Skip to content

Commit

Permalink
fix: request header secret (#104)
Browse files Browse the repository at this point in the history
  • Loading branch information
adeherysh authored Apr 25, 2024
1 parent 3cc7d26 commit e2e9e4e
Show file tree
Hide file tree
Showing 6 changed files with 48 additions and 34 deletions.
17 changes: 10 additions & 7 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
name: CI

on:
push:
branches:
- main
pull_request:
types: [assigned, unassigned, opened, synchronize, edited, ready_for_review, reopened]
branches:
- main

jobs:
ci:
build:
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false && !endsWith(github.actor, '[bot]') && github.actor != 'kitabisaengineer'
steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -22,21 +23,23 @@ jobs:
- name: Install dependencies
run: bun install --frozen-lockfile

- name: Build package
run: bun run build

- name: Run Danger JS
if: github.event_name == 'pull_request' && github.actor != 'kitabisaengineer' && !endsWith(github.actor, '[bot]')
run: bun danger ci
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

semgrep:
needs: ci
runs-on: ubuntu-latest
if: github.actor != 'kitabisaengineer' && !endsWith(github.actor, '[bot]')
container:
image: semgrep/semgrep
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Run Semgrep
run: semgrep ci
env:
SEMGREP_RULES: auto
run: semgrep scan --config auto
1 change: 0 additions & 1 deletion .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,4 +71,3 @@ jobs:
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
enable-url-completion: true
16 changes: 9 additions & 7 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,15 @@
Supple mock server with random fake data using <a href="https://github.com/faker-js/faker">Faker.js</a>
</p>

<!-- <p align="center">
<a href="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-qurban.yaml"><img src="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-qurban.yaml/badge.svg" alt="Deploy Stg Qurban" /></a>
<a href="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-corin.yaml"><img src="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-corin.yaml/badge.svg" alt="Deploy Stg Corin" /></a>
<!-- end of badges -->
<!-- </p> -->
<p align="center">
<a href="https://github.com/kitabisa/smockr/actions/workflows/ci.yaml"><img src="https://img.shields.io/github/actions/workflow/status/kitabisa/smockr/ci.yml?branch=main" alt="Build Status"></a>
<a href="https://www.npmjs.com/package/@kitabisa/smockr"><img src="https://img.shields.io/npm/dt/@kitabisa/smockr.svg" alt="NPM Downloads"></a>
<a href="https://hub.docker.com/r/kitabisa/smockr"><img src="https://img.shields.io/docker/pulls/kitabisa/smockr" alt="Docker Pull"></a>
<a href="https://github.com/kitabisa/smockr/releases"><img src="https://img.shields.io/github/v/release/kitabisa/smockr" alt="Latest Release"></a>
<a href="https://github.com/kitabisa/smockr/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/@kitabisa/smockr.svg" alt="License"></a>
</p>

<!-- ------ -->
------

## Features

Expand Down Expand Up @@ -56,7 +58,7 @@ Run in local:
$ PORT=8080 \
SECRET_KEY="" \
ALLOWED_ORIGIN="*" \
ALLOWED_METHODS="GET,HEAD,PUT,PATCH,POST,DELETE" \
ALLOWED_METHODS="GET, HEAD, PUT, PATCH, POST, DELETE" \
ALLOWED_HEADERS="*" \
bun server.ts
```
Expand Down
26 changes: 14 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,15 @@
Supple mock server with random fake data using <a href="https://github.com/faker-js/faker">Faker.js</a>
</p>

<!-- <p align="center">
<a href="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-qurban.yaml"><img src="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-qurban.yaml/badge.svg" alt="Deploy Stg Qurban" /></a>
<a href="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-corin.yaml"><img src="https://github.com/kitabisa/cockpit/actions/workflows/deploy-stg-corin.yaml/badge.svg" alt="Deploy Stg Corin" /></a>
<!-- end of badges -->
<!-- </p> -->
<p align="center">
<a href="https://github.com/kitabisa/smockr/actions/workflows/ci.yaml"><img src="https://img.shields.io/github/actions/workflow/status/kitabisa/smockr/ci.yml?branch=main" alt="Build Status"></a>
<a href="https://www.npmjs.com/package/@kitabisa/smockr"><img src="https://img.shields.io/npm/dt/@kitabisa/smockr.svg" alt="NPM Downloads"></a>
<a href="https://hub.docker.com/r/kitabisa/smockr"><img src="https://img.shields.io/docker/pulls/kitabisa/smockr" alt="Docker Pull"></a>
<a href="https://github.com/kitabisa/smockr/releases"><img src="https://img.shields.io/github/v/release/kitabisa/smockr" alt="Latest Release"></a>
<a href="https://github.com/kitabisa/smockr/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/@kitabisa/smockr.svg" alt="License"></a>
</p>

<!-- ------ -->
------

## Features

Expand Down Expand Up @@ -66,9 +68,9 @@ Running mock with custom params
$ smockr \
--port 3000 \
--secret "mysecret" \
--allowOrigin "*.kitabisa.com,*.kitajaga.id" \
--allowMethods "GET,POST,PATCH" \
--allowHeaders "Content-Type,Authorization"
--allowOrigin "*.kitabisa.com, *.kitajaga.id" \
--allowMethods "GET, POST, PATCH" \
--allowHeaders "Content-Type, Authorization"
```
When you define `secret` as a parameter and is not empty string, the client request must be include `X-Smockr-Secret` header with the same value

Expand Down Expand Up @@ -98,9 +100,9 @@ Running mock with custom params
```
$ docker run -p 3000:8080 --rm \
-e SECRET_KEY="mysecret" \
-e ALLOWED_ORIGIN="*.kitabisa.com,*.kitajaga.id" \
-e ALLOWED_METHODS="GET,POST,PATCH" \
-e ALLOWED_HEADERS="Content-Type,Authorization" \
-e ALLOWED_ORIGIN="*.kitabisa.com, *.kitajaga.id" \
-e ALLOWED_METHODS="GET, POST, PATCH" \
-e ALLOWED_HEADERS="Content-Type, Authorization" \
kitabisa/smockr
```

Expand Down
6 changes: 3 additions & 3 deletions commands/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import path from 'path'
* @param {number} [port=8080] define port
* @param {string} [secret=""] define secret for client header X-Smockr-Secret
* @param {string} [allowOrigin="*"] define allow cors origin
* @param {string} [allowMethods="GET,HEAD,PUT,PATCH,POST,DELETE"] define allow cors methods
* @param {string} [allowMethods="*"] define allow cors methods
* @param {string} [allowHeaders="*"] define allow cors headers
*/
export default async function main(
Expand All @@ -30,7 +30,7 @@ export default async function main(
})
}
if (allowMethods && allowMethods !== '*') {
const methods = ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE']
const methods = ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE', 'OPTIONS']
allowMethods.split(',').map((method) => {
if (!methods.includes(method.trim().toUpperCase())) {
console.error(`${method.trim().toUpperCase()} is not valid http method`)
Expand All @@ -41,12 +41,12 @@ export default async function main(
const server = path.resolve(__dirname, '../../bin/server.js')
execSync(`bun ${server}`, {
env: {
...process.env,
PORT: port?.toString(),
SECRET_KEY: secret,
ALLOWED_ORIGIN: allowOrigin,
ALLOWED_METHODS: allowMethods,
ALLOWED_HEADERS: allowHeaders,
NODE_ENV: process.env.NODE_ENV,
},
stdio: 'inherit',
})
Expand Down
16 changes: 12 additions & 4 deletions server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,20 @@ const app = express()
const dev = process.env.NODE_ENV !== 'production'
const port = process.env.PORT || 8080
const secret = process.env.SECRET_KEY || ''
const allowOrigin = process.env.ALLOWED_ORIGIN || '*'
const allowOrigin =
process.env.ALLOWED_ORIGIN && process.env.ALLOWED_ORIGIN !== '*'
? process.env.ALLOWED_ORIGIN.replaceAll(' ', '').split(',').join(', ')
: '*'
const allowMethods =
process.env.ALLOWED_METHODS || 'GET,HEAD,PUT,PATCH,POST,DELETE'
process.env.ALLOWED_METHODS && process.env.ALLOWED_METHODS !== '*'
? process.env.ALLOWED_METHODS.replaceAll(' ', '')
.split(',')
.join(', ')
.toUpperCase()
: '*'
const allowHeaders =
process.env.ALLOWED_HEADERS && process.env.ALLOWED_HEADERS !== '*'
? `${process.env.ALLOWED_HEADERS},X-Smockr-Secret`
? `${process.env.ALLOWED_HEADERS?.replaceAll(' ', '').split(',').join(', ')}, X-Smockr-Secret`
: '*'

const corsOptions = cors({
Expand Down Expand Up @@ -45,7 +53,7 @@ app.get('/favicon.ico', (_req: Request, res: Response) => {
})

app.all('*', (req: Request, res: Response) => {
const clientSecret = req.headers['X-Smockr-Secret']
const clientSecret = req.headers['x-smockr-secret']
const { mock }: any = req.query
let body = mock?.response?.body
let headers = mock?.response?.headers
Expand Down

0 comments on commit e2e9e4e

Please sign in to comment.