Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
xuyiping
/
kpt-pasture
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 9064b372e8
Салаанууд Тагууд
kpt-pasture
/
node_modules
/
@koa
/
cors
/
index.js

index.js 4.2 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 
  1. 'use strict';
    2. 

  2. 

  3. const vary = require('vary');
    4. 

  4. 

  5. /**
    6. 

  6.  * CORS middleware
    7. 

  7.  *
    8. 

  8.  * @param {Object} [options]
    9. 

  9.  *  - {String|Function(ctx)} origin `Access-Control-Allow-Origin`, default is request Origin header
    10. 

  10.  *  - {String|Array} allowMethods `Access-Control-Allow-Methods`, default is 'GET,HEAD,PUT,POST,DELETE,PATCH'
    11. 

  11.  *  - {String|Array} exposeHeaders `Access-Control-Expose-Headers`
    12. 

  12.  *  - {String|Array} allowHeaders `Access-Control-Allow-Headers`
    13. 

  13.  *  - {String|Number} maxAge `Access-Control-Max-Age` in seconds
    14. 

  14.  *  - {Boolean} credentials `Access-Control-Allow-Credentials`
    15. 

  15.  *  - {Boolean} keepHeadersOnError Add set headers to `err.header` if an error is thrown
    16. 

  16.  * @return {Function} cors middleware
    17. 

  17.  * @api public
    18. 

  18.  */
    19. 

  19. module.exports = function(options) {
    20. 

  20.   const defaults = {
    21. 

  21.     allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH',
    22. 

  22.   };
    23. 

  23. 

  24.   options = {
    25. 

  25.     ...defaults,
    26. 

  26.     ...options,
    27. 

  27.   };
    28. 

  28. 

  29.   if (Array.isArray(options.exposeHeaders)) {
    30. 

  30.     options.exposeHeaders = options.exposeHeaders.join(',');
    31. 

  31.   }
    32. 

  32. 

  33.   if (Array.isArray(options.allowMethods)) {
    34. 

  34.     options.allowMethods = options.allowMethods.join(',');
    35. 

  35.   }
    36. 

  36. 

  37.   if (Array.isArray(options.allowHeaders)) {
    38. 

  38.     options.allowHeaders = options.allowHeaders.join(',');
    39. 

  39.   }
    40. 

  40. 

  41.   if (options.maxAge) {
    42. 

  42.     options.maxAge = String(options.maxAge);
    43. 

  43.   }
    44. 

  44. 

  45.   options.keepHeadersOnError = options.keepHeadersOnError === undefined || !!options.keepHeadersOnError;
    46. 

  46. 

  47.   return async function cors(ctx, next) {
    48. 

  48.     // If the Origin header is not present terminate this set of steps.
    49. 

  49.     // The request is outside the scope of this specification.
    50. 

  50.     const requestOrigin = ctx.get('Origin');
    51. 

  51. 

  52.     // Always set Vary header
    53. 

  53.     // https://github.com/rs/cors/issues/10
    54. 

  54.     ctx.vary('Origin');
    55. 

  55. 

  56.     if (!requestOrigin) return await next();
    57. 

  57. 

  58.     let origin;
    59. 

  59.     if (typeof options.origin === 'function') {
    60. 

  60.       origin = options.origin(ctx);
    61. 

  61.       if (origin instanceof Promise) origin = await origin;
    62. 

  62.       if (!origin) return await next();
    63. 

  63.     } else {
    64. 

  64.       origin = options.origin || requestOrigin;
    65. 

  65.     }
    66. 

  66. 

  67.     let credentials;
    68. 

  68.     if (typeof options.credentials === 'function') {
    69. 

  69.       credentials = options.credentials(ctx);
    70. 

  70.       if (credentials instanceof Promise) credentials = await credentials;
    71. 

  71.     } else {
    72. 

  72.       credentials = !!options.credentials;
    73. 

  73.     }
    74. 

  74. 

  75.     const headersSet = {};
    76. 

  76. 

  77.     function set(key, value) {
    78. 

  78.       ctx.set(key, value);
    79. 

  79.       headersSet[key] = value;
    80. 

  80.     }
    81. 

  81. 

  82.     if (ctx.method !== 'OPTIONS') {
    83. 

  83.       // Simple Cross-Origin Request, Actual Request, and Redirects
    84. 

  84.       set('Access-Control-Allow-Origin', origin);
    85. 

  85. 

  86.       if (credentials === true) {
    87. 

  87.         set('Access-Control-Allow-Credentials', 'true');
    88. 

  88.       }
    89. 

  89. 

  90.       if (options.exposeHeaders) {
    91. 

  91.         set('Access-Control-Expose-Headers', options.exposeHeaders);
    92. 

  92.       }
    93. 

  93. 

  94.       if (!options.keepHeadersOnError) {
    95. 

  95.         return await next();
    96. 

  96.       }
    97. 

  97.       try {
    98. 

  98.         return await next();
    99. 

  99.       } catch (err) {
    100. 

  100.         const errHeadersSet = err.headers || {};
    101. 

  101.         const varyWithOrigin = vary.append(errHeadersSet.vary || errHeadersSet.Vary || '', 'Origin');
    102. 

  102.         delete errHeadersSet.Vary;
    103. 

  103. 

  104.         err.headers = {
    105. 

  105.           ...errHeadersSet,
    106. 

  106.           ...headersSet,
    107. 

  107.           ...{ vary: varyWithOrigin },
    108. 

  108.         };
    109. 

  109.         throw err;
    110. 

  110.       }
    111. 

  111.     } else {
    112. 

  112.       // Preflight Request
    113. 

  113. 

  114.       // If there is no Access-Control-Request-Method header or if parsing failed,
    115. 

  115.       // do not set any additional headers and terminate this set of steps.
    116. 

  116.       // The request is outside the scope of this specification.
    117. 

  117.       if (!ctx.get('Access-Control-Request-Method')) {
    118. 

  118.         // this not preflight request, ignore it
    119. 

  119.         return await next();
    120. 

  120.       }
    121. 

  121. 

  122.       ctx.set('Access-Control-Allow-Origin', origin);
    123. 

  123. 

  124.       if (credentials === true) {
    125. 

  125.         ctx.set('Access-Control-Allow-Credentials', 'true');
    126. 

  126.       }
    127. 

  127. 

  128.       if (options.maxAge) {
    129. 

  129.         ctx.set('Access-Control-Max-Age', options.maxAge);
    130. 

  130.       }
    131. 

  131. 

  132.       if (options.allowMethods) {
    133. 

  133.         ctx.set('Access-Control-Allow-Methods', options.allowMethods);
    134. 

  134.       }
    135. 

  135. 

  136.       let allowHeaders = options.allowHeaders;
    137. 

  137.       if (!allowHeaders) {
    138. 

  138.         allowHeaders = ctx.get('Access-Control-Request-Headers');
    139. 

  139.       }
    140. 

  140.       if (allowHeaders) {
    141. 

  141.         ctx.set('Access-Control-Allow-Headers', allowHeaders);
    142. 

  142.       }
    143. 

  143. 

  144.       ctx.status = 204;
    145. 

  145.     }
    146. 

  146.   };
    147. 

  147. };
    148.