chore(version): bump to 0.2.0

- Adjusts the reported size of the minimal Docker image from ~93 MB to ~166 MB.
- Reflects updated build size for accuracy and transparency.

Dockerfile

@@ -14,10 +14,12 @@ COPY import_map.json ./import_map.json
 RUN deno task compile
 
 # -------- Stage 2: Minimal runtime environment --------
-FROM alpine:latest
+FROM debian:bookworm-slim
 
-# Optional: Install curl for container-level health checks (not needed for production-only binaries)
+# Optional: Install curl for container-level health checks
-RUN apk add --no-cache curl
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends curl \
+    && rm -rf /var/lib/apt/lists/*
 
 # Copy only the compiled application binary from the builder stage
 COPY --from=builder /app/app /app/app

README.md

@@ -10,7 +10,7 @@ This service acts as a transparent gateway that verifies an `apiKey` before forw
 
 * 🔐 **API key authentication** via query or form body
 * 📡 **Transparent proxying** to any LanguageTool backend
-* 🐳 **Minimal Docker image (\~93 MB)**
+* 🐳 **Minimal Docker image (\~166 MB)**
 * 🧱 **Statically compiled** Deno binary
 * 🧪 **Unit tested** middleware and proxy logic
 * 🛠️ Compatible with regular LT clients

VERSION

@@ -1 +1 @@
-0.1.1
+0.2.0

src/__tests__/ltProxyAuth.test.ts

@@ -6,11 +6,19 @@ import { ltProxyAuth } from '../ltProxyAuth.ts';
 Deno.test('ltProxyAuth: accepts valid API key', async () => {
     Deno.env.set('API_KEYS', 'valid123');
 
-    const req = new Request('http://localhost/?apiKey=valid123');
+    const body = new URLSearchParams({ apiKey: 'valid123' });
+    const req = new Request('http://localhost/', {
+        method: 'POST',
+        headers: {
+            'content-type': 'application/x-www-form-urlencoded',
+        },
+        body,
+    });
+
     const ctx: IContext = {
         req,
         params: {},
-        query: { apiKey: 'valid123' },
+        query: {},
         state: {},
     };
 
@@ -26,11 +34,19 @@ Deno.test('ltProxyAuth: accepts valid API key', async () => {
 Deno.test('ltProxyAuth: rejects invalid API key', async () => {
     Deno.env.set('API_KEYS', 'valid123');
 
-    const req = new Request('http://localhost/?apiKey=invalid456');
+    const body = new URLSearchParams({ apiKey: 'invalid456' });
+    const req = new Request('http://localhost/', {
+        method: 'POST',
+        headers: {
+            'content-type': 'application/x-www-form-urlencoded',
+        },
+        body,
+    });
+
     const ctx: IContext = {
         req,
         params: {},
-        query: { apiKey: 'invalid456' },
+        query: {},
         state: {},
     };
 
@@ -46,7 +62,15 @@ Deno.test('ltProxyAuth: rejects invalid API key', async () => {
 Deno.test('ltProxyAuth: rejects missing API key', async () => {
     Deno.env.set('API_KEYS', 'valid123');
 
-    const req = new Request('http://localhost/');
+    const body = new URLSearchParams({ text: 'nur text ohne apiKey' });
+    const req = new Request('http://localhost/', {
+        method: 'POST',
+        headers: {
+            'content-type': 'application/x-www-form-urlencoded',
+        },
+        body,
+    });
+
     const ctx: IContext = {
         req,
         params: {},
@@ -60,4 +84,5 @@ Deno.test('ltProxyAuth: rejects missing API key', async () => {
     );
 
     assertEquals(response.status, 403);
+    assertEquals(await response.text(), 'Forbidden – Invalid API key');
 });

src/__tests__/ltProxyHandler.test.ts

@@ -16,12 +16,16 @@ Deno.test('ltProxyHandler: proxies request and returns response', async () => {
     const originalFetch = globalThis.fetch;
     globalThis.fetch = async () => expectedResponse;
 
+    // Form body wie bei echtem Request
+    const formData = new URLSearchParams({ text: 'Hallo Welt' });
+    const bodyBytes = new TextEncoder().encode(formData.toString());
+
     const req = new Request('http://localhost/v2/check?language=de-DE', {
         method: 'POST',
-        body: new TextEncoder().encode('text=Hallo+Welt'),
         headers: {
             'content-type': 'application/x-www-form-urlencoded',
         },
+        body: bodyBytes,
     });
 
     const ctx: IContext = {
@@ -30,7 +34,9 @@ Deno.test('ltProxyHandler: proxies request and returns response', async () => {
         query: {
             language: 'de-DE',
         },
-        state: {},
+        state: {
+            body: bodyBytes,
+        },
     };
 
     const response = await ltProxyHandler(ctx);

src/ltProxyAuth.ts

@@ -2,18 +2,26 @@ import { Middleware } from 'http-kernel/Types/mod.ts';
 import { Env } from './env.ts';
 
 /**
- * Middleware that checks for a valid API key via ?apiKey=... query/form param.
+ * Middleware that checks for a valid API key via form param.
- * Rejects request with 403 if the key is missing or invalid.
+ * Also stores the body in ctx.state.body for later use.
  */
 export const authMiddleware: Middleware = async (ctx, next) => {
-    const key = ctx.query.apiKey;
+    const contentType = ctx.req.headers.get('content-type') || '';
 
-    // Support both ?apiKey=... and form body with apiKey=...
+    if (contentType.includes('application/x-www-form-urlencoded')) {
-    const extractedKey = Array.isArray(key) ? key[0] : key;
+        const bodyBuffer = await ctx.req.arrayBuffer();
+        ctx.state.body = new Uint8Array(bodyBuffer);
 
-    if (!extractedKey || !Env.apiKeys.includes(extractedKey)) {
+        const text = new TextDecoder().decode(ctx.state.body as Uint8Array);
+        const params = new URLSearchParams(text);
+        const key = params.get('apiKey');
+
+        if (!key || !Env.apiKeys.includes(key)) {
             return new Response('Forbidden – Invalid API key', { status: 403 });
         }
+    } else {
+        return new Response('Unsupported content type', { status: 415 });
+    }
 
     return await next();
 };

src/ltProxyHandler.ts

@@ -4,6 +4,7 @@ import { Env } from './env.ts';
 /**
  * Forwards the incoming request to the actual LanguageTool server.
  * Dynamically passes through path and query string.
+ * Removes `username` and `apiKey` from the FormData body if present.
  */
 export const handler: Handler = async (ctx) => {
     const originalUrl = new URL(ctx.req.url);
@@ -12,16 +13,40 @@ export const handler: Handler = async (ctx) => {
         `http://${Env.ltServerHost}:${Env.ltServerPort}`,
     );
 
+    const contentType = ctx.req.headers.get('content-type') ?? '';
+    let body: BodyInit | null = null;
+
+    if (
+        contentType.includes('application/x-www-form-urlencoded') &&
+        ctx.state.body
+    ) {
+        const text = new TextDecoder().decode(ctx.state.body as Uint8Array);
+        const params = new URLSearchParams(text);
+
+        // Remove `apiKey` and `username` from the params
+        // LanguageTool will react with a error if they are present
+        params.delete('apiKey');
+        params.delete('username');
+
+        body = params.toString();
+    } else {
+        console.debug('Unsupported content type:', contentType);
+        body = ctx.state.body as BodyInit | null;
+    }
+
+    const headers = new Headers(ctx.req.headers);
+    headers.delete('content-length');
+
     const forwarded = await fetch(proxyUrl.toString(), {
         method: ctx.req.method,
-        headers: ctx.req.headers,
+        headers,
-        body: ctx.req.body,
+        body,
     });
 
-    const headers = new Headers(forwarded.headers);
+    const respHeaders = new Headers(forwarded.headers);
     return new Response(forwarded.body, {
         status: forwarded.status,
-        headers,
+        headers: respHeaders,
     });
 };