npm - @arcis/node - Versions diffs - 1.3.0 → 1.4.0 - Mend

@arcis/node 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/dist/core/{index.d.mts → constants.d.ts} +21 -70
package/dist/core/constants.d.ts.map +1 -0
package/dist/core/errors.d.ts +53 -0
package/dist/core/errors.d.ts.map +1 -0
package/dist/core/index.d.ts +6 -168
package/dist/core/index.d.ts.map +1 -0
package/dist/{types-BOkx5YJc.d.mts → core/types.d.ts} +27 -30
package/dist/core/types.d.ts.map +1 -0
package/dist/index.d.ts +71 -166
package/dist/index.d.ts.map +1 -0
package/dist/index.js +57 -2
package/dist/index.js.map +1 -1
package/dist/index.mjs +56 -3
package/dist/index.mjs.map +1 -1
package/dist/logging/index.d.ts +4 -36
package/dist/logging/index.d.ts.map +1 -0
package/dist/logging/{index.d.mts → redactor.d.ts} +5 -9
package/dist/logging/redactor.d.ts.map +1 -0
package/dist/middleware/bot-detection.d.ts +86 -0
package/dist/middleware/bot-detection.d.ts.map +1 -0
package/dist/middleware/cookies.d.ts +48 -0
package/dist/middleware/cookies.d.ts.map +1 -0
package/dist/middleware/cors.d.ts +65 -0
package/dist/middleware/cors.d.ts.map +1 -0
package/dist/middleware/csrf.d.ts +109 -0
package/dist/middleware/csrf.d.ts.map +1 -0
package/dist/middleware/error-handler.d.ts +43 -0
package/dist/middleware/error-handler.d.ts.map +1 -0
package/dist/middleware/headers.d.ts +29 -0
package/dist/middleware/headers.d.ts.map +1 -0
package/dist/middleware/hpp.d.ts +56 -0
package/dist/middleware/hpp.d.ts.map +1 -0
package/dist/middleware/index.d.ts +16 -3
package/dist/middleware/index.d.ts.map +1 -0
package/dist/middleware/index.js +6 -1
package/dist/middleware/index.js.map +1 -1
package/dist/middleware/index.mjs +6 -1
package/dist/middleware/index.mjs.map +1 -1
package/dist/middleware/main.d.ts +40 -0
package/dist/middleware/main.d.ts.map +1 -0
package/dist/middleware/rate-limit-sliding.d.ts +46 -0
package/dist/middleware/rate-limit-sliding.d.ts.map +1 -0
package/dist/middleware/rate-limit-token.d.ts +51 -0
package/dist/middleware/rate-limit-token.d.ts.map +1 -0
package/dist/middleware/rate-limit.d.ts +34 -0
package/dist/middleware/rate-limit.d.ts.map +1 -0
package/dist/sanitizers/command.d.ts +28 -0
package/dist/sanitizers/command.d.ts.map +1 -0
package/dist/sanitizers/encode.d.ts +46 -0
package/dist/sanitizers/encode.d.ts.map +1 -0
package/dist/sanitizers/headers.d.ts +46 -0
package/dist/sanitizers/headers.d.ts.map +1 -0
package/dist/sanitizers/index.d.ts +17 -22
package/dist/sanitizers/index.d.ts.map +1 -0
package/dist/sanitizers/jsonp.d.ts +34 -0
package/dist/sanitizers/jsonp.d.ts.map +1 -0
package/dist/sanitizers/nosql.d.ts +31 -0
package/dist/sanitizers/nosql.d.ts.map +1 -0
package/dist/sanitizers/path.d.ts +28 -0
package/dist/sanitizers/path.d.ts.map +1 -0
package/dist/sanitizers/pii.d.ts +80 -0
package/dist/sanitizers/pii.d.ts.map +1 -0
package/dist/sanitizers/prototype.d.ts +34 -0
package/dist/sanitizers/prototype.d.ts.map +1 -0
package/dist/sanitizers/sanitize.d.ts +51 -0
package/dist/sanitizers/sanitize.d.ts.map +1 -0
package/dist/sanitizers/sql.d.ts +28 -0
package/dist/sanitizers/sql.d.ts.map +1 -0
package/dist/sanitizers/ssti.d.ts +20 -0
package/dist/sanitizers/ssti.d.ts.map +1 -0
package/dist/sanitizers/utils.d.ts +19 -0
package/dist/sanitizers/utils.d.ts.map +1 -0
package/dist/sanitizers/xss.d.ts +35 -0
package/dist/sanitizers/xss.d.ts.map +1 -0
package/dist/sanitizers/xxe.d.ts +20 -0
package/dist/sanitizers/xxe.d.ts.map +1 -0
package/dist/stores/index.d.ts +6 -104
package/dist/stores/index.d.ts.map +1 -0
package/dist/stores/memory.d.ts +35 -0
package/dist/stores/memory.d.ts.map +1 -0
package/dist/stores/{index.d.mts → redis.d.ts} +6 -45
package/dist/stores/redis.d.ts.map +1 -0
package/dist/utils/duration.d.ts +34 -0
package/dist/utils/duration.d.ts.map +1 -0
package/dist/utils/fingerprint.d.ts +64 -0
package/dist/utils/fingerprint.d.ts.map +1 -0
package/dist/utils/index.d.ts +10 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +188 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/index.mjs +182 -0
package/dist/utils/index.mjs.map +1 -0
package/dist/utils/ip.d.ts +70 -0
package/dist/utils/ip.d.ts.map +1 -0
package/dist/validation/email.d.ts +82 -0
package/dist/validation/email.d.ts.map +1 -0
package/dist/validation/file.d.ts +90 -0
package/dist/validation/file.d.ts.map +1 -0
package/dist/validation/index.d.ts +10 -3
package/dist/validation/index.d.ts.map +1 -0
package/dist/validation/redirect.d.ts +64 -0
package/dist/validation/redirect.d.ts.map +1 -0
package/dist/validation/schema.d.ts +36 -0
package/dist/validation/schema.d.ts.map +1 -0
package/dist/validation/url.d.ts +65 -0
package/dist/validation/url.d.ts.map +1 -0
package/package.json +8 -6
package/dist/encode-CrQCGlBq.d.mts +0 -484
package/dist/encode-jl9sOwmA.d.ts +0 -484
package/dist/index-BAhgn9V2.d.ts +0 -532
package/dist/index-BGNKspqH.d.ts +0 -340
package/dist/index-Cd02z-0j.d.mts +0 -340
package/dist/index-DgJtWMSj.d.mts +0 -532
package/dist/index.d.mts +0 -175
package/dist/middleware/index.d.mts +0 -3
package/dist/sanitizers/index.d.mts +0 -24
package/dist/types-BOkx5YJc.d.ts +0 -279
package/dist/validation/index.d.mts +0 -3

package/dist/index.mjs CHANGED Viewed

@@ -2838,12 +2838,14 @@ function getRequestToken(req, headerName, fieldName) {
   return void 0;
 }
 function csrfProtection(options = {}) {
-  const cookieName = options.cookieName ?? DEFAULTS.cookieName;
+  const baseCookieName = options.cookieName ?? DEFAULTS.cookieName;
+  const cookieName = options.useHostPrefix ? `__Host-${baseCookieName}` : baseCookieName;
   const headerName = options.headerName ?? DEFAULTS.headerName;
   const fieldName = options.fieldName ?? DEFAULTS.fieldName;
   const tokenLength = options.tokenLength ?? DEFAULTS.tokenLength;
   const protectedMethods = options.protectedMethods ?? [...DEFAULTS.protectedMethods];
   const excludePaths = options.excludePaths ?? [];
+  const skipCsrf = options.skipCsrf;
   const isProduction = process.env.NODE_ENV === "production";
   const cookieOpts = {
     path: options.cookie?.path ?? "/",
@@ -2863,6 +2865,9 @@ function csrfProtection(options = {}) {
   const protectedSet = new Set(protectedMethods.map((m) => m.toUpperCase()));
   return (req, res, next) => {
     const method = req.method.toUpperCase();
+    if (skipCsrf && skipCsrf(req)) {
+      return next();
+    }
     const requestPath = req.path || req.url;
     if (excludePaths.some((p) => requestPath === p || requestPath.startsWith(p + "/"))) {
       return next();
@@ -2919,6 +2924,54 @@ function escapeRegex(str) {
 }
 var createCsrf = csrfProtection;
+// src/middleware/hpp.ts
+function hpp(options = {}) {
+  const whitelist = new Set(options.whitelist ?? []);
+  const checkQuery = options.checkQuery ?? true;
+  const checkBody = options.checkBody ?? true;
+  return (req, _res, next) => {
+    if (checkQuery && req.query && typeof req.query === "object") {
+      const polluted = {};
+      const clean = {};
+      for (const [key, value] of Object.entries(req.query)) {
+        if (Array.isArray(value)) {
+          const strings = value.filter((v) => typeof v === "string");
+          if (whitelist.has(key)) {
+            clean[key] = strings;
+          } else {
+            polluted[key] = strings;
+            clean[key] = strings[strings.length - 1] ?? "";
+          }
+        } else {
+          clean[key] = value;
+        }
+      }
+      req.queryPolluted = polluted;
+      Object.defineProperty(req, "query", { value: clean, writable: true, configurable: true });
+    }
+    if (checkBody && req.body && typeof req.body === "object" && !Array.isArray(req.body)) {
+      const polluted = {};
+      const clean = {};
+      for (const [key, value] of Object.entries(req.body)) {
+        if (Array.isArray(value)) {
+          if (whitelist.has(key)) {
+            clean[key] = value;
+          } else {
+            polluted[key] = value;
+            clean[key] = value[value.length - 1];
+          }
+        } else {
+          clean[key] = value;
+        }
+      }
+      req.bodyPolluted = polluted;
+      Object.defineProperty(req, "body", { value: clean, writable: true, configurable: true });
+    }
+    next();
+  };
+}
+var createHpp = hpp;
 // src/utils/ip.ts
 var PLATFORM_HEADERS = {
   cloudflare: "cf-connecting-ip",
@@ -3039,7 +3092,7 @@ function fingerprint(req, options = {}) {
     components.push(`enc:${getHeader2(req, "accept-encoding")}`);
   }
   for (const c of custom) {
-    if (c != null) components.push(`custom:${c}`);
+    if (c !== null && c !== void 0) components.push(`custom:${c}`);
   }
   components.sort();
   const hash = createHash("sha256");
@@ -3182,6 +3235,6 @@ function createRedisStore(options) {
   return new RedisStore(options);
 }
-export { ArcisError, ValidationError as ArcisValidationError, BLOCKED, ERRORS, HEADERS, INPUT, InputTooLargeError, MemoryStore, RATE_LIMIT, REDACTION, RateLimitError, RedisStore, SanitizationError, SecurityThreatError, VALIDATION, arcis, arcisWithMethods as arcisFunction, botProtection, createCors, createCsrf, createErrorHandler, createHeaders, createRateLimiter, createRedactor, createRedisStore, createSafeLogger, createSanitizer, createSecureCookies, createSlidingWindowLimiter, createTokenBucketLimiter, createValidator, csrfProtection, main_default as default, detectBot, detectClientIp, detectCommandInjection, detectHeaderInjection, detectJsonpInjection, detectNoSqlInjection, detectPathTraversal, detectPii, detectPrototypePollution, detectSql, detectSsti, detectXss, detectXxe, encodeForAttribute, encodeForCss, encodeForHtml, encodeForJs, encodeForUrl, enforceSecureCookie, errorHandler, fingerprint, formatDuration, generateCsrfToken, isDangerousExtension, isDangerousNoSqlKey, isDangerousProtoKey, isPrivateIp, isRedirectSafe, isUrlSafe, isValidEmailSyntax, parseDuration, rateLimit, redactObjectPii, redactPii, safeCors, safeLog, sanitizeCommand, sanitizeFilename, sanitizeHeaderValue, sanitizeHeaders, sanitizeJsonpCallback, sanitizeObject, sanitizePath, sanitizeSql, sanitizeSsti, sanitizeString, sanitizeXss, sanitizeXxe, scanObjectPii, scanPii, secureCookieDefaults, securityHeaders, validate, validateCsrfToken, validateEmail, validateFile, validateRedirect, validateUrl, verifyEmailMx };
+export { ArcisError, ValidationError as ArcisValidationError, BLOCKED, ERRORS, HEADERS, INPUT, InputTooLargeError, MemoryStore, RATE_LIMIT, REDACTION, RateLimitError, RedisStore, SanitizationError, SecurityThreatError, VALIDATION, arcis, arcisWithMethods as arcisFunction, botProtection, createCors, createCsrf, createErrorHandler, createHeaders, createHpp, createRateLimiter, createRedactor, createRedisStore, createSafeLogger, createSanitizer, createSecureCookies, createSlidingWindowLimiter, createTokenBucketLimiter, createValidator, csrfProtection, main_default as default, detectBot, detectClientIp, detectCommandInjection, detectHeaderInjection, detectJsonpInjection, detectNoSqlInjection, detectPathTraversal, detectPii, detectPrototypePollution, detectSql, detectSsti, detectXss, detectXxe, encodeForAttribute, encodeForCss, encodeForHtml, encodeForJs, encodeForUrl, enforceSecureCookie, errorHandler, fingerprint, formatDuration, generateCsrfToken, hpp, isDangerousExtension, isDangerousNoSqlKey, isDangerousProtoKey, isPrivateIp, isRedirectSafe, isUrlSafe, isValidEmailSyntax, parseDuration, rateLimit, redactObjectPii, redactPii, safeCors, safeLog, sanitizeCommand, sanitizeFilename, sanitizeHeaderValue, sanitizeHeaders, sanitizeJsonpCallback, sanitizeObject, sanitizePath, sanitizeSql, sanitizeSsti, sanitizeString, sanitizeXss, sanitizeXxe, scanObjectPii, scanPii, secureCookieDefaults, securityHeaders, validate, validateCsrfToken, validateEmail, validateFile, validateRedirect, validateUrl, verifyEmailMx };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map