From 61e4966c0a3011d4264e469f6b98a80904693638 Mon Sep 17 00:00:00 2001 From: saltyaom Date: Tue, 12 Mar 2024 23:10:11 +0700 Subject: [PATCH] :wrench: fix: origin doesn't process on array, default to * instead of true --- CHANGELOG.md | 10 ++++++ bun.lockb | Bin 42254 -> 43133 bytes example/index.ts | 9 +++++- package.json | 6 ++-- src/index.ts | 77 +++++++++++++++++++++++++++-------------------- 5 files changed, 66 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3bc7d11..cf5d737 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,14 @@ +# 1.0.0-rc.0 - 1 Mar 2024 +Change: +- Add support for Elysia 1.0 + + +# 1.0.0-beta.1 - 17 Feb 2024 +Change: +- Add support for Elysia 1.0 + + # 1.0.0-beta.0 - 6 Feb 2024 Change: - Add support for Elysia 1.0 diff --git a/bun.lockb b/bun.lockb index 06cba558bd9bcb8d6dc549cdaa2e4546fcba87ff..c1c0190398320d6075f3e1ad4738e59c658af80b 100755 GIT binary patch delta 4817 zcmb_fdstIfwm&Bj!Xbp0ARHqCRT1S)fPjFZSgbEpoT7kL8#N$;g5fDX2#8l5M-Z1z zjYuiQ)?2MkYijG%PPKLznW`hSR!BRvrP?yqI#;~bJ`}ybeUi*{zHjdR>z?o1d+oLM z+UvE~-e<3-4`m}gvOQ6gRe#%8c`Y;G{rC{g=Xe?T5)E97EVM*xR}Xa>$Sm)Kzypa^`G z!B7@iRL*5$9aEYN=nm)$I1zA7dE^HD+LAg>Z!9d+8_NwYm|(6Hl}Ad}DMLMXNzvM( z3hpMXQF7s&sSgX8N3|-O!eYaQD(2Z8;7mY4iN2!3u!`#@Z<&8`2%KSN8OqCy2AFdS zt49HE1)Z6pUs-Bofq4~l=I?okX7v4}mj&^^rh1vbFxkfzlZVtH^A9D}SWaWKKuM^;&oSm4KTAeiO?jsYx(e1E`|N1{j7mTz@Gi8lbod&O30PTLT3m#%T?Ot9d?G@{oP7)_OcCTu2Gs}I6m{95 zgU_L7!Ps4|En3uOXrE|`2;XKI?Of~R)e@b*JM>gq^7I$4|M+>DbsOzb%;dAls?hPf zNp#im?^7OnKQg0VN>*2$up37r9%^|Can-VULC3q1StO=5Scx6LJl@7$tDx)5d}}3&9X^MqK zz!A#;CJ7ei0JE!skgdR&5NAojUx2Z^Q?NkDeQ*IJNv6%lh$)s#7WM;U@{l=DJP3>h zkEafmmJcNJ7@bgyTO(fL?{L=&CxF?q0>P7i0}KwkrwECoIqq4T9Bj#6VDlw8Y!e1a z9IN9sls8r<6yR22!RJYjOg%(a&_+N@cW?`H18n|+19`WX%z-+2FK9VZZibRLPA3rV zg=|S1!lk+a>|ak#kHS?DaSt)6@Jyu@YJklHhPWY8f3nXxN!u2Lnv$;mMN%_T0pfs~!v_R(ZS|(d1gDNH)`M@cu z!z-Lo!%{&_{>3^>N*`Q~VS_QVGQu|=KAs41zLu-wYn((Gs7+|hhGsk51E{cE9$)u= zO%F`@n{#^Q3-6h~D=dmr&m6s|Vb||Jnb*`B7xLWY{bhY?cc#qzd*|hXwLi&b7xzB; z-P@`=S6@AH<9^uB*K)Q5R_C8CnsZe7szn~ttxR8jVM@%&uQr~1Eg}7*YVGbji`?$N z5&30G?RU3a9%^Q^HGbsoefsnQ!B@OmJ8{dUiRou~Slaz9x;GwXsymAbO^3R|bOn6o$A29<^2+rK zB~8tbN*a~EvrcTk`g&^JHZay;^-OYcmHxR&2wxt-O+r{8$zPUoq4 zJN5j8fTs_37SvT-QCJOk70xHs{gZ-SCk31PhimS zpg7xfzU`^X_j;3GdG^Mk$8S{`qdOvU|CoP_au$@;je2=>!S$LCpNqYmzUZ0ytz+A) z8>701KhUV!4=EO`+146by`;Ic-!y&dqPQ~$uC1_~{PKsVhw`SGRu$^Jq8E1H5Fj-k zc|JmZlw$1ooD08BNFMXpn*Ms%&6$PXsh=Nej{I}!&W4ff@4Q@leGe4wN`5PKP4nAg z?$QtL3~Y(Nc>ky9j_l$<=ik2ap#DEo=l<{wEzMq1=McT#As5g&Jn{6vcRpW?QJO*~ zXPg=Jz<2e-jAhNwzS*+KWyc#&UG4Qyt+!-7d_s9_@m!17$ywhoZ|-f%t%#LJU-;y` zXzS`1Aj2Wo_)ED%Uu7-G{O|sT36_`pe(v4#OyRRpMQ+K@dzOznQ)OOy^vTrYxo>{; zbARGy-^9m08FPBZ?OWV5H|WQnk&3hVg}>=r^F2w$oU^7*D@_@rxDIR5sO*o!l0*y=a8C4{g6? zpp1B*-(biNdQSy9d=b@H5y~4a9mZ%`B9q7TFt`@27;Oz&5!!0BLbL)jrt`UKbok!- z5Bjzu6ptc~JS+W!@C*OP3-3dh$$yv=Q-9BuUltn`6NSIiM9QoTm&brvNtKmaK821~ zYVZ&mtjyvcQgoGum($8BjoMMicCY?Kzi6MCac#8c>ERaS!iX=*Be zH|N+1nddOL;-li&9p`ww4(|A@;*EJ9x=J&NQLzX;WmSvnU_6G|W{j5S1b$~2BlUl*H5^P>zI~&pZX-ZDOY{`tcDEwH<=}L7L-ui(xS^Rz~t`XIa zYM|9T;k_(6au2*(7!!y3fxH`h$x`zxbvNXph%kxWEyBRI*N=fm1Gh9B*GC~6H2e_d zpubBy(LbO+pm(8R^u9E)R-<;*SL=RC{xNIKLbcr~Xn07?^&+21yK6Gbx$%;Dbs z9`mvA22z@7=|&A+s4W{sp7DxmM}3&|+sJ((ANU}cTd>(Im?iWDWI4(_x3l84;QNOU+e|!YCa15gEsMGZ4L%N}|yw96M z;ERdUU^5eFS;H8$qXIm#^R^*WAI6-tC)Hhg&>-TybG$)RJL*TzFIun1Ha%C(jA8kp z;ZkT2ToSL^Q7sCksek%5``{S_G$AT35fQDY=&hsc5DiDc=qL)o5{J!zBu7cvdGWx8 z_B9_BVFu?rDmLcdteL_tF?|2K!hh#Ap9Pj%ek`2^xygK61e7h2NkBa4fr($0E5iH19;^U0KO_(=+FQPa}H3QW7Z X+F}_OPs96yX>y036V%cA!)^ZqOt>Qt delta 4259 zcmZWs3s_Xu7Cw7moH-z`Jhw5v{^No8q1(nymu^HpkDrir)miKX6upPBL2chC2oz0SY)+UvE~-e>Lm z#}vyySG=t2Uvzg?ly%FhtTj7K=X7Tswu9$m{qO3u{|+59_;%5Y_XbpL669z0ib;{N z@m3dbwf=%oGX$SLpf<})o4HUBib_iJ`KWru8)2G<_z*GpfC)kXXuiV5oVTJqtokMf zebHG^R$`e|E(pa+*Pz)=JKS`Vo38632!Y@)DVRHpYiI=KnoHf(4ypm3UQl3-x0DGZ zF^?-v1MLbL2KqSYjIwyUd1gtqV73)m&9<@v5d+*6OIf^Zy$_^v!4JG$23m?{mD&mf z;TACWhBKK<%7kQC&+%0^U!i5z^!Pbe;STz_W7pi&8edX6&0G$vN-Q%i<-#>s<154p zHD@r9dsOM?QdnGIpUXYF0n7yymYB=S3#JQg6r>0qfV8?UM8bjV*AOCHk?|~PNhz@B)*IsPsTh(>1qQX7bWILt)e8BAnVgGBG6v7 zL3|tNACLI1k=;jP(bVcAiBsSbwi6^cf((AmKq)|K*p*7#Rk4&1B$C}%61O8?xx6m2 zygP2BofQ?oF-!k~kSbNp;DD9z-EP5>KFSAo{#1J;1<%sWm`Sj>D=Bq1}Fi z*m5!kO3F`xpOoePNv(kr8%&*nk~j~c=e~B4qqURlL6WGzdhc!5%|*4%Yha2kMksJzJGYhe4x-c1r8ppUD;Y_%aM4I4m~ zg)n1f1QDU`OTVhr%tppwN!;ZgSI912r`BMJ>8KO!3^ImDteNa+Z&54STWg+2?& zwGiC)CLk^o$pr0}fOte1?e#OTC~EC4iIq4RlI7WZyBfspKwK6g7HCjj0UAfUyABeK zp@J~QB?s%Y3TUh>hp)^fGDb*jAlV}%(SnnMuL!mQl6M1jqE84H1e1qb91FyK1_x4c z6}9$|lqb+PK~C5HWb7%4tFiZUzymAP2EWTdf8R`4VKD+{4VMbf{0!m(pll%I1)_D> zJ?15^UvHc~oKudEG9PFt*ClSn7hh#L6WL|5M@eErgdpU~yx3^{)&mU!!s+n0C%>TF ztV_hvWNxugcG(`fpb8h`a0m?pb5}|aHi)G_JeA?5Xi&Zn^t7xrsHbZ|TswX|8GB1X z4ema!BMPsdCyj#+V}zTCJmCkd;O`k>0o2)B635}3b|UU|53WVw$^Crc(J2eI={fOaQL>L-@n$V z8lG?b#&Pb-nllmkO?QIKTeDk-52>{V=?fi;zrMb#<-+mfi)R)%4uOcA@=n@-YndBXs6d} zW0Es$neD!}hC7d>E%7(iw1v!neptu-2A!#}`0HohADA;g_ytGa^RqtrxH`LeK=Ebu z)Mc;e7yWS~c;mwZ-*1R%i&E`a(QD%33(HsC`~Ka+pPj2lpHi6SpZ-JYKBMQP(Blz? zCyFgqs<70#wv3_Ur>7_W9)2#pZ|;eIeHeVaf9_6)p*ShOLU(e*=88KjzZ5o($vC<0 z;hHMv*6d@XnMqf^S^r*H!(0|BQBz3pYJho|=24rRmZK-_PFn^zN{?g+KlG zeNa88{pzIq<7#6IeDc1y^{nAuz^*ap{ibD%e!T5t$Lq^4#yr^fYw+|&XVt`=6p~}D zKBfO~$CmibnTCovU!ECyC1&5INzZN>rCn&vtGwJeLA5pJMCvQuUZZ=88FvkevSedp z#8h>%4@KpyRvYsw@1W)onD8KgS9YcN_B`IVr#zPvc{HZ&$LUpFjK$9_QO&;IKX!EB z%IDuJKGrzvvkSju*uGo7bd_enW197bm%kmhr*P?iG8G$l7d51<-?n=B!zZXm?lbhB zD%hDeK9I3jomqKdOc{(HjlVM|PsN7-yq~TuPKIu z270(pDd>>8AEu28@v&N6cGg)b(KeXMZGk@9++9{1y;B}T=WM|twP0F=w+?ST-oJZnWO6(RzxqP~}rSvU@B#tYE3Sl!1I^Jhj`y75b6%3)l+1T_x5hacj>E znh>5Tn~|hT6@DnHT@(Fr7B$}luK~uu*Ii_;3ns4x&%I=@K6M$)$nHCoRtB5H2tHd}D!9&jb-j9iDAf+{tvm|`n6TF;&1X}0d{ zh&vms;7ZXY@Bo$4^Obt7=Z>+BZ2EF=ERw6|8n=F{0)J**2@w3bbw zmPPy<>!0GeS&ZG+>I4$@oz@~P;-jdV!hUL(P)0LqaeoIkNe`zo!c~au?D}}`;htQnsR>a z4~fgCR&bqs+4U%z6YDih=GA&GC1PpX!K*p1eu%iG=#mB^aP?GOAL@-Cc3(PDuSxOT zQr>K9vTvC2l|{jxa33oFF9PPsBIKDq^6>^Rwd(hT6I1jh7UjDW*-oGTc`ZH>WBRlc{*KgC$eP=3y*_5}VWM$L6O00yMLb A2><{9 diff --git a/example/index.ts b/example/index.ts index 15f6edd..699b98e 100644 --- a/example/index.ts +++ b/example/index.ts @@ -8,6 +8,11 @@ const app = new Elysia() }) ) .get('/', () => 'A') + .post('/', ({ body, cookie: { session } }) => { + session!.value = 'hi' + + return body + }) .listen(3000) console.log(`Elysia is running at ${app.server?.hostname}:${app.server?.port}`) @@ -18,6 +23,8 @@ app.handle( origin: 'https://saltyaom.com' } }) -).then(x => x.headers.toJSON()).then(console.log) +) + .then((x) => x.headers.toJSON()) + .then(console.log) export type App = typeof app diff --git a/package.json b/package.json index d12535c..26ed45b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@elysiajs/cors", - "version": "1.0.0-beta.1", + "version": "1.0.0-rc.1", "description": "Plugin for Elysia that for Cross Origin Requests (CORs)", "author": { "name": "saltyAom", @@ -35,12 +35,12 @@ "devDependencies": { "@types/bun": "^1.0.4", "@types/node": "^18.11.7", - "elysia": "1.0.0-beta.1", + "elysia": "1.0.0-rc.12", "eslint": "^8.26.0", "rimraf": "^3.0.2", "typescript": "^5.2.2" }, "peerDependencies": { - "elysia": ">= 1.0.0-beta.1" + "elysia": ">= 1.0.0-rc.0" } } diff --git a/src/index.ts b/src/index.ts index cbf5c08..e726dd2 100644 --- a/src/index.ts +++ b/src/index.ts @@ -158,7 +158,7 @@ const processOrigin = ( from: string ): boolean => { if (Array.isArray(origin)) - origin.some((o) => processOrigin(o, request, from)) + return origin.some((o) => processOrigin(o, request, from)) switch (typeof origin) { case 'string': @@ -192,10 +192,10 @@ export const cors = ( preflight: true } ) => { - const { + let { aot = true, - origin = true, - methods = true, + origin = '*', + methods = '*', allowedHeaders = '*', exposedHeaders = '*', credentials = true, @@ -203,11 +203,11 @@ export const cors = ( preflight = true } = config - const app = new Elysia({ - name: '@elysiajs/cors', - seed: config, - aot: false - }) + if (Array.isArray(allowedHeaders)) + allowedHeaders = allowedHeaders.join(', ') + + if (Array.isArray(exposedHeaders)) + exposedHeaders = exposedHeaders.join(', ') const origins = typeof origin === 'boolean' @@ -216,6 +216,14 @@ export const cors = ( ? origin : [origin] + const app = new Elysia({ + name: '@elysiajs/cors', + seed: config, + aot + }) + + const anyOrigin = origins?.some((o) => o === '*') + const handleOrigin = (set: Context['set'], request: Request) => { // origin === `true` means any origin if (origin === true) { @@ -226,6 +234,13 @@ export const cors = ( return } + if (anyOrigin) { + set.headers['Vary'] = '*' + set.headers['Access-Control-Allow-Origin'] = '*' + + return + } + if (!origins?.length) return const headers: string[] = [] @@ -272,9 +287,11 @@ export const cors = ( if (allowedHeaders.length) set.headers['Access-Control-Allow-Headers'] = - typeof allowedHeaders === 'string' - ? allowedHeaders - : allowedHeaders.join(', ') + allowedHeaders as string + + if (exposedHeaders.length) + set.headers['Access-Control-Expose-Headers'] = + exposedHeaders as string if (maxAge) set.headers['Access-Control-Max-Age'] = maxAge.toString() @@ -288,9 +305,11 @@ export const cors = ( if (allowedHeaders.length) set.headers['Access-Control-Allow-Headers'] = - typeof allowedHeaders === 'string' - ? allowedHeaders - : allowedHeaders.join(', ') + allowedHeaders as string + + if (exposedHeaders.length) + set.headers['Access-Control-Expose-Headers'] = + exposedHeaders as string if (maxAge) set.headers['Access-Control-Max-Age'] = maxAge.toString() @@ -301,30 +320,24 @@ export const cors = ( }) const defaultHeaders: Record = { - 'Access-Control-Allow-Headers': - typeof allowedHeaders === 'string' - ? allowedHeaders - : allowedHeaders.join(', '), - 'Access-Control-Exposed-Headers': - typeof exposedHeaders === 'string' - ? exposedHeaders - : exposedHeaders.join(', ') + 'Access-Control-Allow-Headers': allowedHeaders, + 'Access-Control-Exposed-Headers': exposedHeaders } if (credentials === true) defaultHeaders['Access-Control-Allow-Credentials'] = 'true' - if (app.headers) - return app.headers(defaultHeaders).onRequest(({ set, request }) => { - handleOrigin(set, request) - handleMethod(set, request.method) - }) - - return app.onRequest(({ set, request }) => { - Object.assign(set.headers, defaultHeaders) - + return app.headers(defaultHeaders).onRequest(({ set, request }) => { handleOrigin(set, request) handleMethod(set, request.method) + + if (allowedHeaders.length) + set.headers['Access-Control-Allow-Headers'] = + allowedHeaders as string + + if (exposedHeaders.length) + set.headers['Access-Control-Expose-Headers'] = + exposedHeaders as string }) }