ohcnetwork · rithviknishad · Dec 17, 2024 · Dec 16, 2024 · Dec 16, 2024 · Dec 16, 2024
@@ -5,15 +5,47 @@ import { getResponseBody } from "@/Utils/request/request";
 import { QueryOptions, Route } from "@/Utils/request/types";
 import { makeHeaders, makeUrl } from "@/Utils/request/utils";
 
+/**
+ * Extend the QueryOptions interface to include customHeaders
+ * @template TBody - The type of the request body
+ */
+export interface QueryOptionsWithHeaders<TBody> extends QueryOptions<TBody> {
+  customHeaders?: Record<string, string>;
+  headers?: HeadersInit;
+}
+
+// Function to sanitize custom headers
+const sanitizeHeaders = (headers: Record<string, string>) => {
+  const sanitized: Record<string, string> = {};
+  for (const [key, value] of Object.entries(headers)) {
+    // Ensure header names follow RFC 7230 and values are safe
+    if (
+      /^[!#$%&'*+-.^_`|~0-9a-zA-Z]+$/.test(key) &&
+      typeof value === "string" && // Changed 'string' to "string"
+      !value.includes("\n") && // Changed '\n' to "\n"
+      !value.includes("\r")
+    ) {
+      // Changed '\r' to "\r"
+      sanitized[key] = value;
+    }
+  }
+  return sanitized;
+};
+
 async function queryRequest<TData, TBody>(
   { path, method, noAuth }: Route<TData, TBody>,
-  options?: QueryOptions<TBody>,
+  options?: QueryOptionsWithHeaders<TBody>,
 ): Promise<TData> {
   const url = `${careConfig.apiUrl}${makeUrl(path, options?.queryParams, options?.pathParams)}`;
 
+  // Merge default headers with sanitized custom headers
+  const defaultHeaders = makeHeaders(noAuth ?? false);
+  const customHeaders = sanitizeHeaders(options?.customHeaders || {});
+  const headers = { ...defaultHeaders, ...customHeaders }; // Merging headers manually
+
   const fetchOptions: RequestInit = {
     method,
-    headers: makeHeaders(noAuth ?? false),
+    headers,
     signal: options?.signal,
   };
 
@@ -45,12 +77,14 @@ async function queryRequest<TData, TBody>(
 
 /**
  * Creates a TanStack Query compatible request function
+ * @template TData - The type of the response data
+ * @template TBody - The type of the request body
  */
 export default function query<TData, TBody>(
   route: Route<TData, TBody>,
-  options?: QueryOptions<TBody>,
-) {
-  return ({ signal }: { signal: AbortSignal }) => {
+  options?: QueryOptionsWithHeaders<TBody>,
+): (params: { signal: AbortSignal }) => Promise<TData> {
+  return ({ signal }) => {
     return queryRequest(route, { ...options, signal });
   };
 }
@@ -41,6 +41,7 @@ export interface QueryOptions<TBody = unknown> {
   body?: TBody;
   silent?: boolean;
   signal?: AbortSignal;
+  headers?: HeadersInit;
 }
 
 export interface PaginatedResponse<TItem> {

@@ -50,33 +50,24 @@ const ensurePathNotMissingReplacements = (path: string) => {
   }
 };
 
-export function makeHeaders(noAuth: boolean) {
+export function makeHeaders(noAuth: boolean, additionalHeaders?: HeadersInit) {
   const headers = new Headers({
     "Content-Type": "application/json",
     Accept: "application/json",
+    ...additionalHeaders,
   });
 
   if (!noAuth) {
-    const token = getAuthorizationHeader();
+    const token = localStorage.getItem(LocalStorageKeys.accessToken);
 
     if (token) {
-      headers.append("Authorization", token);
+      headers.append("Authorization", `Bearer ${token}`);
     }
   }
 
   return headers;
 }
 
-export function getAuthorizationHeader() {
-  const bearerToken = localStorage.getItem(LocalStorageKeys.accessToken);
-
-  if (bearerToken) {
-    return `Bearer ${bearerToken}`;
-  }
-
-  return null;
-}
-
 export function mergeRequestOptions<TData>(
   options: RequestOptions<TData>,
   overrides: RequestOptions<TData>,