dxfl 0.1.8 → 0.1.10

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# v0.1.10
+
+- new `logout` command: removes dxfl config folder containing the credentials
+- rename authentification config folder from "dfl" to "dxfl", for consistency and clarity
+- `deuxfleurs.toml`: make "error.html" the default `error_page`'s value
+- `deploy`/`empty` commands can now be used without being logged, by passing S3 id and secret keys as enviromnent variables (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` respectively)
+- `deuxfleurs.toml` can now configure cross-origin requests
+
+# v0.1.9
+
+- `deuxfleurs.toml`: rename redirection property `if_error = 404` to `force = true`, to simplify and improve comprehension.
+
+# v0.1.8
+
 - `deploy`: add support for redirects, configured from a new `deuxfleurs.toml` file.
   - supports S3 "object redirects" (redirects from a path in the website)
   - supports global "bucket redirects" (redirects from any path in the website

package/README.md

@@ -10,9 +10,9 @@ npm install -g dxfl
 
 ## Usage
 
-_Not ready_
+_Warning: software still in an experimental state_
 
-Start by login with your username, for example for `john`:
+Start by logging in with your username, for example for `john`:
 
 ```
 dxfl login john
@@ -30,13 +30,19 @@ And then to deploy your `_public` folder on `example.com`:
 dxfl deploy example.com _public
 ```
 
-Or potentially preview the upcoming changes with the `--dry-run` option:
+To deploy without confirmation, use the `--yes` option:
+
+```
+dxfl deploy example.com _public --yes
+```
+
+Or only display the changes without applying them, with the `--dry-run` option:
 
 ```
 dxfl deploy example.com _public --dry-run
 ```
 
-If you need to empty a website from its contents:
+Use the `empty` command to delete all files from a website (required before deleting it):
 
 ```
 dxfl empty example.com
@@ -45,7 +51,7 @@ dxfl empty example.com
 ## Website configuration
 
 `dxfl deploy` reads a `deuxfleurs.toml` configuration file (if it exists in the current directory).
-This file can be used to specify website configuration metadata, such as redirections.
+This file can be used to specify website configuration metadata such as redirections.
 
 Your `deuxfleurs.toml` should follow the following structure:
 
@@ -53,9 +59,9 @@ Your `deuxfleurs.toml` should follow the following structure:
 # Filename added after URLs that point to directories.
 # Default value: "index.html"
 index_page = "index.html"
-# Path to the file to serve in case of 404 error
-# Default value: none.
-error_page = "404.html"
+# Path to the file to serve in case of 404 error.
+# Default value: "error.html"
+error_page = "error.html"
 
 # A redirect entry. There can be as many as desired.
 [[redirects]]
@@ -75,10 +81,66 @@ from = "foobar/*"
 # single path.
 to = "baz/*"
 # Optional: custom HTTP status code for the redirection.
-status = 302
-# Optional: only redirect if the original request triggered a 404 error
-if_error = 404
-```
+# Default value: 302
+status = 301
+# Optional: always apply the redirect.
+# By default, redirections that match multiple paths do not apply
+# if a file that matches the requested path could be served instead.
+# Setting this option to true overrides this behavior and always
+# applies the redirection.
+# Default value: false
+force = true
+
+# Configuration to allow cross-origin requests.
+# Multiple rules can be specified and will be matched in order.
+# Each rule is defined in its own `[[cors]]` block
+[[cors]]
+# Origins that you want to allow cross-origin requests from.
+allowed_origins = "https://www.example.com"
+# Possible values:
+# - allowed_origins = "*" : wildcard to allow all origins
+# - allowed_origins = "https://www.example.com" : string of origin (protocol+domain)
+# - allowed_origins = ["https://example1.com", "https://example2.com"] : array of origins
+# Required parameter.
+
+# HTTP methods allowed in a cross-origin request (in response to a preflight request).
+allowed_method = "GET"
+# Possible values:
+# - allowed_method = "*" : wild card to allow all methods (only GET/HEAD are currently supported by the server)
+# - allowed_method = "GET" : string of http method ("GET" or "HEAD")
+# - allowed_method = ["GET", "HEAD"] : array of string http methods
+# Optional parameter. Default value: ["GET", "HEAD"]
+
+# Request headers allowed in a preflight request.
+allowed_header = "Authorization"
+# Possible values:
+# - allowed_header = "*" : wildcard to allow all headers
+# - allowed_header = "Authorization" : string of http header
+# - allowed_header = ["Authorization", "Age"] : array of string http header
+# Optional parameter. Default value : []
+
+# Response headers you want to make available to JavaScript in response to a cross-origin request.
+expose_header = "Content-Encoding"
+# Possible values:
+# - expose_header = "Content-Encoding" : string of http header
+# - expose_header = ["Content-Encoding", "Kuma-Revision"] : array of string http header
+# Optional Parameter. Default value : []
+```
+
+## Using dxfl in automated deployments
+
+`dxfl login` is designed for interactive use, where you type the password in
+your local computer. For automated deployments (e.g. deploying your website in a
+continuous integration workflows), you can instead directly call `dxfl deploy`
+(or `dxfl empty`) and pass website credentials using environment variables:
+
+- `AWS_ACCESS_KEY_ID` for the S3 key id;
+- `AWS_SECRET_ACCESS_KEY` for the S3 secret key.
+
+The values for these variables can be found in the Guichet web interface for
+your website in the "S3" tab.
+
+Config examples for [Woodpecker CI](doc/workflows/woodpecker.yml) and [GitHub Actions](doc/workflows/gh-actions.yml) are also available to help you get started.
 
 ## Development
 
@@ -113,6 +175,7 @@ Do not forget also to run `npm login` to bind your account with the CLI.
 Then to publish a release:
 
 ```bash
+vim CHANGELOG.md # update the version and its content in this file
 vim package.json # update the version in this file
 vim index.ts # update the version in this file
 npm install # update the version in the package-lock.json

package/dist/auth.js

@@ -11,16 +11,62 @@ import { Configuration, WebsiteApi } from "guichet-sdk-ts";
 import { read } from "read";
 import path from "node:path";
 import fs from "node:fs/promises";
+import { confirmationPrompt } from "./utils.js";
 function configPath() {
-    let path = ".dfl/config.json";
+    let path = ".dxfl/config.json";
     if (process.env.XDG_CONFIG_HOME) {
-        path = process.env.XDG_CONFIG_HOME + "/dfl/config.json";
+        path = process.env.XDG_CONFIG_HOME + "/dxfl/config.json";
     }
     else if (process.env.HOME) {
-        path = process.env.HOME + "/.config/dfl/config.json";
+        path = process.env.HOME + "/.config/dxfl/config.json";
     }
     return path;
 }
+// Rename old config folder (from dfl to dxfl)
+function moveOldConfig() {
+    return __awaiter(this, void 0, void 0, function* () {
+        function oldConfigPath() {
+            let path = ".dfl/config.json";
+            if (process.env.XDG_CONFIG_HOME) {
+                path = process.env.XDG_CONFIG_HOME + "/dfl/config.json";
+            }
+            else if (process.env.HOME) {
+                path = process.env.HOME + "/.config/dfl/config.json";
+            }
+            return path;
+        }
+        const oldConfigFile = oldConfigPath();
+        try {
+            yield fs.access(oldConfigFile);
+            try {
+                const newConfigFile = configPath();
+                const oldConfigParent = path.dirname(oldConfigFile);
+                const newConfigParent = path.dirname(newConfigFile);
+                yield fs.mkdir(newConfigParent, { recursive: true });
+                yield fs.rename(oldConfigFile, newConfigFile);
+                yield fs.rmdir(oldConfigParent);
+            }
+            catch (err) {
+                console.error(err);
+                process.exit(1);
+            }
+        }
+        catch (e) {
+            // Doing nothing if no old config
+        }
+    });
+}
+export function apiConfExists() {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            yield fs.access(configPath());
+            return true;
+        }
+        catch (_) {
+            return false;
+        }
+    });
+}
 export function openApiConf() {
     return __awaiter(this, void 0, void 0, function* () {
         let strConf;
@@ -29,9 +75,15 @@ export function openApiConf() {
         try {
             strConf = yield fs.readFile(configFile, { encoding: "utf8" });
         }
-        catch (err) {
-            console.error(err, `\n\nUnable to read ${configFile}, run 'dfl login' first.`);
-            process.exit(1);
+        catch (e) {
+            try {
+                yield moveOldConfig(); // Check for old config folder to rename
+                strConf = yield fs.readFile(configFile, { encoding: "utf8" });
+            }
+            catch (err) {
+                console.error(err, `\n\nUnable to read ${configFile}, run 'dxfl login' first.`);
+                process.exit(1);
+            }
         }
         try {
             dictConf = JSON.parse(strConf);
@@ -79,3 +131,39 @@ export function login(username) {
         console.log("ok");
     });
 }
+export function logout(options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const configFile = configPath();
+        const parentFolder = path.dirname(configFile);
+        // Check if config file exist
+        try {
+            yield fs.access(configFile);
+        }
+        catch (err) {
+            console.error(err, `\n\nUnable to find ${configFile}. Are you logged on this device?`);
+            process.exit(1);
+        }
+        // If not --yes: ask for confirmation before proceeding
+        if (!options.yes) {
+            process.stdout.write(`Are you sure to clean dxfl's config folder? (${parentFolder})\n`);
+            const ok = yield confirmationPrompt(() => {
+                process.stdout.write("Details of planned operations:\n");
+                process.stdout.write(`  Delete file ${configFile}\n`);
+                process.stdout.write(`  Delete folder ${parentFolder}\n`);
+            });
+            if (!ok) {
+                return;
+            }
+        }
+        try {
+            yield fs.rm(configFile);
+            yield fs.rm(parentFolder, { recursive: true });
+            process.stdout.write("Config successfully cleaned up!\n");
+            process.stdout.write("You can now go outside, feel the sun and touch grass, you are free! ☀️\n");
+        }
+        catch (err) {
+            console.error(err, `\n\nUnable to cleanup config folder. Do you have the permission to delete ${parentFolder}?`);
+            process.exit(1);
+        }
+    });
+}

package/dist/bucket.js

@@ -9,36 +9,68 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 import fs from "fs";
 import mime from "mime";
+import { WebsiteApi } from "guichet-sdk-ts";
 import { DeleteObjectCommand, DeleteObjectsCommand, HeadObjectCommand, ListObjectsV2Command, PutObjectCommand, S3Client, } from "@aws-sdk/client-s3";
 import { PromisePool } from "@supercharge/promise-pool";
+import { apiConfExists, openApiConf } from "./auth.js";
 import { parseEtag, toChunks, formatBytesHuman } from "./utils.js";
-export function getBucket(api, vhost) {
+export function getBucketCredentials(name) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (yield apiConfExists()) {
+            const api = new WebsiteApi(yield openApiConf());
+            return yield credentialsFromApi(api, name);
+        }
+        else {
+            const creds = credentialsFromEnv();
+            if (creds === undefined) {
+                throw new Error("Failed to load credentials.\n" +
+                    "You need to run 'dxfl login', " +
+                    "or define the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.");
+            }
+            return creds;
+        }
+    });
+}
+function credentialsFromEnv() {
+    if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
+        return {
+            key: process.env.AWS_ACCESS_KEY_ID,
+            secret: process.env.AWS_SECRET_ACCESS_KEY,
+        };
+    }
+    else {
+        return undefined;
+    }
+}
+function credentialsFromApi(api, website) {
     return __awaiter(this, void 0, void 0, function* () {
         // Get website info from guichet (bucket name and keys)
-        const bucket = yield api.getWebsite({ vhost }).catch(err => {
+        const bucket = yield api.getWebsite({ vhost: website }).catch(err => {
             var _a;
             if (((_a = err === null || err === void 0 ? void 0 : err.response) === null || _a === void 0 ? void 0 : _a.status) == 404) {
-                console.error(`Error: website '${vhost}' does not exist`);
+                console.error(`Error: website '${website}' does not exist`);
             }
             else {
                 console.error(err);
             }
             throw new Error(err);
         });
+        return { key: bucket.accessKeyId, secret: bucket.secretAccessKey };
+    });
+}
+export function getBucket(name, creds) {
+    return __awaiter(this, void 0, void 0, function* () {
         // Initialize a S3 Client
         const client = new S3Client({
             endpoint: "https://garage.deuxfleurs.fr",
             region: "garage",
             forcePathStyle: true,
             credentials: {
-                accessKeyId: bucket.accessKeyId,
-                secretAccessKey: bucket.secretAccessKey,
+                accessKeyId: creds.key,
+                secretAccessKey: creds.secret,
             },
         });
-        return {
-            client: client,
-            name: bucket.vhost.name,
-        };
+        return { client, name };
     });
 }
 export function getBucketFiles(bucket) {

package/dist/deploy.js

@@ -9,12 +9,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 import fs from "fs";
 import path from "path";
-import { WebsiteApi } from "guichet-sdk-ts";
 import { PromisePool } from "@supercharge/promise-pool";
-import { openApiConf } from "./auth.js";
-import { deleteBucketFile, deleteBucketFiles, getBucket, getBucketFiles, putEmptyObjectRedirect, uploadFile, } from "./bucket.js";
+import { deleteBucketFile, deleteBucketFiles, getBucketCredentials, getBucket, getBucketFiles, putEmptyObjectRedirect, uploadFile, } from "./bucket.js";
 import { confirmationPrompt, filterMap, formatBytesHuman, formatCount, getFileMd5, sum, } from "./utils.js";
-import { equalBucketRedirect, getBucketConfig, putBucketWebsiteConfig, readConfigFile, } from "./website_config.js";
+import { equalBucketRedirect, equalCorsRules, getBucketConfig, putBucketWebsiteConfig, putCorsRules, readConfigFile, } from "./website_config.js";
 // Walks through the local directory at path `dir`, and for each file it contains, returns :
 // - `localPath`: its path on the local filesystem (includes `dir`). On windows, this path
 //    will typically use `\` as separator.
@@ -134,6 +132,10 @@ function computeDeployPlan(localFiles, remoteFiles, localCfg, remoteCfg) {
             from: remoteCfg.bucket_redirects,
             to: localCfg.bucket_redirects,
         },
+        cors_rules: {
+            from: remoteCfg.cors_rules,
+            to: localCfg.cors_rules,
+        },
     };
 }
 function diffBucketRedirects(from, to) {
@@ -163,8 +165,8 @@ function printPlan(plan, details) {
         const proto = r.protocol ? `${r.protocol}://` : "";
         const hostname = r.hostname ? `${r.hostname}/` : "";
         const status = r.status ? ` status=${r.status}` : "";
-        const if_error = r.if_error ? `  if_error=${r.if_error}` : "";
-        return `${proto}${hostname}${to}${status}${if_error}`;
+        const force = r.force ? `  force=${r.force}` : "";
+        return `${proto}${hostname}${to}${status}${force}`;
     }
     function showBucketRedirect(r) {
         return `${r.prefix}* -> ${showBucketRedirectTarget(r)}`;
@@ -184,6 +186,8 @@ function printPlan(plan, details) {
     const oredirects_added = plan.redirects.filter(r => r.action == "add");
     const oredirects_updated = plan.redirects.filter(r => r.action == "update");
     const oredirects_deleted = plan.redirects.filter(r => r.action == "delete");
+    // check whether CORS rules changed
+    const cors_changed = !equalCorsRules(plan.cors_rules.from, plan.cors_rules.to);
     // print
     if (details == "summary") {
         const sizeRemote = sum([...plan.remoteFiles.values()].map(f => { var _a; return (_a = f.size) !== null && _a !== void 0 ? _a : 0; }));
@@ -211,6 +215,9 @@ function printPlan(plan, details) {
         if (sentence != "") {
             process.stdout.write(`  ${sentence}\n`);
         }
+        if (cors_changed) {
+            process.stdout.write("  CORS rules modified\n");
+        }
         process.stdout.write(`  size: ${formatBytesHuman(sizeRemote)} -> ${formatBytesHuman(sizeLocal)}\n`);
     }
     else {
@@ -239,6 +246,20 @@ function printPlan(plan, details) {
         for (const { source, prev_target } of oredirects_deleted) {
             process.stdout.write(`  Delete redirect ${source} -> ${prev_target}\n`);
         }
+        if (cors_changed) {
+            process.stdout.write("  Set CORS rules:\n");
+            for (const rule of plan.cors_rules.to) {
+                function pp(a) {
+                    return a.length == 1
+                        ? `"${a[0]}"`
+                        : `[${a.map(s => `"${s}"`).join(", ")}]`;
+                }
+                process.stdout.write(`  - allowed_origins = ${pp(rule.allowed_origins)}\n`);
+                process.stdout.write(`    allowed_methods = ${pp(rule.allowed_methods)}\n`);
+                process.stdout.write(`    allowed_headers = ${pp(rule.allowed_headers)}\n`);
+                process.stdout.write(`    expose_headers  = ${pp(rule.expose_headers)}\n`);
+            }
+        }
     }
     // print other (index, error page)
     function s(s) {
@@ -289,6 +310,10 @@ function applyDeployPlan(bucket, plan) {
         }));
         // Apply bucket redirects & global config
         yield putBucketWebsiteConfig(bucket, plan.index_page.to, plan.error_page.to, plan.bucket_redirects.to);
+        // Apply CORS rules
+        if (!equalCorsRules(plan.cors_rules.from, plan.cors_rules.to)) {
+            yield putCorsRules(bucket, plan.cors_rules.to);
+        }
     });
 }
 function deployMain(website, localFolder, options) {
@@ -308,9 +333,7 @@ function deployMain(website, localFolder, options) {
             getLocalFilesWithInfo(localFolder),
             // Get the bucket, list of files stored in the bucket, and bucket website config
             (() => __awaiter(this, void 0, void 0, function* () {
-                const guichet = yield openApiConf();
-                const api = new WebsiteApi(guichet);
-                const bucket = yield getBucket(api, website);
+                const bucket = yield getBucket(website, yield getBucketCredentials(website));
                 const remoteFiles = yield getBucketFiles(bucket);
                 // This can be slow because it needs to query each object in the bucket.
                 const remoteWebsiteConfig = yield getBucketConfig(bucket, [
@@ -360,7 +383,6 @@ export function deploy(website, localFolder, options) {
                 console.error(`Error: ${err}`);
             }
             else {
-                console.error("Error:");
                 console.error(err);
             }
             process.exit(1);

package/dist/empty.js

@@ -7,9 +7,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-import { WebsiteApi } from "guichet-sdk-ts";
-import { openApiConf } from "./auth.js";
-import { getBucket, getBucketFiles, deleteBucketFiles } from "./bucket.js";
+import { getBucket, getBucketCredentials, getBucketFiles, deleteBucketFiles, } from "./bucket.js";
 import { confirmationPrompt, formatBytesHuman, formatCount, sum, } from "./utils.js";
 function emptyMain(website, options) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -17,9 +15,7 @@ function emptyMain(website, options) {
             console.error("Error: options --yes and --dry-run cannot be passed at the same time");
         }
         process.stdout.write("Fetching the website configuration and metadata...\n");
-        const guichet = yield openApiConf();
-        const api = new WebsiteApi(guichet);
-        const bucket = yield getBucket(api, website);
+        const bucket = yield getBucket(website, yield getBucketCredentials(website));
         const filesToDelete = [...(yield getBucketFiles(bucket))].map(([name, { size }]) => ({
             name,
             size,

package/dist/index.js

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
 import { program } from "@commander-js/extra-typings";
-import { login } from "./auth.js";
+import { login, logout } from "./auth.js";
 import { deploy } from "./deploy.js";
 import { empty } from "./empty.js";
 import { vhostsList } from "./vhosts.js";
-program.name("dxfl").description("Deuxfleurs CLI tool").version("0.1.8");
+program.name("dxfl").description("Deuxfleurs CLI tool").version("0.1.10");
 program
     .command("login")
     .description("Link your Deuxfleurs account with this tool.")
@@ -29,4 +29,9 @@ program
     .option("-n, --dry-run", "do a trial run without making actual changes")
     .option("-y, --yes", "apply the changes without asking for confirmation")
     .action(empty);
+program
+    .command("logout")
+    .description("Cleanup dxfl config containing your credentials")
+    .option("-y, --yes", "clean without asking for confirmation")
+    .action(logout);
 program.parse();

package/dist/website_config.js

@@ -12,7 +12,7 @@ import TOML from "smol-toml";
 import URI from "fast-uri";
 import { z as zod } from "zod";
 import { fromError as zodError } from "zod-validation-error";
-import { GetBucketWebsiteCommand, PutBucketWebsiteCommand, } from "@aws-sdk/client-s3";
+import { GetBucketCorsCommand, GetBucketWebsiteCommand, PutBucketWebsiteCommand, PutBucketCorsCommand, } from "@aws-sdk/client-s3";
 import { getBucketFilesDetails } from "./bucket.js";
 ////////////// Utilities
 export function equalBucketRedirect(b1, b2) {
@@ -28,12 +28,27 @@ export function equalBucketRedirect(b1, b2) {
         }
     }
     return (b1.prefix === b2.prefix &&
-        b1.if_error === b2.if_error &&
+        b1.force === b2.force &&
         b1.hostname === b2.hostname &&
         b1.status === b2.status &&
         b1.protocol === b2.protocol &&
         equalTo(b1.to, b2.to));
 }
+export function equalCorsRules(c1, c2) {
+    function eqArr(eqT, x, y) {
+        return x.length === y.length && x.every((v, i) => eqT(y[i], v));
+    }
+    function eqString(s1, s2) {
+        return s1 == s2;
+    }
+    function eqRule(c1, c2) {
+        return (eqArr(eqString, c1.allowed_origins, c2.allowed_origins) &&
+            eqArr(eqString, c1.allowed_headers, c2.allowed_headers) &&
+            eqArr(eqString, c1.allowed_methods, c2.allowed_methods) &&
+            eqArr(eqString, c1.expose_headers, c2.expose_headers));
+    }
+    return eqArr(eqRule, c1, c2);
+}
 ////////////// Parsing from a TOML config file
 // Parsing: TOML -> untyped object
 function readConfigFileObject(filename) {
@@ -64,13 +79,20 @@ function readConfigFileObject(filename) {
 const RawRedirectSchema = zod.object({
     from: zod.string(),
     to: zod.string(),
-    if_error: zod.number().int().optional(),
+    force: zod.boolean().optional(),
     status: zod.number().int().positive().optional(),
 });
+const RawCorsSchema = zod.object({
+    allowed_origins: zod.union([zod.string(), zod.string().array()]),
+    allowed_methods: zod.union([zod.string(), zod.string().array()]).optional(),
+    allowed_headers: zod.union([zod.string(), zod.string().array()]).optional(),
+    expose_headers: zod.union([zod.string(), zod.string().array()]).optional(),
+});
 const RawConfigSchema = zod.object({
     index_page: zod.string().optional(),
     error_page: zod.string().optional(),
     redirects: zod.array(RawRedirectSchema).optional(),
+    cors: zod.array(RawCorsSchema).optional(),
 });
 function interpRawConfig(cfg) {
     try {
@@ -114,7 +136,7 @@ function unescape(s) {
     }
 }
 function interpConfig(rawcfg) {
-    var _a, _b;
+    var _a, _b, _c, _d, _e;
     function interpPath(name, str) {
         try {
             return unescape(str);
@@ -124,7 +146,7 @@ function interpConfig(rawcfg) {
         }
     }
     function interpRedirect(i, r) {
-        var _a;
+        var _a, _b;
         const rfrom = interpPath(`Redirect ${i}, from`, r.from);
         const rto = interpPath(`Redirect ${i}, to`, r.to);
         let redirect;
@@ -167,7 +189,7 @@ function interpConfig(rawcfg) {
             }
             let bredirect = {
                 prefix,
-                if_error: undefined,
+                force: (_b = r.force) !== null && _b !== void 0 ? _b : false,
                 hostname: toURI.host,
                 protocol: toURI.scheme,
                 // Unless specified, set the status to 302.
@@ -180,12 +202,6 @@ function interpConfig(rawcfg) {
                     ? { kind: "replace_prefix", prefix: path }
                     : { kind: "replace", target: path },
             };
-            if (r.if_error) {
-                if (r.if_error != 404) {
-                    throw `Redirect ${i}: the only currently supported value for 'if_error' is 404`;
-                }
-                bredirect.if_error = 404;
-            }
             if (r.status) {
                 if ([301, 302, 303, 307, 308].includes(r.status)) {
                     bredirect.status = r.status;
@@ -204,8 +220,9 @@ function interpConfig(rawcfg) {
         }
         else {
             // This is an object redirect
-            if (r.if_error) {
-                throw `Redirect ${i}: 'if_error' is not supported for single redirections`;
+            if (r.force) {
+                throw (`Redirect ${i}: 'force' is not supported for single redirections.\n` +
+                    "The source of the redirection must not exist already as a file.");
             }
             if (r.status) {
                 throw (`Redirect ${i}: 'status' is not supported for single redirections.\n` +
@@ -221,7 +238,7 @@ function interpConfig(rawcfg) {
             if (from.startsWith("/")) {
                 from = from.substring(1);
             }
-            // for the 'to' field, garage expects a target that starts with 'http://', 'https://'
+            // for the 'to' field, garage expects the target to start with 'http://', 'https://'
             // or '/'. So if the 'to' field does not start with '/', add one...
             let to = rto.s;
             if (!(to.startsWith("http://") ||
@@ -233,14 +250,29 @@ function interpConfig(rawcfg) {
         }
         return redirect;
     }
+    // Default handling for an optional string:
+    // undefined -> def
+    // "" -> undefined
+    // other -> other.
+    //
+    // `""` is "disable this", while `undefined` is "use the default".
+    // This works as long as the empty string is not a valid value for `s`.
+    let withDefault = (s, def) => {
+        if (s === "") {
+            return undefined;
+        }
+        return s !== null && s !== void 0 ? s : def;
+    };
     let cfg = {
         // use index.html as default index if not specified explicitly
-        index_page: (_a = rawcfg.index_page) !== null && _a !== void 0 ? _a : "index.html",
-        error_page: rawcfg.error_page,
+        index_page: withDefault(rawcfg.index_page, "index.html"),
+        // use error.html as default error page
+        error_page: withDefault(rawcfg.error_page, "error.html"),
         bucket_redirects: [],
         object_redirects: new Map(),
+        cors_rules: [],
     };
-    for (const [i, raw] of ((_b = rawcfg.redirects) !== null && _b !== void 0 ? _b : []).entries()) {
+    for (const [i, raw] of ((_a = rawcfg.redirects) !== null && _a !== void 0 ? _a : []).entries()) {
         // `i+1` is only used for display: start counting redirects from 1 instead of 0
         const r = interpRedirect(i + 1, raw);
         if (r.kind == "bucket") {
@@ -253,6 +285,17 @@ function interpConfig(rawcfg) {
             cfg.object_redirects.set(r.from, r.to);
         }
     }
+    for (const [_, raw] of ((_b = rawcfg.cors) !== null && _b !== void 0 ? _b : []).entries()) {
+        const interpRawArray = (x) => {
+            return typeof x === "string" ? [x] : x;
+        };
+        cfg.cors_rules.push({
+            allowed_origins: interpRawArray(raw.allowed_origins),
+            allowed_methods: interpRawArray((_c = raw.allowed_methods) !== null && _c !== void 0 ? _c : ["GET", "HEAD"]),
+            allowed_headers: interpRawArray((_d = raw.allowed_methods) !== null && _d !== void 0 ? _d : []),
+            expose_headers: interpRawArray((_e = raw.expose_headers) !== null && _e !== void 0 ? _e : []),
+        });
+    }
     return cfg;
 }
 export function readConfigFile(filename) {
@@ -265,16 +308,27 @@ export function getBucketConfig(bucket, files) {
     return __awaiter(this, void 0, void 0, function* () {
         // This function performs the following S3 requests:
         // - GetBucketWebsite to get bucket-level redirects;
+        // - GetBucketCors to get the bucket CORS configuration;
         // - A Head command for each file in the bucket to collect object redirects.
         //   (This can become relatively slow for buckets with thousands of files,
         //    but I don't know of a better way.)
-        var _a, _b;
-        const [response, details] = yield Promise.all([
+        var _a, _b, _c, _d, _e, _f;
+        const [website, cors, details] = yield Promise.all([
             bucket.client.send(new GetBucketWebsiteCommand({ Bucket: bucket.name })),
+            bucket.client.send(new GetBucketCorsCommand({ Bucket: bucket.name })),
             getBucketFilesDetails(bucket, files),
         ]);
-        if (response && response.$metadata.httpStatusCode != 200) {
-            throw `Error sending GetBucketWebsite: ${response}`;
+        if (website && website.$metadata.httpStatusCode != 200) {
+            throw `Error sending GetBucketWebsite: ${JSON.stringify(website)}`;
+        }
+        if (!cors ||
+            (cors.$metadata.httpStatusCode != 200 &&
+                cors.$metadata.httpStatusCode != 204)) {
+            throw `Error sending GetBucketCors: ${JSON.stringify(cors)}`;
+        }
+        // 204 "No Content" is returned when there are no existing CORS rules
+        if (cors.$metadata.httpStatusCode == 204) {
+            cors.CORSRules = [];
         }
         // Collect object redirects
         const object_redirects = new Map();
@@ -284,29 +338,30 @@ export function getBucketConfig(bucket, files) {
             }
         }
         // Interpret bucket redirects
-        if (response.RedirectAllRequestsTo) {
+        if (website.RedirectAllRequestsTo) {
             // NB: garage does not currently support RedirectAllRequestsTo so this should never happen
             throw (`remote website configuration: RedirectAllRequestsTo is specified; ` +
                 `this is currently unsupported by dxfl`);
         }
-        const index_page = (_a = response.IndexDocument) === null || _a === void 0 ? void 0 : _a.Suffix;
-        const error_page = (_b = response.ErrorDocument) === null || _b === void 0 ? void 0 : _b.Key;
+        const index_page = (_a = website.IndexDocument) === null || _a === void 0 ? void 0 : _a.Suffix;
+        const error_page = (_b = website.ErrorDocument) === null || _b === void 0 ? void 0 : _b.Key;
         let bucket_redirects = [];
-        if (response.RoutingRules) {
-            for (const rule of response.RoutingRules) {
+        if (website.RoutingRules) {
+            for (const rule of website.RoutingRules) {
                 // If no Condition is specified, then the redirect always applies, which is equivalent
                 // to matching on an empty prefix
                 let prefix = "";
-                let if_error = undefined;
+                // If no HttpErrorCodeReturnedEquals is specified, then the redirection always
+                // applies, which is equivalent to force=true
+                let force = true;
                 if (rule.Condition) {
                     if (rule.Condition.HttpErrorCodeReturnedEquals) {
                         if (rule.Condition.HttpErrorCodeReturnedEquals == "404") {
-                            if_error = 404;
+                            force = false;
                         }
                         else {
-                            // currently not supported by garage
-                            throw (`remote website configuration: 'if_error' specified with a different ` +
-                                `status code than 404; this is currently unsupported by dxfl`);
+                            // not supported by garage
+                            throw `remote website configuration: unexpected value for 'HttpErrorCodeReturnedEquals': ${rule.Condition.HttpErrorCodeReturnedEquals}`;
                         }
                     }
                     if (rule.Condition.KeyPrefixEquals) {
@@ -346,7 +401,7 @@ export function getBucketConfig(bucket, files) {
                 }
                 bucket_redirects.push({
                     prefix,
-                    if_error,
+                    force,
                     hostname,
                     status,
                     protocol,
@@ -354,7 +409,25 @@ export function getBucketConfig(bucket, files) {
                 });
             }
         }
-        return { index_page, error_page, bucket_redirects, object_redirects };
+        // Interpret CORS rules
+        let cors_rules = [];
+        if (cors.CORSRules) {
+            for (const rule of cors.CORSRules) {
+                cors_rules.push({
+                    allowed_origins: (_c = rule.AllowedOrigins) !== null && _c !== void 0 ? _c : [],
+                    allowed_methods: (_d = rule.AllowedMethods) !== null && _d !== void 0 ? _d : [],
+                    allowed_headers: (_e = rule.AllowedHeaders) !== null && _e !== void 0 ? _e : [],
+                    expose_headers: (_f = rule.ExposeHeaders) !== null && _f !== void 0 ? _f : [],
+                });
+            }
+        }
+        return {
+            index_page,
+            error_page,
+            bucket_redirects,
+            object_redirects,
+            cors_rules,
+        };
     });
 }
 ////////////// Applying a configuration to S3
@@ -378,8 +451,8 @@ export function putBucketWebsiteConfig(bucket, index_page, error_page, bucket_re
                     },
                     Redirect: {},
                 };
-                if (r.if_error) {
-                    rule.Condition.HttpErrorCodeReturnedEquals = r.if_error.toString();
+                if (!r.force) {
+                    rule.Condition.HttpErrorCodeReturnedEquals = "404";
                 }
                 if (r.hostname) {
                     rule.Redirect.HostName = r.hostname;
@@ -408,3 +481,24 @@ export function putBucketWebsiteConfig(bucket, index_page, error_page, bucket_re
         }
     });
 }
+// applies CORS rules
+export function putCorsRules(bucket, cors_rules) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let CORSRules = [];
+        for (const rule of cors_rules) {
+            CORSRules.push({
+                AllowedOrigins: rule.allowed_origins,
+                AllowedMethods: rule.allowed_methods,
+                AllowedHeaders: rule.allowed_headers,
+                ExposeHeaders: rule.expose_headers,
+            });
+        }
+        const resp = yield bucket.client.send(new PutBucketCorsCommand({
+            Bucket: bucket.name,
+            CORSConfiguration: { CORSRules },
+        }));
+        if (resp && resp.$metadata.httpStatusCode != 200) {
+            throw resp;
+        }
+    });
+}

package/doc/workflows/gh-actions.yml

@@ -0,0 +1,19 @@
+name: Deploy with GitHub Actions
+
+# You will need to:
+# 1. Get (from Guichet web interface):
+#    - Your access keys (ID and secret): in the "S3" tab of your website
+#    - The website id: your sub-domain (the part before .web.deuxfleurs.fr) or your full custom domain (e.g. your-domain.com)
+# 2. Setup the access keys as secrets in GitHub web interface (https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/using-secrets-in-github-actions), named in this example key_id and key_secret
+# 3. If you use a deuxfleurs.toml config, be sure the dxfl deploy command is launch in the current directory its in.
+
+jobs:
+  build:
+    # Build your website in a dedicated step to avoid to expose your access keys to external software
+  deploy:
+    runs-on: node:lts-alpine
+    steps:
+      - run: npx --yes dxfl deploy your-website-id build/ --yes
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.key_id }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.key_secret }}

package/doc/workflows/woodpecker.yml

@@ -0,0 +1,21 @@
+## Deploy with Woodpecker CI
+#
+# You will need to:
+# 1. Get (from Guichet web interface):
+#    - Your access keys (ID and secret): in the "S3" tab of your website
+#    - The website id: your sub-domain (the part before .web.deuxfleurs.fr) or your full custom domain (e.g. your-domain.com)
+# 2. Setup the access keys as secrets in Woodpecker web interface (https://woodpecker-ci.org/docs/usage/secrets), named in this example key_id and key_secret
+# 3. If you use a deuxfleurs.toml config, be sure the dxfl deploy command is launch in the current directory its in.
+
+steps:
+  - name: build
+    # Build your website in a dedicated step to avoid to expose your access keys to external software
+  - name: deploy
+    image: node:lts-alpine
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: key_secret
+    commands:
+      - npx --yes dxfl deploy your-website-id build/ --yes

package/package.json

@@ -1,9 +1,13 @@
 {
   "name": "dxfl",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "",
   "license": "EUPL-1.2",
   "author": "Deuxfleurs Team <coucou@deuxfleurs.fr>",
+  "keywords": [
+    "cli",
+    "deuxfleurs"
+  ],
   "type": "module",
   "main": "dist/main.js",
   "bin": {