feat: remove runtimeHook option and refactor to context object

Baroshem · Dec 11, 2023 · 1827273 · 1827273
1 parent 6e41f10
commit 1827273
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 22 deletions.
diff --git a/playground/server/plugins/headers.ts b/playground/server/plugins/headers.ts
@@ -1,9 +1,13 @@
 
 export default defineNitroPlugin((nitroApp) => {
     nitroApp.hooks.hook('nuxt-security:ready', () => {
-        nitroApp.hooks.callHook('nuxt-security:headers', '/api/runtime-hooks' ,{
-            contentSecurityPolicy: {
-                "script-src": ["'self'", "'unsafe-inline'"],
+        nitroApp.hooks.callHook('nuxt-security:headers',
+        { 
+            route: '/api/runtime-hooks',
+            headers: {
+                contentSecurityPolicy: {
+                    "script-src": ["'self'", "'unsafe-inline'"],
+                }
             }
         })
     })

diff --git a/src/module.ts b/src/module.ts
@@ -125,15 +125,13 @@ export default defineNuxtModule<ModuleOptions>({
       })
     }
 
-
-    if(nuxt.options.security.runtimeHooks) {
-      addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context'))
-      addServerHandler({
-        handler: normalize(
-          resolve(runtimeDir, 'server/middleware/headers')
-        )
-      })
-    }
+
+    addServerPlugin(resolve(runtimeDir, 'nitro/plugins/00-context'))
+    addServerHandler({
+      handler: normalize(
+        resolve(runtimeDir, 'server/middleware/headers')
+      )
+    }) 
 
     const allowedMethodsRestricterConfig = nuxt.options.security
     .allowedMethodsRestricter

diff --git a/src/runtime/nitro/plugins/00-context.ts b/src/runtime/nitro/plugins/00-context.ts
@@ -6,7 +6,7 @@ import { OptionKey } from "~/src/module"
 export default defineNitroPlugin((nitroApp) => {
     const router = createRouter()
 
-    nitroApp.hooks.hook('nuxt-security:headers', (route, headersConfig) => {
+    nitroApp.hooks.hook('nuxt-security:headers', ({route, headers: headersConfig}) => {
         const headers: Record<string, string |false > = {}
 
         for (const [header, headerOptions] of Object.entries(headersConfig)) {

diff --git a/src/types/index.ts b/src/types/index.ts
@@ -22,10 +22,6 @@ export interface ModuleOptions {
   nonce: boolean;
   removeLoggers: RemoveOptions | false;
   ssg: Ssg | false;
-  /**
-   * enable runtime nitro hooks to configure some options at runtime
-   */
-  runtimeHooks: boolean;
   sri: boolean
 }
 
@@ -42,7 +38,16 @@ export type NuxtSecurityRouteRules = Pick<ModuleOptions,
 
   declare module 'nitropack' {
     interface NitroRuntimeHooks {
-      'nuxt-security:headers': (route: string, headers: SecurityHeaders) => void
+      'nuxt-security:headers': (config: {
+        /**
+         * The route for which the headers are being configured
+         */
+        route: string,
+        /**
+         * The headers configuration for the route
+         */
+        headers: SecurityHeaders
+      }) => void
       'nuxt-security:ready': () => void
     }
   } 
diff --git a/test/fixtures/runtime-hooks/server/plugins/headers.ts b/test/fixtures/runtime-hooks/server/plugins/headers.ts
@@ -1,8 +1,10 @@
-export default  defineNitroPlugin((nitroApp) => {
+export default defineNitroPlugin((nitroApp) => {
     nitroApp.hooks.hook('nuxt-security:ready', () => {
-        nitroApp.hooks.callHook('nuxt-security:headers', '/api/runtime-hooks' ,{
-            contentSecurityPolicy: {
-                "script-src": ["'self'", "'unsafe-inline'", '*.azure.com'],
+        nitroApp.hooks.callHook('nuxt-security:headers', {
+            route: '/api/runtime-hooks', headers: {
+                contentSecurityPolicy: {
+                    "script-src": ["'self'", "'unsafe-inline'", '*.azure.com'],
+                }
             }
         })
     })