@isomorphic-git/cors-proxy - npm Package Compare versions

Comparing version 2.3.0 to 2.4.0

allow-request.js

@@ -1,5 +0,3 @@
-const url = require('url')
-
-function isPreflight (req, u) {
-  return req.method === 'OPTIONS'
+function isPreflightInfoRefs (req, u) {
+  return req.method === 'OPTIONS' && u.pathname.endsWith('/info/refs') && (u.query.service === 'git-upload-pack' || u.query.service === 'git-receive-pack')
 }
@@ -11,2 +9,6 @@
 
+function isPreflightPull (req, u) {
+  return req.method === 'OPTIONS' && req.headers['access-control-request-headers'].includes('content-type') && u.pathname.endsWith('git-upload-pack')
+}
+
 function isPull (req, u) {
@@ -16,2 +18,6 @@ return req.method === 'POST' && req.headers['content-type'] === 'application/x-git-upload-pack-request' && u.pathname.endsWith('git-upload-pack')
 
+function isPreflightPush (req, u) {
+  return req.method === 'OPTIONS' && req.headers['access-control-request-headers'].includes('content-type') && u.pathname.endsWith('git-receive-pack')
+}
+
 function isPush (req, u) {
@@ -22,3 +28,10 @@ return req.method === 'POST' && req.headers['content-type'] === 'application/x-git-receive-pack-request' && u.pathname.endsWith('git-receive-pack')
 module.exports = function allow (req, u) {
-  return (isPreflight(req, u) || isInfoRefs(req, u) || isPull(req, u) || isPush(req, u))
+  return (
+    isPreflightInfoRefs(req, u) ||
+    isInfoRefs(req, u) ||
+    isPreflightPull(req, u) ||
+    isPull(req, u) ||
+    isPreflightPush(req, u) ||
+    isPush(req, u)
+  )
 }

index.js

@@ -7,123 +7,40 @@ 'use strict'
 const insecure_origins = (process.env.INSECURE_HTTP_ORIGINS || '').split(',')
-const allowHeaders = [
-  'accept-encoding',
-  'accept-language',
-  'accept',
-  'access-control-allow-origin',
-  'authorization',
-  'cache-control',
-  'connection',
-  'content-length',
-  'content-type',
-  'dnt',
-  'pragma',
-  'range',
-  'referer',
-  'user-agent',
-  'x-http-method-override',
-  'x-requested-with',
-]
-const exposeHeaders = [
-  'accept-ranges',
-  'age',
-  'cache-control',
-  'content-length',
-  'content-language',
-  'content-type',
-  'date',
-  'etag',
-  'expires',
-  'last-modified',
-  'pragma',
-  'server',
-  'transfer-encoding',
-  'vary',
-  'x-github-request-id',
-]
-const allowMethods = [
-  'POST',
-  'GET',
-  'OPTIONS'
-]
-const fetch = require('node-fetch')
-const cors = require('./micro-cors.js')({
-  allowHeaders,
-  exposeHeaders,
-  allowMethods,
-  allowCredentials: false,
-  origin
-})
-const allow = require('./allow-request.js')
+const middleware = require('./middleware.js')({ origin, insecure_origins })
 
 async function service (req, res) {
-  let u = url.parse(req.url, true)
+  middleware(req, res, () => {
+    let u = url.parse(req.url, true)
 
-  if (u.pathname === '/') {
-    res.setHeader('content-type', 'text/html')
-    let html = `<!DOCTYPE html>
-    <html>
-      <title>@isomorphic-git/cors-proxy</title>
-      <h1>@isomorphic-git/cors-proxy</h1>
-      <p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a>
-         &ndash; a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>)
-         for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p>
-      <p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p>
-      <p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p>
+    if (u.pathname === '/') {
+      res.setHeader('content-type', 'text/html')
+      let html = `<!DOCTYPE html>
+      <html>
+        <title>@isomorphic-git/cors-proxy</title>
+        <h1>@isomorphic-git/cors-proxy</h1>
+        <p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a>
+           &ndash; a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>)
+           for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p>
+        <p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p>
+        <p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p>
 
-      <h2>Terms of Use</h2>
-      <p><b>This free service is provided to you AS IS with no guarantees.
-      By using this free service, you promise not to use excessive amounts of bandwidth.
-      </b></p>
+        <h2>Terms of Use</h2>
+        <p><b>This free service is provided to you AS IS with no guarantees.
+        By using this free service, you promise not to use excessive amounts of bandwidth.
+        </b></p>
 
-      <p><b>If you are cloning or pushing large amounts of data your IP address may be banned.
-      Please run your own instance of the software if you need to make heavy use this service.</b></p>
+        <p><b>If you are cloning or pushing large amounts of data your IP address may be banned.
+        Please run your own instance of the software if you need to make heavy use this service.</b></p>
 
-      <h2>Allowed Origins</h2>
-      This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code>
-    </html>
-    `
-    return send(res, 400, html)
-  }
+        <h2>Allowed Origins</h2>
+        This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code>
+      </html>
+      `
+      return send(res, 400, html)
+    }
 
-  if (!allow(req, u)) {
     // Don't waste my precious bandwidth
     return send(res, 403, '')
-  }
-
-  // Handle CORS preflight request
-  if (req.method === 'OPTIONS') {
-    return send(res, 200, '')
-  }
-
-  let headers = {}
-  for (let h of allowHeaders) {
-    if (req.headers[h]) {
-      headers[h] = req.headers[h]
-    }
-  }
-
-  let p = u.path
-  let parts = p.match(/\/([^\/]*)\/(.*)/)
-  let pathdomain = parts[1]
-  let remainingpath = parts[2]
-  let protocol = insecure_origins.includes(pathdomain) ? 'http' : 'https'
-  console.log(`${protocol}://${pathdomain}/${remainingpath}`)
-  let f = await fetch(
-    `${protocol}://${pathdomain}/${remainingpath}`,
-    {
-      method: req.method,
-      headers,
-      body: (req.method !== 'GET' && req.method !== 'HEAD') ? req : undefined
-    }
-  )
-  res.statusCode = f.status
-  for (let h of exposeHeaders) {
-    if (h === 'content-length') continue
-    if (f.headers.has(h)) {
-      res.setHeader(h, f.headers.get(h))
-    }
-  }
-  f.body.pipe(res)
+  })
 }
 
-module.exports = cors(service)
+module.exports = service

package.json

 {
   "name": "@isomorphic-git/cors-proxy",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "description": "Proxy clone and push requests for the browser",
@@ -24,2 +24,3 @@ "main": "index.js",
     "micro": "^9.3.3",
+    "micro-cors": "0.1.1",
     "minimisted": "^2.0.0",
@@ -26,0 +27,0 @@ "node-fetch": "^2.3.0",

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

12246

increased by0.5%

Worsened metrics

Dependency count

7

increased by16.67%

Lines of code

243

decreased by-2.8%

Number of medium supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedmicro-cors@0.1.1

• + Addedmicro-cors@0.1.1(transitive)