npm - @arcis/node - Versions diffs - 1.1.0 → 1.3.0 - Mend

@arcis/node 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/README.md +156 -211
package/dist/core/index.d.mts +4 -4
package/dist/core/index.d.ts +4 -4
package/dist/core/index.js +13 -2
package/dist/core/index.js.map +1 -1
package/dist/core/index.mjs +13 -2
package/dist/core/index.mjs.map +1 -1
package/dist/{headers-DBQedhrb.d.mts → encode-CrQCGlBq.d.mts} +202 -2
package/dist/{headers-BJq2OA0i.d.ts → encode-jl9sOwmA.d.ts} +202 -2
package/dist/{index-BvcFpoR3.d.ts → index-BAhgn9V2.d.ts} +96 -2
package/dist/{index-iCOw8Fcg.d.ts → index-BGNKspqH.d.ts} +1 -1
package/dist/{index-CslcoZUN.d.mts → index-Cd02z-0j.d.mts} +1 -1
package/dist/{index-CCcPuTBo.d.mts → index-DgJtWMSj.d.mts} +96 -2
package/dist/index.d.mts +4 -4
package/dist/index.d.ts +4 -4
package/dist/index.js +647 -7
package/dist/index.js.map +1 -1
package/dist/index.mjs +629 -9
package/dist/index.mjs.map +1 -1
package/dist/logging/index.d.mts +1 -1
package/dist/logging/index.d.ts +1 -1
package/dist/logging/index.js +12 -1
package/dist/logging/index.js.map +1 -1
package/dist/logging/index.mjs +12 -1
package/dist/logging/index.mjs.map +1 -1
package/dist/middleware/index.d.mts +2 -2
package/dist/middleware/index.d.ts +2 -2
package/dist/middleware/index.js +168 -6
package/dist/middleware/index.js.map +1 -1
package/dist/middleware/index.mjs +165 -7
package/dist/middleware/index.mjs.map +1 -1
package/dist/sanitizers/index.d.mts +2 -2
package/dist/sanitizers/index.d.ts +2 -2
package/dist/sanitizers/index.js +403 -3
package/dist/sanitizers/index.js.map +1 -1
package/dist/sanitizers/index.mjs +388 -4
package/dist/sanitizers/index.mjs.map +1 -1
package/dist/stores/index.d.mts +1 -1
package/dist/stores/index.d.ts +1 -1
package/dist/stores/index.js.map +1 -1
package/dist/stores/index.mjs.map +1 -1
package/dist/{types-BOdL3ZWo.d.mts → types-BOkx5YJc.d.mts} +17 -2
package/dist/{types-BOdL3ZWo.d.ts → types-BOkx5YJc.d.ts} +17 -2
package/dist/validation/index.d.mts +2 -2
package/dist/validation/index.d.ts +2 -2
package/dist/validation/index.js +105 -3
package/dist/validation/index.js.map +1 -1
package/dist/validation/index.mjs +105 -3
package/dist/validation/index.mjs.map +1 -1
package/package.json +114 -114

package/dist/{index-CslcoZUN.d.mts → index-Cd02z-0j.d.mts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { RequestHandler } from 'express';
-import { n as ValidationSchema } from './types-BOdL3ZWo.mjs';
+import { n as ValidationSchema } from './types-BOkx5YJc.mjs';
 /**
  * @module @arcis/node/validation/schema

package/dist/{index-CCcPuTBo.d.mts → index-DgJtWMSj.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { b as ArcisOptions, o as ArcisMiddlewareStack, A as ArcisFunction, e as RateLimitOptions, h as RateLimiterMiddleware, H as HeaderOptions, E as ErrorHandlerOptions } from './types-BOdL3ZWo.mjs';
+import { b as ArcisOptions, o as ArcisMiddlewareStack, A as ArcisFunction, e as RateLimitOptions, h as RateLimiterMiddleware, H as HeaderOptions, E as ErrorHandlerOptions } from './types-BOkx5YJc.mjs';
 import { RequestHandler, Request, Response, NextFunction } from 'express';
 /**
@@ -435,4 +435,98 @@ declare function detectBot(req: Request): BotDetectionResult;
  */
 declare function botProtection(options?: BotProtectionOptions): RequestHandler;
-export { type BotCategory as B, type CorsOptions as C, type SecureCookieOptions as S, type TokenBucketMiddleware as T, type BotDetectionResult as a, type BotProtectionOptions as b, type SlidingWindowMiddleware as c, type SlidingWindowOptions as d, type TokenBucketOptions as e, arcis as f, arcisWithMethods as g, botProtection as h, createCors as i, createErrorHandler as j, createHeaders as k, createRateLimiter as l, createSecureCookies as m, createSlidingWindowLimiter as n, createTokenBucketLimiter as o, detectBot as p, enforceSecureCookie as q, errorHandler as r, rateLimit as s, safeCors as t, secureCookieDefaults as u, securityHeaders as v };
+/**
+ * @module @arcis/node/middleware/csrf
+ * CSRF (Cross-Site Request Forgery) protection middleware
+ *
+ * Implements the double-submit cookie pattern:
+ * 1. Server sets a CSRF token in a cookie
+ * 2. Client must send the same token in a header or form field
+ * 3. Middleware rejects requests where cookie token !== header/field token
+ *
+ * This works because an attacker's cross-origin form submission will include
+ * the cookie automatically, but cannot read it (same-origin policy) to set
+ * the matching header.
+ */
+/** CSRF protection configuration */
+interface CsrfOptions {
+    /** Cookie name for the CSRF token. Default: '_csrf' */
+    cookieName?: string;
+    /** Header name to check for the token. Default: 'x-csrf-token' */
+    headerName?: string;
+    /** Form field name to check for the token. Default: '_csrf' */
+    fieldName?: string;
+    /** Token byte length (hex-encoded = 2x chars). Default: 32 */
+    tokenLength?: number;
+    /** HTTP methods to protect. Default: ['POST', 'PUT', 'PATCH', 'DELETE'] */
+    protectedMethods?: string[];
+    /** Paths to exclude from CSRF checks (e.g., webhook endpoints) */
+    excludePaths?: string[];
+    /** Cookie options */
+    cookie?: {
+        /** Cookie path. Default: '/' */
+        path?: string;
+        /** HttpOnly — set false so client JS can read it for headers. Default: false */
+        httpOnly?: boolean;
+        /** Secure flag (HTTPS only). Default: true in production */
+        secure?: boolean;
+        /** SameSite attribute. Default: 'Lax' */
+        sameSite?: 'Strict' | 'Lax' | 'None';
+        /** Cookie domain */
+        domain?: string;
+    };
+    /** Custom error handler when CSRF validation fails */
+    onError?: (req: Request, res: Response, next: NextFunction) => void;
+}
+/**
+ * Generate a cryptographically random CSRF token.
+ *
+ * @param length - Byte length (output is hex, so 2x chars). Default: 32
+ * @returns Hex-encoded random token
+ *
+ * @example
+ * const token = generateCsrfToken(); // 64 hex chars
+ */
+declare function generateCsrfToken(length?: number): string;
+/**
+ * Validate that two CSRF tokens match using constant-time comparison.
+ *
+ * @param cookieToken - Token from the cookie
+ * @param requestToken - Token from the header or form field
+ * @returns true if tokens match
+ */
+declare function validateCsrfToken(cookieToken: string, requestToken: string): boolean;
+/**
+ * Create CSRF protection middleware using double-submit cookie pattern.
+ *
+ * For safe methods (GET, HEAD, OPTIONS), sets a CSRF token cookie if not present.
+ * For unsafe methods (POST, PUT, PATCH, DELETE), validates the token.
+ *
+ * @param options - CSRF configuration
+ * @returns Express middleware
+ *
+ * @example
+ * // Basic usage
+ * app.use(csrfProtection());
+ *
+ * @example
+ * // Exclude webhook paths
+ * app.use(csrfProtection({
+ *   excludePaths: ['/api/webhooks/stripe', '/api/webhooks/github']
+ * }));
+ *
+ * @example
+ * // Client-side: read cookie + set header
+ * const token = document.cookie.match(/_csrf=([^;]+)/)?.[1];
+ * fetch('/api/data', {
+ *   method: 'POST',
+ *   headers: { 'X-CSRF-Token': token },
+ *   credentials: 'same-origin'
+ * });
+ */
+declare function csrfProtection(options?: CsrfOptions): RequestHandler;
+/** Alias for csrfProtection */
+declare const createCsrf: typeof csrfProtection;
+export { validateCsrfToken as A, type BotCategory as B, type CorsOptions as C, type SecureCookieOptions as S, type TokenBucketMiddleware as T, type BotDetectionResult as a, type BotProtectionOptions as b, type CsrfOptions as c, type SlidingWindowMiddleware as d, type SlidingWindowOptions as e, type TokenBucketOptions as f, arcis as g, arcisWithMethods as h, botProtection as i, createCors as j, createCsrf as k, createErrorHandler as l, createHeaders as m, createRateLimiter as n, createSecureCookies as o, createSlidingWindowLimiter as p, createTokenBucketLimiter as q, csrfProtection as r, detectBot as s, enforceSecureCookie as t, errorHandler as u, generateCsrfToken as v, rateLimit as w, safeCors as x, secureCookieDefaults as y, securityHeaders as z };

package/dist/index.d.mts CHANGED Viewed

@@ -1,10 +1,10 @@
-export { B as BotCategory, a as BotDetectionResult, b as BotProtectionOptions, C as CorsOptions, S as SecureCookieOptions, c as SlidingWindowMiddleware, d as SlidingWindowOptions, T as TokenBucketMiddleware, e as TokenBucketOptions, f as arcis, g as arcisFunction, h as botProtection, i as createCors, j as createErrorHandler, k as createHeaders, l as createRateLimiter, m as createSecureCookies, n as createSlidingWindowLimiter, o as createTokenBucketLimiter, g as default, p as detectBot, q as enforceSecureCookie, r as errorHandler, s as rateLimit, t as safeCors, u as secureCookieDefaults, v as securityHeaders } from './index-CCcPuTBo.mjs';
-export { c as createSanitizer, d as detectCommandInjection, a as detectHeaderInjection, b as detectNoSqlInjection, e as detectPathTraversal, f as detectPrototypePollution, g as detectSql, h as detectXss, k as isDangerousNoSqlKey, l as isDangerousProtoKey, s as sanitizeCommand, m as sanitizeHeaderValue, n as sanitizeHeaders, o as sanitizeObject, p as sanitizePath, q as sanitizeSql, r as sanitizeString, t as sanitizeXss } from './headers-DBQedhrb.mjs';
-export { E as EmailValidationOptions, a as EmailValidationResult, F as FileInput, V as ValidateFileOptions, b as ValidateFileResult, c as ValidateRedirectOptions, d as ValidateRedirectResult, e as ValidateUrlOptions, f as ValidateUrlResult, g as createValidator, i as isDangerousExtension, h as isRedirectSafe, j as isUrlSafe, k as isValidEmailSyntax, s as sanitizeFilename, v as validate, l as validateEmail, m as validateFile, n as validateRedirect, o as validateUrl, p as verifyEmailMx } from './index-CslcoZUN.mjs';
+export { B as BotCategory, a as BotDetectionResult, b as BotProtectionOptions, C as CorsOptions, c as CsrfOptions, S as SecureCookieOptions, d as SlidingWindowMiddleware, e as SlidingWindowOptions, T as TokenBucketMiddleware, f as TokenBucketOptions, g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from './index-DgJtWMSj.mjs';
+export { P as PiiMatch, K as PiiRedactOptions, L as PiiScanOptions, M as PiiType, c as createSanitizer, d as detectCommandInjection, a as detectHeaderInjection, b as detectJsonpInjection, e as detectNoSqlInjection, f as detectPathTraversal, g as detectPii, h as detectPrototypePollution, i as detectSql, j as detectSsti, k as detectXss, l as detectXxe, m as encodeForAttribute, n as encodeForCss, o as encodeForHtml, p as encodeForJs, q as encodeForUrl, t as isDangerousNoSqlKey, u as isDangerousProtoKey, v as redactObjectPii, w as redactPii, x as sanitizeCommand, y as sanitizeHeaderValue, z as sanitizeHeaders, A as sanitizeJsonpCallback, B as sanitizeObject, C as sanitizePath, D as sanitizeSql, E as sanitizeSsti, F as sanitizeString, G as sanitizeXss, H as sanitizeXxe, I as scanObjectPii, J as scanPii } from './encode-CrQCGlBq.mjs';
+export { E as EmailValidationOptions, a as EmailValidationResult, F as FileInput, V as ValidateFileOptions, b as ValidateFileResult, c as ValidateRedirectOptions, d as ValidateRedirectResult, e as ValidateUrlOptions, f as ValidateUrlResult, g as createValidator, i as isDangerousExtension, h as isRedirectSafe, j as isUrlSafe, k as isValidEmailSyntax, s as sanitizeFilename, v as validate, l as validateEmail, m as validateFile, n as validateRedirect, o as validateUrl, p as verifyEmailMx } from './index-Cd02z-0j.mjs';
 import { IncomingMessage } from 'http';
 export { createRedactor, createSafeLogger, safeLog } from './logging/index.mjs';
 export { MemoryStore, RedisClientLike, RedisStore, RedisStoreOptions, createRedisStore } from './stores/index.mjs';
-export { A as ArcisFunction, a as ArcisMiddleware, b as ArcisOptions, E as ErrorHandlerOptions, F as FieldValidator, H as HeaderOptions, c as HstsOptions, d as HttpError, L as LogOptions, R as RateLimitEntry, e as RateLimitOptions, f as RateLimitResult, g as RateLimitStore, h as RateLimiterMiddleware, S as SafeLogger, i as SanitizeOptions, j as SanitizeResult, T as ThreatInfo, k as ThreatType, V as ValidationConfig, l as ValidationError, m as ValidationResult, n as ValidationSchema } from './types-BOdL3ZWo.mjs';
+export { A as ArcisFunction, a as ArcisMiddleware, b as ArcisOptions, E as ErrorHandlerOptions, F as FieldValidator, H as HeaderOptions, c as HstsOptions, d as HttpError, L as LogOptions, R as RateLimitEntry, e as RateLimitOptions, f as RateLimitResult, g as RateLimitStore, h as RateLimiterMiddleware, S as SafeLogger, i as SanitizeOptions, j as SanitizeResult, T as ThreatInfo, k as ThreatType, V as ValidationConfig, l as ValidationError, m as ValidationResult, n as ValidationSchema } from './types-BOkx5YJc.mjs';
 export { ArcisError, ArcisValidationError, BLOCKED, ERRORS, HEADERS, INPUT, InputTooLargeError, RATE_LIMIT, REDACTION, RateLimitError, SanitizationError, SecurityThreatError, VALIDATION } from './core/index.mjs';
 import 'express';

package/dist/index.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
-export { B as BotCategory, a as BotDetectionResult, b as BotProtectionOptions, C as CorsOptions, S as SecureCookieOptions, c as SlidingWindowMiddleware, d as SlidingWindowOptions, T as TokenBucketMiddleware, e as TokenBucketOptions, f as arcis, g as arcisFunction, h as botProtection, i as createCors, j as createErrorHandler, k as createHeaders, l as createRateLimiter, m as createSecureCookies, n as createSlidingWindowLimiter, o as createTokenBucketLimiter, g as default, p as detectBot, q as enforceSecureCookie, r as errorHandler, s as rateLimit, t as safeCors, u as secureCookieDefaults, v as securityHeaders } from './index-BvcFpoR3.js';
-export { c as createSanitizer, d as detectCommandInjection, a as detectHeaderInjection, b as detectNoSqlInjection, e as detectPathTraversal, f as detectPrototypePollution, g as detectSql, h as detectXss, k as isDangerousNoSqlKey, l as isDangerousProtoKey, s as sanitizeCommand, m as sanitizeHeaderValue, n as sanitizeHeaders, o as sanitizeObject, p as sanitizePath, q as sanitizeSql, r as sanitizeString, t as sanitizeXss } from './headers-BJq2OA0i.js';
-export { E as EmailValidationOptions, a as EmailValidationResult, F as FileInput, V as ValidateFileOptions, b as ValidateFileResult, c as ValidateRedirectOptions, d as ValidateRedirectResult, e as ValidateUrlOptions, f as ValidateUrlResult, g as createValidator, i as isDangerousExtension, h as isRedirectSafe, j as isUrlSafe, k as isValidEmailSyntax, s as sanitizeFilename, v as validate, l as validateEmail, m as validateFile, n as validateRedirect, o as validateUrl, p as verifyEmailMx } from './index-iCOw8Fcg.js';
+export { B as BotCategory, a as BotDetectionResult, b as BotProtectionOptions, C as CorsOptions, c as CsrfOptions, S as SecureCookieOptions, d as SlidingWindowMiddleware, e as SlidingWindowOptions, T as TokenBucketMiddleware, f as TokenBucketOptions, g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from './index-BAhgn9V2.js';
+export { P as PiiMatch, K as PiiRedactOptions, L as PiiScanOptions, M as PiiType, c as createSanitizer, d as detectCommandInjection, a as detectHeaderInjection, b as detectJsonpInjection, e as detectNoSqlInjection, f as detectPathTraversal, g as detectPii, h as detectPrototypePollution, i as detectSql, j as detectSsti, k as detectXss, l as detectXxe, m as encodeForAttribute, n as encodeForCss, o as encodeForHtml, p as encodeForJs, q as encodeForUrl, t as isDangerousNoSqlKey, u as isDangerousProtoKey, v as redactObjectPii, w as redactPii, x as sanitizeCommand, y as sanitizeHeaderValue, z as sanitizeHeaders, A as sanitizeJsonpCallback, B as sanitizeObject, C as sanitizePath, D as sanitizeSql, E as sanitizeSsti, F as sanitizeString, G as sanitizeXss, H as sanitizeXxe, I as scanObjectPii, J as scanPii } from './encode-jl9sOwmA.js';
+export { E as EmailValidationOptions, a as EmailValidationResult, F as FileInput, V as ValidateFileOptions, b as ValidateFileResult, c as ValidateRedirectOptions, d as ValidateRedirectResult, e as ValidateUrlOptions, f as ValidateUrlResult, g as createValidator, i as isDangerousExtension, h as isRedirectSafe, j as isUrlSafe, k as isValidEmailSyntax, s as sanitizeFilename, v as validate, l as validateEmail, m as validateFile, n as validateRedirect, o as validateUrl, p as verifyEmailMx } from './index-BGNKspqH.js';
 import { IncomingMessage } from 'http';
 export { createRedactor, createSafeLogger, safeLog } from './logging/index.js';
 export { MemoryStore, RedisClientLike, RedisStore, RedisStoreOptions, createRedisStore } from './stores/index.js';
-export { A as ArcisFunction, a as ArcisMiddleware, b as ArcisOptions, E as ErrorHandlerOptions, F as FieldValidator, H as HeaderOptions, c as HstsOptions, d as HttpError, L as LogOptions, R as RateLimitEntry, e as RateLimitOptions, f as RateLimitResult, g as RateLimitStore, h as RateLimiterMiddleware, S as SafeLogger, i as SanitizeOptions, j as SanitizeResult, T as ThreatInfo, k as ThreatType, V as ValidationConfig, l as ValidationError, m as ValidationResult, n as ValidationSchema } from './types-BOdL3ZWo.js';
+export { A as ArcisFunction, a as ArcisMiddleware, b as ArcisOptions, E as ErrorHandlerOptions, F as FieldValidator, H as HeaderOptions, c as HstsOptions, d as HttpError, L as LogOptions, R as RateLimitEntry, e as RateLimitOptions, f as RateLimitResult, g as RateLimitStore, h as RateLimiterMiddleware, S as SafeLogger, i as SanitizeOptions, j as SanitizeResult, T as ThreatInfo, k as ThreatType, V as ValidationConfig, l as ValidationError, m as ValidationResult, n as ValidationSchema } from './types-BOkx5YJc.js';
 export { ArcisError, ArcisValidationError, BLOCKED, ERRORS, HEADERS, INPUT, InputTooLargeError, RATE_LIMIT, REDACTION, RateLimitError, SanitizationError, SecurityThreatError, VALIDATION } from './core/index.js';
 import 'express';