@isomorphic-git/cors-proxy
Advanced tools
Comparing version 2.4.0 to 2.5.0
@@ -22,2 +22,3 @@ 'use strict' | ||
'user-agent', | ||
'x-authorization', | ||
'x-http-method-override', | ||
@@ -62,3 +63,27 @@ 'x-requested-with', | ||
module.exports = ({ origin, insecure_origins = [] } = {}) => { | ||
const compose = (...handlers) => { | ||
const composeTwo = (handler1, handler2) => { | ||
function composed (req, res, next) { | ||
handler1(req, res, (err) => { | ||
if (err) { | ||
return next(err) | ||
} else { | ||
return handler2(req, res, next) | ||
} | ||
}) | ||
} | ||
return composed | ||
} | ||
let result = handlers.pop() | ||
while(handlers.length) { | ||
result = composeTwo(handlers.pop(), result) | ||
} | ||
return result | ||
} | ||
function noop (_req, _res, next) { | ||
next() | ||
} | ||
module.exports = ({ origin, insecure_origins = [], authorization = noop } = {}) => { | ||
function predicate (req) { | ||
@@ -69,10 +94,14 @@ let u = url.parse(req.url, true) | ||
} | ||
function middleware (req, res) { | ||
let u = url.parse(req.url, true) | ||
function sendCorsOK (req, res, next) { | ||
// Handle CORS preflight request | ||
if (req.method === 'OPTIONS') { | ||
return send(res, 200, '') | ||
} else { | ||
next() | ||
} | ||
} | ||
function middleware (req, res) { | ||
let u = url.parse(req.url, true) | ||
let headers = {} | ||
@@ -116,3 +145,3 @@ for (let h of allowHeaders) { | ||
}) | ||
return filter(predicate, cors(middleware)) | ||
return filter(predicate, cors(compose(sendCorsOK, authorization, middleware))) | ||
} |
{ | ||
"name": "@isomorphic-git/cors-proxy", | ||
"version": "2.4.0", | ||
"version": "2.5.0", | ||
"description": "Proxy clone and push requests for the browser", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -42,3 +42,3 @@ # @isomorphic-git/cors-proxy | ||
## Configuration | ||
### CLI configuration | ||
@@ -50,4 +50,64 @@ Environment variables: | ||
## Middleware usage | ||
You can also use the `cors-proxy` as a middleware in your own server. | ||
```js | ||
const express = require('express') | ||
const corsProxy = require('@isomorphic-git/cors-proxy/middleware.js') | ||
const app = express() | ||
const options = {} | ||
app.use(corsProxy(options)) | ||
``` | ||
### Middleware configuration | ||
*The middleware doesn't use the environment variables.* The options object supports the following properties: | ||
- `origin`: _string_. The value for the 'Access-Control-Allow-Origin' CORS header | ||
- `insecure_origins`: _string[]_. Array of origins for which HTTP should be used instead of HTTPS (added to make developing against locally running git servers easier) | ||
- `authorization`: _(req, res, next) => void_. A middleware function you can use to handle custom authorization. Is run after filtering for git-like requests and handling CORS but before the request is proxied. | ||
_Example:_ | ||
```ts | ||
app.use( | ||
corsProxy({ | ||
authorization: (req: Request, res: Response, next: NextFunction) => { | ||
// proxied git HTTP requests already use the Authorization header for git credentials, | ||
// so their [Company] credentials are inserted in the X-Authorization header instead. | ||
if (getAuthorizedUser(req, 'X-Authorization')) { | ||
return next(); | ||
} else { | ||
return res.status(401).send("Unable to authenticate you with [Company]'s git proxy"); | ||
} | ||
}, | ||
}) | ||
); | ||
// Only requests with a valid JSON Web Token will be proxied | ||
function getAuthorizedUser(req: Request, header: string = 'Authorization') { | ||
const Authorization = req.get(header); | ||
if (Authorization) { | ||
const token = Authorization.replace('Bearer ', ''); | ||
try { | ||
const verifiedToken = verify(token, env.APP_SECRET) as IToken; | ||
if (verifiedToken) { | ||
return { | ||
id: verifiedToken.userId, | ||
}; | ||
} | ||
} catch (e) { | ||
// noop | ||
} | ||
} | ||
} | ||
``` | ||
## License | ||
This work is released under [The MIT License](https://opensource.org/licenses/MIT) |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
14769
270
112
2