@isomorphic-git/cors-proxy - npm Package Compare versions

@isomorphic-git/cors-proxy

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.4.0 to 2.5.0

middleware.js

		@@ -22,2 +22,3 @@ 'use strict'
		'user-agent',
		'x-authorization',
		'x-http-method-override',
		@@ -62,3 +63,27 @@ 'x-requested-with',

		module.exports = ({ origin, insecure_origins = [] } = {}) => {
		const compose = (...handlers) => {
		const composeTwo = (handler1, handler2) => {
		function composed (req, res, next) {
		handler1(req, res, (err) => {
		if (err) {
		return next(err)
		} else {
		return handler2(req, res, next)
		}
		})
		}
		return composed
		}
		let result = handlers.pop()
		while(handlers.length) {
		result = composeTwo(handlers.pop(), result)
		}
		return result
		}

		function noop (_req, _res, next) {
		next()
		}

		module.exports = ({ origin, insecure_origins = [], authorization = noop } = {}) => {
		function predicate (req) {
		@@ -69,10 +94,14 @@ let u = url.parse(req.url, true)
		}
		function middleware (req, res) {
		let u = url.parse(req.url, true)

		function sendCorsOK (req, res, next) {
		// Handle CORS preflight request
		if (req.method === 'OPTIONS') {
		return send(res, 200, '')
		} else {
		next()
		}
		}
		function middleware (req, res) {
		let u = url.parse(req.url, true)


		let headers = {}
		@@ -116,3 +145,3 @@ for (let h of allowHeaders) {
		})
		return filter(predicate, cors(middleware))
		return filter(predicate, cors(compose(sendCorsOK, authorization, middleware)))
		}

package.json

		{
		"name": "@isomorphic-git/cors-proxy",
		"version": "2.4.0",
		"version": "2.5.0",
		"description": "Proxy clone and push requests for the browser",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -42,3 +42,3 @@ # @isomorphic-git/cors-proxy

		## Configuration
		### CLI configuration

		@@ -50,4 +50,64 @@ Environment variables:


		## Middleware usage

		You can also use the `cors-proxy` as a middleware in your own server.

		```js
		const express = require('express')
		const corsProxy = require('@isomorphic-git/cors-proxy/middleware.js')

		const app = express()
		const options = {}

		app.use(corsProxy(options))

		```

		### Middleware configuration

		The middleware doesn't use the environment variables. The options object supports the following properties:

		- `origin`: _string_. The value for the 'Access-Control-Allow-Origin' CORS header
		- `insecure_origins`: _string[]_. Array of origins for which HTTP should be used instead of HTTPS (added to make developing against locally running git servers easier)
		- `authorization`: _(req, res, next) => void_. A middleware function you can use to handle custom authorization. Is run after filtering for git-like requests and handling CORS but before the request is proxied.

		_Example:_
		```ts
		app.use(
		corsProxy({
		authorization: (req: Request, res: Response, next: NextFunction) => {
		// proxied git HTTP requests already use the Authorization header for git credentials,
		// so their [Company] credentials are inserted in the X-Authorization header instead.
		if (getAuthorizedUser(req, 'X-Authorization')) {
		return next();
		} else {
		return res.status(401).send("Unable to authenticate you with [Company]'s git proxy");
		}
		},
		})
		);

		// Only requests with a valid JSON Web Token will be proxied
		function getAuthorizedUser(req: Request, header: string = 'Authorization') {
		const Authorization = req.get(header);

		if (Authorization) {
		const token = Authorization.replace('Bearer ', '');
		try {
		const verifiedToken = verify(token, env.APP_SECRET) as IToken;
		if (verifiedToken) {
		return {
		id: verifiedToken.userId,
		};
		}
		} catch (e) {
		// noop
		}
		}
		}
		```

		## License

		This work is released under [The MIT License](https://opensource.org/licenses/MIT)

Fixed alerts

Improved metrics