@apolitical/server 2.9.1 → 2.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5 -0
- package/package.json +3 -2
- package/src/config.js +9 -0
- package/src/container.js +2 -0
- package/src/helpers/request.helper.js +14 -4
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.10.0] - 2023-04-24
|
|
9
|
+
### Added
|
|
10
|
+
- `sanitiseInput` method to request helpers
|
|
11
|
+
- XSS package
|
|
12
|
+
|
|
8
13
|
## [2.9.1] - 2023-01-31
|
|
9
14
|
### Added
|
|
10
15
|
- Renovate config file
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@apolitical/server",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.10.0",
|
|
4
4
|
"description": "Node.js module to encapsulate Apolitical's express server setup",
|
|
5
5
|
"author": "Apolitical Group Limited <engineering@apolitical.co>",
|
|
6
6
|
"license": "MIT",
|
|
@@ -45,7 +45,8 @@
|
|
|
45
45
|
"passport-jwt": "4.0.1",
|
|
46
46
|
"prerender-node": "3.5.0",
|
|
47
47
|
"qs": "6.11.0",
|
|
48
|
-
"swagger-ui-express": "4.6.0"
|
|
48
|
+
"swagger-ui-express": "4.6.0",
|
|
49
|
+
"xss": "1.0.14"
|
|
49
50
|
},
|
|
50
51
|
"devDependencies": {
|
|
51
52
|
"@apolitical/eslint-config": "2.1.0",
|
package/src/config.js
CHANGED
|
@@ -24,6 +24,15 @@ module.exports = {
|
|
|
24
24
|
},
|
|
25
25
|
DOCUMENTATION: '/docs/',
|
|
26
26
|
},
|
|
27
|
+
HELPERS: {
|
|
28
|
+
SANITISATION: {
|
|
29
|
+
DEFAULT_XSS_OPTIONS: {
|
|
30
|
+
whiteList: {}, // Disable all HTML tags and attributes
|
|
31
|
+
stripIgnoreTag: true, // Remove any remaining HTML content
|
|
32
|
+
stripIgnoreTagBody: ['script'], // Remove script tags and their content
|
|
33
|
+
},
|
|
34
|
+
},
|
|
35
|
+
},
|
|
27
36
|
MIDDLEWARES: {
|
|
28
37
|
PERMISSIONS: {
|
|
29
38
|
ADMIN_ROLE,
|
package/src/container.js
CHANGED
|
@@ -21,6 +21,7 @@ const passportJwt = require('passport-jwt');
|
|
|
21
21
|
const prerender = require('prerender-node');
|
|
22
22
|
const qs = require('qs');
|
|
23
23
|
const swaggerUi = require('swagger-ui-express');
|
|
24
|
+
const xss = require('xss');
|
|
24
25
|
// Internal Modules
|
|
25
26
|
const apoliticalLogger = require('@apolitical/logger');
|
|
26
27
|
// Configuration
|
|
@@ -77,6 +78,7 @@ container.register({
|
|
|
77
78
|
prerender: asValue(prerender),
|
|
78
79
|
qs: asValue(qs),
|
|
79
80
|
swaggerUi: asValue(swaggerUi),
|
|
81
|
+
xss: asValue(xss),
|
|
80
82
|
// Internal Modules
|
|
81
83
|
apoliticalLogger: asValue(apoliticalLogger),
|
|
82
84
|
// Configuration
|
|
@@ -1,11 +1,16 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
module.exports =
|
|
4
|
-
({ qs, jwtEncodeHelper, config }) =>
|
|
4
|
+
({ qs, jwtEncodeHelper, config, xss }) =>
|
|
5
5
|
({ sessionSecret = null } = {}) => {
|
|
6
6
|
const {
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
JWT: {
|
|
8
|
+
APOLITICAL: { ISSUER, ADMIN_ROLE, COOKIE_KEY },
|
|
9
|
+
},
|
|
10
|
+
HELPERS: {
|
|
11
|
+
SANITISATION: { DEFAULT_XSS_OPTIONS },
|
|
12
|
+
},
|
|
13
|
+
} = config;
|
|
9
14
|
|
|
10
15
|
function generateAdminToken() {
|
|
11
16
|
if (!sessionSecret) {
|
|
@@ -55,5 +60,10 @@ module.exports =
|
|
|
55
60
|
return queryString ? `?${queryString}` : '';
|
|
56
61
|
}
|
|
57
62
|
|
|
58
|
-
|
|
63
|
+
function sanitiseInput(input = {}, options = DEFAULT_XSS_OPTIONS) {
|
|
64
|
+
const sanitizedInput = JSON.parse(xss(JSON.stringify(input), options));
|
|
65
|
+
return sanitizedInput || {};
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
return { buildOptions, buildQueryString, sanitiseInput };
|
|
59
69
|
};
|