@arcis/node 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/index.d.mts +1 -1
- package/dist/core/index.d.ts +1 -1
- package/dist/{pii-DhNpl7M3.d.ts → encode-CrQCGlBq.d.mts} +48 -2
- package/dist/{pii-CXcHMlnX.d.mts → encode-jl9sOwmA.d.ts} +48 -2
- package/dist/{index-D_bdJcF0.d.ts → index-BAhgn9V2.d.ts} +1 -1
- package/dist/{index-Co5kPRZz.d.ts → index-BGNKspqH.d.ts} +1 -1
- package/dist/{index-A-m-pPeW.d.mts → index-Cd02z-0j.d.mts} +1 -1
- package/dist/{index-CgK94hY_.d.mts → index-DgJtWMSj.d.mts} +1 -1
- package/dist/index.d.mts +4 -4
- package/dist/index.d.ts +4 -4
- package/dist/index.js +94 -2
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +90 -3
- package/dist/index.mjs.map +1 -1
- package/dist/logging/index.d.mts +1 -1
- package/dist/logging/index.d.ts +1 -1
- package/dist/middleware/index.d.mts +2 -2
- package/dist/middleware/index.d.ts +2 -2
- package/dist/middleware/index.js +22 -2
- package/dist/middleware/index.js.map +1 -1
- package/dist/middleware/index.mjs +22 -2
- package/dist/middleware/index.mjs.map +1 -1
- package/dist/sanitizers/index.d.mts +2 -2
- package/dist/sanitizers/index.d.ts +2 -2
- package/dist/sanitizers/index.js +72 -0
- package/dist/sanitizers/index.js.map +1 -1
- package/dist/sanitizers/index.mjs +68 -1
- package/dist/sanitizers/index.mjs.map +1 -1
- package/dist/stores/index.d.mts +1 -1
- package/dist/stores/index.d.ts +1 -1
- package/dist/{types-CsOFHoD9.d.mts → types-BOkx5YJc.d.mts} +11 -1
- package/dist/{types-CsOFHoD9.d.ts → types-BOkx5YJc.d.ts} +11 -1
- package/dist/validation/index.d.mts +2 -2
- package/dist/validation/index.d.ts +2 -2
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -303,7 +303,12 @@ function createHeaders(options = {}) {
|
|
|
303
303
|
hsts = true,
|
|
304
304
|
referrerPolicy = HEADERS.REFERRER_POLICY,
|
|
305
305
|
permissionsPolicy = HEADERS.PERMISSIONS_POLICY,
|
|
306
|
-
cacheControl = true
|
|
306
|
+
cacheControl = true,
|
|
307
|
+
crossOriginOpenerPolicy = "same-origin",
|
|
308
|
+
crossOriginResourcePolicy = "same-origin",
|
|
309
|
+
crossOriginEmbedderPolicy = "require-corp",
|
|
310
|
+
originAgentCluster = true,
|
|
311
|
+
dnsPrefetchControl = true
|
|
307
312
|
} = options;
|
|
308
313
|
return (req, res, next) => {
|
|
309
314
|
if (contentSecurityPolicy) {
|
|
@@ -311,7 +316,7 @@ function createHeaders(options = {}) {
|
|
|
311
316
|
res.setHeader("Content-Security-Policy", csp);
|
|
312
317
|
}
|
|
313
318
|
if (xssFilter) {
|
|
314
|
-
res.setHeader("X-XSS-Protection", "
|
|
319
|
+
res.setHeader("X-XSS-Protection", "0");
|
|
315
320
|
}
|
|
316
321
|
if (noSniff) {
|
|
317
322
|
res.setHeader("X-Content-Type-Options", HEADERS.CONTENT_TYPE_OPTIONS);
|
|
@@ -338,6 +343,21 @@ function createHeaders(options = {}) {
|
|
|
338
343
|
if (permissionsPolicy) {
|
|
339
344
|
res.setHeader("Permissions-Policy", permissionsPolicy);
|
|
340
345
|
}
|
|
346
|
+
if (crossOriginOpenerPolicy) {
|
|
347
|
+
res.setHeader("Cross-Origin-Opener-Policy", crossOriginOpenerPolicy);
|
|
348
|
+
}
|
|
349
|
+
if (crossOriginResourcePolicy) {
|
|
350
|
+
res.setHeader("Cross-Origin-Resource-Policy", crossOriginResourcePolicy);
|
|
351
|
+
}
|
|
352
|
+
if (crossOriginEmbedderPolicy) {
|
|
353
|
+
res.setHeader("Cross-Origin-Embedder-Policy", crossOriginEmbedderPolicy);
|
|
354
|
+
}
|
|
355
|
+
if (originAgentCluster) {
|
|
356
|
+
res.setHeader("Origin-Agent-Cluster", "?1");
|
|
357
|
+
}
|
|
358
|
+
if (dnsPrefetchControl) {
|
|
359
|
+
res.setHeader("X-DNS-Prefetch-Control", "off");
|
|
360
|
+
}
|
|
341
361
|
res.setHeader("X-Permitted-Cross-Domain-Policies", "none");
|
|
342
362
|
if (cacheControl) {
|
|
343
363
|
const cacheControlValue = typeof cacheControl === "string" ? cacheControl : HEADERS.CACHE_CONTROL;
|
|
@@ -1245,6 +1265,73 @@ function redactObjectPii(obj, options = {}) {
|
|
|
1245
1265
|
return result;
|
|
1246
1266
|
}
|
|
1247
1267
|
|
|
1268
|
+
// src/sanitizers/encode.ts
|
|
1269
|
+
var HTML_ENTITIES = {
|
|
1270
|
+
"&": "&",
|
|
1271
|
+
"<": "<",
|
|
1272
|
+
">": ">",
|
|
1273
|
+
'"': """,
|
|
1274
|
+
"'": "'"
|
|
1275
|
+
};
|
|
1276
|
+
var HTML_ENCODE_RE = /[&<>"']/g;
|
|
1277
|
+
function encodeForHtml(value) {
|
|
1278
|
+
if (!value) return "";
|
|
1279
|
+
return value.replace(HTML_ENCODE_RE, (ch) => HTML_ENTITIES[ch]);
|
|
1280
|
+
}
|
|
1281
|
+
function encodeForAttribute(value) {
|
|
1282
|
+
if (!value) return "";
|
|
1283
|
+
let result = "";
|
|
1284
|
+
for (let i = 0; i < value.length; i++) {
|
|
1285
|
+
const ch = value.charCodeAt(i);
|
|
1286
|
+
if (ch >= 48 && ch <= 57 || // 0-9
|
|
1287
|
+
ch >= 65 && ch <= 90 || // A-Z
|
|
1288
|
+
ch >= 97 && ch <= 122) {
|
|
1289
|
+
result += value[i];
|
|
1290
|
+
} else {
|
|
1291
|
+
result += `&#x${ch.toString(16).toUpperCase()};`;
|
|
1292
|
+
}
|
|
1293
|
+
}
|
|
1294
|
+
return result;
|
|
1295
|
+
}
|
|
1296
|
+
function encodeForJs(value) {
|
|
1297
|
+
if (!value) return "";
|
|
1298
|
+
let result = "";
|
|
1299
|
+
for (let i = 0; i < value.length; i++) {
|
|
1300
|
+
const ch = value.charCodeAt(i);
|
|
1301
|
+
if (ch >= 48 && ch <= 57 || // 0-9
|
|
1302
|
+
ch >= 65 && ch <= 90 || // A-Z
|
|
1303
|
+
ch >= 97 && ch <= 122) {
|
|
1304
|
+
result += value[i];
|
|
1305
|
+
} else if (ch < 256) {
|
|
1306
|
+
result += `\\x${ch.toString(16).toUpperCase().padStart(2, "0")}`;
|
|
1307
|
+
} else {
|
|
1308
|
+
result += `\\u${ch.toString(16).toUpperCase().padStart(4, "0")}`;
|
|
1309
|
+
}
|
|
1310
|
+
}
|
|
1311
|
+
return result;
|
|
1312
|
+
}
|
|
1313
|
+
function encodeForUrl(value) {
|
|
1314
|
+
if (!value) return "";
|
|
1315
|
+
return encodeURIComponent(value).replace(/[!'()*]/g, (ch) => {
|
|
1316
|
+
return `%${ch.charCodeAt(0).toString(16).toUpperCase()}`;
|
|
1317
|
+
});
|
|
1318
|
+
}
|
|
1319
|
+
function encodeForCss(value) {
|
|
1320
|
+
if (!value) return "";
|
|
1321
|
+
let result = "";
|
|
1322
|
+
for (let i = 0; i < value.length; i++) {
|
|
1323
|
+
const ch = value.charCodeAt(i);
|
|
1324
|
+
if (ch >= 48 && ch <= 57 || // 0-9
|
|
1325
|
+
ch >= 65 && ch <= 90 || // A-Z
|
|
1326
|
+
ch >= 97 && ch <= 122) {
|
|
1327
|
+
result += value[i];
|
|
1328
|
+
} else {
|
|
1329
|
+
result += `\\${ch.toString(16).toUpperCase()} `;
|
|
1330
|
+
}
|
|
1331
|
+
}
|
|
1332
|
+
return result;
|
|
1333
|
+
}
|
|
1334
|
+
|
|
1248
1335
|
// src/validation/schema.ts
|
|
1249
1336
|
function validate(schema, source = "body") {
|
|
1250
1337
|
return (req, res, next) => {
|
|
@@ -3095,6 +3182,6 @@ function createRedisStore(options) {
|
|
|
3095
3182
|
return new RedisStore(options);
|
|
3096
3183
|
}
|
|
3097
3184
|
|
|
3098
|
-
export { ArcisError, ValidationError as ArcisValidationError, BLOCKED, ERRORS, HEADERS, INPUT, InputTooLargeError, MemoryStore, RATE_LIMIT, REDACTION, RateLimitError, RedisStore, SanitizationError, SecurityThreatError, VALIDATION, arcis, arcisWithMethods as arcisFunction, botProtection, createCors, createCsrf, createErrorHandler, createHeaders, createRateLimiter, createRedactor, createRedisStore, createSafeLogger, createSanitizer, createSecureCookies, createSlidingWindowLimiter, createTokenBucketLimiter, createValidator, csrfProtection, main_default as default, detectBot, detectClientIp, detectCommandInjection, detectHeaderInjection, detectJsonpInjection, detectNoSqlInjection, detectPathTraversal, detectPii, detectPrototypePollution, detectSql, detectSsti, detectXss, detectXxe, enforceSecureCookie, errorHandler, fingerprint, formatDuration, generateCsrfToken, isDangerousExtension, isDangerousNoSqlKey, isDangerousProtoKey, isPrivateIp, isRedirectSafe, isUrlSafe, isValidEmailSyntax, parseDuration, rateLimit, redactObjectPii, redactPii, safeCors, safeLog, sanitizeCommand, sanitizeFilename, sanitizeHeaderValue, sanitizeHeaders, sanitizeJsonpCallback, sanitizeObject, sanitizePath, sanitizeSql, sanitizeSsti, sanitizeString, sanitizeXss, sanitizeXxe, scanObjectPii, scanPii, secureCookieDefaults, securityHeaders, validate, validateCsrfToken, validateEmail, validateFile, validateRedirect, validateUrl, verifyEmailMx };
|
|
3185
|
+
export { ArcisError, ValidationError as ArcisValidationError, BLOCKED, ERRORS, HEADERS, INPUT, InputTooLargeError, MemoryStore, RATE_LIMIT, REDACTION, RateLimitError, RedisStore, SanitizationError, SecurityThreatError, VALIDATION, arcis, arcisWithMethods as arcisFunction, botProtection, createCors, createCsrf, createErrorHandler, createHeaders, createRateLimiter, createRedactor, createRedisStore, createSafeLogger, createSanitizer, createSecureCookies, createSlidingWindowLimiter, createTokenBucketLimiter, createValidator, csrfProtection, main_default as default, detectBot, detectClientIp, detectCommandInjection, detectHeaderInjection, detectJsonpInjection, detectNoSqlInjection, detectPathTraversal, detectPii, detectPrototypePollution, detectSql, detectSsti, detectXss, detectXxe, encodeForAttribute, encodeForCss, encodeForHtml, encodeForJs, encodeForUrl, enforceSecureCookie, errorHandler, fingerprint, formatDuration, generateCsrfToken, isDangerousExtension, isDangerousNoSqlKey, isDangerousProtoKey, isPrivateIp, isRedirectSafe, isUrlSafe, isValidEmailSyntax, parseDuration, rateLimit, redactObjectPii, redactPii, safeCors, safeLog, sanitizeCommand, sanitizeFilename, sanitizeHeaderValue, sanitizeHeaders, sanitizeJsonpCallback, sanitizeObject, sanitizePath, sanitizeSql, sanitizeSsti, sanitizeString, sanitizeXss, sanitizeXxe, scanObjectPii, scanPii, secureCookieDefaults, securityHeaders, validate, validateCsrfToken, validateEmail, validateFile, validateRedirect, validateUrl, verifyEmailMx };
|
|
3099
3186
|
//# sourceMappingURL=index.mjs.map
|
|
3100
3187
|
//# sourceMappingURL=index.mjs.map
|