@arcis/node 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/dist/core/{index.d.mts → constants.d.ts} +21 -70
  2. package/dist/core/constants.d.ts.map +1 -0
  3. package/dist/core/errors.d.ts +53 -0
  4. package/dist/core/errors.d.ts.map +1 -0
  5. package/dist/core/index.d.ts +6 -168
  6. package/dist/core/index.d.ts.map +1 -0
  7. package/dist/{types-CsOFHoD9.d.mts → core/types.d.ts} +38 -31
  8. package/dist/core/types.d.ts.map +1 -0
  9. package/dist/index.d.ts +71 -166
  10. package/dist/index.d.ts.map +1 -0
  11. package/dist/index.js +151 -4
  12. package/dist/index.js.map +1 -1
  13. package/dist/index.mjs +145 -5
  14. package/dist/index.mjs.map +1 -1
  15. package/dist/logging/index.d.ts +4 -36
  16. package/dist/logging/index.d.ts.map +1 -0
  17. package/dist/logging/{index.d.mts → redactor.d.ts} +5 -9
  18. package/dist/logging/redactor.d.ts.map +1 -0
  19. package/dist/middleware/bot-detection.d.ts +86 -0
  20. package/dist/middleware/bot-detection.d.ts.map +1 -0
  21. package/dist/middleware/cookies.d.ts +48 -0
  22. package/dist/middleware/cookies.d.ts.map +1 -0
  23. package/dist/middleware/cors.d.ts +65 -0
  24. package/dist/middleware/cors.d.ts.map +1 -0
  25. package/dist/middleware/csrf.d.ts +109 -0
  26. package/dist/middleware/csrf.d.ts.map +1 -0
  27. package/dist/middleware/error-handler.d.ts +43 -0
  28. package/dist/middleware/error-handler.d.ts.map +1 -0
  29. package/dist/middleware/headers.d.ts +29 -0
  30. package/dist/middleware/headers.d.ts.map +1 -0
  31. package/dist/middleware/hpp.d.ts +56 -0
  32. package/dist/middleware/hpp.d.ts.map +1 -0
  33. package/dist/middleware/index.d.ts +16 -3
  34. package/dist/middleware/index.d.ts.map +1 -0
  35. package/dist/middleware/index.js +28 -3
  36. package/dist/middleware/index.js.map +1 -1
  37. package/dist/middleware/index.mjs +28 -3
  38. package/dist/middleware/index.mjs.map +1 -1
  39. package/dist/middleware/main.d.ts +40 -0
  40. package/dist/middleware/main.d.ts.map +1 -0
  41. package/dist/middleware/rate-limit-sliding.d.ts +46 -0
  42. package/dist/middleware/rate-limit-sliding.d.ts.map +1 -0
  43. package/dist/middleware/rate-limit-token.d.ts +51 -0
  44. package/dist/middleware/rate-limit-token.d.ts.map +1 -0
  45. package/dist/middleware/rate-limit.d.ts +34 -0
  46. package/dist/middleware/rate-limit.d.ts.map +1 -0
  47. package/dist/sanitizers/command.d.ts +28 -0
  48. package/dist/sanitizers/command.d.ts.map +1 -0
  49. package/dist/sanitizers/encode.d.ts +46 -0
  50. package/dist/sanitizers/encode.d.ts.map +1 -0
  51. package/dist/sanitizers/headers.d.ts +46 -0
  52. package/dist/sanitizers/headers.d.ts.map +1 -0
  53. package/dist/sanitizers/index.d.ts +17 -22
  54. package/dist/sanitizers/index.d.ts.map +1 -0
  55. package/dist/sanitizers/index.js +72 -0
  56. package/dist/sanitizers/index.js.map +1 -1
  57. package/dist/sanitizers/index.mjs +68 -1
  58. package/dist/sanitizers/index.mjs.map +1 -1
  59. package/dist/sanitizers/jsonp.d.ts +34 -0
  60. package/dist/sanitizers/jsonp.d.ts.map +1 -0
  61. package/dist/sanitizers/nosql.d.ts +31 -0
  62. package/dist/sanitizers/nosql.d.ts.map +1 -0
  63. package/dist/sanitizers/path.d.ts +28 -0
  64. package/dist/sanitizers/path.d.ts.map +1 -0
  65. package/dist/sanitizers/pii.d.ts +80 -0
  66. package/dist/sanitizers/pii.d.ts.map +1 -0
  67. package/dist/sanitizers/prototype.d.ts +34 -0
  68. package/dist/sanitizers/prototype.d.ts.map +1 -0
  69. package/dist/sanitizers/sanitize.d.ts +51 -0
  70. package/dist/sanitizers/sanitize.d.ts.map +1 -0
  71. package/dist/sanitizers/sql.d.ts +28 -0
  72. package/dist/sanitizers/sql.d.ts.map +1 -0
  73. package/dist/sanitizers/ssti.d.ts +20 -0
  74. package/dist/sanitizers/ssti.d.ts.map +1 -0
  75. package/dist/sanitizers/utils.d.ts +19 -0
  76. package/dist/sanitizers/utils.d.ts.map +1 -0
  77. package/dist/sanitizers/xss.d.ts +35 -0
  78. package/dist/sanitizers/xss.d.ts.map +1 -0
  79. package/dist/sanitizers/xxe.d.ts +20 -0
  80. package/dist/sanitizers/xxe.d.ts.map +1 -0
  81. package/dist/stores/index.d.ts +6 -104
  82. package/dist/stores/index.d.ts.map +1 -0
  83. package/dist/stores/memory.d.ts +35 -0
  84. package/dist/stores/memory.d.ts.map +1 -0
  85. package/dist/stores/{index.d.mts → redis.d.ts} +6 -45
  86. package/dist/stores/redis.d.ts.map +1 -0
  87. package/dist/utils/duration.d.ts +34 -0
  88. package/dist/utils/duration.d.ts.map +1 -0
  89. package/dist/utils/fingerprint.d.ts +64 -0
  90. package/dist/utils/fingerprint.d.ts.map +1 -0
  91. package/dist/utils/index.d.ts +10 -0
  92. package/dist/utils/index.d.ts.map +1 -0
  93. package/dist/utils/index.js +188 -0
  94. package/dist/utils/index.js.map +1 -0
  95. package/dist/utils/index.mjs +182 -0
  96. package/dist/utils/index.mjs.map +1 -0
  97. package/dist/utils/ip.d.ts +70 -0
  98. package/dist/utils/ip.d.ts.map +1 -0
  99. package/dist/validation/email.d.ts +82 -0
  100. package/dist/validation/email.d.ts.map +1 -0
  101. package/dist/validation/file.d.ts +90 -0
  102. package/dist/validation/file.d.ts.map +1 -0
  103. package/dist/validation/index.d.ts +10 -3
  104. package/dist/validation/index.d.ts.map +1 -0
  105. package/dist/validation/redirect.d.ts +64 -0
  106. package/dist/validation/redirect.d.ts.map +1 -0
  107. package/dist/validation/schema.d.ts +36 -0
  108. package/dist/validation/schema.d.ts.map +1 -0
  109. package/dist/validation/url.d.ts +65 -0
  110. package/dist/validation/url.d.ts.map +1 -0
  111. package/package.json +8 -6
  112. package/dist/index-A-m-pPeW.d.mts +0 -340
  113. package/dist/index-CgK94hY_.d.mts +0 -532
  114. package/dist/index-Co5kPRZz.d.ts +0 -340
  115. package/dist/index-D_bdJcF0.d.ts +0 -532
  116. package/dist/index.d.mts +0 -175
  117. package/dist/middleware/index.d.mts +0 -3
  118. package/dist/pii-CXcHMlnX.d.mts +0 -438
  119. package/dist/pii-DhNpl7M3.d.ts +0 -438
  120. package/dist/sanitizers/index.d.mts +0 -24
  121. package/dist/types-CsOFHoD9.d.ts +0 -269
  122. package/dist/validation/index.d.mts +0 -3
package/dist/middleware/index.mjs CHANGED
@@ -272,7 +272,12 @@ function createHeaders(options = {}) {
272
272
  hsts = true,
273
273
  referrerPolicy = HEADERS.REFERRER_POLICY,
274
274
  permissionsPolicy = HEADERS.PERMISSIONS_POLICY,
275
- cacheControl = true
275
+ cacheControl = true,
276
+ crossOriginOpenerPolicy = "same-origin",
277
+ crossOriginResourcePolicy = "same-origin",
278
+ crossOriginEmbedderPolicy = "require-corp",
279
+ originAgentCluster = true,
280
+ dnsPrefetchControl = true
276
281
  } = options;
277
282
  return (req, res, next) => {
278
283
  if (contentSecurityPolicy) {
@@ -280,7 +285,7 @@ function createHeaders(options = {}) {
280
285
  res.setHeader("Content-Security-Policy", csp);
281
286
  }
282
287
  if (xssFilter) {
283
- res.setHeader("X-XSS-Protection", "1; mode=block");
288
+ res.setHeader("X-XSS-Protection", "0");
284
289
  }
285
290
  if (noSniff) {
286
291
  res.setHeader("X-Content-Type-Options", HEADERS.CONTENT_TYPE_OPTIONS);
@@ -307,6 +312,21 @@ function createHeaders(options = {}) {
307
312
  if (permissionsPolicy) {
308
313
  res.setHeader("Permissions-Policy", permissionsPolicy);
309
314
  }
315
+ if (crossOriginOpenerPolicy) {
316
+ res.setHeader("Cross-Origin-Opener-Policy", crossOriginOpenerPolicy);
317
+ }
318
+ if (crossOriginResourcePolicy) {
319
+ res.setHeader("Cross-Origin-Resource-Policy", crossOriginResourcePolicy);
320
+ }
321
+ if (crossOriginEmbedderPolicy) {
322
+ res.setHeader("Cross-Origin-Embedder-Policy", crossOriginEmbedderPolicy);
323
+ }
324
+ if (originAgentCluster) {
325
+ res.setHeader("Origin-Agent-Cluster", "?1");
326
+ }
327
+ if (dnsPrefetchControl) {
328
+ res.setHeader("X-DNS-Prefetch-Control", "off");
329
+ }
310
330
  res.setHeader("X-Permitted-Cross-Domain-Policies", "none");
311
331
  if (cacheControl) {
312
332
  const cacheControlValue = typeof cacheControl === "string" ? cacheControl : HEADERS.CACHE_CONTROL;
@@ -1582,12 +1602,14 @@ function getRequestToken(req, headerName, fieldName) {
1582
1602
  return void 0;
1583
1603
  }
1584
1604
  function csrfProtection(options = {}) {
1585
- const cookieName = options.cookieName ?? DEFAULTS.cookieName;
1605
+ const baseCookieName = options.cookieName ?? DEFAULTS.cookieName;
1606
+ const cookieName = options.useHostPrefix ? `__Host-${baseCookieName}` : baseCookieName;
1586
1607
  const headerName = options.headerName ?? DEFAULTS.headerName;
1587
1608
  const fieldName = options.fieldName ?? DEFAULTS.fieldName;
1588
1609
  const tokenLength = options.tokenLength ?? DEFAULTS.tokenLength;
1589
1610
  const protectedMethods = options.protectedMethods ?? [...DEFAULTS.protectedMethods];
1590
1611
  const excludePaths = options.excludePaths ?? [];
1612
+ const skipCsrf = options.skipCsrf;
1591
1613
  const isProduction = process.env.NODE_ENV === "production";
1592
1614
  const cookieOpts = {
1593
1615
  path: options.cookie?.path ?? "/",
@@ -1607,6 +1629,9 @@ function csrfProtection(options = {}) {
1607
1629
  const protectedSet = new Set(protectedMethods.map((m) => m.toUpperCase()));
1608
1630
  return (req, res, next) => {
1609
1631
  const method = req.method.toUpperCase();
1632
+ if (skipCsrf && skipCsrf(req)) {
1633
+ return next();
1634
+ }
1610
1635
  const requestPath = req.path || req.url;
1611
1636
  if (excludePaths.some((p) => requestPath === p || requestPath.startsWith(p + "/"))) {
1612
1637
  return next();