cors-handler - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

README.md

index.js

		'use strict';

		const defaultOptions = {
		origins: [], // if left blank then all domains will be allowed
		// origins: ["https://www.nuskin.com", "https://test.nuskin.com", "https://dev.nuskin.com"],
		// origins: ['https://www.nuskin.com', 'https://test.nuskin.com', 'https://dev.nuskin.com'],
		// if null, then all domains will be allowed
		origins: null,
		allowCredentials: false,
		allowMethod: null,
		// allowMethods: ['GET', 'POST'],
		// if null, then all methods will be allowed
		allowMethods: null,
		// allowHeaders: ['Content-Type', 'X-Amz-Date', 'Authorization', 'X-Api-Key'],
		// if null, then all headers will be allowed
		allowHeaders: null,
		maxAge: null
		@@ -14,15 +20,16 @@ };
		*
		* @param {Object} the original handler function that does NOT have CORS headers in the callback res
		* @param {Object} handler the original handler function that does NOT have CORS headers in the callback res
		* @param {Object} opts is to override default options controlling the CORS headers
		* @return {Object} a new handler function that will wrap the CORS headers
		*/
		function cors(handler, _options) {
		function cors(handler, opts) {
		return (event, context, callback) =>
		handler(event, context, (err, res) => {
		let options;
		if (_options) {
		// deep copy
		if (opts) {
		// deep copy from defaultOptions
		options = JSON.parse(JSON.stringify(defaultOptions));
		for (let prop in _options) {
		if (_options.hasOwnProperty(prop)) {
		options[prop] = _options[prop];
		for (let prop in opts) {
		if (opts.hasOwnProperty(prop)) {
		options[prop] = opts[prop];
		}
		@@ -33,43 +40,52 @@ }
		}
		console.log('In index, options = ', options);

		if (options.origins.length > 0) {
		console.log("Inside length....");
		let matchedCORS = options.origins
		.map((o) => o.trim())
		.filter((o) => o === event.headers.origin);
		if (options.origins) {
		if (options.origins.length > 0) {
		if (event && event.headers && event.headers.origin) {
		let origin = event.headers.origin;
		// find out if the event.headrs.origin contains in origins provided by the origin
		let matchedCORS = options.origins
		.map((o) => o.trim())
		.filter((o) => o === origin);

		if (matchedCORS.length > 0) {
		res.headers = res.headers \|\| {};
		if (!!options.maxAge) {
		res.headers['Access-Control-Max-Age'] = options.maxAge;
		if (matchedCORS.length > 0) {
		addCORSHeaders(options, origin, res);
		}
		}
		res.headers['Access-Control-Allow-Headers'] =
		options.allowMethod ?
		options.allowMethod.join(',')
		: 'GET,HEAD,PUT,PATCH,POST,DELETE';
		res.headers['Access-Control-Allow-Credentials'] =
		JSON.stringify(!!options.allowCredentials);
		res.headers['Access-Control-Allow-Origin'] =
		event.headers.origin;
		}
		} else {
		res.headers = res.headers \|\| {};
		if (!!options.maxAge) {
		res.headers['Access-Control-Max-Age'] = options.maxAge;
		}
		res.headers['Access-Control-Allow-Headers'] =
		options.allowMethod ?
		options.allowMethod.join(',')
		: 'GET,HEAD,PUT,PATCH,POST,DELETE';
		res.headers['Access-Control-Allow-Credentials'] =
		JSON.stringify(!!options.allowCredentials);
		res.headers['Access-Control-Allow-Origin'] = '*';
		};
		callback(null, res);
		// if origins is null, that means we allow all origins
		addCORSHeaders(options, '*', res);
		}

		callback(err, res);
		});
		}


		/**
		* addCORSHeaders is a helper function to add the CORS headers to res
		*
		* @param {Object} options the original handler function that does NOT have CORS headers in the callback res
		* @param {string} origin the origin of the request (e.g., https://test.nuskin.com)
		* @param {Object} res the results/response that we are going to add the CORS headers
		*/
		function addCORSHeaders(options, origin, res) {
		res.headers = res.headers \|\| {};
		if (!!options.maxAge) {
		res.headers['Access-Control-Max-Age'] = options.maxAge;
		}
		res.headers['Access-Control-Allow-Methods'] =
		options.allowMethods ? options.allowMethods.join(',') : '*';
		res.headers['Access-Control-Allow-Credentials'] =
		JSON.stringify(!!options.allowCredentials);
		res.headers['Access-Control-Allow-Headers'] =
		options.allowHeaders ? options.allowHeaders.join(',') : '*';
		res.headers['Access-Control-Allow-Origin'] = origin;
		}


		// export the cors function
		module.exports = {
		cors: cors
		};

package.json

		{
		"name": "cors-handler",
		"version": "0.0.1",
		"version": "0.0.2",
		"description": "A wrapper to the handler function add the CORS header to the response",
		@@ -5,0 +5,0 @@ "main": "index.js",

162

test/index-spec.js

		@@ -13,12 +13,61 @@ 'use strict';

		it('should have CORS headers when it does not have any options', function(done) {
		it('should have CORS headers when the caller does not provide any options', function(done) {
		let event = {};
		let context = {};


		index.cors(handler)(event, context, function(err, res) {
		assert.equal(res.headers['Access-Control-Allow-Methods'], '*');
		done();
		});
		});

		it('should have CORS headers when providing options', function(done) {
		let event = {};
		let context = {};
		let options = {
		origins: null,
		allowCredentials: false,
		allowMethods: null,
		maxAge: null
		};

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers['Access-Control-Allow-Methods'], '*');
		done();
		});
		});

		it('should have no CORS when headers.origin is an empty array', function(done) {
		let event = {
		httpMethod: 'GET'
		headers: {
		origin: 'http://localhost'
		}
		};
		let context = {};
		let options = {
		origins: [],
		allowCredentials: false,
		allowMethods: null,
		maxAge: null
		};

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers, null);
		done();
		});
		});

		index.cors(handler)(event, context, function(err, res) {
		console.log('res:', res);
		assert.notEqual(res.headers, null);
		it('should have no CORS when there is NO event.headers, but there is origins in the options', function(done) {
		let event = {};
		let context = {};
		let options = {
		origins: ['https://test.nuskin.com'],
		allowCredentials: false,
		allowMethods: null,
		maxAge: null
		};

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers, null);
		done();
		@@ -28,11 +77,13 @@ });

		it('should have CORS headers when it provides options', function(done) {
		it('should have no CORS when headers.origin is not in the options.origins', function(done) {
		let event = {
		httpMethod: 'GET'
		headers: {
		origin: 'http://localhost'
		}
		};
		let context = {};
		let options = {
		origins: [],
		origins: ['https://www.nuskin.com', 'https://test.nuskin.com'],
		allowCredentials: false,
		allowMethod: ['*'],
		allowMethods: null,
		maxAge: null
		@@ -42,4 +93,3 @@ };
		index.cors(handler, options)(event, context, function(err, res) {
		console.log('res:', res);
		assert.notEqual(res.headers, null);
		assert.equal(res.headers, null);
		done();
		@@ -49,5 +99,4 @@ });

		it('should have CORS header when it has origin', function(done) {
		it('should have CORS header when headers.origin matching the options.origins', function(done) {
		let event = {
		httpMethod: 'GET',
		headers: {
		@@ -59,6 +108,5 @@ origin: 'https://www.nuskin.com'
		let options = {
		origins: ['https://www.nuskin.com'],
		// origins: ["https://www.nuskin.com", "https://test.nuskin.com", "https://dev.nuskin.com"],
		origins: ['https://www.nuskin.com'],
		allowCredentials: false,
		allowMethod: ['*'],
		allowMethods: null,
		maxAge: null
		@@ -68,8 +116,86 @@ };
		index.cors(handler, options)(event, context, function(err, res) {
		console.log('res:', res);
		assert.notEqual(res.headers, null);
		assert.equal(res.headers['Access-Control-Allow-Origin'], 'https://www.nuskin.com');
		done();
		});
		});

		it('should have correct Access-Control-Allow-Methods when allowMethods is set', function(done) {
		let event = {
		headers: {
		origin: 'https://www.nuskin.com'
		}
		};
		let context = {};
		let options = {
		origins: null,
		allowCredentials: false,
		allowMethods: ['GET', 'POST']
		};

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers['Access-Control-Allow-Methods'], 'GET,POST');
		done();
		});
		});

		it('should have correct Access-Control-Allow-Headers when allowHeaders is set', function(done) {
		let event = {
		headers: {
		origin: 'https://www.nuskin.com'
		}
		};
		let context = {};
		let options = {
		origins: null,
		allowHeaders: ['Content-Type', 'X-Amz-Date', 'Authorization', 'X-Api-Key']
		};

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers['Access-Control-Allow-Headers'],
		'Content-Type,X-Amz-Date,Authorization,X-Api-Key');
		done();
		});
		});

		it('should have correct Access-Control-Max-Age when maxAge is set', function(done) {
		let event = {
		headers: {
		origin: 'https://www.nuskin.com'
		}
		};
		let context = {};
		let options = {
		origins: ['https://www.nuskin.com'],
		allowCredentials: false,
		allowMethods: null,
		maxAge: 1800
		};

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers['Access-Control-Max-Age'], 1800);
		done();
		});
		});

		it('should have CORS headers even though options has a function prototype', function(done) {
		let event = {
		headers: {
		origin: 'http://localhost'
		}
		};
		let context = {};

		function TestObj() {}
		TestObj.prototype.gender = 'male';
		let options = new TestObj();
		options.origins = [];

		index.cors(handler, options)(event, context, function(err, res) {
		assert.equal(res.headers, null);
		done();
		});
		});


		});
		});

cors-handler - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics