Added package sources

Author: stevenvachon

.github/workflows/deploy.yml

@@ -46,9 +46,4 @@ jobs:
       - name: Update (email) Lambda file
         run: aws lambda update-function-code --function-name stevenvachon-email --zip-file fileb://./packages/email/bundle.zip
       - name: Import--and auto-deploy--API Gateway OpenAPI
-        # This will remove tags and CORS settings
         run: aws apigatewayv2 reimport-api --api-id ioi9i226o3 --body file://./packages/api/openapi.yaml
-      - name: Reconfigure deployed API Gateway CORS
-        run: aws apigatewayv2 update-api --api-id ioi9i226o3 --cors-configuration AllowOrigins='https://svachon.com',AllowMethods='OPTIONS,POST',AllowHeaders='Content-Type,X-Requested-With',MaxAge=604800
-      - name: Re-tag deployed API Gateway
-        run: aws apigatewayv2 tag-resource --resource-arn arn:aws:apigateway:us-east-1::/apis/ioi9i226o3 --tags Key=stevenvachon

packages/@sv-common/constants/headers.mjs

@@ -0,0 +1,12 @@
+import { WEBSITE_URL } from './misc.mjs';
+
+export const CONTENT_TYPE = 'Content-Type';
+
+export const CORS_HEADERS = {
+  'Access-Control-Allow-Headers': `${CONTENT_TYPE}, X-Requested-With`,
+  'Access-Control-Allow-Methods': 'POST',
+  'Access-Control-Allow-Origin': `${WEBSITE_URL}`,
+};
+
+export const JSON_CONTENT_TYPE = 'application/json';
+export const TEXT_CONTENT_TYPE = 'text/plain';

packages/@sv-common/constants/index.mjs

@@ -0,0 +1,3 @@
+export * from './headers.mjs';
+export * from './messages.mjs';
+export * from './misc.mjs';

packages/@sv-common/constants/messages.mjs

@@ -0,0 +1,4 @@
+export const UNPARSABLE_CONTENT = 'Content could not be parsed';
+export const UNSUPPORTED_ACCEPT_TYPES = 'Unsupported Accept type(s)';
+export const UNSUPPORTED_CONTENT_TYPE = 'Unsupported Content-Type';
+export const VALIDATION_ERROR = 'Validation error';

packages/@sv-common/constants/misc.mjs

@@ -0,0 +1,2 @@
+export const WEBSITE_HOSTNAME = 'svachon.com';
+export const WEBSITE_URL = `https://${WEBSITE_HOSTNAME}/`;

packages/@sv-common/joi-safe/index.mjs

@@ -0,0 +1,45 @@
+import sanitizeHTML from 'sanitize-html';
+import { stripLow } from 'validator';
+
+const REMOVE_HTML_CONFIG = { allowedAttributes: {}, allowedTags: [] };
+
+const createArgs = (joi) => [
+  {
+    name: 'disallowHTML',
+    assert: joi.boolean(),
+  },
+];
+
+const createMethod = (name) => {
+  return function (disallowHTML = false) {
+    return this.$_addRule({ name, args: { disallowHTML } });
+  };
+};
+
+const createValidate = (multiline = false) => {
+  return (value, { error }, { disallowHTML }) =>
+    stripLow(value, multiline) !== value ||
+    sanitizeHTML(value, disallowHTML ? REMOVE_HTML_CONFIG : undefined) !== value
+      ? error('string.safe')
+      : value;
+};
+
+export default (joi) => ({
+  type: 'string',
+  base: joi.string(),
+  messages: {
+    'string.safe': '{{#label}} contains unsafe characters',
+  },
+  rules: {
+    safe: {
+      args: createArgs(joi),
+      method: createMethod('safe'),
+      validate: createValidate(),
+    },
+    safeMultiline: {
+      args: createArgs(joi),
+      method: createMethod('safeMultiline'),
+      validate: createValidate(true),
+    },
+  },
+});

packages/@sv-common/joi-safe/index.test.mjs

@@ -0,0 +1,130 @@
+import { expect, test as it } from 'vitest';
+import Joi from 'joi';
+import JoiSafe from './';
+
+const j = () => Joi.extend(JoiSafe);
+
+const test = ({ disallowHTML, input, multiline, valid }) => {
+  let error, value;
+  if (multiline) {
+    ({ error, value } = j()
+      .string()
+      .safeMultiline(disallowHTML)
+      .validate(input));
+  } else {
+    ({ error, value } = j().string().safe(disallowHTML).validate(input));
+  }
+  if (valid) {
+    expect(error).toBe(undefined);
+  } else {
+    expect(error).not.toBe(undefined);
+  }
+  expect(value).toBe(input);
+};
+
+it('can be loaded by Joi', () => expect(() => j()).not.toThrow());
+
+it('only applies to string types', () => {
+  for (const type of [
+    j().alternatives(),
+    j().any(),
+    j().array(),
+    j().binary(),
+    j().boolean(),
+    j().date(),
+    j().function(),
+    j().link(),
+    j().number(),
+    j().object(),
+    j().symbol(),
+  ]) {
+    expect(() => type.safe()).toThrow();
+    expect(() => type.safe(true)).toThrow();
+    expect(() => type.safeMultiline()).toThrow();
+    expect(() => type.safeMultiline(true)).toThrow();
+  }
+
+  expect(() => j().string().safe()).not.toThrow();
+  expect(() => j().string().safe(true)).not.toThrow();
+  expect(() => j().string().safeMultiline()).not.toThrow();
+  expect(() => j().string().safeMultiline(true)).not.toThrow();
+});
+
+it('disallows unsafe characters', () => {
+  test({
+    input: 'safe\x00',
+    multiline: false,
+    valid: false,
+  });
+  test({
+    input: 'safe\x00',
+    multiline: true,
+    valid: false,
+  });
+  test({
+    input: 'safe\x0A\x0D',
+    multiline: false,
+    valid: false,
+  });
+  test({
+    input: 'safe\x0A\x0D',
+    multiline: true,
+    valid: true,
+  });
+  test({
+    input: 'safe\n\r',
+    multiline: false,
+    valid: false,
+  });
+  test({
+    input: 'safe\n\r',
+    multiline: true,
+    valid: true,
+  });
+  test({
+    input: 'safe\t',
+    multiline: false,
+    valid: false,
+  });
+  test({
+    input: 'safe\t',
+    multiline: true,
+    valid: false,
+  });
+});
+
+it('disallows unsafe HTML', () => {
+  test({
+    disallowHTML: false,
+    input: '<div>safe html</div>',
+    multiline: false,
+    valid: true,
+  });
+  test({
+    disallowHTML: false,
+    input: '<div>safe\n\rhtml</div>',
+    multiline: true,
+    valid: true,
+  });
+  test({
+    disallowHTML: false,
+    input: `unsafe<script>alert('test');</script>html`,
+    multiline: false,
+    valid: false,
+  });
+});
+
+it('can disallow HTML completely', () => {
+  test({
+    disallowHTML: true,
+    input: '<div>safe html</div>',
+    multiline: false,
+    valid: false,
+  });
+  test({
+    disallowHTML: true,
+    input: 'safe\n\rhtml',
+    multiline: true,
+    valid: true,
+  });
+});

packages/@sv-test/helpers/src/createResponse.mjs

@@ -0,0 +1,9 @@
+import { CORS_HEADERS } from '@sv-common/constants';
+
+export default (response) => ({
+  ...response,
+  headers: {
+    ...CORS_HEADERS,
+    ...response.headers,
+  },
+});

packages/@sv-test/helpers/src/create_HTTP_400_RESPONSE_JSON.mjs

@@ -0,0 +1,13 @@
+import { CONTENT_TYPE, JSON_CONTENT_TYPE } from '@sv-common/constants';
+import createResponse from './createResponse.mjs';
+import { expect } from 'vitest';
+import toBeJSONMessage from './toBeJSONMessage.mjs';
+
+expect.extend({ toBeJSONMessage });
+
+export default (messageStartsWith) =>
+  createResponse({
+    body: expect.toBeJSONMessage(messageStartsWith),
+    headers: { [CONTENT_TYPE]: JSON_CONTENT_TYPE },
+    statusCode: 400,
+  });

packages/@sv-test/helpers/src/create_HTTP_406_RESPONSE.mjs

@@ -0,0 +1,13 @@
+import { CONTENT_TYPE, TEXT_CONTENT_TYPE } from '@sv-common/constants';
+import createResponse from './createResponse.mjs';
+import { expect } from 'vitest';
+import stringStartingWith from './stringStartingWith.mjs';
+
+expect.extend({ stringStartingWith });
+
+export default (messageStartsWith) =>
+  createResponse({
+    body: expect.stringStartingWith(messageStartsWith),
+    headers: { [CONTENT_TYPE]: TEXT_CONTENT_TYPE },
+    statusCode: 406,
+  });