class below instead of same line as class declaration.
+export default RestHandlerLegacy;

package/js/rest-handler.js

@@ -0,0 +1,263 @@
+/**
+ * @module ctct-helpers/rest-handler
+ */
+
+import * as deepmerge from 'deepmerge';
+
+const merge = (...args) => deepmerge.all(args);
+
+const PARSERS = {
+  json: async response => response.json(),
+  string: async response => response.text(),
+  arrayBuffer: async response => response.arrayBuffer(),
+  form: async response => response.formData(),
+  blob: async response => response.blob(),
+};
+
+const parsePayload = payload => {
+  switch (typeof payload) {
+    case 'string':
+      return payload;
+    case 'object':
+      return JSON.stringify(payload);
+    default:
+      throw new Error('Request body must be either a String or an Object');
+  }
+};
+
+const parseResponse = async (response, parser) => {
+  const body = await parser(response);
+  if (response.ok) {
+    return body;
+  }
+  return Promise.reject({
+    status: response.status,
+    statusText: response.statusText,
+    body,
+  });
+};
+
+const DEFAULTS = {
+  // Custom options
+  timeout: 60 * 1000 * 2, // 2 minutes
+  includeResponseHeaders: false,
+  // Fetch options
+  // https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters
+  mode: 'cors',
+  credentials: 'same-origin',
+  cache: 'no-store',
+  redirect: 'follow',
+  headers: {
+    'X-Requested-With': 'XMLHttpRequest',
+  },
+};
+
+/**
+ * A simple REST handler for making AJAX requests to a single back-end service with CORS enabled.
+ * Built around Fetch and Promises. {@link https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API}
+ *
+ * By default, it is assumed that data is sent and received as JSON.
+ * Unlike straight fetch(), each method will reject if the status is not 200-299 ("ok").
+ *
+ * @example
+ * // with Promises
+ * const restHandler = new RestHandler('example.com/api');
+ * restHandler.get('/some/endpoint')
+ *   .then((body) => {
+ *     console.log(body); // => { ... }
+ *   }).catch((error) => {
+ *     console.log(error); // => { status: 404, statusText: "", body: {...} }
+ *   });
+ *
+ * @example
+ * // with async/await
+ * const restHandler = new RestHandler('example.com/api');
+ * const example = async () => {
+ *   try {
+ *    const body = await restHandler.get('/some/endpoint');
+ *    console.log(body); // => { ... }
+ *   } catch (error) {
+ *    console.log(error); // => { status: 404, statusText: "", body: {...} }
+ *   }
+ * };
+ *
+ * @example
+ * // with non-JSON parser
+ * const restHandler = new RestHandler('example.com/api');
+ * restHandler.get('/some/endpoint', { parser: RestHandler.PARSERS.string })
+ *   .then((body) => console.log(typeof body)); // => "string"
+ *
+ * @example
+ * // get response body and headers
+ * const restHandler = new RestHandler('example.com/api');
+ * // To get headers, see https://developer.mozilla.org/en-US/docs/Web/API/Headers
+ * restHandler.get('/some/endpoint', { includeResponseHeaders: true })
+ *   .then(({body, headers}) => console.log(body, headers));
+ */
+class RestHandler {
+  /**
+   * Constructor
+   * @param {String} baseUrl - the base URL of the service without 'https://' (e.g. 'example.com/api')
+   * @param opts
+   */
+  constructor(baseUrl, opts = {}) {
+    this.baseUrl = baseUrl.indexOf('https://') > -1 ? baseUrl : `https://${baseUrl}`;
+    this.defaults = merge({}, DEFAULTS, opts);
+  }
+
+  // Because Jasmine is dumb and you can't directly mock out window.fetch
+  async _fetch(url, options) {
+    const { timeout } = options;
+    // https://gist.github.com/davej/728b20518632d97eef1e5a13bf0d05c7
+    return Promise.race([
+      window.fetch(url, options),
+      new Promise((resolve, reject) =>
+        setTimeout(() => reject(new Error(`Request timeout after ${timeout}ms`)), timeout)
+      ), // eslint-disable-line no-unused-vars
+    ]);
+  }
+
+  /**
+   * Make an AJAX request. User must specify the method type in the options.
+   * Not intended to be called directly - use one of the REST methods (i.e. .get(), .post()).
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} opts - options to override the defaults ('method' is required)
+   * @throws {Error} if the response has an unsupported content-type header
+   * @return {Promise} resolves to the parsed response body, rejects if not "ok"
+   */
+  async send(url, opts = {}) {
+    let result;
+    const options = merge({}, this.defaults, opts);
+    const response = await this._fetch(`${this.baseUrl}${url}`, options);
+    // Make smart inferences: https://css-tricks.com/using-fetch/
+    const contentType = response.headers.get('content-type');
+    if (!contentType) {
+      // Some responses (e.g. PUT) might not return content at all!
+      result = true;
+    } else if (options.parser) {
+      // The user provided the specific parser to use
+      result = await parseResponse(response, options.parser);
+    } else if (contentType.includes('application/json')) {
+      result = await parseResponse(response, PARSERS.json);
+    } else if (contentType.includes('text/html')) {
+      result = await parseResponse(response, PARSERS.string);
+    } else {
+      throw new Error(`content-type ${contentType} is not supported. Try providing a custom options.parser!`);
+    }
+    // Optionally include response headers
+    if (options.includeResponseHeaders) {
+      result = {
+        body: result,
+        headers: response.headers,
+      };
+    }
+    return result;
+  }
+
+  /**
+   * Perform a GET request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} resolves to the parsed response body, rejects if not "ok"
+   */
+  get(url, opts = {}) {
+    const options = merge(
+      {},
+      {
+        method: 'GET',
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a POST request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object|String} data - the request body as a JS object
+   * @param {Object} opts - options to override the defaults
+   * @throws {Error} if data is not a string or an object
+   * @return {Promise} resolves to the parsed response body, rejects if not "ok"
+   */
+  post(url, data, opts = {}) {
+    const payload = parsePayload(data);
+    const options = merge(
+      {},
+      {
+        method: 'POST',
+        body: payload,
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a PATCH request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object|String} data - the request body as a JS object
+   * @param {Object} opts - options to override the defaults
+   * @throws {Error} if data is not a string or an object
+   * @return {Promise} resolves to the parsed response body, rejects if not "ok"
+   */
+  patch(url, data, opts = {}) {
+    const payload = parsePayload(data);
+    const options = merge(
+      {},
+      {
+        method: 'PATCH',
+        body: payload,
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a PUT request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object|String} data - the request body as a JS object
+   * @param {Object} opts - options to override the defaults
+   * @throws {Error} if data is not a string or an object
+   * @return {Promise} resolves to the parsed response body, rejects if not "ok"
+   */
+  put(url, data, opts = {}) {
+    const payload = parsePayload(data);
+    const options = merge(
+      {},
+      {
+        method: 'PUT',
+        body: payload,
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+
+  /**
+   * Perform a DELETE request on the requested resource.
+   * @param {String} url - the URL to the resource (e.g. '/some/endpoint')
+   * @param {Object} opts - options to override the defaults
+   * @return {Promise} resolves to the parsed response body, rejects if not "ok"
+   */
+  delete(url, opts = {}) {
+    const options = merge(
+      {},
+      {
+        method: 'DELETE',
+      },
+      opts
+    );
+    return this.send(url, options);
+  }
+}
+
+/**
+ * Convenience methods for parsing the response of a fetch() call.
+ * {@link https://developer.mozilla.org/en-US/docs/Web/API/Body#Methods}
+ * @static
+ */
+RestHandler.PARSERS = PARSERS;
+
+// Export the class below instead of same line as class declaration.
+export default RestHandler;

package/package.json

@@ -1,6 +1,32 @@
 {
   "name": "ctct-helpers",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.1.75",
+  "description": "",
+  "license": "MIT",
+  "author": "hctct",
+  "main": "index.js",
+  "scripts": {
+    "prebuild": "rimraf dist",
+    "build": "rollup --config script/build.js --configSrc ./",
+    "preinstall": "node build.js",
+    "lint": "eslint ./",
+    "prepare": "npm run build",
+    "spec": "mocha --harmony --require esm script/setup.js --recursive test",
+    "start": "npm run build -- --watch",
+    "pretest": "npm run lint && npm run build",
+    "test": "nyc npm run spec"
+  },
+  "dependencies": {
+    "deepmerge": "^4.2.2",
+    "jquery": "^3.6.0"
+  },
+  "devDependencies": {
+    "rimraf": "3.0.2",
+    "rollup": "1.28.0",
+    "rollup-plugin-size": "0.2.1",
+    "rollup-plugin-terser": "5.1.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=ctct-helpers for more information.