@tus/server - npm Package Compare versions

Comparing version 1.7.0 to 1.8.0

dist/handlers/BaseHandler.d.ts

@@ -1,3 +0,1 @@
-/// <reference types="node" />
-/// <reference types="node" />
 import EventEmitter from 'node:events';
@@ -7,3 +5,3 @@ import type http from 'node:http';
 import type { DataStore, CancellationContext } from '@tus/utils';
-import { Upload } from '@tus/utils';
+import { type Upload } from '@tus/utils';
 export declare class BaseHandler extends EventEmitter {
@@ -15,3 +13,3 @@ options: ServerOptions;
     generateUrl(req: http.IncomingMessage, id: string): string;
-    getFileIdFromRequest(req: http.IncomingMessage): string | void;
+    getFileIdFromRequest(req: http.IncomingMessage): string | undefined;
     protected extractHostAndProto(req: http.IncomingMessage): {
@@ -32,1 +30,2 @@ host: string;
 }
+//# sourceMappingURL=BaseHandler.d.ts.map

dist/handlers/BaseHandler.js

@@ -99,2 +99,3 @@ "use strict";
     writeToStore(req, upload, maxFileSize, context) {
+        // biome-ignore lint/suspicious/noAsyncPromiseExecutor: <explanation>
         return new Promise(async (resolve, reject) => {
@@ -155,3 +156,3 @@ // Abort early if the operation has been cancelled.
         // Parse the Content-Length header from the request (default to 0 if not set).
-        const length = parseInt(req.headers['content-length'] || '0', 10);
+        const length = Number.parseInt(req.headers['content-length'] || '0', 10);
         const offset = file.offset;
@@ -170,5 +171,3 @@ const hasContentLengthSet = req.headers['content-length'] !== undefined;
             }
-            else {
-                return Number.MAX_SAFE_INTEGER;
-            }
+            return Number.MAX_SAFE_INTEGER;
         }
@@ -186,1 +185,2 @@ // Check if the upload fits into the file's size when the size is not deferred.
 exports.BaseHandler = BaseHandler;
+//# sourceMappingURL=BaseHandler.js.map

dist/handlers/DeleteHandler.d.ts

@@ -1,4 +0,3 @@
-/// <reference types="node" />
 import { BaseHandler } from './BaseHandler';
-import { CancellationContext } from '@tus/utils';
+import { type CancellationContext } from '@tus/utils';
 import type http from 'node:http';
@@ -8,1 +7,2 @@ export declare class DeleteHandler extends BaseHandler {
 }
+//# sourceMappingURL=DeleteHandler.d.ts.map

dist/handlers/DeleteHandler.js

@@ -34,1 +34,2 @@ "use strict";
 exports.DeleteHandler = DeleteHandler;
+//# sourceMappingURL=DeleteHandler.js.map

dist/handlers/GetHandler.d.ts

@@ -1,3 +0,1 @@
-/// <reference types="node" />
-/// <reference types="node" />
 import stream from 'node:stream';
@@ -15,1 +13,2 @@ import { BaseHandler } from './BaseHandler';
 }
+//# sourceMappingURL=GetHandler.d.ts.map

dist/handlers/GetHandler.js

@@ -22,3 +22,3 @@ "use strict";
     async send(req, res
-    // TODO: always return void or a stream?
+    // biome-ignore lint/suspicious/noConfusingVoidType: it's fine
     ) {
@@ -53,1 +53,2 @@ if (this.paths.has(req.url)) {
 exports.GetHandler = GetHandler;
+//# sourceMappingURL=GetHandler.js.map

dist/handlers/HeadHandler.d.ts

@@ -1,4 +0,3 @@
-/// <reference types="node" />
 import { BaseHandler } from './BaseHandler';
-import { CancellationContext } from '@tus/utils';
+import { type CancellationContext } from '@tus/utils';
 import type http from 'node:http';
@@ -8,1 +7,2 @@ export declare class HeadHandler extends BaseHandler {
 }
+//# sourceMappingURL=HeadHandler.d.ts.map

dist/handlers/HeadHandler.js

@@ -61,1 +61,2 @@ "use strict";
 exports.HeadHandler = HeadHandler;
+//# sourceMappingURL=HeadHandler.js.map

dist/handlers/OptionsHandler.d.ts

@@ -1,2 +0,1 @@
-/// <reference types="node" />
 import { BaseHandler } from './BaseHandler';
@@ -7,1 +6,2 @@ import type http from 'node:http';
 }
+//# sourceMappingURL=OptionsHandler.d.ts.map

dist/handlers/OptionsHandler.js

@@ -25,1 +25,2 @@ "use strict";
 exports.OptionsHandler = OptionsHandler;
+//# sourceMappingURL=OptionsHandler.js.map

dist/handlers/PatchHandler.d.ts

@@ -1,5 +0,4 @@
-/// <reference types="node" />
 import { BaseHandler } from './BaseHandler';
 import type http from 'node:http';
-import { CancellationContext } from '@tus/utils';
+import { type CancellationContext } from '@tus/utils';
 export declare class PatchHandler extends BaseHandler {
@@ -11,1 +10,2 @@ /**
 }
+//# sourceMappingURL=PatchHandler.d.ts.map

dist/handlers/PatchHandler.js

@@ -144,1 +144,2 @@ "use strict";
 exports.PatchHandler = PatchHandler;
+//# sourceMappingURL=PatchHandler.js.map

dist/handlers/PostHandler.d.ts

@@ -1,5 +0,4 @@
-/// <reference types="node" />
 import { BaseHandler } from './BaseHandler';
-import { DataStore, CancellationContext } from '@tus/utils';
-import http from 'node:http';
+import { type DataStore, type CancellationContext } from '@tus/utils';
+import type http from 'node:http';
 import type { ServerOptions, WithRequired } from '../types';
@@ -14,1 +13,2 @@ export declare class PostHandler extends BaseHandler {
 }
+//# sourceMappingURL=PostHandler.d.ts.map

dist/handlers/PostHandler.js

@@ -163,3 +163,3 @@ "use strict";
             (responseData.status >= 300 && responseData.status < 400)) {
-            responseData.headers['Location'] = url;
+            responseData.headers.Location = url;
         }
@@ -174,1 +174,2 @@ const writtenRes = this.write(res, responseData.status, responseData.headers, responseData.body);
 exports.PostHandler = PostHandler;
+//# sourceMappingURL=PostHandler.js.map

dist/index.d.ts

@@ -5,1 +5,2 @@ export { Server } from './server';
 export * from '@tus/utils';
+//# sourceMappingURL=index.d.ts.map

dist/index.js

@@ -23,1 +23,2 @@ "use strict";
 __exportStar(require("@tus/utils"), exports);
+//# sourceMappingURL=index.js.map

dist/lockers/index.d.ts

 export * from './MemoryLocker';
+//# sourceMappingURL=index.d.ts.map

dist/lockers/index.js

@@ -18,1 +18,2 @@ "use strict";
 __exportStar(require("./MemoryLocker"), exports);
+//# sourceMappingURL=index.js.map

dist/lockers/MemoryLocker.d.ts

@@ -1,3 +0,2 @@
-/// <reference types="node" />
-import { Lock, Locker, RequestRelease } from '@tus/utils';
+import { type Lock, type Locker, type RequestRelease } from '@tus/utils';
 /**
@@ -46,1 +45,2 @@ * MemoryLocker is an implementation of the Locker interface that manages locks in memory.
 export {};
+//# sourceMappingURL=MemoryLocker.d.ts.map

dist/lockers/MemoryLocker.js

@@ -76,1 +76,2 @@ "use strict";
 }
+//# sourceMappingURL=MemoryLocker.js.map

dist/server.d.ts

@@ -1,5 +0,1 @@
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
 import http from 'node:http';
@@ -53,2 +49,3 @@ import { EventEmitter } from 'node:events';
     handle(req: http.IncomingMessage, res: http.ServerResponse): Promise<http.ServerResponse | stream.Writable | void>;
+    private getCorsOrigin;
     write(context: CancellationContext, req: http.IncomingMessage, res: http.ServerResponse, status: number, body?: string, headers?: {}): http.ServerResponse<http.IncomingMessage>;
@@ -64,1 +61,2 @@ listen(...args: any[]): http.Server;
 export {};
+//# sourceMappingURL=server.d.ts.map

dist/server.js

@@ -20,3 +20,3 @@ "use strict";
 const log = (0, debug_1.default)('tus-node-server');
-// eslint-disable-next-line no-redeclare
+// biome-ignore lint/suspicious/noUnsafeDeclarationMerging: it's fine
 class Server extends node_events_1.EventEmitter {
@@ -84,3 +84,3 @@ constructor(options) {
     async handle(req, res
-    // TODO: this return type does not make sense
+    // biome-ignore lint/suspicious/noConfusingVoidType: it's fine
     ) {
@@ -141,5 +141,6 @@ const context = this.createContext(req);
         // Enable CORS
+        res.setHeader('Access-Control-Allow-Origin', this.getCorsOrigin(req));
         res.setHeader('Access-Control-Expose-Headers', utils_1.EXPOSED_HEADERS);
-        if (req.headers.origin) {
-            res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+        if (this.options.allowedCredentials === true) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
         }
@@ -153,2 +154,14 @@ // Invoke the handler for the method requested
     }
+    getCorsOrigin(req) {
+        const origin = req.headers.origin;
+        const isOriginAllowed = this.options.allowedOrigins?.some((allowedOrigin) => allowedOrigin === origin) ??
+            true;
+        if (origin && isOriginAllowed) {
+            return origin;
+        }
+        if (this.options.allowedOrigins && this.options.allowedOrigins.length > 0) {
+            return this.options.allowedOrigins[0];
+        }
+        return '*';
+    }
     write(context, req, res, status, body = '', headers = {}) {
@@ -167,3 +180,3 @@ const isAborted = context.signal.aborted;
             // @ts-expect-error not explicitly typed but possible
-            headers['Connection'] = 'close';
+            headers.Connection = 'close';
             // An event listener is added to the response ('res') for the 'finish' event.
@@ -182,3 +195,3 @@ // The 'finish' event is triggered when the response has been sent to the client.
     }
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    // biome-ignore lint/suspicious/noExplicitAny: todo
     listen(...args) {
@@ -228,1 +241,2 @@ return node_http_1.default.createServer(this.handle.bind(this)).listen(...args);
 exports.Server = Server;
+//# sourceMappingURL=server.js.map

dist/types.d.ts

@@ -1,2 +0,1 @@
-/// <reference types="node" />
 import type http from 'node:http';
@@ -30,2 +29,10 @@ import type { Locker, Upload } from '@tus/utils';
     /**
+     * Set `Access-Control-Allow-Credentials` to true or false (the default)
+     */
+    allowedCredentials?: boolean;
+    /**
+     * Add trusted origins to `Access-Control-Allow-Origin`.
+     */
+    allowedOrigins?: string[];
+    /**
      * Interval in milliseconds for sending progress of an upload over `EVENTS.POST_RECEIVE_V2`
@@ -49,3 +56,3 @@ */
      */
-    getFileIdFromRequest?: (req: http.IncomingMessage, lastPath?: string) => string | void;
+    getFileIdFromRequest?: (req: http.IncomingMessage, lastPath?: string) => string | undefined;
     /**
@@ -122,6 +129,6 @@ * Control how you want to name files.
         body: string;
-    } | void> | {
+    } | undefined> | {
         status_code: number;
         body: string;
-    } | void;
+    } | undefined;
 };
@@ -135,1 +142,2 @@ export type RouteHandler = (req: http.IncomingMessage, res: http.ServerResponse) => void;
 };
+//# sourceMappingURL=types.d.ts.map

dist/types.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

dist/validators/HeaderValidator.d.ts

@@ -5,1 +5,2 @@ type validator = (value?: string) => boolean;
 export {};
+//# sourceMappingURL=HeaderValidator.d.ts.map

dist/validators/HeaderValidator.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateHeader = exports.validators = void 0;
+exports.validators = void 0;
+exports.validateHeader = validateHeader;
 const utils_1 = require("@tus/utils");
@@ -10,3 +11,3 @@ exports.validators = new Map([
         'upload-offset',
-        function (value) {
+        (value) => {
             const n = Number(value);
@@ -20,3 +21,3 @@ return Number.isInteger(n) && String(n) === value && n >= 0;
         'upload-length',
-        function (value) {
+        (value) => {
             const n = Number(value);
@@ -31,5 +32,3 @@ return Number.isInteger(n) && String(n) === value && n >= 0;
         'upload-defer-length',
-        function (value) {
-            return value === '1';
-        },
+        (value) => value === '1',
     ],
@@ -43,3 +42,3 @@ [
         // be Base64 encoded. All keys MUST be unique.
-        function (value) {
+        (value) => {
             try {
@@ -56,3 +55,3 @@ utils_1.Metadata.parse(value);
         'x-forwarded-proto',
-        function (value) {
+        (value) => {
             if (value === 'http' || value === 'https') {
@@ -68,3 +67,3 @@ return true;
         'tus-version',
-        function (value) {
+        (value) => {
             // @ts-expect-error we can compare a literal
@@ -81,13 +80,6 @@ return utils_1.TUS_VERSION.includes(value);
         'tus-resumable',
-        function (value) {
-            return value === utils_1.TUS_RESUMABLE;
-        },
+        (value) => value === utils_1.TUS_RESUMABLE,
     ],
+    ['content-type', (value) => value === 'application/offset+octet-stream'],
     [
-        'content-type',
-        function (value) {
-            return value === 'application/offset+octet-stream';
-        },
-    ],
-    [
         // The Upload-Concat request and response header MUST be set in both partial and final upload creation requests.
@@ -100,3 +92,3 @@ // It indicates whether the upload is either a partial or final upload.
         'upload-concat',
-        function (value) {
+        (value) => {
             if (!value)
@@ -118,2 +110,2 @@ return false;
 }
-exports.validateHeader = validateHeader;
+//# sourceMappingURL=HeaderValidator.js.map

package.json

 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@tus/server",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Tus resumable upload protocol in Node.js",
   "main": "dist/index.js",
-  "types": "dist/index.d.ts",
   "homepage": "https://github.com/tus/tus-node-server#readme",
@@ -15,12 +14,11 @@ "bugs": "https://github.com/tus/tus-node-server/issues",
     "LICENSE",
-    "dist"
+    "dist",
+    "src"
   ],
   "scripts": {
-    "build": "tsc",
-    "lint": "eslint .",
-    "format": "eslint --fix .",
+    "build": "tsc --build",
     "test": "mocha --timeout 40000 --exit --extension ts --require ts-node/register"
   },
   "dependencies": {
-    "@tus/utils": "^0.3.0",
+    "@tus/utils": "^0.4.0",
     "debug": "^4.3.4",
@@ -36,11 +34,8 @@ "lodash.throttle": "^4.1.1"
     "@types/supertest": "^2.0.16",
-    "eslint": "^8.57.0",
-    "eslint-config-custom": "^0.0.0",
     "mocha": "^10.4.0",
     "node-mocks-http": "^1.14.1",
     "should": "^13.2.3",
-    "sinon": "^17.0.1",
+    "sinon": "^18.0.0",
     "supertest": "^6.3.4",
-    "ts-node": "^10.9.2",
-    "typescript": "^5.3.3"
+    "ts-node": "^10.9.2"
   },
@@ -47,0 +42,0 @@ "optionalDependencies": {

README.md

@@ -72,2 +72,12 @@ # `@tus/server`
 
+#### `options.allowedCredentials`
+
+Sets `Access-Control-Allow-Credentials` (`boolean`, default: `false`).
+
+#### `options.allowedOrigins`
+
+Trusted origins (`string[]`).
+
+Sends the client's origin back in `Access-Control-Allow-Origin` if it matches.
+
 #### `options.postReceiveInterval`
@@ -74,0 +84,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

185156

increased by114.72%

Dev dependency count

12

decreased by-20%

Number of package files

68

increased by134.48%

Lines of code

2797

increased by93.56%

Number of lines in readme file

646

increased by1.57%

Dependency changes

• + Added@tus/utils@0.4.0(transitive)

• - Removed@tus/utils@0.3.0(transitive)

• Updated@tus/utils@^0.4.0