@actuate-media/cms-core 0.11.0 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/actions/document-crud.test.js +5 -1
- package/dist/__tests__/actions/document-crud.test.js.map +1 -1
- package/dist/__tests__/api/admin-contracts.test.js.map +1 -1
- package/dist/__tests__/api/public-globals.test.js.map +1 -1
- package/dist/__tests__/auth/password.test.js.map +1 -1
- package/dist/__tests__/auth/session.test.js.map +1 -1
- package/dist/__tests__/codegen/generate-types.test.js.map +1 -1
- package/dist/__tests__/next.test.js +1 -3
- package/dist/__tests__/next.test.js.map +1 -1
- package/dist/__tests__/scheduling/scheduling.test.js +28 -4
- package/dist/__tests__/scheduling/scheduling.test.js.map +1 -1
- package/dist/__tests__/security/access.test.js +1 -1
- package/dist/__tests__/security/access.test.js.map +1 -1
- package/dist/__tests__/security/audit.test.js.map +1 -1
- package/dist/__tests__/security/client-ip.test.js.map +1 -1
- package/dist/__tests__/security/csrf.test.js.map +1 -1
- package/dist/__tests__/security/ip-allowlist.test.js.map +1 -1
- package/dist/__tests__/security/rate-limit.test.js.map +1 -1
- package/dist/__tests__/security/reauth.test.js.map +1 -1
- package/dist/__tests__/security/redact.test.js.map +1 -1
- package/dist/__tests__/security/sanitize.test.js.map +1 -1
- package/dist/__tests__/security/secret-storage.test.js.map +1 -1
- package/dist/__tests__/security/upload-magic.test.js.map +1 -1
- package/dist/__tests__/server-site.test.js.map +1 -1
- package/dist/__tests__/site.test.js +5 -2
- package/dist/__tests__/site.test.js.map +1 -1
- package/dist/__tests__/webhooks/webhooks.test.js.map +1 -1
- package/dist/a11y/index.d.ts +1 -1
- package/dist/a11y/index.d.ts.map +1 -1
- package/dist/a11y/index.js +23 -20
- package/dist/a11y/index.js.map +1 -1
- package/dist/actions.d.ts +1 -1
- package/dist/actions.d.ts.map +1 -1
- package/dist/actions.js +45 -38
- package/dist/actions.js.map +1 -1
- package/dist/api/handler-factory.d.ts.map +1 -1
- package/dist/api/handler-factory.js +15 -8
- package/dist/api/handler-factory.js.map +1 -1
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +287 -112
- package/dist/api/handlers.js.map +1 -1
- package/dist/api/index.d.ts.map +1 -1
- package/dist/api/index.js.map +1 -1
- package/dist/api/openapi.d.ts.map +1 -1
- package/dist/api/openapi.js +151 -30
- package/dist/api/openapi.js.map +1 -1
- package/dist/api/router.d.ts +6 -6
- package/dist/api/router.d.ts.map +1 -1
- package/dist/api/router.js +27 -10
- package/dist/api/router.js.map +1 -1
- package/dist/auth/index.d.ts +12 -12
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +9 -9
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/mfa-pending.d.ts.map +1 -1
- package/dist/auth/mfa-pending.js.map +1 -1
- package/dist/auth/oauth.d.ts.map +1 -1
- package/dist/auth/oauth.js +15 -7
- package/dist/auth/oauth.js.map +1 -1
- package/dist/auth/password.d.ts +1 -1
- package/dist/auth/password.d.ts.map +1 -1
- package/dist/auth/password.js +14 -14
- package/dist/auth/password.js.map +1 -1
- package/dist/auth/providers/github.d.ts +1 -1
- package/dist/auth/providers/github.d.ts.map +1 -1
- package/dist/auth/providers/github.js +2 -2
- package/dist/auth/providers/github.js.map +1 -1
- package/dist/auth/providers/google.d.ts +1 -1
- package/dist/auth/providers/google.d.ts.map +1 -1
- package/dist/auth/providers/google.js +2 -2
- package/dist/auth/providers/google.js.map +1 -1
- package/dist/auth/providers/microsoft.d.ts +1 -1
- package/dist/auth/providers/microsoft.d.ts.map +1 -1
- package/dist/auth/providers/microsoft.js +2 -2
- package/dist/auth/providers/microsoft.js.map +1 -1
- package/dist/auth/reset-email.d.ts.map +1 -1
- package/dist/auth/reset-email.js +1 -1
- package/dist/auth/reset-email.js.map +1 -1
- package/dist/auth/reset.d.ts.map +1 -1
- package/dist/auth/reset.js +9 -9
- package/dist/auth/reset.js.map +1 -1
- package/dist/auth/session.d.ts.map +1 -1
- package/dist/auth/session.js +6 -6
- package/dist/auth/session.js.map +1 -1
- package/dist/auth/totp.d.ts.map +1 -1
- package/dist/auth/totp.js +8 -2
- package/dist/auth/totp.js.map +1 -1
- package/dist/backup/index.d.ts +2 -2
- package/dist/backup/index.d.ts.map +1 -1
- package/dist/backup/index.js +5 -5
- package/dist/backup/index.js.map +1 -1
- package/dist/cache/index.d.ts +1 -1
- package/dist/cache/index.d.ts.map +1 -1
- package/dist/cache/index.js +1 -1
- package/dist/cache/index.js.map +1 -1
- package/dist/client.d.ts +1 -1
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +8 -8
- package/dist/client.js.map +1 -1
- package/dist/codegen/index.d.ts +1 -1
- package/dist/codegen/index.d.ts.map +1 -1
- package/dist/codegen/index.js +170 -174
- package/dist/codegen/index.js.map +1 -1
- package/dist/collections/index.d.ts +1 -1
- package/dist/collections/index.d.ts.map +1 -1
- package/dist/collections/index.js.map +1 -1
- package/dist/config/define.d.ts +2 -2
- package/dist/config/define.d.ts.map +1 -1
- package/dist/config/define.js +1 -1
- package/dist/config/define.js.map +1 -1
- package/dist/config/index.d.ts +3 -3
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +32 -18
- package/dist/config/index.js.map +1 -1
- package/dist/config/types.d.ts +26 -26
- package/dist/config/types.d.ts.map +1 -1
- package/dist/content/ai-api.d.ts.map +1 -1
- package/dist/content/ai-api.js +8 -2
- package/dist/content/ai-api.js.map +1 -1
- package/dist/content/content-graph.d.ts +1 -1
- package/dist/content/content-graph.d.ts.map +1 -1
- package/dist/content/content-graph.js +7 -7
- package/dist/content/content-graph.js.map +1 -1
- package/dist/content/extract.js +13 -13
- package/dist/content/extract.js.map +1 -1
- package/dist/content/index.d.ts +7 -7
- package/dist/content/index.d.ts.map +1 -1
- package/dist/content/index.js +4 -4
- package/dist/content/index.js.map +1 -1
- package/dist/content/structured-data.d.ts +3 -3
- package/dist/content/structured-data.d.ts.map +1 -1
- package/dist/content/structured-data.js +65 -67
- package/dist/content/structured-data.js.map +1 -1
- package/dist/db/adapters/mysql.d.ts.map +1 -1
- package/dist/db/adapters/mysql.js.map +1 -1
- package/dist/db/adapters/postgres.d.ts.map +1 -1
- package/dist/db/adapters/postgres.js.map +1 -1
- package/dist/db/adapters/sqlite.d.ts.map +1 -1
- package/dist/db/adapters/sqlite.js.map +1 -1
- package/dist/db/create-adapter.d.ts.map +1 -1
- package/dist/db/create-adapter.js.map +1 -1
- package/dist/db/index.d.ts +1 -1
- package/dist/db/index.d.ts.map +1 -1
- package/dist/db/index.js +1 -1
- package/dist/db/index.js.map +1 -1
- package/dist/db.d.ts +1 -1
- package/dist/db.d.ts.map +1 -1
- package/dist/db.js +1 -1
- package/dist/db.js.map +1 -1
- package/dist/fields/index.d.ts +2 -2
- package/dist/fields/index.d.ts.map +1 -1
- package/dist/fields/index.js +51 -47
- package/dist/fields/index.js.map +1 -1
- package/dist/forms/analytics.d.ts.map +1 -1
- package/dist/forms/analytics.js.map +1 -1
- package/dist/forms/attribution.d.ts.map +1 -1
- package/dist/forms/attribution.js +7 -2
- package/dist/forms/attribution.js.map +1 -1
- package/dist/forms/index.d.ts.map +1 -1
- package/dist/forms/index.js.map +1 -1
- package/dist/graphql/index.d.ts.map +1 -1
- package/dist/graphql/index.js.map +1 -1
- package/dist/graphql/resolvers.d.ts.map +1 -1
- package/dist/graphql/resolvers.js +17 -21
- package/dist/graphql/resolvers.js.map +1 -1
- package/dist/graphql/schema-builder.d.ts.map +1 -1
- package/dist/graphql/schema-builder.js.map +1 -1
- package/dist/health/index.d.ts +2 -2
- package/dist/health/index.d.ts.map +1 -1
- package/dist/health/index.js +9 -9
- package/dist/health/index.js.map +1 -1
- package/dist/i18n/index.d.ts +1 -1
- package/dist/i18n/index.d.ts.map +1 -1
- package/dist/i18n/index.js +2 -2
- package/dist/i18n/index.js.map +1 -1
- package/dist/index.d.ts +78 -78
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +43 -43
- package/dist/index.js.map +1 -1
- package/dist/media/index.d.ts +2 -2
- package/dist/media/index.d.ts.map +1 -1
- package/dist/media/index.js +1 -1
- package/dist/media/index.js.map +1 -1
- package/dist/media/optimize.d.ts.map +1 -1
- package/dist/media/optimize.js +7 -4
- package/dist/media/optimize.js.map +1 -1
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +3 -3
- package/dist/middleware.js.map +1 -1
- package/dist/multisite/index.d.ts.map +1 -1
- package/dist/multisite/index.js +4 -4
- package/dist/multisite/index.js.map +1 -1
- package/dist/next/preview.d.ts.map +1 -1
- package/dist/next/preview.js.map +1 -1
- package/dist/next.d.ts.map +1 -1
- package/dist/next.js +4 -5
- package/dist/next.js.map +1 -1
- package/dist/notifications/index.d.ts +1 -1
- package/dist/notifications/index.d.ts.map +1 -1
- package/dist/notifications/index.js +5 -5
- package/dist/notifications/index.js.map +1 -1
- package/dist/page-builder/__tests__/a11y-fix.test.js +1 -5
- package/dist/page-builder/__tests__/a11y-fix.test.js.map +1 -1
- package/dist/page-builder/__tests__/blocks.test.js +4 -0
- package/dist/page-builder/__tests__/blocks.test.js.map +1 -1
- package/dist/page-builder/__tests__/design-scorer.test.js +44 -11
- package/dist/page-builder/__tests__/design-scorer.test.js.map +1 -1
- package/dist/page-builder/__tests__/schema.test.js +12 -12
- package/dist/page-builder/__tests__/schema.test.js.map +1 -1
- package/dist/page-builder/__tests__/seo-analyzer.test.js +27 -13
- package/dist/page-builder/__tests__/seo-analyzer.test.js.map +1 -1
- package/dist/page-builder/ai-pipeline.d.ts.map +1 -1
- package/dist/page-builder/ai-pipeline.js +1 -3
- package/dist/page-builder/ai-pipeline.js.map +1 -1
- package/dist/page-builder/blocks.d.ts.map +1 -1
- package/dist/page-builder/blocks.js +45 -9
- package/dist/page-builder/blocks.js.map +1 -1
- package/dist/page-builder/design-scorer.d.ts.map +1 -1
- package/dist/page-builder/design-scorer.js +249 -41
- package/dist/page-builder/design-scorer.js.map +1 -1
- package/dist/page-builder/index.d.ts +3 -3
- package/dist/page-builder/index.d.ts.map +1 -1
- package/dist/page-builder/index.js +2 -2
- package/dist/page-builder/index.js.map +1 -1
- package/dist/page-builder/seo-analyzer.d.ts.map +1 -1
- package/dist/page-builder/seo-analyzer.js +252 -56
- package/dist/page-builder/seo-analyzer.js.map +1 -1
- package/dist/page-builder/templates.d.ts.map +1 -1
- package/dist/page-builder/templates.js +45 -16
- package/dist/page-builder/templates.js.map +1 -1
- package/dist/page-builder/tree.d.ts.map +1 -1
- package/dist/page-builder/tree.js.map +1 -1
- package/dist/page-builder/validate.js.map +1 -1
- package/dist/presence/index.d.ts.map +1 -1
- package/dist/presence/index.js +2 -2
- package/dist/presence/index.js.map +1 -1
- package/dist/preview/index.d.ts.map +1 -1
- package/dist/preview/index.js.map +1 -1
- package/dist/privacy/index.d.ts +1 -1
- package/dist/privacy/index.d.ts.map +1 -1
- package/dist/privacy/index.js +3 -3
- package/dist/privacy/index.js.map +1 -1
- package/dist/relationships/index.d.ts.map +1 -1
- package/dist/relationships/index.js +1 -1
- package/dist/relationships/index.js.map +1 -1
- package/dist/scheduling/index.d.ts +2 -2
- package/dist/scheduling/index.d.ts.map +1 -1
- package/dist/scheduling/index.js +3 -1
- package/dist/scheduling/index.js.map +1 -1
- package/dist/search/index.d.ts.map +1 -1
- package/dist/search/index.js +1 -3
- package/dist/search/index.js.map +1 -1
- package/dist/security/access.d.ts +4 -4
- package/dist/security/access.d.ts.map +1 -1
- package/dist/security/access.js +11 -15
- package/dist/security/access.js.map +1 -1
- package/dist/security/anomaly-detection.d.ts.map +1 -1
- package/dist/security/anomaly-detection.js +5 -5
- package/dist/security/anomaly-detection.js.map +1 -1
- package/dist/security/api-key-enhanced.d.ts +2 -2
- package/dist/security/api-key-enhanced.d.ts.map +1 -1
- package/dist/security/api-key-enhanced.js +5 -5
- package/dist/security/api-key-enhanced.js.map +1 -1
- package/dist/security/audit.d.ts.map +1 -1
- package/dist/security/audit.js.map +1 -1
- package/dist/security/breach-check.js.map +1 -1
- package/dist/security/captcha.d.ts.map +1 -1
- package/dist/security/captcha.js.map +1 -1
- package/dist/security/client-ip.d.ts.map +1 -1
- package/dist/security/client-ip.js +4 -1
- package/dist/security/client-ip.js.map +1 -1
- package/dist/security/cors.d.ts +1 -1
- package/dist/security/cors.d.ts.map +1 -1
- package/dist/security/cors.js +12 -12
- package/dist/security/cors.js.map +1 -1
- package/dist/security/csp-nonces.js +11 -11
- package/dist/security/csp-nonces.js.map +1 -1
- package/dist/security/csrf.js +2 -2
- package/dist/security/csrf.js.map +1 -1
- package/dist/security/encrypted-fields.d.ts.map +1 -1
- package/dist/security/encrypted-fields.js +7 -4
- package/dist/security/encrypted-fields.js.map +1 -1
- package/dist/security/headers.d.ts.map +1 -1
- package/dist/security/headers.js +12 -12
- package/dist/security/headers.js.map +1 -1
- package/dist/security/index.d.ts +39 -39
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +25 -25
- package/dist/security/index.js.map +1 -1
- package/dist/security/internal-keys.d.ts.map +1 -1
- package/dist/security/internal-keys.js.map +1 -1
- package/dist/security/ip-allowlist.js +2 -4
- package/dist/security/ip-allowlist.js.map +1 -1
- package/dist/security/middleware.d.ts +2 -2
- package/dist/security/middleware.d.ts.map +1 -1
- package/dist/security/middleware.js +11 -11
- package/dist/security/middleware.js.map +1 -1
- package/dist/security/rate-limit.d.ts +0 -4
- package/dist/security/rate-limit.d.ts.map +1 -1
- package/dist/security/rate-limit.js +33 -3
- package/dist/security/rate-limit.js.map +1 -1
- package/dist/security/reauth.d.ts +1 -1
- package/dist/security/reauth.d.ts.map +1 -1
- package/dist/security/reauth.js.map +1 -1
- package/dist/security/redact.d.ts.map +1 -1
- package/dist/security/redact.js +4 -1
- package/dist/security/redact.js.map +1 -1
- package/dist/security/safe-fetch.d.ts.map +1 -1
- package/dist/security/safe-fetch.js.map +1 -1
- package/dist/security/sanitize.d.ts.map +1 -1
- package/dist/security/sanitize.js +40 -8
- package/dist/security/sanitize.js.map +1 -1
- package/dist/security/secret-storage.js +6 -6
- package/dist/security/secret-storage.js.map +1 -1
- package/dist/security/security-txt.d.ts.map +1 -1
- package/dist/security/security-txt.js +2 -2
- package/dist/security/security-txt.js.map +1 -1
- package/dist/security/session-limits.d.ts +1 -1
- package/dist/security/session-limits.d.ts.map +1 -1
- package/dist/security/session-limits.js +1 -1
- package/dist/security/session-limits.js.map +1 -1
- package/dist/security/upload.d.ts.map +1 -1
- package/dist/security/upload.js +26 -20
- package/dist/security/upload.js.map +1 -1
- package/dist/security/webhook.d.ts.map +1 -1
- package/dist/security/webhook.js +12 -8
- package/dist/security/webhook.js.map +1 -1
- package/dist/seo/analysis.d.ts.map +1 -1
- package/dist/seo/analysis.js +25 -13
- package/dist/seo/analysis.js.map +1 -1
- package/dist/seo/index.d.ts +9 -9
- package/dist/seo/index.d.ts.map +1 -1
- package/dist/seo/index.js +4 -4
- package/dist/seo/index.js.map +1 -1
- package/dist/seo/llms-txt.js +1 -3
- package/dist/seo/llms-txt.js.map +1 -1
- package/dist/server-site.d.ts.map +1 -1
- package/dist/server-site.js +12 -14
- package/dist/server-site.js.map +1 -1
- package/dist/setup/index.d.ts.map +1 -1
- package/dist/setup/index.js.map +1 -1
- package/dist/site.d.ts.map +1 -1
- package/dist/site.js +7 -3
- package/dist/site.js.map +1 -1
- package/dist/storage/index.d.ts.map +1 -1
- package/dist/storage/index.js.map +1 -1
- package/dist/templates/index.d.ts.map +1 -1
- package/dist/templates/index.js +3 -3
- package/dist/templates/index.js.map +1 -1
- package/dist/upgrade/changelog.d.ts +1 -1
- package/dist/upgrade/changelog.d.ts.map +1 -1
- package/dist/upgrade/changelog.js +12 -12
- package/dist/upgrade/changelog.js.map +1 -1
- package/dist/upgrade/index.d.ts +6 -6
- package/dist/upgrade/index.d.ts.map +1 -1
- package/dist/upgrade/index.js +3 -3
- package/dist/upgrade/index.js.map +1 -1
- package/dist/upgrade/upgrade-pr.d.ts.map +1 -1
- package/dist/upgrade/upgrade-pr.js +36 -36
- package/dist/upgrade/upgrade-pr.js.map +1 -1
- package/dist/upgrade/version-check.d.ts +1 -1
- package/dist/upgrade/version-check.d.ts.map +1 -1
- package/dist/upgrade/version-check.js +13 -13
- package/dist/upgrade/version-check.js.map +1 -1
- package/dist/webhooks/index.d.ts +1 -1
- package/dist/webhooks/index.d.ts.map +1 -1
- package/dist/webhooks/index.js +4 -4
- package/dist/webhooks/index.js.map +1 -1
- package/dist/workflow/index.d.ts.map +1 -1
- package/dist/workflow/index.js.map +1 -1
- package/dist/workflows/index.d.ts +1 -1
- package/dist/workflows/index.d.ts.map +1 -1
- package/dist/workflows/index.js +3 -3
- package/dist/workflows/index.js.map +1 -1
- package/package.json +1 -1
- package/prisma/seed.ts +31 -31
|
@@ -2,14 +2,14 @@
|
|
|
2
2
|
export async function generateApiKey(config) {
|
|
3
3
|
const rawBytes = crypto.getRandomValues(new Uint8Array(32));
|
|
4
4
|
const rawKey = Array.from(rawBytes)
|
|
5
|
-
.map((b) => b.toString(16).padStart(2,
|
|
6
|
-
.join(
|
|
5
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
6
|
+
.join('');
|
|
7
7
|
const key = `${config.prefix}_${rawKey}`;
|
|
8
8
|
const keyPrefix = key.slice(0, config.prefix.length + 9);
|
|
9
|
-
const hashBuffer = await crypto.subtle.digest(
|
|
9
|
+
const hashBuffer = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(key));
|
|
10
10
|
const keyHash = Array.from(new Uint8Array(hashBuffer))
|
|
11
|
-
.map((b) => b.toString(16).padStart(2,
|
|
12
|
-
.join(
|
|
11
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
12
|
+
.join('');
|
|
13
13
|
return { key, keyHash, keyPrefix };
|
|
14
14
|
}
|
|
15
15
|
/** Validate an API key's scopes against a requested action. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-enhanced.js","sourceRoot":"","sources":["../../src/security/api-key-enhanced.ts"],"names":[],"mappings":"AAeA,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"api-key-enhanced.js","sourceRoot":"","sources":["../../src/security/api-key-enhanced.ts"],"names":[],"mappings":"AAeA,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;IACX,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,EAAE,CAAA;IACxC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;IACvF,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;SACnD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;IAEX,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAA;AACpC,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,mBAAmB,CACjC,MAAmB,EACnB,UAAkB,EAClB,MAA+C;IAE/C,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACnE,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACvD,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/security/audit.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/security/audit.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACjC,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,EAAE,CAAC,EAAE,IAAI,CAAA;IACT,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,iCAAiC;AACjC,wBAAsB,QAAQ,CAAC,KAAK,EAAE;IACpC,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAClC,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBhB;AAED,2DAA2D;AAC3D,wBAAsB,WAAW,CAC/B,OAAO,GAAE;IACP,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;CACb,GACL,OAAO,CAAC;IAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAmB5C"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/security/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/security/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAA;AAyBhC,iCAAiC;AACjC,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAM9B;IACC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,EAAO,CAAA;QACvB,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YACvB,IAAI,EAAE;gBACJ,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;gBAC5B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;aAC/B;SACF,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,sEAAsE;QACtE,4DAA4D;QAC5D,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;AACH,CAAC;AAED,2DAA2D;AAC3D,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAKI,EAAE;IAEN,MAAM,EAAE,GAAG,KAAK,EAAO,CAAA;IACvB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,EAAE,QAAQ,GAAG,EAAE,EAAE,GAAG,OAAO,CAAA;IAE1D,MAAM,KAAK,GAAQ,EAAE,CAAA;IACrB,IAAI,MAAM;QAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAA;IACjC,IAAI,KAAK;QAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;IAE9B,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACzC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnB,KAAK;YACL,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;YAC9B,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ;YAC3B,IAAI,EAAE,QAAQ;SACf,CAAC;QACF,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC;KAC7B,CAAC,CAAA;IAEF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;AAC3B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"breach-check.js","sourceRoot":"","sources":["../../src/security/breach-check.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAgB;IAClD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,
|
|
1
|
+
{"version":3,"file":"breach-check.js","sourceRoot":"","sources":["../../src/security/breach-check.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAgB;IAClD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAC5D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;IACxD,MAAM,OAAO,GAAG,SAAS;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC;SACR,WAAW,EAAE,CAAA;IAEhB,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAEnC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,wCAAwC,MAAM,EAAE,EAAE;YAC7E,OAAO,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE;YACrD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAA;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,KAAK,CAAA;QAE9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"captcha.d.ts","sourceRoot":"","sources":["../../src/security/captcha.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG,WAAW,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"captcha.d.ts","sourceRoot":"","sources":["../../src/security/captcha.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG,WAAW,GAAG,MAAM,CAAA;AAEhE,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,eAAe,CAAA;IACzB,iDAAiD;IACjD,OAAO,EAAE,MAAM,CAAA;IACf,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAA;IACjB,6FAA6F;IAC7F,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;CACtB;AAOD;;;GAGG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,aAAa,EACrB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,mBAAmB,CAAC,CAyE9B;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,aAAa,CAyBhD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"captcha.js","sourceRoot":"","sources":["../../src/security/captcha.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAqBH,MAAM,WAAW,GAA2B;IAC1C,SAAS,EAAE,iDAAiD;IAC5D,SAAS,EAAE,2DAA2D;CACvE,
|
|
1
|
+
{"version":3,"file":"captcha.js","sourceRoot":"","sources":["../../src/security/captcha.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAqBH,MAAM,WAAW,GAA2B;IAC1C,SAAS,EAAE,iDAAiD;IAC5D,SAAS,EAAE,2DAA2D;CACvE,CAAA;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,MAAqB,EACrB,QAAiB;IAEjB,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IAC1B,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,wBAAwB,CAAC,EAAE,CAAA;IACnE,CAAC;IAED,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,oBAAoB,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAA;IAChF,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,MAAM,EAAE,MAAM,CAAC,SAAS;QACxB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAA;IACF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IAClC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,cAAc,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAAA;QACrE,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAK7B,CAAA;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE;aACtC,CAAA;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACtE,MAAM,SAAS,GAAG,MAAM,CAAC,cAAc,IAAI,GAAG,CAAA;YAC9C,IAAI,IAAI,CAAC,KAAK,GAAG,SAAS,EAAE,CAAC;gBAC3B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,UAAU,EAAE,CAAC,uBAAuB,CAAC;iBACtC,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC,eAAe,CAAC;SAC9B,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAA;IAExD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;QACxC,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,OAAO,EAAE,gBAAgB;YACzB,SAAS,EAAE,eAAe;YAC1B,cAAc,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,KAAK,CAAC;SAC3E,CAAA;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAA;IAExD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;QACxC,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,OAAO,EAAE,gBAAgB;YACzB,SAAS,EAAE,eAAe;SAC3B,CAAA;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAA;AACzD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-ip.d.ts","sourceRoot":"","sources":["../../src/security/client-ip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,gBAAgB;IAC/B,0EAA0E;IAC1E,UAAU,CAAC,EAAE,OAAO,
|
|
1
|
+
{"version":3,"file":"client-ip.d.ts","sourceRoot":"","sources":["../../src/security/client-ip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,gBAAgB;IAC/B,0EAA0E;IAC1E,UAAU,CAAC,EAAE,OAAO,CAAA;CACrB;AAMD,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,GAAE,gBAAqB,GAAG,MAAM,CA8BpF;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAEhD"}
|
|
@@ -20,7 +20,10 @@ export function getClientIp(request, options = {}) {
|
|
|
20
20
|
if (fwd) {
|
|
21
21
|
// Use the last entry — that's the IP your trusted proxy itself saw,
|
|
22
22
|
// not whatever the original client claimed in the chain.
|
|
23
|
-
const parts = fwd
|
|
23
|
+
const parts = fwd
|
|
24
|
+
.split(',')
|
|
25
|
+
.map((p) => p.trim())
|
|
26
|
+
.filter(Boolean);
|
|
24
27
|
const last = parts[parts.length - 1];
|
|
25
28
|
if (last)
|
|
26
29
|
return last;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-ip.js","sourceRoot":"","sources":["../../src/security/client-ip.ts"],"names":[],"mappings":"AA0BA,MAAM,aAAa,GAAG,wBAAwB,
|
|
1
|
+
{"version":3,"file":"client-ip.js","sourceRoot":"","sources":["../../src/security/client-ip.ts"],"names":[],"mappings":"AA0BA,MAAM,aAAa,GAAG,wBAAwB,CAAA;AAC9C,MAAM,cAAc,GAAG,WAAW,CAAA;AAClC,MAAM,gBAAgB,GAAG,iBAAiB,CAAA;AAE1C,MAAM,UAAU,WAAW,CAAC,OAAgB,EAAE,UAA4B,EAAE;IAC1E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,GAAG,CAAA;IAEhF,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IACjD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAA;QAC1C,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;IACzB,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;IAClD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAA;QAC7B,IAAI,OAAO;YAAE,OAAO,OAAO,CAAA;IAC7B,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;QACjD,IAAI,GAAG,EAAE,CAAC;YACR,oEAAoE;YACpE,yDAAyD;YACzD,MAAM,KAAK,GAAG,GAAG;iBACd,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC,CAAA;YAClB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YACpC,IAAI,IAAI;gBAAE,OAAO,IAAI,CAAA;QACvB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,EAAU;IACrC,OAAO,EAAE,KAAK,SAAS,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAA;AAC1C,CAAC"}
|
package/dist/security/cors.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../src/security/cors.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,cAAc,EAAE,MAAM,EAAE,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../src/security/cors.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,cAAc,EAAE,MAAM,EAAE,GAAG,GAAG,CAAA;IAC9B,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAKD,qDAAqD;AACrD,wBAAgB,cAAc,CAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,EAAE,UAAU,GACjB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAwBxB"}
|
package/dist/security/cors.js
CHANGED
|
@@ -1,31 +1,31 @@
|
|
|
1
|
-
const DEFAULT_METHODS = [
|
|
2
|
-
const DEFAULT_HEADERS = [
|
|
1
|
+
const DEFAULT_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'];
|
|
2
|
+
const DEFAULT_HEADERS = ['Content-Type', 'Authorization', 'X-CSRF-Token'];
|
|
3
3
|
/** Build CORS headers for a given request origin. */
|
|
4
4
|
export function getCorsHeaders(requestOrigin, config) {
|
|
5
5
|
const headers = {};
|
|
6
6
|
const allowedOrigin = resolveOrigin(requestOrigin, config.allowedOrigins);
|
|
7
7
|
if (!allowedOrigin)
|
|
8
8
|
return headers;
|
|
9
|
-
headers[
|
|
10
|
-
headers[
|
|
11
|
-
headers[
|
|
9
|
+
headers['Access-Control-Allow-Origin'] = allowedOrigin;
|
|
10
|
+
headers['Access-Control-Allow-Methods'] = (config.allowedMethods ?? DEFAULT_METHODS).join(', ');
|
|
11
|
+
headers['Access-Control-Allow-Headers'] = (config.allowedHeaders ?? DEFAULT_HEADERS).join(', ');
|
|
12
12
|
if (config.exposedHeaders?.length) {
|
|
13
|
-
headers[
|
|
13
|
+
headers['Access-Control-Expose-Headers'] = config.exposedHeaders.join(', ');
|
|
14
14
|
}
|
|
15
15
|
if (config.credentials) {
|
|
16
|
-
headers[
|
|
16
|
+
headers['Access-Control-Allow-Credentials'] = 'true';
|
|
17
17
|
}
|
|
18
18
|
if (config.maxAge !== undefined) {
|
|
19
|
-
headers[
|
|
19
|
+
headers['Access-Control-Max-Age'] = String(config.maxAge);
|
|
20
20
|
}
|
|
21
|
-
if (config.allowedOrigins !==
|
|
22
|
-
headers[
|
|
21
|
+
if (config.allowedOrigins !== '*') {
|
|
22
|
+
headers['Vary'] = 'Origin';
|
|
23
23
|
}
|
|
24
24
|
return headers;
|
|
25
25
|
}
|
|
26
26
|
function resolveOrigin(requestOrigin, allowed) {
|
|
27
|
-
if (allowed ===
|
|
28
|
-
return
|
|
27
|
+
if (allowed === '*')
|
|
28
|
+
return '*';
|
|
29
29
|
if (!requestOrigin)
|
|
30
30
|
return null;
|
|
31
31
|
return allowed.includes(requestOrigin) ? requestOrigin : null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/security/cors.ts"],"names":[],"mappings":"AASA,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/security/cors.ts"],"names":[],"mappings":"AASA,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;AAC5E,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,cAAc,CAAC,CAAA;AAEzE,qDAAqD;AACrD,MAAM,UAAU,cAAc,CAC5B,aAA4B,EAC5B,MAAkB;IAElB,MAAM,OAAO,GAA2B,EAAE,CAAA;IAE1C,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;IACzE,IAAI,CAAC,aAAa;QAAE,OAAO,OAAO,CAAA;IAElC,OAAO,CAAC,6BAA6B,CAAC,GAAG,aAAa,CAAA;IACtD,OAAO,CAAC,8BAA8B,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC/F,OAAO,CAAC,8BAA8B,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAE/F,IAAI,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC;QAClC,OAAO,CAAC,+BAA+B,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC7E,CAAC;IACD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,OAAO,CAAC,kCAAkC,CAAC,GAAG,MAAM,CAAA;IACtD,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,CAAC,wBAAwB,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC3D,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,KAAK,GAAG,EAAE,CAAC;QAClC,OAAO,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAA;IAC5B,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,aAA4B,EAAE,OAAuB;IAC1E,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,GAAG,CAAA;IAC/B,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAA;IAC/B,OAAO,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAA;AAC/D,CAAC"}
|
|
@@ -6,19 +6,19 @@ export function generateCspNonce() {
|
|
|
6
6
|
/** Build a CSP header value incorporating the generated nonce. */
|
|
7
7
|
export function buildCspHeader(nonce, directives) {
|
|
8
8
|
const defaults = {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
9
|
+
'default-src': ["'self'"],
|
|
10
|
+
'script-src': ["'self'", `'nonce-${nonce}'`],
|
|
11
|
+
'style-src': ["'self'", `'nonce-${nonce}'`, "'unsafe-inline'"],
|
|
12
|
+
'img-src': ["'self'", 'data:', 'https:'],
|
|
13
|
+
'font-src': ["'self'"],
|
|
14
|
+
'connect-src': ["'self'"],
|
|
15
|
+
'frame-ancestors': ["'none'"],
|
|
16
|
+
'base-uri': ["'self'"],
|
|
17
|
+
'form-action': ["'self'"],
|
|
18
18
|
...directives,
|
|
19
19
|
};
|
|
20
20
|
return Object.entries(defaults)
|
|
21
|
-
.map(([key, values]) => `${key} ${values.join(
|
|
22
|
-
.join(
|
|
21
|
+
.map(([key, values]) => `${key} ${values.join(' ')}`)
|
|
22
|
+
.join('; ');
|
|
23
23
|
}
|
|
24
24
|
//# sourceMappingURL=csp-nonces.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csp-nonces.js","sourceRoot":"","sources":["../../src/security/csp-nonces.ts"],"names":[],"mappings":"AAAA,mGAAmG;AACnG,MAAM,UAAU,gBAAgB;IAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"csp-nonces.js","sourceRoot":"","sources":["../../src/security/csp-nonces.ts"],"names":[],"mappings":"AAAA,mGAAmG;AACnG,MAAM,UAAU,gBAAgB;IAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IACxD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAA;AAC5C,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,cAAc,CAAC,KAAa,EAAE,UAAqC;IACjF,MAAM,QAAQ,GAA6B;QACzC,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,YAAY,EAAE,CAAC,QAAQ,EAAE,UAAU,KAAK,GAAG,CAAC;QAC5C,WAAW,EAAE,CAAC,QAAQ,EAAE,UAAU,KAAK,GAAG,EAAE,iBAAiB,CAAC;QAC9D,SAAS,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,iBAAiB,EAAE,CAAC,QAAQ,CAAC;QAC7B,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,GAAG,UAAU;KACd,CAAA;IAED,OAAO,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;SAC5B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;SACpD,IAAI,CAAC,IAAI,CAAC,CAAA;AACf,CAAC"}
|
package/dist/security/csrf.js
CHANGED
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
export async function generateToken() {
|
|
3
3
|
const bytes = crypto.getRandomValues(new Uint8Array(32));
|
|
4
4
|
return Array.from(bytes)
|
|
5
|
-
.map((b) => b.toString(16).padStart(2,
|
|
6
|
-
.join(
|
|
5
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
6
|
+
.join('');
|
|
7
7
|
}
|
|
8
8
|
/** Validate a submitted CSRF token against the stored value using constant-time comparison. */
|
|
9
9
|
export function validateToken(token, storedToken) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../src/security/csrf.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../src/security/csrf.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IACxD,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;AACb,CAAC;AAED,+FAA+F;AAC/F,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,WAAmB;IAC9D,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IAErD,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACzC,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;IAE/C,IAAI,IAAI,GAAG,CAAC,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IACnC,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAA;AACnB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encrypted-fields.d.ts","sourceRoot":"","sources":["../../src/security/encrypted-fields.ts"],"names":[],"mappings":"AAIA,+CAA+C;AAC/C,wBAAsB,YAAY,
|
|
1
|
+
{"version":3,"file":"encrypted-fields.d.ts","sourceRoot":"","sources":["../../src/security/encrypted-fields.ts"],"names":[],"mappings":"AAIA,+CAA+C;AAC/C,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBjF;AAED,wDAAwD;AACxD,wBAAsB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAarF"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const ALGORITHM =
|
|
1
|
+
const ALGORITHM = 'AES-GCM';
|
|
2
2
|
const IV_LENGTH = 12;
|
|
3
3
|
const TAG_LENGTH = 128;
|
|
4
4
|
/** Encrypt a field value using AES-256-GCM. */
|
|
@@ -23,12 +23,15 @@ export async function decryptField(encrypted, keyHex) {
|
|
|
23
23
|
}
|
|
24
24
|
async function importKey(keyHex) {
|
|
25
25
|
const keyData = hexToBuffer(keyHex);
|
|
26
|
-
return crypto.subtle.importKey(
|
|
26
|
+
return crypto.subtle.importKey('raw', keyData, ALGORITHM, false, [
|
|
27
|
+
'encrypt',
|
|
28
|
+
'decrypt',
|
|
29
|
+
]);
|
|
27
30
|
}
|
|
28
31
|
function bufferToHex(buffer) {
|
|
29
32
|
return Array.from(buffer)
|
|
30
|
-
.map((b) => b.toString(16).padStart(2,
|
|
31
|
-
.join(
|
|
33
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
34
|
+
.join('');
|
|
32
35
|
}
|
|
33
36
|
function hexToBuffer(hex) {
|
|
34
37
|
const bytes = new Uint8Array(hex.length / 2);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encrypted-fields.js","sourceRoot":"","sources":["../../src/security/encrypted-fields.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG,SAAS,
|
|
1
|
+
{"version":3,"file":"encrypted-fields.js","sourceRoot":"","sources":["../../src/security/encrypted-fields.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG,SAAS,CAAA;AAC3B,MAAM,SAAS,GAAG,EAAE,CAAA;AACpB,MAAM,UAAU,GAAG,GAAG,CAAA;AAEtB,+CAA+C;AAC/C,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAa,EAAE,MAAc;IAC9D,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;IACnC,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;IAC5D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAE/C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAC9C,GAAG,EACH,OAAO,CACR,CAAA;IAED,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAAA;IAClE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAChB,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAA;IAEnD,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAA;AAC9B,CAAC;AAED,wDAAwD;AACxD,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,SAAiB,EAAE,MAAc;IAClE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;IACnC,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;IACnC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;IACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAExC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAC9C,GAAG,EACH,UAAU,CACX,CAAA;IAED,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,MAAc;IACrC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACnC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAkC,EAAE,SAAS,EAAE,KAAK,EAAE;QAC1F,SAAS;QACT,SAAS;KACV,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAkB;IACrC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;AACb,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAClD,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/security/headers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,qBAAqB;IACpC,qBAAqB,CAAC,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/security/headers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,qBAAqB;IACpC,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B;AAWD,2DAA2D;AAC3D,wBAAgB,kBAAkB,CAAC,SAAS,CAAC,EAAE,qBAAqB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAuB5F"}
|
package/dist/security/headers.js
CHANGED
|
@@ -1,31 +1,31 @@
|
|
|
1
1
|
const DEFAULT_HEADERS = {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
2
|
+
'X-Content-Type-Options': 'nosniff',
|
|
3
|
+
'X-Frame-Options': 'DENY',
|
|
4
|
+
'X-XSS-Protection': '0',
|
|
5
|
+
'Referrer-Policy': 'strict-origin-when-cross-origin',
|
|
6
|
+
'Strict-Transport-Security': 'max-age=63072000; includeSubDomains; preload',
|
|
7
|
+
'Permissions-Policy': 'camera=(), microphone=(), geolocation=()',
|
|
8
8
|
};
|
|
9
9
|
/** Get the default security headers for HTTP responses. */
|
|
10
10
|
export function getSecurityHeaders(overrides) {
|
|
11
11
|
const headers = { ...DEFAULT_HEADERS };
|
|
12
12
|
if (overrides?.contentSecurityPolicy) {
|
|
13
|
-
headers[
|
|
13
|
+
headers['Content-Security-Policy'] = overrides.contentSecurityPolicy;
|
|
14
14
|
}
|
|
15
15
|
if (overrides?.strictTransportSecurity) {
|
|
16
|
-
headers[
|
|
16
|
+
headers['Strict-Transport-Security'] = overrides.strictTransportSecurity;
|
|
17
17
|
}
|
|
18
18
|
if (overrides?.xContentTypeOptions) {
|
|
19
|
-
headers[
|
|
19
|
+
headers['X-Content-Type-Options'] = overrides.xContentTypeOptions;
|
|
20
20
|
}
|
|
21
21
|
if (overrides?.xFrameOptions) {
|
|
22
|
-
headers[
|
|
22
|
+
headers['X-Frame-Options'] = overrides.xFrameOptions;
|
|
23
23
|
}
|
|
24
24
|
if (overrides?.referrerPolicy) {
|
|
25
|
-
headers[
|
|
25
|
+
headers['Referrer-Policy'] = overrides.referrerPolicy;
|
|
26
26
|
}
|
|
27
27
|
if (overrides?.permissionsPolicy) {
|
|
28
|
-
headers[
|
|
28
|
+
headers['Permissions-Policy'] = overrides.permissionsPolicy;
|
|
29
29
|
}
|
|
30
30
|
return headers;
|
|
31
31
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../src/security/headers.ts"],"names":[],"mappings":"AASA,MAAM,eAAe,GAA2B;IAC9C,wBAAwB,EAAE,SAAS;IACnC,iBAAiB,EAAE,MAAM;IACzB,kBAAkB,EAAE,GAAG;IACvB,iBAAiB,EAAE,iCAAiC;IACpD,2BAA2B,EAAE,8CAA8C;IAC3E,oBAAoB,EAAE,0CAA0C;CACjE,
|
|
1
|
+
{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../src/security/headers.ts"],"names":[],"mappings":"AASA,MAAM,eAAe,GAA2B;IAC9C,wBAAwB,EAAE,SAAS;IACnC,iBAAiB,EAAE,MAAM;IACzB,kBAAkB,EAAE,GAAG;IACvB,iBAAiB,EAAE,iCAAiC;IACpD,2BAA2B,EAAE,8CAA8C;IAC3E,oBAAoB,EAAE,0CAA0C;CACjE,CAAA;AAED,2DAA2D;AAC3D,MAAM,UAAU,kBAAkB,CAAC,SAAiC;IAClE,MAAM,OAAO,GAAG,EAAE,GAAG,eAAe,EAAE,CAAA;IAEtC,IAAI,SAAS,EAAE,qBAAqB,EAAE,CAAC;QACrC,OAAO,CAAC,yBAAyB,CAAC,GAAG,SAAS,CAAC,qBAAqB,CAAA;IACtE,CAAC;IACD,IAAI,SAAS,EAAE,uBAAuB,EAAE,CAAC;QACvC,OAAO,CAAC,2BAA2B,CAAC,GAAG,SAAS,CAAC,uBAAuB,CAAA;IAC1E,CAAC;IACD,IAAI,SAAS,EAAE,mBAAmB,EAAE,CAAC;QACnC,OAAO,CAAC,wBAAwB,CAAC,GAAG,SAAS,CAAC,mBAAmB,CAAA;IACnE,CAAC;IACD,IAAI,SAAS,EAAE,aAAa,EAAE,CAAC;QAC7B,OAAO,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,aAAa,CAAA;IACtD,CAAC;IACD,IAAI,SAAS,EAAE,cAAc,EAAE,CAAC;QAC9B,OAAO,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,cAAc,CAAA;IACvD,CAAC;IACD,IAAI,SAAS,EAAE,iBAAiB,EAAE,CAAC;QACjC,OAAO,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC,iBAAiB,CAAA;IAC7D,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC"}
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1,40 +1,40 @@
|
|
|
1
|
-
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess } from
|
|
2
|
-
export type { Role, Permission, FieldAccessUser } from
|
|
3
|
-
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from
|
|
4
|
-
export { createRateLimiter } from
|
|
5
|
-
export type { RateLimiter, RateLimitConfig, RateLimitResult } from
|
|
6
|
-
export { sanitizeHtml, stripHtml } from
|
|
7
|
-
export { validateMimeType, checkMagicBytes } from
|
|
8
|
-
export { validateWebhookUrl, resolveAndCheck } from
|
|
9
|
-
export { logEvent, getAuditLog } from
|
|
10
|
-
export type { AuditEntry, AuditLogQuery, AuditLogResult } from
|
|
11
|
-
export { getSecurityHeaders } from
|
|
12
|
-
export type { SecurityHeadersConfig } from
|
|
13
|
-
export { applySecurityMiddleware } from
|
|
14
|
-
export type { SecurityMiddlewareConfig, SecurityMiddlewareResult } from
|
|
15
|
-
export { checkBreached } from
|
|
16
|
-
export { detectLoginAnomaly, checkBruteForce } from
|
|
17
|
-
export type { LoginAttempt, AnomalyResult } from
|
|
18
|
-
export { requiresReauth, verifyReauth } from
|
|
19
|
-
export type { ReauthConfig, ReauthContext } from
|
|
20
|
-
export { isIpAllowed } from
|
|
21
|
-
export { enforceSessionLimits } from
|
|
22
|
-
export type { SessionInfo, SessionLimitConfig } from
|
|
23
|
-
export { encryptField, decryptField } from
|
|
24
|
-
export { getCorsHeaders } from
|
|
25
|
-
export type { CorsConfig } from
|
|
26
|
-
export { generateCspNonce, buildCspHeader } from
|
|
27
|
-
export { generateSecurityTxt } from
|
|
28
|
-
export type { SecurityTxtConfig } from
|
|
29
|
-
export { generateApiKey, validateApiKeyScope } from
|
|
30
|
-
export type { ApiKeyScope, EnhancedApiKeyConfig } from
|
|
31
|
-
export { verifyCaptcha, getCaptchaConfig } from
|
|
32
|
-
export type { CaptchaConfig, CaptchaProvider, CaptchaVerifyResult } from
|
|
33
|
-
export { getClientIp, isResolvedIp } from
|
|
34
|
-
export type { TrustedIpOptions } from
|
|
35
|
-
export { safeFetch, SsrfBlockedError } from
|
|
36
|
-
export type { SafeFetchOptions } from
|
|
37
|
-
export { encryptSecret, decryptSecret, isEncrypted, encryptStringArray, decryptStringArray, } from
|
|
38
|
-
export { redactSecrets } from
|
|
39
|
-
export { INTERNAL_DATA_KEYS, isInternalDataKey, stripInternalDataKeys } from
|
|
1
|
+
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess, } from './access.js';
|
|
2
|
+
export type { Role, Permission, FieldAccessUser } from './access.js';
|
|
3
|
+
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from './csrf.js';
|
|
4
|
+
export { createRateLimiter } from './rate-limit.js';
|
|
5
|
+
export type { RateLimiter, RateLimitConfig, RateLimitResult } from './rate-limit.js';
|
|
6
|
+
export { sanitizeHtml, stripHtml } from './sanitize.js';
|
|
7
|
+
export { validateMimeType, checkMagicBytes } from './upload.js';
|
|
8
|
+
export { validateWebhookUrl, resolveAndCheck } from './webhook.js';
|
|
9
|
+
export { logEvent, getAuditLog } from './audit.js';
|
|
10
|
+
export type { AuditEntry, AuditLogQuery, AuditLogResult } from './audit.js';
|
|
11
|
+
export { getSecurityHeaders } from './headers.js';
|
|
12
|
+
export type { SecurityHeadersConfig } from './headers.js';
|
|
13
|
+
export { applySecurityMiddleware } from './middleware.js';
|
|
14
|
+
export type { SecurityMiddlewareConfig, SecurityMiddlewareResult } from './middleware.js';
|
|
15
|
+
export { checkBreached } from './breach-check.js';
|
|
16
|
+
export { detectLoginAnomaly, checkBruteForce } from './anomaly-detection.js';
|
|
17
|
+
export type { LoginAttempt, AnomalyResult } from './anomaly-detection.js';
|
|
18
|
+
export { requiresReauth, verifyReauth } from './reauth.js';
|
|
19
|
+
export type { ReauthConfig, ReauthContext } from './reauth.js';
|
|
20
|
+
export { isIpAllowed } from './ip-allowlist.js';
|
|
21
|
+
export { enforceSessionLimits } from './session-limits.js';
|
|
22
|
+
export type { SessionInfo, SessionLimitConfig } from './session-limits.js';
|
|
23
|
+
export { encryptField, decryptField } from './encrypted-fields.js';
|
|
24
|
+
export { getCorsHeaders } from './cors.js';
|
|
25
|
+
export type { CorsConfig } from './cors.js';
|
|
26
|
+
export { generateCspNonce, buildCspHeader } from './csp-nonces.js';
|
|
27
|
+
export { generateSecurityTxt } from './security-txt.js';
|
|
28
|
+
export type { SecurityTxtConfig } from './security-txt.js';
|
|
29
|
+
export { generateApiKey, validateApiKeyScope } from './api-key-enhanced.js';
|
|
30
|
+
export type { ApiKeyScope, EnhancedApiKeyConfig } from './api-key-enhanced.js';
|
|
31
|
+
export { verifyCaptcha, getCaptchaConfig } from './captcha.js';
|
|
32
|
+
export type { CaptchaConfig, CaptchaProvider, CaptchaVerifyResult } from './captcha.js';
|
|
33
|
+
export { getClientIp, isResolvedIp } from './client-ip.js';
|
|
34
|
+
export type { TrustedIpOptions } from './client-ip.js';
|
|
35
|
+
export { safeFetch, SsrfBlockedError } from './safe-fetch.js';
|
|
36
|
+
export type { SafeFetchOptions } from './safe-fetch.js';
|
|
37
|
+
export { encryptSecret, decryptSecret, isEncrypted, encryptStringArray, decryptStringArray, } from './secret-storage.js';
|
|
38
|
+
export { redactSecrets } from './redact.js';
|
|
39
|
+
export { INTERNAL_DATA_KEYS, isInternalDataKey, stripInternalDataKeys } from './internal-keys.js';
|
|
40
40
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,aAAa,CAAA;AACpB,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAEpE,OAAO,EAAE,aAAa,IAAI,iBAAiB,EAAE,aAAa,IAAI,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAElG,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAA;AACnD,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEpF,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAEvD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAE/D,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAElE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAClD,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAE3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,YAAY,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAA;AAEzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAA;AACzD,YAAY,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAEzF,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAC5E,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AAEzE,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1D,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAE9D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AAE1E,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AAElE,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC1C,YAAY,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AAE3C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAElE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AAE1D,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAA;AAC3E,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAE9E,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC9D,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AAEvF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC1D,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAEtD,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC7D,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEvD,OAAO,EACL,aAAa,EACb,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAE3C,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAA"}
|
package/dist/security/index.js
CHANGED
|
@@ -1,26 +1,26 @@
|
|
|
1
|
-
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess } from
|
|
2
|
-
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from
|
|
3
|
-
export { createRateLimiter } from
|
|
4
|
-
export { sanitizeHtml, stripHtml } from
|
|
5
|
-
export { validateMimeType, checkMagicBytes } from
|
|
6
|
-
export { validateWebhookUrl, resolveAndCheck } from
|
|
7
|
-
export { logEvent, getAuditLog } from
|
|
8
|
-
export { getSecurityHeaders } from
|
|
9
|
-
export { applySecurityMiddleware } from
|
|
10
|
-
export { checkBreached } from
|
|
11
|
-
export { detectLoginAnomaly, checkBruteForce } from
|
|
12
|
-
export { requiresReauth, verifyReauth } from
|
|
13
|
-
export { isIpAllowed } from
|
|
14
|
-
export { enforceSessionLimits } from
|
|
15
|
-
export { encryptField, decryptField } from
|
|
16
|
-
export { getCorsHeaders } from
|
|
17
|
-
export { generateCspNonce, buildCspHeader } from
|
|
18
|
-
export { generateSecurityTxt } from
|
|
19
|
-
export { generateApiKey, validateApiKeyScope } from
|
|
20
|
-
export { verifyCaptcha, getCaptchaConfig } from
|
|
21
|
-
export { getClientIp, isResolvedIp } from
|
|
22
|
-
export { safeFetch, SsrfBlockedError } from
|
|
23
|
-
export { encryptSecret, decryptSecret, isEncrypted, encryptStringArray, decryptStringArray, } from
|
|
24
|
-
export { redactSecrets } from
|
|
25
|
-
export { INTERNAL_DATA_KEYS, isInternalDataKey, stripInternalDataKeys } from
|
|
1
|
+
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess, } from './access.js';
|
|
2
|
+
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from './csrf.js';
|
|
3
|
+
export { createRateLimiter } from './rate-limit.js';
|
|
4
|
+
export { sanitizeHtml, stripHtml } from './sanitize.js';
|
|
5
|
+
export { validateMimeType, checkMagicBytes } from './upload.js';
|
|
6
|
+
export { validateWebhookUrl, resolveAndCheck } from './webhook.js';
|
|
7
|
+
export { logEvent, getAuditLog } from './audit.js';
|
|
8
|
+
export { getSecurityHeaders } from './headers.js';
|
|
9
|
+
export { applySecurityMiddleware } from './middleware.js';
|
|
10
|
+
export { checkBreached } from './breach-check.js';
|
|
11
|
+
export { detectLoginAnomaly, checkBruteForce } from './anomaly-detection.js';
|
|
12
|
+
export { requiresReauth, verifyReauth } from './reauth.js';
|
|
13
|
+
export { isIpAllowed } from './ip-allowlist.js';
|
|
14
|
+
export { enforceSessionLimits } from './session-limits.js';
|
|
15
|
+
export { encryptField, decryptField } from './encrypted-fields.js';
|
|
16
|
+
export { getCorsHeaders } from './cors.js';
|
|
17
|
+
export { generateCspNonce, buildCspHeader } from './csp-nonces.js';
|
|
18
|
+
export { generateSecurityTxt } from './security-txt.js';
|
|
19
|
+
export { generateApiKey, validateApiKeyScope } from './api-key-enhanced.js';
|
|
20
|
+
export { verifyCaptcha, getCaptchaConfig } from './captcha.js';
|
|
21
|
+
export { getClientIp, isResolvedIp } from './client-ip.js';
|
|
22
|
+
export { safeFetch, SsrfBlockedError } from './safe-fetch.js';
|
|
23
|
+
export { encryptSecret, decryptSecret, isEncrypted, encryptStringArray, decryptStringArray, } from './secret-storage.js';
|
|
24
|
+
export { redactSecrets } from './redact.js';
|
|
25
|
+
export { INTERNAL_DATA_KEYS, isInternalDataKey, stripInternalDataKeys } from './internal-keys.js';
|
|
26
26
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,aAAa,CAAA;AAGpB,OAAO,EAAE,aAAa,IAAI,iBAAiB,EAAE,aAAa,IAAI,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAElG,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAA;AAGnD,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAEvD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAE/D,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAElE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGlD,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AAGjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAA;AAGzD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAG5E,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAG1D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAG1D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AAElE,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAG1C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAElE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAGvD,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAA;AAG3E,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAG9D,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAG1D,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAG7D,OAAO,EACL,aAAa,EACb,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAE3C,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal-keys.d.ts","sourceRoot":"","sources":["../../src/security/internal-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,aAQ7B,
|
|
1
|
+
{"version":3,"file":"internal-keys.d.ts","sourceRoot":"","sources":["../../src/security/internal-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,aAQ7B,CAAA;AAEF,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED,6EAA6E;AAC7E,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,CAOnF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal-keys.js","sourceRoot":"","sources":["../../src/security/internal-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IAChD,SAAS;IACT,eAAe;IACf,UAAU;IACV,YAAY;IACZ,WAAW;IACX,aAAa;IACb,mBAAmB;CACpB,CAAC,
|
|
1
|
+
{"version":3,"file":"internal-keys.js","sourceRoot":"","sources":["../../src/security/internal-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IAChD,SAAS;IACT,eAAe;IACf,UAAU;IACV,YAAY;IACZ,WAAW;IACX,aAAa;IACb,mBAAmB;CACpB,CAAC,CAAA;AAEF,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;AAC3D,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,qBAAqB,CAAoC,IAAO;IAC9E,MAAM,GAAG,GAA4B,EAAE,CAAA;IACvC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,iBAAiB,CAAC,GAAG,CAAC;YAAE,SAAQ;QACpC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;IAClB,CAAC;IACD,OAAO,GAAQ,CAAA;AACjB,CAAC"}
|
|
@@ -84,7 +84,7 @@ function matchIpv4Cidr(ip, range, bits) {
|
|
|
84
84
|
return false;
|
|
85
85
|
if (bits === 0)
|
|
86
86
|
return true;
|
|
87
|
-
const mask =
|
|
87
|
+
const mask = ~((1 << (32 - bits)) - 1) >>> 0;
|
|
88
88
|
return (ipNum & mask) === (rangeNum & mask);
|
|
89
89
|
}
|
|
90
90
|
function ipv4ToNumber(ip) {
|
|
@@ -119,9 +119,7 @@ function ipv6ToBytes(ip) {
|
|
|
119
119
|
if (halves.length > 2)
|
|
120
120
|
return null;
|
|
121
121
|
const left = halves[0] ? halves[0].split(':') : [];
|
|
122
|
-
const groups = halves.length === 2
|
|
123
|
-
? fillGroups(left, halves[1] ? halves[1].split(':') : [])
|
|
124
|
-
: left;
|
|
122
|
+
const groups = halves.length === 2 ? fillGroups(left, halves[1] ? halves[1].split(':') : []) : left;
|
|
125
123
|
if (groups.length !== 8)
|
|
126
124
|
return null;
|
|
127
125
|
const bytes = new Uint8Array(16);
|