@budibase/backend-core 3.2.1 → 3.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +195 -81
- package/dist/index.js.map +4 -4
- package/dist/index.js.meta.json +1 -1
- package/dist/package.json +4 -4
- package/dist/plugins.js.meta.json +1 -1
- package/dist/src/environment.d.ts +2 -0
- package/dist/src/environment.js +3 -1
- package/dist/src/environment.js.map +1 -1
- package/dist/src/middleware/contentSecurityPolicy.d.ts +2 -0
- package/dist/src/middleware/contentSecurityPolicy.js +128 -0
- package/dist/src/middleware/contentSecurityPolicy.js.map +1 -0
- package/dist/src/middleware/index.d.ts +1 -0
- package/dist/src/middleware/index.js +3 -1
- package/dist/src/middleware/index.js.map +1 -1
- package/package.json +4 -4
- package/src/environment.ts +4 -0
- package/src/middleware/contentSecurityPolicy.ts +118 -0
- package/src/middleware/index.ts +1 -0
- package/src/middleware/tests/contentSecurityPolicy.spec.ts +75 -0
package/dist/index.js
CHANGED
|
@@ -11234,7 +11234,7 @@ var require_lib3 = __commonJS({
|
|
|
11234
11234
|
var require_utils = __commonJS({
|
|
11235
11235
|
"../../node_modules/@techpass/passport-openidconnect/lib/utils.js"(exports) {
|
|
11236
11236
|
"use strict";
|
|
11237
|
-
var
|
|
11237
|
+
var crypto4 = require("crypto");
|
|
11238
11238
|
exports.originalURL = function(req, options2) {
|
|
11239
11239
|
options2 = options2 || {};
|
|
11240
11240
|
var app = req.app;
|
|
@@ -11254,7 +11254,7 @@ var require_utils = __commonJS({
|
|
|
11254
11254
|
return a;
|
|
11255
11255
|
};
|
|
11256
11256
|
exports.uid = function(len) {
|
|
11257
|
-
return
|
|
11257
|
+
return crypto4.randomBytes(Math.ceil(len * 3 / 4)).toString("base64").slice(0, len);
|
|
11258
11258
|
};
|
|
11259
11259
|
}
|
|
11260
11260
|
});
|
|
@@ -11425,7 +11425,7 @@ var require_utils2 = __commonJS({
|
|
|
11425
11425
|
var require_oauth = __commonJS({
|
|
11426
11426
|
"../../node_modules/oauth/lib/oauth.js"(exports) {
|
|
11427
11427
|
"use strict";
|
|
11428
|
-
var
|
|
11428
|
+
var crypto4 = require("crypto");
|
|
11429
11429
|
var sha1 = require_sha1();
|
|
11430
11430
|
var http = require("http");
|
|
11431
11431
|
var https = require("https");
|
|
@@ -11597,10 +11597,10 @@ var require_oauth = __commonJS({
|
|
|
11597
11597
|
hash2 = key;
|
|
11598
11598
|
} else if (this._signatureMethod == "RSA-SHA1") {
|
|
11599
11599
|
key = this._privateKey || "";
|
|
11600
|
-
hash2 =
|
|
11600
|
+
hash2 = crypto4.createSign("RSA-SHA1").update(signatureBase).sign(key, "base64");
|
|
11601
11601
|
} else {
|
|
11602
|
-
if (
|
|
11603
|
-
hash2 =
|
|
11602
|
+
if (crypto4.Hmac) {
|
|
11603
|
+
hash2 = crypto4.createHmac("sha1", key).update(signatureBase).digest("base64");
|
|
11604
11604
|
} else {
|
|
11605
11605
|
hash2 = sha1.HMACSHA1(key, signatureBase);
|
|
11606
11606
|
}
|
|
@@ -11954,7 +11954,7 @@ var require_oauth2 = __commonJS({
|
|
|
11954
11954
|
"../../node_modules/oauth/lib/oauth2.js"(exports) {
|
|
11955
11955
|
"use strict";
|
|
11956
11956
|
var querystring = require("querystring");
|
|
11957
|
-
var
|
|
11957
|
+
var crypto4 = require("crypto");
|
|
11958
11958
|
var https = require("https");
|
|
11959
11959
|
var http = require("http");
|
|
11960
11960
|
var URL2 = require("url");
|
|
@@ -24012,7 +24012,7 @@ var require_helpers = __commonJS({
|
|
|
24012
24012
|
"../../node_modules/request/lib/helpers.js"(exports) {
|
|
24013
24013
|
"use strict";
|
|
24014
24014
|
var jsonSafeStringify = require_stringify();
|
|
24015
|
-
var
|
|
24015
|
+
var crypto4 = require("crypto");
|
|
24016
24016
|
var Buffer2 = require_safe_buffer().Buffer;
|
|
24017
24017
|
var defer = typeof setImmediate === "undefined" ? process.nextTick : setImmediate;
|
|
24018
24018
|
function paramsHaveRequestBody(params2) {
|
|
@@ -24028,7 +24028,7 @@ var require_helpers = __commonJS({
|
|
|
24028
24028
|
return ret;
|
|
24029
24029
|
}
|
|
24030
24030
|
function md5(str) {
|
|
24031
|
-
return
|
|
24031
|
+
return crypto4.createHash("md5").update(str).digest("hex");
|
|
24032
24032
|
}
|
|
24033
24033
|
function isReadStream(rs) {
|
|
24034
24034
|
return rs.readable && rs.path && rs.mode;
|
|
@@ -24066,7 +24066,7 @@ var require_helpers = __commonJS({
|
|
|
24066
24066
|
var require_aws_sign2 = __commonJS({
|
|
24067
24067
|
"../../node_modules/aws-sign2/index.js"(exports, module2) {
|
|
24068
24068
|
"use strict";
|
|
24069
|
-
var
|
|
24069
|
+
var crypto4 = require("crypto");
|
|
24070
24070
|
var parse = require("url").parse;
|
|
24071
24071
|
var keys2 = [
|
|
24072
24072
|
"acl",
|
|
@@ -24090,7 +24090,7 @@ var require_aws_sign2 = __commonJS({
|
|
|
24090
24090
|
module2.exports = authorization;
|
|
24091
24091
|
module2.exports.authorization = authorization;
|
|
24092
24092
|
function hmacSha1(options2) {
|
|
24093
|
-
return
|
|
24093
|
+
return crypto4.createHmac("sha1", options2.secret).update(options2.message).digest("base64");
|
|
24094
24094
|
}
|
|
24095
24095
|
module2.exports.hmacSha1 = hmacSha1;
|
|
24096
24096
|
function sign(options2) {
|
|
@@ -24246,14 +24246,14 @@ var require_aws4 = __commonJS({
|
|
|
24246
24246
|
var aws4 = exports;
|
|
24247
24247
|
var url = require("url");
|
|
24248
24248
|
var querystring = require("querystring");
|
|
24249
|
-
var
|
|
24249
|
+
var crypto4 = require("crypto");
|
|
24250
24250
|
var lru = require_lru();
|
|
24251
24251
|
var credentialsCache = lru(1e3);
|
|
24252
24252
|
function hmac(key, string, encoding) {
|
|
24253
|
-
return
|
|
24253
|
+
return crypto4.createHmac("sha256", key).update(string, "utf8").digest(encoding);
|
|
24254
24254
|
}
|
|
24255
24255
|
function hash2(string, encoding) {
|
|
24256
|
-
return
|
|
24256
|
+
return crypto4.createHash("sha256").update(string, "utf8").digest(encoding);
|
|
24257
24257
|
}
|
|
24258
24258
|
function encodeRfc3986(urlEncodedString) {
|
|
24259
24259
|
return urlEncodedString.replace(/[!'()*]/g, function(c) {
|
|
@@ -29573,23 +29573,23 @@ var require_nacl_fast = __commonJS({
|
|
|
29573
29573
|
randombytes = fn;
|
|
29574
29574
|
};
|
|
29575
29575
|
(function() {
|
|
29576
|
-
var
|
|
29577
|
-
if (
|
|
29576
|
+
var crypto4 = typeof self !== "undefined" ? self.crypto || self.msCrypto : null;
|
|
29577
|
+
if (crypto4 && crypto4.getRandomValues) {
|
|
29578
29578
|
var QUOTA = 65536;
|
|
29579
29579
|
nacl.setPRNG(function(x, n) {
|
|
29580
29580
|
var i, v = new Uint8Array(n);
|
|
29581
29581
|
for (i = 0; i < n; i += QUOTA) {
|
|
29582
|
-
|
|
29582
|
+
crypto4.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));
|
|
29583
29583
|
}
|
|
29584
29584
|
for (i = 0; i < n; i++)
|
|
29585
29585
|
x[i] = v[i];
|
|
29586
29586
|
cleanup3(v);
|
|
29587
29587
|
});
|
|
29588
29588
|
} else if (typeof require !== "undefined") {
|
|
29589
|
-
|
|
29590
|
-
if (
|
|
29589
|
+
crypto4 = require("crypto");
|
|
29590
|
+
if (crypto4 && crypto4.randomBytes) {
|
|
29591
29591
|
nacl.setPRNG(function(x, n) {
|
|
29592
|
-
var i, v =
|
|
29592
|
+
var i, v = crypto4.randomBytes(n);
|
|
29593
29593
|
for (i = 0; i < n; i++)
|
|
29594
29594
|
x[i] = v[i];
|
|
29595
29595
|
cleanup3(v);
|
|
@@ -29629,7 +29629,7 @@ var require_utils3 = __commonJS({
|
|
|
29629
29629
|
var Buffer2 = require_safer().Buffer;
|
|
29630
29630
|
var PrivateKey = require_private_key();
|
|
29631
29631
|
var Key = require_key();
|
|
29632
|
-
var
|
|
29632
|
+
var crypto4 = require("crypto");
|
|
29633
29633
|
var algs = require_algs();
|
|
29634
29634
|
var asn1 = require_lib4();
|
|
29635
29635
|
var ec = require_ec();
|
|
@@ -29713,7 +29713,7 @@ var require_utils3 = __commonJS({
|
|
|
29713
29713
|
bufs.push(salt);
|
|
29714
29714
|
D = Buffer2.concat(bufs);
|
|
29715
29715
|
for (var j = 0; j < count; ++j)
|
|
29716
|
-
D =
|
|
29716
|
+
D = crypto4.createHash("md5").update(D).digest();
|
|
29717
29717
|
material = Buffer2.concat([material, D]);
|
|
29718
29718
|
D_prev = D;
|
|
29719
29719
|
}
|
|
@@ -29735,13 +29735,13 @@ var require_utils3 = __commonJS({
|
|
|
29735
29735
|
return Buffer2.concat(ts).slice(0, size);
|
|
29736
29736
|
function T(I) {
|
|
29737
29737
|
hkey.writeUInt32BE(I, hkey.length - 4);
|
|
29738
|
-
var hmac =
|
|
29738
|
+
var hmac = crypto4.createHmac(hashAlg, passphrase);
|
|
29739
29739
|
hmac.update(hkey);
|
|
29740
29740
|
var Ti = hmac.digest();
|
|
29741
29741
|
var Uc = Ti;
|
|
29742
29742
|
var c = 1;
|
|
29743
29743
|
while (c++ < iterations) {
|
|
29744
|
-
hmac =
|
|
29744
|
+
hmac = crypto4.createHmac(hashAlg, passphrase);
|
|
29745
29745
|
hmac.update(Uc);
|
|
29746
29746
|
Uc = hmac.digest();
|
|
29747
29747
|
for (var x = 0; x < Ti.length; ++x)
|
|
@@ -30112,7 +30112,7 @@ var require_signature = __commonJS({
|
|
|
30112
30112
|
var assert = require_assert();
|
|
30113
30113
|
var Buffer2 = require_safer().Buffer;
|
|
30114
30114
|
var algs = require_algs();
|
|
30115
|
-
var
|
|
30115
|
+
var crypto4 = require("crypto");
|
|
30116
30116
|
var errs = require_errors();
|
|
30117
30117
|
var utils = require_utils3();
|
|
30118
30118
|
var asn1 = require_lib4();
|
|
@@ -30492,7 +30492,7 @@ var require_sec = __commonJS({
|
|
|
30492
30492
|
var require_ecc_jsbn = __commonJS({
|
|
30493
30493
|
"../../node_modules/ecc-jsbn/index.js"(exports) {
|
|
30494
30494
|
"use strict";
|
|
30495
|
-
var
|
|
30495
|
+
var crypto4 = require("crypto");
|
|
30496
30496
|
var BigInteger = require_jsbn().BigInteger;
|
|
30497
30497
|
var ECPointFp = require_ec().ECPointFp;
|
|
30498
30498
|
var Buffer2 = require_safer().Buffer;
|
|
@@ -30516,7 +30516,7 @@ var require_ecc_jsbn = __commonJS({
|
|
|
30516
30516
|
}
|
|
30517
30517
|
} else {
|
|
30518
30518
|
var n1 = n.subtract(BigInteger.ONE);
|
|
30519
|
-
var r = new BigInteger(
|
|
30519
|
+
var r = new BigInteger(crypto4.randomBytes(n.bitLength()));
|
|
30520
30520
|
priv = r.mod(n1).add(BigInteger.ONE);
|
|
30521
30521
|
this.P = c.getG().multiply(priv);
|
|
30522
30522
|
}
|
|
@@ -30546,14 +30546,14 @@ var require_dhe = __commonJS({
|
|
|
30546
30546
|
generateED25519
|
|
30547
30547
|
};
|
|
30548
30548
|
var assert = require_assert();
|
|
30549
|
-
var
|
|
30549
|
+
var crypto4 = require("crypto");
|
|
30550
30550
|
var Buffer2 = require_safer().Buffer;
|
|
30551
30551
|
var algs = require_algs();
|
|
30552
30552
|
var utils = require_utils3();
|
|
30553
30553
|
var nacl = require_nacl_fast();
|
|
30554
30554
|
var Key = require_key();
|
|
30555
30555
|
var PrivateKey = require_private_key();
|
|
30556
|
-
var CRYPTO_HAVE_ECDH =
|
|
30556
|
+
var CRYPTO_HAVE_ECDH = crypto4.createECDH !== void 0;
|
|
30557
30557
|
var ecdh = require_ecc_jsbn();
|
|
30558
30558
|
var ec = require_ec();
|
|
30559
30559
|
var jsbn = require_jsbn().BigInteger;
|
|
@@ -30567,7 +30567,7 @@ var require_dhe = __commonJS({
|
|
|
30567
30567
|
if (!CRYPTO_HAVE_ECDH) {
|
|
30568
30568
|
throw new Error("Due to bugs in the node 0.10 crypto API, node 0.12.x or later is required to use DH");
|
|
30569
30569
|
}
|
|
30570
|
-
this._dh =
|
|
30570
|
+
this._dh = crypto4.createDiffieHellman(
|
|
30571
30571
|
key.part.p.data,
|
|
30572
30572
|
void 0,
|
|
30573
30573
|
key.part.g.data,
|
|
@@ -30594,7 +30594,7 @@ var require_dhe = __commonJS({
|
|
|
30594
30594
|
"nistp384": "secp384r1",
|
|
30595
30595
|
"nistp521": "secp521r1"
|
|
30596
30596
|
}[key.curve];
|
|
30597
|
-
this._dh =
|
|
30597
|
+
this._dh = crypto4.createECDH(curve);
|
|
30598
30598
|
if (typeof this._dh !== "object" || typeof this._dh.setPrivateKey !== "function") {
|
|
30599
30599
|
CRYPTO_HAVE_ECDH = false;
|
|
30600
30600
|
DiffieHellman.call(this, key);
|
|
@@ -30746,7 +30746,7 @@ var require_dhe = __commonJS({
|
|
|
30746
30746
|
return this._key;
|
|
30747
30747
|
} else {
|
|
30748
30748
|
var n = this._ecParams.getN();
|
|
30749
|
-
var r = new jsbn(
|
|
30749
|
+
var r = new jsbn(crypto4.randomBytes(n.bitLength()));
|
|
30750
30750
|
var n1 = n.subtract(jsbn.ONE);
|
|
30751
30751
|
priv = r.mod(n1).add(jsbn.ONE);
|
|
30752
30752
|
pub = this._ecParams.getG().multiply(priv);
|
|
@@ -30852,7 +30852,7 @@ var require_dhe = __commonJS({
|
|
|
30852
30852
|
"nistp384": "secp384r1",
|
|
30853
30853
|
"nistp521": "secp521r1"
|
|
30854
30854
|
}[curve];
|
|
30855
|
-
var dh =
|
|
30855
|
+
var dh = crypto4.createECDH(osCurve);
|
|
30856
30856
|
dh.generateKeys();
|
|
30857
30857
|
parts.push({
|
|
30858
30858
|
name: "curve",
|
|
@@ -30870,7 +30870,7 @@ var require_dhe = __commonJS({
|
|
|
30870
30870
|
var ecParams = new X9ECParameters(curve);
|
|
30871
30871
|
var n = ecParams.getN();
|
|
30872
30872
|
var cByteLen = Math.ceil((n.bitLength() + 64) / 8);
|
|
30873
|
-
var c = new jsbn(
|
|
30873
|
+
var c = new jsbn(crypto4.randomBytes(cByteLen));
|
|
30874
30874
|
var n1 = n.subtract(jsbn.ONE);
|
|
30875
30875
|
var priv = c.mod(n1).add(jsbn.ONE);
|
|
30876
30876
|
var pub = ecParams.getG().multiply(priv);
|
|
@@ -33207,7 +33207,7 @@ var require_ssh_private = __commonJS({
|
|
|
33207
33207
|
var Buffer2 = require_safer().Buffer;
|
|
33208
33208
|
var algs = require_algs();
|
|
33209
33209
|
var utils = require_utils3();
|
|
33210
|
-
var
|
|
33210
|
+
var crypto4 = require("crypto");
|
|
33211
33211
|
var Key = require_key();
|
|
33212
33212
|
var PrivateKey = require_private_key();
|
|
33213
33213
|
var pem = require_pem();
|
|
@@ -33281,7 +33281,7 @@ var require_ssh_private = __commonJS({
|
|
|
33281
33281
|
out = Buffer2.from(out);
|
|
33282
33282
|
var ckey = out.slice(0, cinf.keySize);
|
|
33283
33283
|
var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
|
|
33284
|
-
var cipherStream =
|
|
33284
|
+
var cipherStream = crypto4.createDecipheriv(
|
|
33285
33285
|
cinf.opensslName,
|
|
33286
33286
|
ckey,
|
|
33287
33287
|
iv
|
|
@@ -33346,7 +33346,7 @@ var require_ssh_private = __commonJS({
|
|
|
33346
33346
|
var privBuf;
|
|
33347
33347
|
if (PrivateKey.isPrivateKey(key)) {
|
|
33348
33348
|
privBuf = new SSHBuffer({});
|
|
33349
|
-
var checkInt =
|
|
33349
|
+
var checkInt = crypto4.randomBytes(4).readUInt32BE(0);
|
|
33350
33350
|
privBuf.writeInt(checkInt);
|
|
33351
33351
|
privBuf.writeInt(checkInt);
|
|
33352
33352
|
privBuf.write(key.toBuffer("rfc4253"));
|
|
@@ -33360,7 +33360,7 @@ var require_ssh_private = __commonJS({
|
|
|
33360
33360
|
case "none":
|
|
33361
33361
|
break;
|
|
33362
33362
|
case "bcrypt":
|
|
33363
|
-
var salt =
|
|
33363
|
+
var salt = crypto4.randomBytes(16);
|
|
33364
33364
|
var rounds = 16;
|
|
33365
33365
|
var kdfssh = new SSHBuffer({});
|
|
33366
33366
|
kdfssh.writeBuffer(salt);
|
|
@@ -33387,7 +33387,7 @@ var require_ssh_private = __commonJS({
|
|
|
33387
33387
|
out = Buffer2.from(out);
|
|
33388
33388
|
var ckey = out.slice(0, cinf.keySize);
|
|
33389
33389
|
var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
|
|
33390
|
-
var cipherStream =
|
|
33390
|
+
var cipherStream = crypto4.createCipheriv(
|
|
33391
33391
|
cinf.opensslName,
|
|
33392
33392
|
ckey,
|
|
33393
33393
|
iv
|
|
@@ -33450,7 +33450,7 @@ var require_pem = __commonJS({
|
|
|
33450
33450
|
};
|
|
33451
33451
|
var assert = require_assert();
|
|
33452
33452
|
var asn1 = require_lib4();
|
|
33453
|
-
var
|
|
33453
|
+
var crypto4 = require("crypto");
|
|
33454
33454
|
var Buffer2 = require_safer().Buffer;
|
|
33455
33455
|
var algs = require_algs();
|
|
33456
33456
|
var utils = require_utils3();
|
|
@@ -33618,7 +33618,7 @@ var require_pem = __commonJS({
|
|
|
33618
33618
|
alg = void 0;
|
|
33619
33619
|
}
|
|
33620
33620
|
if (cipher && key && iv) {
|
|
33621
|
-
var cipherStream =
|
|
33621
|
+
var cipherStream = crypto4.createDecipheriv(cipher, key, iv);
|
|
33622
33622
|
var chunk, chunks = [];
|
|
33623
33623
|
cipherStream.once("error", function(e) {
|
|
33624
33624
|
if (e.toString().indexOf("bad decrypt") !== -1) {
|
|
@@ -34046,7 +34046,7 @@ var require_putty = __commonJS({
|
|
|
34046
34046
|
var rfc4253 = require_rfc4253();
|
|
34047
34047
|
var Key = require_key();
|
|
34048
34048
|
var SSHBuffer = require_ssh_buffer();
|
|
34049
|
-
var
|
|
34049
|
+
var crypto4 = require("crypto");
|
|
34050
34050
|
var PrivateKey = require_private_key();
|
|
34051
34051
|
var errors = require_errors();
|
|
34052
34052
|
function read(buf, options2) {
|
|
@@ -34116,7 +34116,7 @@ var require_putty = __commonJS({
|
|
|
34116
34116
|
);
|
|
34117
34117
|
}
|
|
34118
34118
|
var iv = Buffer2.alloc(16, 0);
|
|
34119
|
-
var decipher =
|
|
34119
|
+
var decipher = crypto4.createDecipheriv(
|
|
34120
34120
|
"aes-256-cbc",
|
|
34121
34121
|
derivePPK2EncryptionKey(options2.passphrase),
|
|
34122
34122
|
iv
|
|
@@ -34167,11 +34167,11 @@ var require_putty = __commonJS({
|
|
|
34167
34167
|
return key;
|
|
34168
34168
|
}
|
|
34169
34169
|
function derivePPK2EncryptionKey(passphrase) {
|
|
34170
|
-
var hash1 =
|
|
34170
|
+
var hash1 = crypto4.createHash("sha1").update(Buffer2.concat([
|
|
34171
34171
|
Buffer2.from([0, 0, 0, 0]),
|
|
34172
34172
|
Buffer2.from(passphrase)
|
|
34173
34173
|
])).digest();
|
|
34174
|
-
var hash2 =
|
|
34174
|
+
var hash2 = crypto4.createHash("sha1").update(Buffer2.concat([
|
|
34175
34175
|
Buffer2.from([0, 0, 0, 1]),
|
|
34176
34176
|
Buffer2.from(passphrase)
|
|
34177
34177
|
])).digest();
|
|
@@ -34327,7 +34327,7 @@ var require_private_key = __commonJS({
|
|
|
34327
34327
|
var assert = require_assert();
|
|
34328
34328
|
var Buffer2 = require_safer().Buffer;
|
|
34329
34329
|
var algs = require_algs();
|
|
34330
|
-
var
|
|
34330
|
+
var crypto4 = require("crypto");
|
|
34331
34331
|
var Fingerprint = require_fingerprint();
|
|
34332
34332
|
var Signature = require_signature();
|
|
34333
34333
|
var errs = require_errors();
|
|
@@ -34438,14 +34438,14 @@ var require_private_key = __commonJS({
|
|
|
34438
34438
|
var v, nm, err;
|
|
34439
34439
|
try {
|
|
34440
34440
|
nm = hashAlgo.toUpperCase();
|
|
34441
|
-
v =
|
|
34441
|
+
v = crypto4.createSign(nm);
|
|
34442
34442
|
} catch (e) {
|
|
34443
34443
|
err = e;
|
|
34444
34444
|
}
|
|
34445
34445
|
if (v === void 0 || err instanceof Error && err.message.match(/Unknown message digest/)) {
|
|
34446
34446
|
nm = "RSA-";
|
|
34447
34447
|
nm += hashAlgo.toUpperCase();
|
|
34448
|
-
v =
|
|
34448
|
+
v = crypto4.createSign(nm);
|
|
34449
34449
|
}
|
|
34450
34450
|
assert.ok(v, "failed to create verifier");
|
|
34451
34451
|
var oldSign = v.sign.bind(v);
|
|
@@ -34531,7 +34531,7 @@ var require_identity = __commonJS({
|
|
|
34531
34531
|
module2.exports = Identity6;
|
|
34532
34532
|
var assert = require_assert();
|
|
34533
34533
|
var algs = require_algs();
|
|
34534
|
-
var
|
|
34534
|
+
var crypto4 = require("crypto");
|
|
34535
34535
|
var Fingerprint = require_fingerprint();
|
|
34536
34536
|
var Signature = require_signature();
|
|
34537
34537
|
var errs = require_errors();
|
|
@@ -34849,7 +34849,7 @@ var require_openssh_cert = __commonJS({
|
|
|
34849
34849
|
};
|
|
34850
34850
|
var assert = require_assert();
|
|
34851
34851
|
var SSHBuffer = require_ssh_buffer();
|
|
34852
|
-
var
|
|
34852
|
+
var crypto4 = require("crypto");
|
|
34853
34853
|
var Buffer2 = require_safer().Buffer;
|
|
34854
34854
|
var algs = require_algs();
|
|
34855
34855
|
var Key = require_key();
|
|
@@ -35038,7 +35038,7 @@ var require_openssh_cert = __commonJS({
|
|
|
35038
35038
|
assert.object(cert.signatures.openssh, "signature for openssh format");
|
|
35039
35039
|
var sig = cert.signatures.openssh;
|
|
35040
35040
|
if (sig.nonce === void 0)
|
|
35041
|
-
sig.nonce =
|
|
35041
|
+
sig.nonce = crypto4.randomBytes(16);
|
|
35042
35042
|
var buf = new SSHBuffer({});
|
|
35043
35043
|
buf.writeString(getCertType(cert.subjectKey));
|
|
35044
35044
|
buf.writeBuffer(sig.nonce);
|
|
@@ -35844,7 +35844,7 @@ var require_certificate = __commonJS({
|
|
|
35844
35844
|
var assert = require_assert();
|
|
35845
35845
|
var Buffer2 = require_safer().Buffer;
|
|
35846
35846
|
var algs = require_algs();
|
|
35847
|
-
var
|
|
35847
|
+
var crypto4 = require("crypto");
|
|
35848
35848
|
var Fingerprint = require_fingerprint();
|
|
35849
35849
|
var Signature = require_signature();
|
|
35850
35850
|
var errs = require_errors();
|
|
@@ -35931,7 +35931,7 @@ var require_certificate = __commonJS({
|
|
|
35931
35931
|
throw new InvalidAlgorithmError(algo);
|
|
35932
35932
|
if (this._hashCache[algo])
|
|
35933
35933
|
return this._hashCache[algo];
|
|
35934
|
-
var hash2 =
|
|
35934
|
+
var hash2 = crypto4.createHash(algo).update(this.toBuffer("x509")).digest();
|
|
35935
35935
|
this._hashCache[algo] = hash2;
|
|
35936
35936
|
return hash2;
|
|
35937
35937
|
};
|
|
@@ -36202,7 +36202,7 @@ var require_fingerprint = __commonJS({
|
|
|
36202
36202
|
var assert = require_assert();
|
|
36203
36203
|
var Buffer2 = require_safer().Buffer;
|
|
36204
36204
|
var algs = require_algs();
|
|
36205
|
-
var
|
|
36205
|
+
var crypto4 = require("crypto");
|
|
36206
36206
|
var errs = require_errors();
|
|
36207
36207
|
var Key = require_key();
|
|
36208
36208
|
var PrivateKey = require_private_key();
|
|
@@ -36269,9 +36269,9 @@ var require_fingerprint = __commonJS({
|
|
|
36269
36269
|
);
|
|
36270
36270
|
}
|
|
36271
36271
|
var theirHash = other.hash(this.algorithm, this.hashType);
|
|
36272
|
-
var theirHash2 =
|
|
36272
|
+
var theirHash2 = crypto4.createHash(this.algorithm).update(theirHash).digest("base64");
|
|
36273
36273
|
if (this.hash2 === void 0)
|
|
36274
|
-
this.hash2 =
|
|
36274
|
+
this.hash2 = crypto4.createHash(this.algorithm).update(this.hash).digest("base64");
|
|
36275
36275
|
return this.hash2 === theirHash2;
|
|
36276
36276
|
};
|
|
36277
36277
|
var base64RE = /^[A-Za-z0-9+\/=]+$/;
|
|
@@ -36397,7 +36397,7 @@ var require_key = __commonJS({
|
|
|
36397
36397
|
module2.exports = Key;
|
|
36398
36398
|
var assert = require_assert();
|
|
36399
36399
|
var algs = require_algs();
|
|
36400
|
-
var
|
|
36400
|
+
var crypto4 = require("crypto");
|
|
36401
36401
|
var Fingerprint = require_fingerprint();
|
|
36402
36402
|
var Signature = require_signature();
|
|
36403
36403
|
var DiffieHellman = require_dhe().DiffieHellman;
|
|
@@ -36495,7 +36495,7 @@ var require_key = __commonJS({
|
|
|
36495
36495
|
} else {
|
|
36496
36496
|
throw new Error("Hash type " + type + " not supported");
|
|
36497
36497
|
}
|
|
36498
|
-
var hash2 =
|
|
36498
|
+
var hash2 = crypto4.createHash(algo).update(buf).digest();
|
|
36499
36499
|
this._hashCache[cacheKey] = hash2;
|
|
36500
36500
|
return hash2;
|
|
36501
36501
|
};
|
|
@@ -36543,14 +36543,14 @@ var require_key = __commonJS({
|
|
|
36543
36543
|
var v, nm, err;
|
|
36544
36544
|
try {
|
|
36545
36545
|
nm = hashAlgo.toUpperCase();
|
|
36546
|
-
v =
|
|
36546
|
+
v = crypto4.createVerify(nm);
|
|
36547
36547
|
} catch (e) {
|
|
36548
36548
|
err = e;
|
|
36549
36549
|
}
|
|
36550
36550
|
if (v === void 0 || err instanceof Error && err.message.match(/Unknown message digest/)) {
|
|
36551
36551
|
nm = "RSA-";
|
|
36552
36552
|
nm += hashAlgo.toUpperCase();
|
|
36553
|
-
v =
|
|
36553
|
+
v = crypto4.createVerify(nm);
|
|
36554
36554
|
}
|
|
36555
36555
|
assert.ok(v, "failed to create verifier");
|
|
36556
36556
|
var oldVerify = v.verify.bind(v);
|
|
@@ -38355,7 +38355,7 @@ var require_signer = __commonJS({
|
|
|
38355
38355
|
"../../node_modules/http-signature/lib/signer.js"(exports, module2) {
|
|
38356
38356
|
"use strict";
|
|
38357
38357
|
var assert = require_assert();
|
|
38358
|
-
var
|
|
38358
|
+
var crypto4 = require("crypto");
|
|
38359
38359
|
var http = require("http");
|
|
38360
38360
|
var util = require("util");
|
|
38361
38361
|
var sshpk = require_lib5();
|
|
@@ -38392,7 +38392,7 @@ var require_signer = __commonJS({
|
|
|
38392
38392
|
this.rs_keyId = options2.keyId;
|
|
38393
38393
|
if (typeof options2.key !== "string" && !Buffer.isBuffer(options2.key))
|
|
38394
38394
|
throw new TypeError("options.key for HMAC must be a string or Buffer");
|
|
38395
|
-
this.rs_signer =
|
|
38395
|
+
this.rs_signer = crypto4.createHmac(alg[1].toUpperCase(), options2.key);
|
|
38396
38396
|
this.rs_signer.sign = function() {
|
|
38397
38397
|
var digest = this.digest("base64");
|
|
38398
38398
|
return {
|
|
@@ -38610,7 +38610,7 @@ var require_signer = __commonJS({
|
|
|
38610
38610
|
if (alg[0] === "hmac") {
|
|
38611
38611
|
if (typeof options2.key !== "string" && !Buffer.isBuffer(options2.key))
|
|
38612
38612
|
throw new TypeError("options.key must be a string or Buffer");
|
|
38613
|
-
var hmac =
|
|
38613
|
+
var hmac = crypto4.createHmac(alg[1].toUpperCase(), options2.key);
|
|
38614
38614
|
hmac.update(stringToSign);
|
|
38615
38615
|
signature = hmac.digest("base64");
|
|
38616
38616
|
} else {
|
|
@@ -38656,7 +38656,7 @@ var require_verify = __commonJS({
|
|
|
38656
38656
|
"../../node_modules/http-signature/lib/verify.js"(exports, module2) {
|
|
38657
38657
|
"use strict";
|
|
38658
38658
|
var assert = require_assert();
|
|
38659
|
-
var
|
|
38659
|
+
var crypto4 = require("crypto");
|
|
38660
38660
|
var sshpk = require_lib5();
|
|
38661
38661
|
var utils = require_utils4();
|
|
38662
38662
|
var HASH_ALGOS = utils.HASH_ALGOS;
|
|
@@ -38704,12 +38704,12 @@ var require_verify = __commonJS({
|
|
|
38704
38704
|
if (alg[0] !== "hmac")
|
|
38705
38705
|
return false;
|
|
38706
38706
|
var hashAlg = alg[1].toUpperCase();
|
|
38707
|
-
var hmac =
|
|
38707
|
+
var hmac = crypto4.createHmac(hashAlg, secret);
|
|
38708
38708
|
hmac.update(parsedSignature.signingString);
|
|
38709
|
-
var h1 =
|
|
38709
|
+
var h1 = crypto4.createHmac(hashAlg, secret);
|
|
38710
38710
|
h1.update(hmac.digest());
|
|
38711
38711
|
h1 = h1.digest();
|
|
38712
|
-
var h2 =
|
|
38712
|
+
var h2 = crypto4.createHmac(hashAlg, secret);
|
|
38713
38713
|
h2.update(new Buffer(parsedSignature.params.signature, "base64"));
|
|
38714
38714
|
h2 = h2.digest();
|
|
38715
38715
|
if (typeof h1 === "string")
|
|
@@ -56662,12 +56662,12 @@ var require_auth = __commonJS({
|
|
|
56662
56662
|
var require_oauth_sign = __commonJS({
|
|
56663
56663
|
"../../node_modules/oauth-sign/index.js"(exports) {
|
|
56664
56664
|
"use strict";
|
|
56665
|
-
var
|
|
56665
|
+
var crypto4 = require("crypto");
|
|
56666
56666
|
function sha(key, body2, algorithm) {
|
|
56667
|
-
return
|
|
56667
|
+
return crypto4.createHmac(algorithm, key).update(body2).digest("base64");
|
|
56668
56668
|
}
|
|
56669
56669
|
function rsa(key, body2) {
|
|
56670
|
-
return
|
|
56670
|
+
return crypto4.createSign("RSA-SHA1").update(body2).sign(key, "base64");
|
|
56671
56671
|
}
|
|
56672
56672
|
function rfc3986(str) {
|
|
56673
56673
|
return encodeURIComponent(str).replace(/!/g, "%21").replace(/\*/g, "%2A").replace(/\(/g, "%28").replace(/\)/g, "%29").replace(/'/g, "%27");
|
|
@@ -56774,7 +56774,7 @@ var require_oauth4 = __commonJS({
|
|
|
56774
56774
|
var caseless = require_caseless();
|
|
56775
56775
|
var uuid2 = require("uuid/v4");
|
|
56776
56776
|
var oauth = require_oauth_sign();
|
|
56777
|
-
var
|
|
56777
|
+
var crypto4 = require("crypto");
|
|
56778
56778
|
var Buffer2 = require_safe_buffer().Buffer;
|
|
56779
56779
|
function OAuth(request) {
|
|
56780
56780
|
this.request = request;
|
|
@@ -56826,7 +56826,7 @@ var require_oauth4 = __commonJS({
|
|
|
56826
56826
|
if (["HMAC-SHA1", "RSA-SHA1"].indexOf(_oauth.signature_method || "HMAC-SHA1") < 0) {
|
|
56827
56827
|
this.request.emit("error", new Error("oauth: " + _oauth.signature_method + " signature_method not supported with body_hash signing."));
|
|
56828
56828
|
}
|
|
56829
|
-
var shasum =
|
|
56829
|
+
var shasum = crypto4.createHash("sha1");
|
|
56830
56830
|
shasum.update(body2 || "");
|
|
56831
56831
|
var sha1 = shasum.digest("hex");
|
|
56832
56832
|
return Buffer2.from(sha1, "hex").toString("base64");
|
|
@@ -56895,15 +56895,15 @@ var require_oauth4 = __commonJS({
|
|
|
56895
56895
|
var require_hawk = __commonJS({
|
|
56896
56896
|
"../../node_modules/request/lib/hawk.js"(exports) {
|
|
56897
56897
|
"use strict";
|
|
56898
|
-
var
|
|
56898
|
+
var crypto4 = require("crypto");
|
|
56899
56899
|
function randomString(size) {
|
|
56900
56900
|
var bits = (size + 1) * 6;
|
|
56901
|
-
var buffer =
|
|
56901
|
+
var buffer = crypto4.randomBytes(Math.ceil(bits / 8));
|
|
56902
56902
|
var string = buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
|
|
56903
56903
|
return string.slice(0, size);
|
|
56904
56904
|
}
|
|
56905
56905
|
function calculatePayloadHash(payload, algorithm, contentType) {
|
|
56906
|
-
var hash2 =
|
|
56906
|
+
var hash2 = crypto4.createHash(algorithm);
|
|
56907
56907
|
hash2.update("hawk.1.payload\n");
|
|
56908
56908
|
hash2.update((contentType ? contentType.split(";")[0].trim().toLowerCase() : "") + "\n");
|
|
56909
56909
|
hash2.update(payload || "");
|
|
@@ -56919,7 +56919,7 @@ var require_hawk = __commonJS({
|
|
|
56919
56919
|
if (opts.app) {
|
|
56920
56920
|
normalized = normalized + opts.app + "\n" + (opts.dlg || "") + "\n";
|
|
56921
56921
|
}
|
|
56922
|
-
var hmac =
|
|
56922
|
+
var hmac = crypto4.createHmac(credentials.algorithm, credentials.key).update(normalized);
|
|
56923
56923
|
var digest = hmac.digest("base64");
|
|
56924
56924
|
return digest;
|
|
56925
56925
|
};
|
|
@@ -61340,7 +61340,7 @@ var require_strategy2 = __commonJS({
|
|
|
61340
61340
|
var OAuth2 = require_oauth3().OAuth2;
|
|
61341
61341
|
var SessionStateStore = require_session();
|
|
61342
61342
|
var InternalOAuthError = require_internaloautherror();
|
|
61343
|
-
var
|
|
61343
|
+
var crypto4 = require("crypto");
|
|
61344
61344
|
var base64url = require_base64url2();
|
|
61345
61345
|
var AuthorizationError = require_authorizationerror();
|
|
61346
61346
|
function Strategy(options2, verify) {
|
|
@@ -61729,11 +61729,11 @@ var require_strategy2 = __commonJS({
|
|
|
61729
61729
|
delete meta[param];
|
|
61730
61730
|
}
|
|
61731
61731
|
if (config.pkce) {
|
|
61732
|
-
var verifier = base64url(
|
|
61732
|
+
var verifier = base64url(crypto4.pseudoRandomBytes(32));
|
|
61733
61733
|
switch (config.pkce) {
|
|
61734
61734
|
case "S256":
|
|
61735
61735
|
params2.code_challenge = base64url(
|
|
61736
|
-
|
|
61736
|
+
crypto4.createHash("sha256").update(verifier).digest()
|
|
61737
61737
|
);
|
|
61738
61738
|
break;
|
|
61739
61739
|
case "plain":
|
|
@@ -62956,7 +62956,7 @@ function getNextExecutionDates(cronExpression, limit2 = 4) {
|
|
|
62956
62956
|
}
|
|
62957
62957
|
function validate(cronExpression) {
|
|
62958
62958
|
const result = (0, import_cron_validate.default)(cronExpression, {
|
|
62959
|
-
preset: "npm-
|
|
62959
|
+
preset: "npm-cron-schedule",
|
|
62960
62960
|
override: {
|
|
62961
62961
|
useSeconds: false
|
|
62962
62962
|
}
|
|
@@ -64369,7 +64369,10 @@ var environment = {
|
|
|
64369
64369
|
BB_ADMIN_USER_EMAIL: process.env.BB_ADMIN_USER_EMAIL,
|
|
64370
64370
|
BB_ADMIN_USER_PASSWORD: process.env.BB_ADMIN_USER_PASSWORD,
|
|
64371
64371
|
OPENAI_API_KEY: process.env.OPENAI_API_KEY,
|
|
64372
|
-
MIN_VERSION_WITHOUT_POWER_ROLE: process.env.MIN_VERSION_WITHOUT_POWER_ROLE || "3.0.0"
|
|
64372
|
+
MIN_VERSION_WITHOUT_POWER_ROLE: process.env.MIN_VERSION_WITHOUT_POWER_ROLE || "3.0.0",
|
|
64373
|
+
DISABLE_CONTENT_SECURITY_POLICY: process.env.DISABLE_CONTENT_SECURITY_POLICY,
|
|
64374
|
+
// stopgap migration strategy until we can ensure backwards compat without unsafe-inline in CSP
|
|
64375
|
+
DISABLE_CSP_UNSAFE_INLINE_SCRIPTS: process.env.DISABLE_CSP_UNSAFE_INLINE_SCRIPTS
|
|
64373
64376
|
};
|
|
64374
64377
|
function setEnv(newEnvVars) {
|
|
64375
64378
|
const oldEnv = (0, import_lodash4.cloneDeep)(environment);
|
|
@@ -74682,6 +74685,7 @@ __export(middleware_exports, {
|
|
|
74682
74685
|
builderOnly: () => builderOnly_default,
|
|
74683
74686
|
builderOrAdmin: () => builderOrAdmin_default,
|
|
74684
74687
|
correlation: () => middleware_default2,
|
|
74688
|
+
csp: () => contentSecurityPolicy_default,
|
|
74685
74689
|
csrf: () => csrf_default,
|
|
74686
74690
|
datasource: () => datasource,
|
|
74687
74691
|
errorHandling: () => errorHandling_default,
|
|
@@ -75640,6 +75644,116 @@ function querystringToBody_default(ctx, next) {
|
|
|
75640
75644
|
return next();
|
|
75641
75645
|
}
|
|
75642
75646
|
|
|
75647
|
+
// src/middleware/contentSecurityPolicy.ts
|
|
75648
|
+
var import_crypto2 = __toESM(require("crypto"));
|
|
75649
|
+
var CSP_DIRECTIVES = {
|
|
75650
|
+
"default-src": ["'self'"],
|
|
75651
|
+
"script-src": [
|
|
75652
|
+
"'self'",
|
|
75653
|
+
"'unsafe-eval'",
|
|
75654
|
+
"https://*.budibase.net",
|
|
75655
|
+
"https://cdn.budi.live",
|
|
75656
|
+
"https://js.intercomcdn.com",
|
|
75657
|
+
"https://widget.intercom.io",
|
|
75658
|
+
"https://d2l5prqdbvm3op.cloudfront.net",
|
|
75659
|
+
"https://us-assets.i.posthog.com"
|
|
75660
|
+
],
|
|
75661
|
+
"style-src": [
|
|
75662
|
+
"'self'",
|
|
75663
|
+
"'unsafe-inline'",
|
|
75664
|
+
"https://cdn.jsdelivr.net",
|
|
75665
|
+
"https://fonts.googleapis.com",
|
|
75666
|
+
"https://rsms.me",
|
|
75667
|
+
"https://maxcdn.bootstrapcdn.com"
|
|
75668
|
+
],
|
|
75669
|
+
"object-src": ["'none'"],
|
|
75670
|
+
"base-uri": ["'self'"],
|
|
75671
|
+
"connect-src": [
|
|
75672
|
+
"'self'",
|
|
75673
|
+
"https://*.budibase.app",
|
|
75674
|
+
"https://*.budibaseqa.app",
|
|
75675
|
+
"https://*.budibase.net",
|
|
75676
|
+
"https://api-iam.intercom.io",
|
|
75677
|
+
"https://api-ping.intercom.io",
|
|
75678
|
+
"https://app.posthog.com",
|
|
75679
|
+
"https://us.i.posthog.com",
|
|
75680
|
+
"wss://nexus-websocket-a.intercom.io",
|
|
75681
|
+
"wss://nexus-websocket-b.intercom.io",
|
|
75682
|
+
"https://nexus-websocket-a.intercom.io",
|
|
75683
|
+
"https://nexus-websocket-b.intercom.io",
|
|
75684
|
+
"https://uploads.intercomcdn.com",
|
|
75685
|
+
"https://uploads.intercomusercontent.com",
|
|
75686
|
+
"https://*.amazonaws.com",
|
|
75687
|
+
"https://*.s3.amazonaws.com",
|
|
75688
|
+
"https://*.s3.us-east-2.amazonaws.com",
|
|
75689
|
+
"https://*.s3.us-east-1.amazonaws.com",
|
|
75690
|
+
"https://*.s3.us-west-1.amazonaws.com",
|
|
75691
|
+
"https://*.s3.us-west-2.amazonaws.com",
|
|
75692
|
+
"https://*.s3.af-south-1.amazonaws.com",
|
|
75693
|
+
"https://*.s3.ap-east-1.amazonaws.com",
|
|
75694
|
+
"https://*.s3.ap-south-1.amazonaws.com",
|
|
75695
|
+
"https://*.s3.ap-northeast-2.amazonaws.com",
|
|
75696
|
+
"https://*.s3.ap-southeast-1.amazonaws.com",
|
|
75697
|
+
"https://*.s3.ap-southeast-2.amazonaws.com",
|
|
75698
|
+
"https://*.s3.ap-northeast-1.amazonaws.com",
|
|
75699
|
+
"https://*.s3.ca-central-1.amazonaws.com",
|
|
75700
|
+
"https://*.s3.cn-north-1.amazonaws.com",
|
|
75701
|
+
"https://*.s3.cn-northwest-1.amazonaws.com",
|
|
75702
|
+
"https://*.s3.eu-central-1.amazonaws.com",
|
|
75703
|
+
"https://*.s3.eu-west-1.amazonaws.com",
|
|
75704
|
+
"https://*.s3.eu-west-2.amazonaws.com",
|
|
75705
|
+
"https://*.s3.eu-south-1.amazonaws.com",
|
|
75706
|
+
"https://*.s3.eu-west-3.amazonaws.com",
|
|
75707
|
+
"https://*.s3.eu-north-1.amazonaws.com",
|
|
75708
|
+
"https://*.s3.sa-east-1.amazonaws.com",
|
|
75709
|
+
"https://*.s3.me-south-1.amazonaws.com",
|
|
75710
|
+
"https://*.s3.us-gov-east-1.amazonaws.com",
|
|
75711
|
+
"https://*.s3.us-gov-west-1.amazonaws.com",
|
|
75712
|
+
"https://api.github.com"
|
|
75713
|
+
],
|
|
75714
|
+
"font-src": [
|
|
75715
|
+
"'self'",
|
|
75716
|
+
"data:",
|
|
75717
|
+
"https://cdn.jsdelivr.net",
|
|
75718
|
+
"https://fonts.gstatic.com",
|
|
75719
|
+
"https://rsms.me",
|
|
75720
|
+
"https://maxcdn.bootstrapcdn.com",
|
|
75721
|
+
"https://js.intercomcdn.com",
|
|
75722
|
+
"https://fonts.intercomcdn.com"
|
|
75723
|
+
],
|
|
75724
|
+
"frame-src": ["'self'", "https:"],
|
|
75725
|
+
"img-src": ["http:", "https:", "data:", "blob:"],
|
|
75726
|
+
"manifest-src": ["'self'"],
|
|
75727
|
+
"media-src": [
|
|
75728
|
+
"'self'",
|
|
75729
|
+
"https://js.intercomcdn.com",
|
|
75730
|
+
"https://cdn.budi.live"
|
|
75731
|
+
],
|
|
75732
|
+
"worker-src": ["blob:"]
|
|
75733
|
+
};
|
|
75734
|
+
async function contentSecurityPolicy(ctx, next) {
|
|
75735
|
+
try {
|
|
75736
|
+
const nonce = import_crypto2.default.randomBytes(16).toString("base64");
|
|
75737
|
+
const directives = { ...CSP_DIRECTIVES };
|
|
75738
|
+
directives["script-src"] = [
|
|
75739
|
+
...CSP_DIRECTIVES["script-src"],
|
|
75740
|
+
`'nonce-${nonce}'`
|
|
75741
|
+
];
|
|
75742
|
+
if (!environment_default.DISABLE_CSP_UNSAFE_INLINE_SCRIPTS) {
|
|
75743
|
+
directives["script-src"].push("'unsafe-inline'");
|
|
75744
|
+
}
|
|
75745
|
+
ctx.state.nonce = nonce;
|
|
75746
|
+
const cspHeader = Object.entries(directives).map(([key, sources]) => `${key} ${sources.join(" ")}`).join("; ");
|
|
75747
|
+
ctx.set("Content-Security-Policy", cspHeader);
|
|
75748
|
+
await next();
|
|
75749
|
+
} catch (err) {
|
|
75750
|
+
console.error(
|
|
75751
|
+
`Error occurred in Content-Security-Policy middleware: ${err}`
|
|
75752
|
+
);
|
|
75753
|
+
}
|
|
75754
|
+
}
|
|
75755
|
+
var contentSecurityPolicy_default = contentSecurityPolicy;
|
|
75756
|
+
|
|
75643
75757
|
// src/middleware/joi-validator.ts
|
|
75644
75758
|
var joi_validator_exports = {};
|
|
75645
75759
|
__export(joi_validator_exports, {
|