la-machina-engine 0.15.0 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +36 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +36 -0
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1278,6 +1278,14 @@ var RESERVED_HEADER_NAMES = /* @__PURE__ */ new Set([
|
|
|
1278
1278
|
"set-cookie",
|
|
1279
1279
|
"proxy-authorization"
|
|
1280
1280
|
]);
|
|
1281
|
+
var SECRET_PATTERN_RE = /(-secret|-token|-key)$/i;
|
|
1282
|
+
var RESERVED_DEFAULT_HEADER_EXACT = /* @__PURE__ */ new Set([
|
|
1283
|
+
"authorization",
|
|
1284
|
+
"cookie",
|
|
1285
|
+
"set-cookie",
|
|
1286
|
+
"proxy-authorization",
|
|
1287
|
+
"x-auth-token"
|
|
1288
|
+
]);
|
|
1281
1289
|
var ApiServiceSchema = import_zod.z.object({
|
|
1282
1290
|
name: import_zod.z.string().min(1),
|
|
1283
1291
|
description: import_zod.z.string().optional(),
|
|
@@ -1292,6 +1300,34 @@ var ApiServiceSchema = import_zod.z.object({
|
|
|
1292
1300
|
endpoints: import_zod.z.array(ApiEndpointSchema).optional(),
|
|
1293
1301
|
secretHeaders: import_zod.z.record(import_zod.z.string(), import_zod.z.string().min(1)).optional()
|
|
1294
1302
|
}).strict().superRefine((svc, ctx) => {
|
|
1303
|
+
if (svc.defaultHeaders !== void 0) {
|
|
1304
|
+
for (const headerName of Object.keys(svc.defaultHeaders)) {
|
|
1305
|
+
if (!HEADER_NAME_RE.test(headerName)) {
|
|
1306
|
+
ctx.addIssue({
|
|
1307
|
+
code: "custom",
|
|
1308
|
+
message: `defaultHeaders key "${headerName}" is not a valid HTTP header name (RFC 7230 token charset)`,
|
|
1309
|
+
path: ["defaultHeaders", headerName]
|
|
1310
|
+
});
|
|
1311
|
+
continue;
|
|
1312
|
+
}
|
|
1313
|
+
const lower = headerName.toLowerCase();
|
|
1314
|
+
if (RESERVED_DEFAULT_HEADER_EXACT.has(lower)) {
|
|
1315
|
+
ctx.addIssue({
|
|
1316
|
+
code: "custom",
|
|
1317
|
+
message: `defaultHeaders key "${headerName}" is reserved \u2014 move secret-bearing values to secretHeaders or primary auth`,
|
|
1318
|
+
path: ["defaultHeaders", headerName]
|
|
1319
|
+
});
|
|
1320
|
+
continue;
|
|
1321
|
+
}
|
|
1322
|
+
if (SECRET_PATTERN_RE.test(headerName)) {
|
|
1323
|
+
ctx.addIssue({
|
|
1324
|
+
code: "custom",
|
|
1325
|
+
message: `defaultHeaders key "${headerName}" looks like a secret-bearing name (matches *-secret/*-token/*-key). Move to secretHeaders so the value is vault-resolved + scrubbed.`,
|
|
1326
|
+
path: ["defaultHeaders", headerName]
|
|
1327
|
+
});
|
|
1328
|
+
}
|
|
1329
|
+
}
|
|
1330
|
+
}
|
|
1295
1331
|
if (svc.secretHeaders === void 0) return;
|
|
1296
1332
|
const lowerDefault = /* @__PURE__ */ new Set();
|
|
1297
1333
|
for (const k of Object.keys(svc.defaultHeaders ?? {})) lowerDefault.add(k.toLowerCase());
|