@dargmuesli/nuxt-vio 8.2.4 → 8.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/app.config.ts +1 -17
  2. package/components/vio/_/VioError.vue +9 -4
  3. package/components/vio/_/VioLink.vue +1 -1
  4. package/components/vio/loader/Loader.vue +2 -2
  5. package/composables/useDateTime.ts +1 -1
  6. package/composables/useFireError.ts +1 -1
  7. package/error.vue +1 -1
  8. package/nuxt.config.ts +173 -1
  9. package/package.json +25 -14
  10. package/playwright.config.ts +1 -1
  11. package/server/middleware/headers.ts +1 -12
  12. package/store/auth.ts +1 -1
  13. package/utils/auth.ts +2 -2
  14. package/utils/networking.ts +1 -1
  15. package/utils/utils.ts +1 -1
  16. package/server/utils/util.ts +0 -2
  17. /package/server/api/{healthcheck.ts → healthcheck.get.ts} +0 -0
package/app.config.ts CHANGED
@@ -6,27 +6,11 @@ export default defineAppConfig({
6
6
  headers: {
7
7
  csp: {
8
8
  default: {
9
- 'Cross-Origin-Opener-Policy': 'same-origin',
10
- // 'Cross-Origin-Embedder-Policy', 'require-corp') // https://stackoverflow.com/questions/71904052/getting-notsameoriginafterdefaultedtosameoriginbycoep-error-with-helmet
11
- 'Cross-Origin-Resource-Policy': 'same-origin',
12
- // 'Expect-CT', 'max-age=0') // deprecated (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT)
13
9
  NEL: '\'{"report_to":"default","max_age":31536000,"include_subdomains":true}\'',
14
- 'Origin-Agent-Cluster': '?1',
15
- 'Permissions-Policy': '',
16
- 'Referrer-Policy': 'no-referrer',
17
10
  'Report-To':
18
11
  '\'{"group":"default":"max_age":31536000:"endpoints":[{"url":"https://dargmuesli.report-uri.com/a/d/g"}]:"include_subdomains":true}\'',
19
- 'X-Content-Type-Options': 'nosniff',
20
- 'X-DNS-Prefetch-Control': 'off',
21
- 'X-Download-Options': 'noopen',
22
- 'X-Frame-Options': 'SAMEORIGIN',
23
- 'X-Permitted-Cross-Domain-Policies': 'none',
24
- 'X-XSS-Protection': '1; mode=block', // TODO: set back to `0` once CSP does not use `unsafe-*` anymore (https://github.com/maevsi/maevsi/issues/1047)
25
- },
26
- production: {
27
- 'Strict-Transport-Security':
28
- 'max-age=31536000; includeSubDomains; preload',
29
12
  },
13
+ production: {} as Record<string, string>,
30
14
  },
31
15
  },
32
16
  },
package/components/vio/_/VioError.vue CHANGED
@@ -1,6 +1,6 @@
1
1
  <template>
2
2
  <div>
3
- <h1>{{ `${statusCode ? `${statusCode} - ` : ''}${statusReason}` }}</h1>
3
+ <h1>{{ title }}</h1>
4
4
  <div>
5
5
  {{ description }}
6
6
  </div>
@@ -29,9 +29,14 @@ const props = withDefaults(defineProps<Props>(), {
29
29
  const runtimeConfig = useRuntimeConfig()
30
30
  const { locale, t } = useI18n()
31
31
 
32
- // computations
33
- const statusReason = computed(() => {
34
- return status(props.statusCode, locale.value) || t('error')
32
+ // data
33
+ const title = `${props.statusCode ? `${props.statusCode} - ` : ''}${
34
+ status(props.statusCode, locale.value) || t('error')
35
+ }`
36
+
37
+ // initialization
38
+ useHeadDefault({
39
+ title,
35
40
  })
36
41
  </script>
37
42
 
package/components/vio/_/VioLink.vue CHANGED
@@ -25,7 +25,7 @@
25
25
  </template>
26
26
 
27
27
  <script setup lang="ts">
28
- import { NuxtLinkProps } from '#app'
28
+ import type { NuxtLinkProps } from '#app'
29
29
 
30
30
  interface Props {
31
31
  ariaLabel?: string
package/components/vio/loader/Loader.vue CHANGED
@@ -14,9 +14,9 @@
14
14
  </template>
15
15
 
16
16
  <script setup lang="ts">
17
- import { UnwrapRef } from 'vue'
17
+ import type { UnwrapRef } from 'vue'
18
18
 
19
- import { ApiData } from '@dargmuesli/nuxt-vio/types/api'
19
+ import type { ApiData } from '@dargmuesli/nuxt-vio/types/api'
20
20
 
21
21
  interface Props {
22
22
  api: UnwrapRef<ApiData>
package/composables/useDateTime.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { Dayjs } from 'dayjs'
1
+ import type { Dayjs } from 'dayjs'
2
2
 
3
3
  export const useDateTime = () => {
4
4
  const { $dayjs, ssrContext } = useNuxtApp()
package/composables/useFireError.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { consola } from 'consola'
2
2
  import Swal from 'sweetalert2'
3
- import { Ref } from 'vue'
3
+ import type { Ref } from 'vue'
4
4
 
5
5
  export const useFireError = () => {
6
6
  const { t } = useI18n()
package/error.vue CHANGED
@@ -10,7 +10,7 @@
10
10
  </template>
11
11
 
12
12
  <script setup lang="ts">
13
- import { NuxtError } from 'nuxt/app'
13
+ import type { NuxtError } from 'nuxt/app'
14
14
 
15
15
  interface Props {
16
16
  error: NuxtError
package/nuxt.config.ts CHANGED
@@ -43,13 +43,44 @@ export default defineNuxtConfig(
43
43
  },
44
44
  modules: [
45
45
  '@dargmuesli/nuxt-cookie-control',
46
+ '@nuxt/devtools',
46
47
  '@nuxt/image',
47
48
  '@nuxtjs/color-mode',
48
49
  '@nuxtjs/html-validator',
49
50
  '@nuxtjs/i18n',
50
51
  '@nuxtjs/tailwindcss',
51
- '@nuxtseo/module',
52
52
  '@pinia/nuxt',
53
+ // nuxt-security: remove invalid `'none'`s
54
+ (_options, nuxt) => {
55
+ const nuxtConfigSecurity = nuxt.options.security
56
+
57
+ if (
58
+ typeof nuxtConfigSecurity.headers !== 'boolean' &&
59
+ nuxtConfigSecurity.headers.contentSecurityPolicy &&
60
+ typeof nuxtConfigSecurity.headers.contentSecurityPolicy !==
61
+ 'boolean' &&
62
+ typeof nuxtConfigSecurity.headers.contentSecurityPolicy !== 'string'
63
+ ) {
64
+ for (const [key, value] of Object.entries(
65
+ nuxtConfigSecurity.headers.contentSecurityPolicy,
66
+ )) {
67
+ if (!Array.isArray(value)) continue
68
+
69
+ const valueFiltered = value.filter((x) => x !== "'none'")
70
+
71
+ if (valueFiltered.length) {
72
+ ;(
73
+ nuxtConfigSecurity.headers.contentSecurityPolicy as Record<
74
+ string,
75
+ any
76
+ >
77
+ )[key] = valueFiltered
78
+ }
79
+ }
80
+ }
81
+ },
82
+ 'nuxt-security',
83
+ '@nuxtseo/module',
53
84
  ],
54
85
  nitro: {
55
86
  compressPublicAssets: true,
@@ -136,6 +167,146 @@ export default defineNuxtConfig(
136
167
  linkChecker: {
137
168
  failOnError: true,
138
169
  },
170
+ robots: {
171
+ credits: false,
172
+ },
173
+ security: {
174
+ headers: {
175
+ contentSecurityPolicy: defu(
176
+ {
177
+ // Cloudflare
178
+ ...(process.env.NODE_ENV === 'production'
179
+ ? {
180
+ 'connect-src': [`${SITE_URL}/cdn-cgi/rum`],
181
+ 'script-src-elem': [
182
+ 'https://static.cloudflareinsights.com',
183
+ ],
184
+ }
185
+ : {}),
186
+ },
187
+ {
188
+ // Google Analytics 4 (https://developers.google.com/tag-platform/tag-manager/web/csp)
189
+ 'connect-src': [
190
+ 'https://*.analytics.google.com',
191
+ 'https://*.google-analytics.com',
192
+ 'https://*.googletagmanager.com',
193
+ ],
194
+ 'img-src': [
195
+ 'https://*.google-analytics.com',
196
+ 'https://*.googletagmanager.com',
197
+ ],
198
+ 'script-src-elem': ['https://*.googletagmanager.com'],
199
+ },
200
+ {
201
+ // vio
202
+ 'manifest-src': [`${SITE_URL}/site.webmanifest`],
203
+ 'script-src-elem': [
204
+ 'https://polyfill.io/v3/polyfill.min.js', // ESLint plugin compat
205
+ ],
206
+ },
207
+ {
208
+ // @nuxt/devtools
209
+ 'frame-src': [
210
+ ...(process.env.NODE_ENV === 'development'
211
+ ? ['http://localhost:3000/__nuxt_devtools__/client/']
212
+ : []),
213
+ ],
214
+ },
215
+ {
216
+ // nuxt-link-checker
217
+ 'connect-src': [
218
+ ...(process.env.NODE_ENV === 'development'
219
+ ? ['http://localhost:3000/api/__link_checker__/inspect']
220
+ : []),
221
+ ],
222
+ },
223
+ {
224
+ // nuxt-og-image
225
+ ...(process.env.NODE_ENV === 'development'
226
+ ? {
227
+ 'font-src': ['https://fonts.gstatic.com/s/inter/'],
228
+ 'frame-ancestors': ["'self'"],
229
+ 'frame-src': ["'self'"],
230
+ 'script-src-elem': ['https://cdn.tailwindcss.com/'],
231
+ 'style-src': [
232
+ // TODO: replace with `style-src-elem` once Webkit supports it
233
+ 'https://cdn.jsdelivr.net/npm/gardevoir https://fonts.googleapis.com/css2',
234
+ ],
235
+ }
236
+ : {}),
237
+ },
238
+ {
239
+ // nuxt-simple-sitemap
240
+ 'script-src-elem': [`${SITE_URL}/__sitemap__/style.xsl`],
241
+ },
242
+ {
243
+ // nuxt
244
+ 'connect-src': [
245
+ ...(process.env.NODE_ENV === 'development'
246
+ ? [
247
+ 'http://localhost:3000/_nuxt/', // Nuxt development
248
+ 'https://localhost:3000/_nuxt/', // Nuxt development
249
+ 'ws://localhost:3000/_nuxt/', // Nuxt development
250
+ 'wss://localhost:3000/_nuxt/', // Nuxt development
251
+ ]
252
+ : ["'self'"]), // Nuxt build metadata and payloads
253
+ ],
254
+ 'img-src': [
255
+ "'self'", // TODO: replace with `"'nonce-{{nonce}}'",`
256
+ 'data:', // external link icon
257
+ ],
258
+ 'script-src-elem': ["'nonce-{{nonce}}'"],
259
+ 'style-src': [
260
+ // TODO: replace with `style-src-elem` once Webkit supports it
261
+ "'self'", // TODO: replace with `"'nonce-{{nonce}}'",` (https://github.com/vitejs/vite/pull/11864)
262
+ "'unsafe-inline'", // TODO: replace with `"'nonce-{{nonce}}'",` (https://github.com/vitejs/vite/pull/11864)
263
+ ],
264
+ },
265
+ {
266
+ // base
267
+ 'base-uri': ["'none'"], // does not fallback to `default-src`
268
+ 'child-src': [],
269
+ 'connect-src': [],
270
+ 'default-src': ["'none'"],
271
+ 'font-src': [],
272
+ 'form-action': ["'none'"], // does not fallback to `default-src`
273
+ 'frame-ancestors': ["'none'"], // does not fallback to `default-src`
274
+ 'frame-src': [],
275
+ 'img-src': [],
276
+ 'media-src': [],
277
+ 'navigate-to': [],
278
+ 'object-src': [],
279
+ 'prefetch-src': [],
280
+ 'report-to': [],
281
+ 'report-uri': [],
282
+ // TODO: evaluate header (https://github.com/maevsi/maevsi/issues/830) // https://stackoverflow.com/questions/62081028/this-document-requires-trustedscripturl-assignment
283
+ // 'require-trusted-types-for': ["'script'"], // csp-evaluator
284
+ sandbox: [],
285
+ 'script-src': [],
286
+ 'script-src-attr': [],
287
+ 'script-src-elem': [],
288
+ 'style-src': [],
289
+ 'style-src-attr': [],
290
+ 'style-src-elem': [],
291
+ 'upgrade-insecure-requests': false, // TODO: set to `process.env.NODE_ENV === 'production'` or `true` when tests run on https
292
+ 'worker-src': [],
293
+ },
294
+ ),
295
+ crossOriginEmbedderPolicy: false, // https://stackoverflow.com/questions/71904052/getting-notsameoriginafterdefaultedtosameoriginbycoep-error-with-helmet
296
+ strictTransportSecurity:
297
+ process.env.NODE_ENV === 'production'
298
+ ? {
299
+ maxAge: 31536000,
300
+ includeSubdomains: true,
301
+ preload: true,
302
+ }
303
+ : false,
304
+ xXSSProtection: '1; mode=block', // TODO: set back to `0` once CSP does not use `unsafe-*` anymore (https://github.com/maevsi/maevsi/issues/1047)
305
+ },
306
+ nonce: {
307
+ enabled: true,
308
+ },
309
+ },
139
310
  seo: {
140
311
  splash: false,
141
312
  },
@@ -145,6 +316,7 @@ export default defineNuxtConfig(
145
316
  url: SITE_URL,
146
317
  },
147
318
  sitemap: {
319
+ credits: false,
148
320
  exclude: I18N_MODULE_CONFIG.locales.map(
149
321
  (locale) =>
150
322
  `/${locale.code !== 'en' ? `${locale.code}/` : ''}api/pages/**`,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dargmuesli/nuxt-vio",
3
- "version": "8.2.4",
3
+ "version": "8.3.4",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "git+https://github.com/dargmuesli/vio.git"
@@ -37,6 +37,7 @@
37
37
  "build": "pnpm run build:node",
38
38
  "build:node": "nuxt build .playground",
39
39
  "build:static": "nuxt generate .playground",
40
+ "build:static:test": "cross-env NODE_ENV=production SITE_URL=http://localhost:3002 pnpm run build:static",
40
41
  "dev": "pnpm run start:dev",
41
42
  "generate": "pnpm run build:static",
42
43
  "lint:fix": "pnpm run lint:js --fix && pnpm run lint:ts --fix && pnpm run lint:style --fix",
@@ -50,6 +51,7 @@
50
51
  "start:dev": "nuxt dev .playground",
51
52
  "start:node": "node .playground/.output/server/index.mjs",
52
53
  "start:static": "serve .playground/.output/public",
54
+ "start:static:test": "cross-env NODE_ENV=production PORT=3002 SITE_URL=http://localhost:3002 pnpm run start:static",
53
55
  "test:e2e:docker:br": "pnpm run test:e2e:docker:build && pnpm run test:e2e:docker:run",
54
56
  "test:e2e:docker:build": "docker build -t test-e2e_base --build-arg UID=$(id -u) --build-arg GID=$(id -g) --target test-e2e_base ..",
55
57
  "test:e2e:docker:run": "docker run --rm -v \"$PWD/..:/srv/app\" -v \"$(pnpm store path):/srv/.pnpm-store\" test-e2e_base",
@@ -66,57 +68,66 @@
66
68
  },
67
69
  "dependencies": {
68
70
  "@axe-core/playwright": "4.8.1",
69
- "@dargmuesli/nuxt-cookie-control": "7.0.0-beta.1",
71
+ "@dargmuesli/nuxt-cookie-control": "7.0.1",
70
72
  "@heroicons/vue": "2.0.18",
71
73
  "@http-util/status-i18n": "0.8.1",
72
74
  "@intlify/eslint-plugin-vue-i18n": "3.0.0-next.4",
73
- "@nuxt/image": "1.0.0-rc.3",
75
+ "@nuxt/devtools": "1.0.0",
76
+ "@nuxt/image": "1.0.0",
74
77
  "@nuxtjs/color-mode": "3.3.0",
75
78
  "@nuxtjs/eslint-config-typescript": "12.1.0",
76
79
  "@nuxtjs/html-validator": "1.5.2",
77
- "@nuxtjs/i18n": "8.0.0-rc.5",
80
+ "@nuxtjs/i18n": "npm:@nuxtjs/i18n-edge@8.0.0-rc.5-28296269.d5d5540",
78
81
  "@nuxtjs/tailwindcss": "6.8.0",
79
- "@nuxtseo/module": "2.0.0-beta.37",
82
+ "@nuxtseo/module": "2.0.0-beta.39",
80
83
  "@pinia/nuxt": "0.5.1",
81
84
  "@playwright/test": "1.39.0",
82
85
  "@tailwindcss/forms": "0.5.6",
83
86
  "@tailwindcss/typography": "0.5.10",
84
- "@types/cookie": "0.5.2",
85
- "@types/lodash-es": "4.17.9",
86
- "@urql/core": "4.1.3",
87
+ "@types/lodash-es": "4.17.10",
88
+ "@unhead/vue": "1.7.4",
89
+ "@urql/core": "4.1.4",
87
90
  "@urql/devtools": "2.0.3",
88
91
  "@urql/exchange-graphcache": "6.3.3",
89
92
  "@urql/vue": "1.1.2",
90
93
  "@vuelidate/core": "2.0.3",
91
94
  "@vuelidate/validators": "2.0.4",
92
95
  "clipboard": "2.0.11",
93
- "cookie": "0.5.0",
96
+ "consola": "3.2.3",
97
+ "cookie-es": "1.0.0",
94
98
  "cross-env": "7.0.3",
95
99
  "dayjs": "2.0.0-alpha.4",
96
- "eslint": "8.51.0",
100
+ "defu": "6.1.2",
101
+ "eslint": "8.52.0",
97
102
  "eslint-config-prettier": "9.0.0",
98
103
  "eslint-plugin-compat": "4.2.0",
99
104
  "eslint-plugin-nuxt": "4.0.0",
100
105
  "eslint-plugin-prettier": "5.0.1",
101
106
  "eslint-plugin-yml": "1.10.0",
107
+ "h3": "1.8.2",
102
108
  "is-https": "4.0.0",
103
109
  "jiti": "1.20.0",
104
110
  "jose": "4.15.4",
105
- "lint-staged": "15.0.1",
111
+ "lint-staged": "15.0.2",
106
112
  "lodash-es": "4.17.21",
107
- "nuxt": "3.7.4",
113
+ "nuxt": "3.8.0",
114
+ "nuxt-security": "1.0.0-rc.2",
115
+ "ofetch": "1.3.3",
108
116
  "pinia": "2.1.7",
109
117
  "prettier": "3.0.3",
110
118
  "prettier-plugin-tailwindcss": "0.5.6",
111
119
  "serve": "14.2.1",
112
- "stylelint": "15.10.3",
120
+ "stylelint": "15.11.0",
113
121
  "stylelint-config-recommended-vue": "1.5.0",
114
122
  "stylelint-config-standard": "34.0.0",
115
123
  "stylelint-no-unsupported-browser-features": "7.0.0",
116
124
  "sweetalert2": "11.7.32",
117
125
  "tailwindcss": "3.3.3",
118
- "vue": "3.3.4",
126
+ "ufo": "1.3.1",
127
+ "unhead": "1.7.4",
128
+ "vue": "3.3.6",
119
129
  "vue-gtag": "2.0.1",
130
+ "vue-router": "4.2.5",
120
131
  "vue-tsc": "1.8.19"
121
132
  },
122
133
  "peerDependencies": {
package/playwright.config.ts CHANGED
@@ -87,7 +87,7 @@ export default defineConfig({
87
87
  NUXT_PUBLIC_VIO_IS_TESTING: 'true',
88
88
  },
89
89
  timeout: process.env.NODE_ENV === 'production' ? 10000 : 100000,
90
- url: process.env.SITE_URL || SITE_URL,
90
+ url: SITE_URL,
91
91
  reuseExistingServer: !process.env.CI,
92
92
  },
93
93
 
package/server/middleware/headers.ts CHANGED
@@ -1,26 +1,15 @@
1
1
  import { appendHeader, defineEventHandler } from 'h3'
2
2
  import type { H3Event } from 'h3'
3
- import { AppConfig } from 'nuxt/schema'
3
+ import type { AppConfig } from 'nuxt/schema'
4
4
 
5
5
  import { TIMEZONE_HEADER_KEY } from '../../utils/constants'
6
6
  import { getTimezone } from '../../utils/networking'
7
7
 
8
8
  export default defineEventHandler(async (event) => {
9
9
  setRequestHeader(event, TIMEZONE_HEADER_KEY, await getTimezone(event))
10
- // setContentSecurityPolicy(event);
11
10
  setResponseHeaders(event)
12
11
  })
13
12
 
14
- // const setContentSecurityPolicy = (event: H3Event) => {
15
- // const config = useAppConfig();
16
-
17
- // appendHeader(
18
- // event,
19
- // "Content-Security-Policy",
20
- // getCspAsString(config.public.vio.server.middleware.headers.csp)
21
- // );
22
- // };
23
-
24
13
  const setRequestHeader = (event: H3Event, name: string, value?: string) => {
25
14
  event.node.req.headers[name] = value
26
15
  }
package/store/auth.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { decodeJwt, JWTPayload } from 'jose'
1
+ import { decodeJwt, type JWTPayload } from 'jose'
2
2
  import { defineStore } from 'pinia'
3
3
  import { ref } from 'vue'
4
4
 
package/utils/auth.ts CHANGED
@@ -1,9 +1,9 @@
1
1
  import { IncomingMessage, ServerResponse } from 'node:http'
2
2
 
3
3
  import { consola } from 'consola'
4
- import { parse, serialize } from 'cookie'
4
+ import { parse, serialize } from 'cookie-es'
5
5
  import { decodeJwt } from 'jose'
6
- import { Store } from 'pinia'
6
+ import type { Store } from 'pinia'
7
7
 
8
8
  import { useVioAuthStore } from '../store/auth'
9
9
  import { xhrPromise } from '../utils/networking'
package/utils/networking.ts CHANGED
@@ -2,7 +2,7 @@ import { CombinedError } from '@urql/core'
2
2
  import { H3Event, getCookie } from 'h3'
3
3
 
4
4
  import { ofetch } from 'ofetch'
5
- import { Ref } from 'vue'
5
+ import { type Ref } from 'vue'
6
6
 
7
7
  import type { ApiData, BackendError } from '../types/api'
8
8
  import { TIMEZONE_COOKIE_NAME } from './constants'
package/utils/utils.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { RouteLocationRaw } from '#vue-router'
1
+ import { type RouteLocationRaw } from '#vue-router'
2
2
 
3
3
  export const append = (path: string, pathToAppend?: RouteLocationRaw) =>
4
4
  path + (path.endsWith('/') ? '' : '/') + (pathToAppend ?? '')
package/server/utils/util.ts DELETED
@@ -1,2 +0,0 @@
1
- export const getCspAsString = (csp = {} as Record<string, Array<string>>) =>
2
- Object.keys(csp).reduce((p, c) => (p += `${c} ${csp[c].join(' ')};`), '')