spiceflow 1.1.8 → 1.1.10

package/src/cors.test.ts

@@ -4,47 +4,47 @@ import { cors } from './cors.js'
 import { Spiceflow } from './spiceflow.js'
 
 function request(path, method = 'GET') {
-	return new Request(`http://localhost/${path}`, {
-		method,
-		headers: {
-			Origin: 'http://example.com',
-		},
-	})
+  return new Request(`http://localhost/${path}`, {
+    method,
+    headers: {
+      Origin: 'http://example.com',
+    },
+  })
 }
 describe('cors middleware', () => {
-	const app = new Spiceflow()
-		.state('x', 1)
-		.use(cors())
-		.get('/ids/:id', ({ state }) => {
-			state.x
-			// @ts-expect-error
-			state.y
-			return 'hi'
-		})
-		.post('/ids/:id', ({ params: { id } }) => id, {
-			params: z.object({ id: z.string() }),
-		})
+  const app = new Spiceflow()
+    .state('x', 1)
+    .use(cors())
+    .get('/ids/:id', ({ state }) => {
+      state.x
+      // @ts-expect-error
+      state.y
+      return 'hi'
+    })
+    .post('/ids/:id', ({ params: { id } }) => id, {
+      params: z.object({ id: z.string() }),
+    })
 
-	test('GET request returns correct response and CORS headers', async () => {
-		const res = await app.handle(request('ids/xxx'))
-		expect(res.status).toBe(200)
-		expect(await res.json()).toBe('hi')
-		expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
-	})
+  test('GET request returns correct response and CORS headers', async () => {
+    const res = await app.handle(request('ids/xxx'))
+    expect(res.status).toBe(200)
+    expect(await res.json()).toBe('hi')
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
+  })
 
-	test('OPTIONS request returns correct CORS headers', async () => {
-		const res = await app.handle(request('ids/xxx', 'OPTIONS'))
-		expect(res.status).toBe(204)
-		expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
-		expect(res.headers.get('Access-Control-Allow-Methods')).toBe(
-			'GET,HEAD,PUT,POST,DELETE,PATCH',
-		)
-	})
+  test('OPTIONS request returns correct CORS headers', async () => {
+    const res = await app.handle(request('ids/xxx', 'OPTIONS'))
+    expect(res.status).toBe(204)
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
+    expect(res.headers.get('Access-Control-Allow-Methods')).toBe(
+      'GET,HEAD,PUT,POST,DELETE,PATCH',
+    )
+  })
 
-	test('POST request respects CORS and returns correct response', async () => {
-		const res = await app.handle(request('ids/123', 'POST'))
-		expect(res.status).toBe(200)
-		expect(await res.json()).toBe('123')
-		expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
-	})
+  test('POST request respects CORS and returns correct response', async () => {
+    const res = await app.handle(request('ids/123', 'POST'))
+    expect(res.status).toBe(200)
+    expect(await res.json()).toBe('123')
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
+  })
 })

package/src/cors.ts

@@ -4,112 +4,107 @@ import { MiddlewareHandler } from './types.js'
  * @see {@link https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS MDN CORS documentation}
  */
 type CORSOptions = {
-	/** Configures the Access-Control-Allow-Origin CORS header */
-	origin: string | string[]
-	/** Configures the Access-Control-Allow-Methods CORS header */
-	allowMethods?: string[]
-	/** Configures the Access-Control-Allow-Headers CORS header */
-	allowHeaders?: string[]
-	/** Configures the Access-Control-Max-Age CORS header */
-	maxAge?: number
-	/** Configures the Access-Control-Allow-Credentials CORS header */
-	credentials?: boolean
-	/** Configures the Access-Control-Expose-Headers CORS header */
-	exposeHeaders?: string[]
+  /** Configures the Access-Control-Allow-Origin CORS header */
+  origin: string | string[]
+  /** Configures the Access-Control-Allow-Methods CORS header */
+  allowMethods?: string[]
+  /** Configures the Access-Control-Allow-Headers CORS header */
+  allowHeaders?: string[]
+  /** Configures the Access-Control-Max-Age CORS header */
+  maxAge?: number
+  /** Configures the Access-Control-Allow-Credentials CORS header */
+  credentials?: boolean
+  /** Configures the Access-Control-Expose-Headers CORS header */
+  exposeHeaders?: string[]
 }
 
 export const cors = (options?: CORSOptions): MiddlewareHandler => {
-	const defaults: CORSOptions = {
-		origin: '*',
-		allowMethods: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH'],
-		allowHeaders: [],
-		exposeHeaders: [],
-	}
-	const opts = {
-		...defaults,
-		...options,
-	}
+  const defaults: CORSOptions = {
+    origin: '*',
+    allowMethods: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH'],
+    allowHeaders: [],
+    exposeHeaders: [],
+  }
+  const opts = {
+    ...defaults,
+    ...options,
+  }
 
-	const findAllowOrigin = ((optsOrigin) => {
-		if (typeof optsOrigin === 'string') {
-			return () => optsOrigin
-		} else if (typeof optsOrigin === 'function') {
-			return optsOrigin
-		} else {
-			return (origin: string) =>
-				optsOrigin.includes(origin) ? origin : optsOrigin[0]
-		}
-	})(opts.origin)
+  const findAllowOrigin = ((optsOrigin) => {
+    if (typeof optsOrigin === 'string') {
+      return () => optsOrigin
+    } else if (typeof optsOrigin === 'function') {
+      return optsOrigin
+    } else {
+      return (origin: string) =>
+        optsOrigin.includes(origin) ? origin : optsOrigin[0]
+    }
+  })(opts.origin)
 
-	return async function cors(c, next) {
-		let response = await next()
+  return async function cors(c, next) {
+    let response = await next()
 
-		function set(key: string, value: string) {
-			response.headers.set(key, value)
-		}
+    function set(key: string, value: string) {
+      response.headers.set(key, value)
+    }
 
-		const allowOrigin = findAllowOrigin(
-			c.request.headers.get('origin') || '',
-		)
-		if (allowOrigin) {
-			set('Access-Control-Allow-Origin', allowOrigin)
-		}
+    const allowOrigin = findAllowOrigin(c.request.headers.get('origin') || '')
+    if (allowOrigin) {
+      set('Access-Control-Allow-Origin', allowOrigin)
+    }
 
-		// Suppose the server sends a response with an Access-Control-Allow-Origin value with an explicit origin (rather than the "*" wildcard).
-		// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
-		if (opts.origin !== '*') {
-			const existingVary = c.request.headers.get('Vary')
+    // Suppose the server sends a response with an Access-Control-Allow-Origin value with an explicit origin (rather than the "*" wildcard).
+    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+    if (opts.origin !== '*') {
+      const existingVary = c.request.headers.get('Vary')
 
-			if (existingVary) {
-				set('Vary', existingVary)
-			} else {
-				set('Vary', 'Origin')
-			}
-		}
+      if (existingVary) {
+        set('Vary', existingVary)
+      } else {
+        set('Vary', 'Origin')
+      }
+    }
 
-		if (opts.credentials) {
-			set('Access-Control-Allow-Credentials', 'true')
-		}
+    if (opts.credentials) {
+      set('Access-Control-Allow-Credentials', 'true')
+    }
 
-		if (opts.exposeHeaders?.length) {
-			set('Access-Control-Expose-Headers', opts.exposeHeaders.join(','))
-		}
+    if (opts.exposeHeaders?.length) {
+      set('Access-Control-Expose-Headers', opts.exposeHeaders.join(','))
+    }
 
-		if (c.request.method === 'OPTIONS') {
-			if (opts.maxAge != null) {
-				set('Access-Control-Max-Age', opts.maxAge.toString())
-			}
+    if (c.request.method === 'OPTIONS') {
+      if (opts.maxAge != null) {
+        set('Access-Control-Max-Age', opts.maxAge.toString())
+      }
 
-			if (opts.allowMethods?.length) {
-				set('Access-Control-Allow-Methods', opts.allowMethods.join(','))
-			}
+      if (opts.allowMethods?.length) {
+        set('Access-Control-Allow-Methods', opts.allowMethods.join(','))
+      }
 
-			let headers = opts.allowHeaders
-			if (!headers?.length) {
-				const requestHeaders = c.request.headers.get(
-					'Access-Control-Request-Headers',
-				)
-				if (requestHeaders) {
-					headers = requestHeaders.split(/\s*,\s*/)
-				}
-			}
-			if (headers?.length) {
-				set('Access-Control-Allow-Headers', headers.join(','))
-				c.request.headers.append(
-					'Vary',
-					'Access-Control-Request-Headers',
-				)
-			}
+      let headers = opts.allowHeaders
+      if (!headers?.length) {
+        const requestHeaders = c.request.headers.get(
+          'Access-Control-Request-Headers',
+        )
+        if (requestHeaders) {
+          headers = requestHeaders.split(/\s*,\s*/)
+        }
+      }
+      if (headers?.length) {
+        set('Access-Control-Allow-Headers', headers.join(','))
+        c.request.headers.append('Vary', 'Access-Control-Request-Headers')
+      }
 
-			response.headers.delete('Content-Length')
-			response.headers.delete('Content-Type')
+      response.headers.delete('Content-Length')
+      response.headers.delete('Content-Type')
 
-			return new Response(null, {
-				headers: response.headers,
-				status: 204,
-				statusText: response.statusText,
-			})
-		}
-		return response
-	}
+      return new Response(null, {
+        headers: response.headers,
+        status: 204,
+        statusText: response.statusText,
+      })
+    }
+    return response
+  }
 }

package/src/error.ts

@@ -1,12 +1,12 @@
 // ? Cloudflare worker support
 const env =
-	// @ts-ignore
-	typeof Bun !== 'undefined'
-		? // @ts-ignore
-		  Bun.env
-		: typeof process !== 'undefined'
-		? process?.env
-		: undefined
+  // @ts-ignore
+  typeof Bun !== 'undefined'
+    ? // @ts-ignore
+      Bun.env
+    : typeof process !== 'undefined'
+      ? process?.env
+      : undefined
 
 export const ERROR_CODE = Symbol('SpiceflowErrorCode')
 export type ERROR_CODE = typeof ERROR_CODE
@@ -17,16 +17,16 @@ export type ELYSIA_RESPONSE = typeof ELYSIA_RESPONSE
 export const isProduction = (env?.NODE_ENV ?? env?.ENV) === 'production'
 
 export class ValidationError extends Error {
-	code = 'VALIDATION'
-	status = 422
+  code = 'VALIDATION'
+  status = 422
 }
 
 export class ParseError extends Error {
-	code = 'PARSE'
-	status = 400
+  code = 'PARSE'
+  status = 400
 }
 
 export class InternalServerError extends Error {
-	code = 'INTERNAL_SERVER_ERROR'
-	status = 500
+  code = 'INTERNAL_SERVER_ERROR'
+  status = 500
 }