five-bells-shared - npm Package Compare versions

Comparing version 18.0.0 to 18.1.0

lib/config.js

 'use strict'
 
 const crypto = require('crypto')
+const os = require('os')
 const url = require('url')
@@ -77,2 +78,31 @@ const tweetnacl = require('tweetnacl')
 
+function parsePublicURI (prefix, port, secure) {
+  const names = ['PUBLIC_HTTPS', 'PUBLIC_PORT', 'PUBLIC_PATH']
+  if (_.some(names, (name) => getEnv(prefix, name))) {
+    const _prefix = prefix ? prefix.toUpperCase() + '_' : ''
+    const vars = _.map(names, (name) => _prefix + name).join(', ')
+    console.log('DEPRECATION WARNING: Use ' + _prefix +
+      'PUBLIC_URI instead of ' + vars)
+  }
+
+  const uri = getEnv(prefix, 'PUBLIC_URI')
+  if (uri) {
+    const parsed = url.parse(uri)
+    return {
+      secure: parsed.protocol === 'https:',
+      host: parsed.hostname,
+      port: parseInt(parsed.port, 10) ||
+        (parsed.protocol === 'https:' ? 443 : 80),
+      path: parsed.path
+    }
+  } else {
+    return {
+      secure: castBool(getEnv(prefix, 'PUBLIC_HTTPS'), secure),
+      host: getEnv(prefix, 'HOSTNAME') || os.hostname(),
+      port: parseInt(getEnv(prefix, 'PUBLIC_PORT'), 10) || port,
+      path: ensureLeadingSlash(getEnv(prefix, 'PUBLIC_PATH') || '')
+    }
+  }
+}
+
 /**
@@ -86,23 +116,21 @@ * Parse the server configuration settings from the environment.
   let port = parseInt(getEnv(prefix, 'PORT'), 10) || 3000
-  const publicSecure = castBool(getEnv(prefix, 'PUBLIC_HTTPS'), secure)
-  let publicHost = getEnv(prefix, 'HOSTNAME') || require('os').hostname()
-  let publicPort = parseInt(getEnv(prefix, 'PUBLIC_PORT'), 10) || port
-  const publicPath = ensureLeadingSlash(getEnv(prefix, 'PUBLIC_PATH') || '')
+  const publicConfig = parsePublicURI(prefix, port, secure)
 
   if (useTestConfig()) {
-    publicHost = 'localhost'
+    publicConfig.host = 'localhost'
     port = 61337
-    publicPort = 80
+    publicConfig.port = 80
   }
 
   // Depends on previously defined config values
-  const isCustomPort = publicSecure
-    ? +publicPort !== 443
-    : +publicPort !== 80
+  const isCustomPort = publicConfig.secure
+    ? +publicConfig.port !== 443
+    : +publicConfig.port !== 80
 
-  const baseHost = publicHost + (isCustomPort ? ':' + publicPort : '')
+  const baseHost = publicConfig.host +
+    (isCustomPort ? ':' + publicConfig.port : '')
   const baseUri = url.format({
-    protocol: 'http' + (publicSecure ? 's' : ''),
+    protocol: 'http' + (publicConfig.secure ? 's' : ''),
     host: baseHost,
-    pathname: publicPath
+    pathname: publicConfig.path
   })
@@ -114,6 +142,6 @@
     port,
-    public_secure: publicSecure,
-    public_host: publicHost,
-    public_port: publicPort,
-    public_path: publicPath,
+    public_secure: publicConfig.secure,
+    public_host: publicConfig.host,
+    public_port: publicConfig.port,
+    public_path: publicConfig.path,
     base_host: baseHost,
@@ -120,0 +148,0 @@ base_uri: baseUri

package.json

 {
   "name": "five-bells-shared",
-  "version": "18.0.0",
+  "version": "18.1.0",
   "description": "Shared components for Five Bells projects.",
@@ -5,0 +5,0 @@ "keywords": [

test/configSpec.js

@@ -163,2 +163,40 @@ 'use strict'
 
+    it('PUBLIC_URI', () => {
+      process.env.UNIT_TEST_OVERRIDE = 'true'
+      process.env.PUBLIC_URI = 'https://example.com:1234/ledger/path/'
+      const _config = Config.loadConfig()
+      expect(_config.getIn(['server', 'public_secure'])).to.equal(true)
+      expect(_config.getIn(['server', 'public_host'])).to.equal('example.com')
+      expect(_config.getIn(['server', 'public_port'])).to.equal(1234)
+      expect(_config.getIn(['server', 'public_path'])).to.equal('/ledger/path/')
+      expect(_config.getIn(['server', 'base_uri'])).to.equal(
+        'https://example.com:1234/ledger/path/')
+    })
+
+    it('PUBLIC_URI - no port or path', () => {
+      process.env.UNIT_TEST_OVERRIDE = 'true'
+      process.env.PUBLIC_URI = 'http://www.example.com'
+      const _config = Config.loadConfig()
+      expect(_config.getIn(['server', 'public_secure'])).to.equal(false)
+      expect(_config.getIn(['server', 'public_host']))
+        .to.equal('www.example.com')
+      expect(_config.getIn(['server', 'public_port'])).to.equal(80)
+      expect(_config.getIn(['server', 'public_path'])).to.equal('/')
+      expect(_config.getIn(['server', 'base_uri'])).to.equal(
+        'http://www.example.com/')
+    })
+
+    it('PUBLIC_URI - https without explicit port', () => {
+      process.env.UNIT_TEST_OVERRIDE = 'true'
+      process.env.PUBLIC_URI = 'https://www.example.com/path'
+      const _config = Config.loadConfig()
+      expect(_config.getIn(['server', 'public_secure'])).to.equal(true)
+      expect(_config.getIn(['server', 'public_host']))
+        .to.equal('www.example.com')
+      expect(_config.getIn(['server', 'public_port'])).to.equal(443)
+      expect(_config.getIn(['server', 'public_path'])).to.equal('/path')
+      expect(_config.getIn(['server', 'base_uri'])).to.equal(
+        'https://www.example.com/path')
+    })
+
     it('PUBLIC_HTTPS=true', () => {
@@ -165,0 +203,0 @@ process.env.UNIT_TEST_OVERRIDE = 'true'

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2010869

increased by0.18%

Lines of code

5496

increased by1.12%

Worsened metrics

Number of low supply chain risk alerts

88

increased by7.32%

No dependency changes