npm - mockaton - Versions diffs - 7.1.0 → 7.2.1 - Mend

mockaton 7.1.0 → 7.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +3 -3
package/package.json +2 -2
package/src/Config.js +1 -1
package/src/Mockaton.js +5 -5
package/{Tests.js → src/Mockaton.test.js} +11 -13
package/src/utils/http-cors.js +13 -13
package/src/utils/http-cors.test.js +41 -6
package/src/utils/http-response.js +5 -0

package/README.md CHANGED Viewed

@@ -269,10 +269,10 @@ Config.corsAllowed = true
 // Defaults when `corsAllowed === true`
 Config.corsOrigins = ['*']
 Config.corsMethods = ['GET', 'PUT', 'DELETE', 'POST', 'PATCH', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT']
-Config.corsHeaders = []
+Config.corsHeaders = ['content-type']
 Config.corsCredentials = true
-Config.corsMaxAge = 0
-Config.corsExposedHeaders = []
+Config.corsMaxAge = 0 // seconds to cache the preflight req
+Config.corsExposedHeaders = [] // headers you need to access in client-side JS
 ```
 ## `Config.onReady`

package/package.json CHANGED Viewed

@@ -2,13 +2,13 @@
 	"name": "mockaton",
 	"description": "A deterministic server-side for developing and testing frontend clients",
 	"type": "module",
-	"version": "7.1.0",
+	"version": "7.2.1",
 	"main": "index.js",
 	"types": "index.d.ts",
 	"license": "MIT",
 	"repository": "https://github.com/ericfortis/mockaton",
 	"scripts": {
-		"test": "./Tests.js",
+		"test": "node --test",
 		"demo": "./_usage_example.js"
 	}
 }

package/src/Config.js CHANGED Viewed

@@ -22,7 +22,7 @@ export const Config = Object.seal({
 	corsAllowed: false,
 	corsOrigins: ['*'],
 	corsMethods: StandardMethods,
-	corsHeaders: [],
+	corsHeaders: ['content-type'],
 	corsExposedHeaders: [],
 	corsCredentials: true,
 	corsMaxAge: 0,

package/src/Mockaton.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { createServer } from 'node:http'
 import { API } from './ApiConstants.js'
 import { dispatchMock } from './MockDispatcher.js'
 import { Config, setup } from './Config.js'
+import { sendNoContent } from './utils/http-response.js'
 import * as mockBrokerCollection from './mockBrokersCollection.js'
 import { dispatchStatic, isStatic } from './StaticDispatcher.js'
 import { setCorsHeaders, isPreflight } from './utils/http-cors.js'
@@ -28,7 +29,6 @@ export function Mockaton(options) {
 }
 async function onRequest(req, response) {
-	const { url, method } = req
 	response.setHeader('Server', 'Mockaton')
 	if (Config.corsAllowed)
@@ -41,11 +41,11 @@ async function onRequest(req, response) {
 			exposedHeaders: Config.extraHeaders
 		})
+	const { url, method } = req
+	if (isPreflight(req))
+		sendNoContent(response)
-	if (isPreflight(req)) {
-		response.statusCode = 204
-		response.end()
-	}
 	else if (method === 'GET' && apiGetRequests.has(url))
 		apiGetRequests.get(url)(req, response)

package/{Tests.js → src/Mockaton.test.js} RENAMED Viewed

@@ -1,5 +1,3 @@
-#!/usr/bin/env -S node --experimental-default-type=module
 import { tmpdir } from 'node:os'
 import { dirname } from 'node:path'
 import { promisify } from 'node:util'
@@ -8,13 +6,13 @@ import { createServer } from 'node:http'
 import { equal, deepEqual, match } from 'node:assert/strict'
 import { writeFileSync, mkdtempSync, mkdirSync } from 'node:fs'
-import { Config } from './src/Config.js'
-import { mimeFor } from './src/utils/mime.js'
-import { Mockaton } from './src/Mockaton.js'
-import { Commander } from './src/Commander.js'
-import { parseFilename } from './src/Filename.js'
-import { PreflightHeader } from './src/utils/http-cors.js'
-import { API, DEFAULT_500_COMMENT, DEFAULT_MOCK_COMMENT } from './src/ApiConstants.js'
+import { Config } from './Config.js'
+import { mimeFor } from './utils/mime.js'
+import { Mockaton } from './Mockaton.js'
+import { Commander } from './Commander.js'
+import { parseFilename } from './Filename.js'
+import { CorsHeader } from './utils/http-cors.js'
+import { API, DEFAULT_500_COMMENT, DEFAULT_MOCK_COMMENT } from './ApiConstants.js'
 const tmpDir = mkdtempSync(tmpdir()) + '/'
@@ -446,13 +444,13 @@ async function testCorsAllowed() {
 		const res = await request('/does-not-matter', {
 			method: 'OPTIONS',
 			headers: {
-				[PreflightHeader.Origin]: 'http://example.com',
-				[PreflightHeader.AccessControlRequestMethod]: 'GET'
+				[CorsHeader.Origin]: 'http://example.com',
+				[CorsHeader.AccessControlRequestMethod]: 'GET'
 			}
 		})
 		equal(res.status, 204)
-		equal(res.headers.get(PreflightHeader.AccessControlAllowOrigin), 'http://example.com')
-		equal(res.headers.get(PreflightHeader.AccessControlAllowMethods), 'GET')
+		equal(res.headers.get(CorsHeader.AccessControlAllowOrigin), 'http://example.com')
+		equal(res.headers.get(CorsHeader.AccessControlAllowMethods), 'GET')
 	})
 }

package/src/utils/http-cors.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { StandardMethods } from './http-request.js'
 // https://www.w3.org/TR/2020/SPSD-cors-20200602/#resource-processing-model
-export const PreflightHeader = {
+export const CorsHeader = {
 	// request
 	Origin: 'origin',
 	AccessControlRequestMethod: 'access-control-request-method',
@@ -16,13 +16,13 @@ export const PreflightHeader = {
 	AccessControlExposeHeaders: 'Access-Control-Expose-Headers', // '*' | Comma delimited
 	AccessControlAllowCredentials: 'Access-Control-Allow-Credentials' // 'true'
 }
-const PH = PreflightHeader
+const CH = CorsHeader
 export function isPreflight(req) {
 	return req.method === 'OPTIONS'
-		&& URL.canParse(req.headers[PH.Origin])
-		&& StandardMethods.includes(req.headers[PH.AccessControlRequestMethod])
+		&& URL.canParse(req.headers[CH.Origin])
+		&& StandardMethods.includes(req.headers[CH.AccessControlRequestMethod])
 }
@@ -34,16 +34,16 @@ export function setCorsHeaders(req, response, {
 	credentials = false,
 	maxAge = 0
 }) {
-	const reqOrigin = req.headers[PH.Origin]
+	const reqOrigin = req.headers[CH.Origin]
 	const hasWildcard = origins.some(ao => ao === '*')
 	if (!reqOrigin || (!hasWildcard && !origins.includes(reqOrigin)))
 		return
-	response.setHeader(PH.AccessControlAllowOrigin, reqOrigin) // Never '*', so no need to `Vary` it
+	response.setHeader(CH.AccessControlAllowOrigin, reqOrigin) // Never '*', so no need to `Vary` it
 	if (credentials)
-		response.setHeader(PH.AccessControlAllowCredentials, 'true')
+		response.setHeader(CH.AccessControlAllowCredentials, 'true')
-	if (req.headers[PH.AccessControlRequestMethod])
+	if (req.headers[CH.AccessControlRequestMethod])
 		setPreflightSpecificHeaders(req, response, methods, headers, maxAge)
 	else
 		setActualRequestHeaders(response, exposedHeaders)
@@ -51,20 +51,20 @@ export function setCorsHeaders(req, response, {
 function setPreflightSpecificHeaders(req, response, methods, headers, maxAge) {
-	const methodAskingFor = req.headers[PH.AccessControlRequestMethod]
+	const methodAskingFor = req.headers[CH.AccessControlRequestMethod]
 	if (!methods.includes(methodAskingFor))
 		return
-	response.setHeader(PH.AccessControlAllowMethods, methodAskingFor)
+	response.setHeader(CH.AccessControlAllowMethods, methodAskingFor)
 	if (headers.length)
-		response.setHeader(PH.AccessControlAllowHeaders, headers.join(','))
+		response.setHeader(CH.AccessControlAllowHeaders, headers.join(','))
-	response.setHeader(PH.AccessControlMaxAge, maxAge)
+	response.setHeader(CH.AccessControlMaxAge, maxAge)
 }
 function setActualRequestHeaders(response, exposedHeaders) {
 	// Exposed means the client-side JavaScript can read them
 	if (exposedHeaders.length)
-		response.setHeader(PH.AccessControlExposeHeaders, exposedHeaders.join(','))
+		response.setHeader(CH.AccessControlExposeHeaders, exposedHeaders.join(','))
 }

package/src/utils/http-cors.test.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { equal } from 'node:assert/strict'
 import { promisify } from 'node:util'
 import { createServer } from 'node:http'
 import { describe, it, after } from 'node:test'
-import { isPreflight, setCorsHeaders, PreflightHeader as PH } from './http-cors.js'
+import { isPreflight, setCorsHeaders, CorsHeader as PH } from './http-cors.js'
 function headerIs(response, header, value) {
@@ -17,13 +17,13 @@ await describe('CORS', async () => {
 	let corsAllow = {}
 	const server = createServer((req, response) => {
+		setCorsHeaders(req, response, corsAllow)
 		if (isPreflight(req)) {
-			setCorsHeaders(req, response, corsAllow)
 			response.statusCode = 204
 			response.end()
-			return
 		}
-		response.end('NON_PREFLIGHT')
+		else
+			response.end('NON_PREFLIGHT')
 	})
 	await promisify(server.listen).bind(server, 0, '127.0.0.1')()
 	after(() => {
@@ -33,6 +33,10 @@ await describe('CORS', async () => {
 		const { address, port } = server.address()
 		return fetch(`http://${address}:${port}/`, { method, headers })
 	}
+	function request(headers, method) {
+		const { address, port } = server.address()
+		return fetch(`http://${address}:${port}/`, { method, headers })
+	}
 	await describe('Identifies Preflight Requests', async () => {
 		const requiredRequestHeaders = {
@@ -41,7 +45,7 @@ await describe('CORS', async () => {
 		}
 		await it('Ignores non-OPTIONS requests', async () => {
-			const res = await preflight(requiredRequestHeaders, 'POST')
+			const res = await request(requiredRequestHeaders, 'POST')
 			equal(await res.text(), 'NON_PREFLIGHT')
 		})
@@ -90,6 +94,7 @@ await describe('CORS', async () => {
 			headerIs(p, PH.AccessControlAllowMethods, null)
 			headerIs(p, PH.AccessControlAllowCredentials, null)
 			headerIs(p, PH.AccessControlAllowHeaders, null)
+			headerIs(p, PH.AccessControlMaxAge, null)
 		})
 		await it('not in allowed origins', async () => {
@@ -186,5 +191,35 @@ await describe('CORS', async () => {
 		})
 	})
-	// TODO Actual request response headers
+	await describe('Non-Preflight (Actual Response) Headers', async () => {
+		await it('no origins allowed', async () => {
+			corsAllow = {
+				origins: [],
+				methods: ['GET']
+			}
+			const p = await request({
+				[PH.Origin]: NotAllowedDotCom
+			})
+			equal(p.status, 200)
+			headerIs(p, PH.AccessControlAllowOrigin, null)
+			headerIs(p, PH.AccessControlAllowCredentials, null)
+			headerIs(p, PH.AccessControlExposeHeaders, null)
+		})
+		await it('origin allowed', async () => {
+			corsAllow = {
+				origins: [AllowedDotCom],
+				methods: ['GET'],
+				credentials: true,
+				exposedHeaders: ['x-h1', 'x-h2']
+			}
+			const p = await request({
+				[PH.Origin]: AllowedDotCom
+			})
+			equal(p.status, 200)
+			headerIs(p, PH.AccessControlAllowOrigin, AllowedDotCom)
+			headerIs(p, PH.AccessControlAllowCredentials, 'true')
+			headerIs(p, PH.AccessControlExposeHeaders, 'x-h1,x-h2')
+		})
+	})
 })

package/src/utils/http-response.js CHANGED Viewed

@@ -7,6 +7,11 @@ export function sendOK(response) {
 	response.end()
 }
+export function sendNoContent(response) {
+	response.statusCode = 204
+	response.end()
+}
 export function sendJSON(response, payload) {
 	response.setHeader('Content-Type', 'application/json')
 	response.end(JSON.stringify(payload))