npm - miqro - Versions diffs - 7.3.2 → 7.3.4 - Mend

miqro 7.3.2 → 7.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/build/esm/editor/auth.js +6 -4
package/build/esm/src/cluster.js +0 -0
package/build/esm/src/common/esbuild.js +1 -0
package/build/esm/src/common/exit.js +23 -5
package/build/esm/src/main.js +0 -0
package/build/esm/src/services/app.d.ts +1 -0
package/build/esm/src/services/app.js +6 -1
package/build/lib.cjs +417 -1638
package/editor/auth.ts +6 -5
package/package.json +4 -4

package/build/esm/editor/auth.js CHANGED Viewed

@@ -18,13 +18,15 @@ export default {
             const cookieToken = args.req.cookies[ADMIN_EDITOR_AUTH_COOKIE];
             //console.log("\n\nqueryToken[%s] cookieToken[%s] KEY[%s]\n\n", queryToken, cookieToken, KEY);
             if (queryToken) {
-                if (typeof queryToken === "string" && timingSafeEqual(Buffer.from(queryToken), Buffer.from(KEY))) {
+                const queryBuf = Buffer.from(String(queryToken));
+                const keyBuf = Buffer.from(KEY);
+                if (typeof queryToken === "string" && queryBuf.length === keyBuf.length && timingSafeEqual(queryBuf, keyBuf)) {
                     args.res.setCookie(ADMIN_EDITOR_AUTH_COOKIE, KEY, {
-                        expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 31 * 12 * 500),
+                        expires: new Date(Date.now() + 1000 * 60 * 60 * 24),
                         httpOnly: true,
-                        //secure: true,
+                        //secure: args.req.secure,
+                        sameSite: "strict",
                         path: "/",
-                        //sameSite: "strict"
                     });
                     args.req.searchParams.delete(ADMIN_EDITOR_AUTH_QUERY);
                     const queryString = args.req.searchParams.toString();

package/build/esm/src/cluster.js CHANGED Viewed

File without changes

package/build/esm/src/common/esbuild.js CHANGED Viewed

@@ -59,6 +59,7 @@ export async function esBuild(options, logger) {
             else {
                 exec(esBuildCMD, {
                     maxBuffer: 1024 * 1000 * 2000,
+                    timeout: 60000,
                     cwd: dirname(options.entryPoints[0])
                 }, (err, stdout, _stderr) => {
                     if (err) {

package/build/esm/src/common/exit.js CHANGED Viewed

@@ -47,7 +47,7 @@ export function setupExitHandlers(app) {
         }
         process.exit(EXIT_CODES.ABNORMAL_UNCONTROLLED);
     });
-    process.on('exit', async function (code) {
+    process.on('exit', function (code) {
         if (exceptionOccured) {
             app.logger?.error('Exception occured');
         }
@@ -60,7 +60,7 @@ export function setupExitHandlers(app) {
             }*/
             cleanJSX(app);
             if (app.server) {
-                await app.stop();
+                app.stop();
             }
         }
     });
@@ -80,20 +80,38 @@ export function setupExitHandlers(app) {
         }
         process.exit(EXIT_CODES.ABNORMAL_UNCONTROLLED);
     });
-    process.on("SIGTERM", function () {
+    process.on("SIGTERM", async function () {
         app.logger?.info('SIGTERM received');
+        if (app.server) {
+            await Promise.race([
+                app.stop(),
+                new Promise(r => setTimeout(r, 5000))
+            ]);
+        }
         process.exit(EXIT_CODES.ABNORMAL_UNCONTROLLED);
     });
-    process.on('SIGHUP', function () {
+    process.on('SIGHUP', async function () {
         app.logger?.info('SIGHUP received');
+        if (app.server) {
+            await Promise.race([
+                app.stop(),
+                new Promise(r => setTimeout(r, 5000))
+            ]);
+        }
         process.exit(EXIT_CODES.ABNORMAL_UNCONTROLLED);
     });
     /*process.on('SIGKILL', function () {
       server.logger.info('SIGKILL received');
       process.exit(EXIT_CODES.ABNORMAL_UNCONTROLLED);
     });*/
-    process.on('SIGINT', function () {
+    process.on('SIGINT', async function () {
         app.logger?.info('SIGINT received');
+        if (app.server) {
+            await Promise.race([
+                app.stop(),
+                new Promise(r => setTimeout(r, 5000))
+            ]);
+        }
         process.exit(EXIT_CODES.ABNORMAL_UNCONTROLLED);
     });
 }

package/build/esm/src/main.js CHANGED Viewed

File without changes

package/build/esm/src/services/app.d.ts CHANGED Viewed

@@ -28,6 +28,7 @@ export interface MiqroOptions extends ImportJSXFileOptions {
     https?: boolean;
     httpRedirect?: number;
     noMinify?: boolean;
+    allowedRedirectHosts?: string[];
 }
 export interface InflateOptions {
     inflateDir?: string;

package/build/esm/src/services/app.js CHANGED Viewed

@@ -383,7 +383,12 @@ export class Miqro {
         if (this.options?.httpRedirect) {
             this.httpsRedirectServer = new App();
             this.httpsRedirectServer.use(async (req, res) => {
-                const hostname = req.headers.host.split(":").length > 1 ? req.headers.host.split(":")[0] : req.headers.host;
+                const hostname = req.headers.host?.split(":")[0] ?? "";
+                const allowed = this.options?.allowedRedirectHosts;
+                if (allowed && !allowed.includes(hostname)) {
+                    res.writeHead(400).end("Invalid Host header");
+                    return;
+                }
                 return await res.redirect('https://' + hostname + ":" + this.options.port + req.url);
             });
         }