rouzer 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/router.js +17 -11
- package/package.json +1 -1
package/dist/server/router.js
CHANGED
|
@@ -7,12 +7,21 @@ export { chain };
|
|
|
7
7
|
class RouterObject extends MiddlewareChain {
|
|
8
8
|
config;
|
|
9
9
|
basePath;
|
|
10
|
-
allowOrigins;
|
|
11
10
|
constructor(config) {
|
|
12
11
|
super();
|
|
13
12
|
this.config = config;
|
|
14
13
|
this.basePath = config.basePath?.replace(/\/?$/, '/');
|
|
15
|
-
|
|
14
|
+
const allowOrigins = config.cors?.allowOrigins?.map(createOriginPattern);
|
|
15
|
+
if (allowOrigins) {
|
|
16
|
+
super.use((ctx) => {
|
|
17
|
+
const origin = ctx.request.headers.get('Origin');
|
|
18
|
+
if (origin &&
|
|
19
|
+
allowOrigins &&
|
|
20
|
+
!allowOrigins.some(pattern => pattern.test(origin))) {
|
|
21
|
+
return new Response(null, { status: 403 });
|
|
22
|
+
}
|
|
23
|
+
});
|
|
24
|
+
}
|
|
16
25
|
}
|
|
17
26
|
use(...args) {
|
|
18
27
|
const handler = args.length === 1 ? super.use(args[0]) : this.useRoutes(...args);
|
|
@@ -21,23 +30,20 @@ class RouterObject extends MiddlewareChain {
|
|
|
21
30
|
}
|
|
22
31
|
/** @internal */
|
|
23
32
|
useRoutes(routes, handlers) {
|
|
24
|
-
const { config, basePath
|
|
33
|
+
const { config, basePath } = this;
|
|
25
34
|
const keys = Object.keys(routes);
|
|
26
35
|
const patterns = mapValues(routes, ({ path }) => basePath ? new RoutePattern(path.source.replace(/^\/?/, basePath)) : path);
|
|
27
36
|
return super.use(async function (context) {
|
|
28
37
|
const request = context.request;
|
|
29
38
|
const origin = request.headers.get('Origin');
|
|
30
|
-
if (origin &&
|
|
31
|
-
allowOrigins &&
|
|
32
|
-
!allowOrigins.some(pattern => pattern.test(origin))) {
|
|
33
|
-
return new Response(null, { status: 403 });
|
|
34
|
-
}
|
|
35
39
|
const url = (context.url ??= new URL(request.url));
|
|
36
|
-
let method = request.method.toUpperCase();
|
|
37
40
|
let isPreflight = false;
|
|
41
|
+
let method = request.method;
|
|
38
42
|
if (method === 'OPTIONS') {
|
|
39
|
-
method = request.headers.get('Access-Control-Request-Method') ?? 'GET';
|
|
40
43
|
isPreflight = true;
|
|
44
|
+
method =
|
|
45
|
+
request.headers.get('Access-Control-Request-Method')?.toUpperCase() ??
|
|
46
|
+
'GET';
|
|
41
47
|
}
|
|
42
48
|
for (let i = 0; i < keys.length; i++) {
|
|
43
49
|
const { methods } = routes[keys[i]];
|
|
@@ -59,7 +65,7 @@ class RouterObject extends MiddlewareChain {
|
|
|
59
65
|
if (isPreflight) {
|
|
60
66
|
return new Response(null, {
|
|
61
67
|
headers: {
|
|
62
|
-
'Access-Control-Allow-Origin': origin ?? '
|
|
68
|
+
'Access-Control-Allow-Origin': origin ?? '',
|
|
63
69
|
'Access-Control-Allow-Methods': method,
|
|
64
70
|
'Access-Control-Allow-Headers': request.headers.get('Access-Control-Request-Headers') ?? '',
|
|
65
71
|
},
|