Big refactor (middleware, tests, readme) (#2)

* Refactor

- rewrite tests
- stop always adding 'access-control-allow-credentials' header
- handle undefined handler.response object on error

* Remove event from tests, not needed

* Add README.md

* 0.1.0

* Add more keywords to package.json

Co-authored-by: Wojciech Iskra <wojciech.iskra@schibsted.com>

README.md

@@ -1,2 +1,62 @@
-# middy-cors
-Adds CORS headers to the response (success and error)
+# Schibsted Middy CORS middleware
+
+#### CORS middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda
+
+
+This middleware sets HTTP CORS headers, necessary for making cross-origin requests, to the response object.
+
+Sets headers in `after` and `onError` phases.
+
+This is an alternative to [standard Middy cors handler](https://github.com/middyjs/middy/tree/master/packages/http-cors) with the following differences:
+- it allows you to add more CORS headers
+
+
+## Install
+
+To install this middleware you can use NPM:
+
+```bash
+npm install --save @schibsted/middy-cors
+```
+
+
+## Options
+
+- `allowedOrigins` (array) - list of allowed origins or `['*']` for allowing all origins
+- `exposeHeaders` (array) - list of headers to expose
+- `maxAge` (string) - value passed to `access-control-max-age` header
+- `credentials` (bool) - value passed to `access-control-allow-credentials` header 
+- `allowMethods` (array) - list of allowed HTTP methods
+- `allowHeaders` (array) - list of allowed HTTP headers
+
+
+## Sample usage
+
+```javascript
+const middy = require('@middy/core');
+const cors = require('@schibsted/middy-cors');
+
+const handler = middy(async () => ({
+        statusCode: 200,
+        body: JSON.stringify({ foo: 'bar' }),
+    }));
+
+handler
+  .use(cors({ allowedOrigins: ['https://www.vg.no', 'https://www.tek.no']}));
+
+// when Lambda runs the handler...
+handler({}, {}, (_, response) => {
+  expect(response).toEqual({
+    statusCode: 200,
+    headers: {
+        'access-control-allow-origin': 'https://www.vg.no, https://www.tek.no',
+    },
+    body: JSON.stringify({ foo: 'bar' }),
+  })
+})
+```
+
+
+## Contributing
+
+Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/schibsted/middy-cors/issues) or to [submit Pull Requests](https://github.com/schibsted/middy-cors/pulls).

index.js

@@ -1,18 +1,15 @@
-const getCorsHeaders = ({
-    allowedOrigins,
-    exposeHeaders,
-    maxAge,
-    credentials = false,
-    allowMethods,
-    allowHeaders,
-} = {}) => {
+const R = require('ramda');
+
+const getCorsHeaders = ({ allowedOrigins, exposeHeaders, maxAge, credentials, allowMethods, allowHeaders } = {}) => {
     const headers = {};
 
     if (allowedOrigins) {
         headers['access-control-allow-origin'] = allowedOrigins.join(', ');
     }
 
-    headers['access-control-allow-credentials'] = credentials;
+    if (credentials !== undefined) {
+        headers['access-control-allow-credentials'] = credentials;
+    }
 
     if (exposeHeaders) {
         headers['access-control-expose-headers'] = exposeHeaders.join(', ');
@@ -40,10 +37,16 @@ const corsMiddleware = (opts) => ({
     },
     onError: async (handler) => {
         // eslint-disable-next-line no-param-reassign
-        handler.response.headers = {
-            ...handler.response.headers,
-            ...getCorsHeaders(opts),
-        };
+        handler.response = R.assocPath(
+            ['headers'],
+            {
+                ...R.pathOr({}, ['response', 'headers'], handler),
+                ...getCorsHeaders(opts),
+            },
+            handler.response
+        );
+
+        return handler;
     },
 });