@dwp/govuk-casa 8.16.2 → 8.16.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/css/casa-ie8.css +1 -1
- package/dist/assets/css/casa.css +1 -1
- package/dist/casa.d.ts +13 -13
- package/dist/casa.js +17 -7
- package/dist/casa.js.map +1 -1
- package/dist/lib/CasaTemplateLoader.d.ts +1 -1
- package/dist/lib/CasaTemplateLoader.js +13 -14
- package/dist/lib/CasaTemplateLoader.js.map +1 -1
- package/dist/lib/JourneyContext.d.ts +10 -4
- package/dist/lib/JourneyContext.js +57 -47
- package/dist/lib/JourneyContext.js.map +1 -1
- package/dist/lib/MutableRouter.d.ts +1 -1
- package/dist/lib/MutableRouter.js +22 -23
- package/dist/lib/MutableRouter.js.map +1 -1
- package/dist/lib/Plan.d.ts +5 -5
- package/dist/lib/Plan.js +49 -36
- package/dist/lib/Plan.js.map +1 -1
- package/dist/lib/ValidationError.d.ts +1 -1
- package/dist/lib/ValidationError.js +9 -9
- package/dist/lib/ValidationError.js.map +1 -1
- package/dist/lib/ValidatorFactory.js +4 -7
- package/dist/lib/ValidatorFactory.js.map +1 -1
- package/dist/lib/configuration-ingestor.d.ts +75 -14
- package/dist/lib/configuration-ingestor.js +156 -64
- package/dist/lib/configuration-ingestor.js.map +1 -1
- package/dist/lib/configure.js +11 -10
- package/dist/lib/configure.js.map +1 -1
- package/dist/lib/constants.js +8 -8
- package/dist/lib/context-id-generators.d.ts +1 -1
- package/dist/lib/context-id-generators.js +7 -4
- package/dist/lib/context-id-generators.js.map +1 -1
- package/dist/lib/end-session.js +2 -2
- package/dist/lib/field.d.ts +6 -6
- package/dist/lib/field.js +15 -21
- package/dist/lib/field.js.map +1 -1
- package/dist/lib/index.d.ts +13 -13
- package/dist/lib/index.js +17 -7
- package/dist/lib/index.js.map +1 -1
- package/dist/lib/logger.js +7 -7
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/mount.js +3 -3
- package/dist/lib/mount.js.map +1 -1
- package/dist/lib/nunjucks-filters.d.ts +5 -1
- package/dist/lib/nunjucks-filters.js +37 -23
- package/dist/lib/nunjucks-filters.js.map +1 -1
- package/dist/lib/nunjucks.d.ts +2 -2
- package/dist/lib/nunjucks.js +6 -7
- package/dist/lib/nunjucks.js.map +1 -1
- package/dist/lib/utils.js +52 -42
- package/dist/lib/utils.js.map +1 -1
- package/dist/lib/validators/dateObject.d.ts +3 -3
- package/dist/lib/validators/dateObject.js +44 -37
- package/dist/lib/validators/dateObject.js.map +1 -1
- package/dist/lib/validators/email.d.ts +2 -2
- package/dist/lib/validators/email.js +4 -5
- package/dist/lib/validators/email.js.map +1 -1
- package/dist/lib/validators/inArray.d.ts +2 -2
- package/dist/lib/validators/inArray.js +5 -6
- package/dist/lib/validators/inArray.js.map +1 -1
- package/dist/lib/validators/index.d.ts +10 -10
- package/dist/lib/validators/index.js.map +1 -1
- package/dist/lib/validators/nino.d.ts +2 -2
- package/dist/lib/validators/nino.js +10 -7
- package/dist/lib/validators/nino.js.map +1 -1
- package/dist/lib/validators/postalAddressObject.d.ts +2 -2
- package/dist/lib/validators/postalAddressObject.js +52 -39
- package/dist/lib/validators/postalAddressObject.js.map +1 -1
- package/dist/lib/validators/range.d.ts +2 -2
- package/dist/lib/validators/range.js +6 -7
- package/dist/lib/validators/range.js.map +1 -1
- package/dist/lib/validators/regex.d.ts +2 -2
- package/dist/lib/validators/regex.js +4 -5
- package/dist/lib/validators/regex.js.map +1 -1
- package/dist/lib/validators/required.d.ts +2 -2
- package/dist/lib/validators/required.js +6 -9
- package/dist/lib/validators/required.js.map +1 -1
- package/dist/lib/validators/strlen.d.ts +2 -2
- package/dist/lib/validators/strlen.js +8 -9
- package/dist/lib/validators/strlen.js.map +1 -1
- package/dist/lib/validators/wordCount.d.ts +2 -2
- package/dist/lib/validators/wordCount.js +10 -9
- package/dist/lib/validators/wordCount.js.map +1 -1
- package/dist/lib/waypoint-url.d.ts +4 -4
- package/dist/lib/waypoint-url.js +23 -23
- package/dist/lib/waypoint-url.js.map +1 -1
- package/dist/middleware/body-parser.d.ts +27 -5
- package/dist/middleware/body-parser.js +37 -6
- package/dist/middleware/body-parser.js.map +1 -1
- package/dist/middleware/csrf.d.ts +3 -0
- package/dist/middleware/csrf.js +3 -0
- package/dist/middleware/csrf.js.map +1 -1
- package/dist/middleware/data.d.ts +22 -5
- package/dist/middleware/data.js +37 -7
- package/dist/middleware/data.js.map +1 -1
- package/dist/middleware/gather-fields.d.ts +1 -1
- package/dist/middleware/gather-fields.js +4 -3
- package/dist/middleware/gather-fields.js.map +1 -1
- package/dist/middleware/i18n.d.ts +11 -2
- package/dist/middleware/i18n.js +26 -17
- package/dist/middleware/i18n.js.map +1 -1
- package/dist/middleware/post.d.ts +3 -1
- package/dist/middleware/post.js +35 -18
- package/dist/middleware/post.js.map +1 -1
- package/dist/middleware/pre.d.ts +1 -1
- package/dist/middleware/pre.js +43 -21
- package/dist/middleware/pre.js.map +1 -1
- package/dist/middleware/progress-journey.d.ts +1 -1
- package/dist/middleware/progress-journey.js +5 -5
- package/dist/middleware/progress-journey.js.map +1 -1
- package/dist/middleware/sanitise-fields.d.ts +2 -2
- package/dist/middleware/sanitise-fields.js +13 -11
- package/dist/middleware/sanitise-fields.js.map +1 -1
- package/dist/middleware/serve-first-waypoint.d.ts +1 -1
- package/dist/middleware/serve-first-waypoint.js +6 -4
- package/dist/middleware/serve-first-waypoint.js.map +1 -1
- package/dist/middleware/session.d.ts +27 -8
- package/dist/middleware/session.js +53 -25
- package/dist/middleware/session.js.map +1 -1
- package/dist/middleware/skip-waypoint.d.ts +1 -1
- package/dist/middleware/skip-waypoint.js +3 -3
- package/dist/middleware/skip-waypoint.js.map +1 -1
- package/dist/middleware/steer-journey.d.ts +1 -1
- package/dist/middleware/steer-journey.js +15 -13
- package/dist/middleware/steer-journey.js.map +1 -1
- package/dist/middleware/strip-proxy-path.d.ts +1 -1
- package/dist/middleware/strip-proxy-path.js +3 -3
- package/dist/middleware/strip-proxy-path.js.map +1 -1
- package/dist/middleware/validate-fields.d.ts +2 -2
- package/dist/middleware/validate-fields.js +2 -5
- package/dist/middleware/validate-fields.js.map +1 -1
- package/dist/routes/ancillary.d.ts +2 -2
- package/dist/routes/ancillary.js +3 -3
- package/dist/routes/ancillary.js.map +1 -1
- package/dist/routes/journey.d.ts +1 -1
- package/dist/routes/journey.js +85 -31
- package/dist/routes/journey.js.map +1 -1
- package/dist/routes/static.d.ts +13 -4
- package/dist/routes/static.js +21 -19
- package/dist/routes/static.js.map +1 -1
- package/package.json +33 -36
- package/src/casa.js +13 -13
- package/src/lib/CasaTemplateLoader.js +21 -17
- package/src/lib/JourneyContext.js +118 -79
- package/src/lib/MutableRouter.js +30 -26
- package/src/lib/Plan.js +109 -62
- package/src/lib/ValidationError.js +13 -10
- package/src/lib/ValidatorFactory.js +7 -8
- package/src/lib/configuration-ingestor.js +200 -74
- package/src/lib/configure.js +31 -30
- package/src/lib/constants.js +8 -8
- package/src/lib/context-id-generators.js +39 -38
- package/src/lib/end-session.js +3 -3
- package/src/lib/field.js +48 -32
- package/src/lib/index.js +12 -12
- package/src/lib/logger.js +9 -9
- package/src/lib/mount.js +68 -73
- package/src/lib/nunjucks-filters.js +57 -44
- package/src/lib/nunjucks.js +20 -16
- package/src/lib/utils.js +69 -44
- package/src/lib/validators/dateObject.js +57 -48
- package/src/lib/validators/email.js +8 -9
- package/src/lib/validators/inArray.js +8 -9
- package/src/lib/validators/index.js +11 -11
- package/src/lib/validators/nino.js +25 -12
- package/src/lib/validators/postalAddressObject.js +73 -55
- package/src/lib/validators/range.js +9 -11
- package/src/lib/validators/regex.js +7 -8
- package/src/lib/validators/required.js +13 -14
- package/src/lib/validators/strlen.js +11 -12
- package/src/lib/validators/wordCount.js +17 -12
- package/src/lib/waypoint-url.js +48 -33
- package/src/middleware/body-parser.js +44 -10
- package/src/middleware/csrf.js +4 -1
- package/src/middleware/data.js +62 -25
- package/src/middleware/gather-fields.js +8 -8
- package/src/middleware/i18n.js +49 -39
- package/src/middleware/post.js +47 -21
- package/src/middleware/pre.js +59 -35
- package/src/middleware/progress-journey.js +32 -18
- package/src/middleware/sanitise-fields.js +43 -20
- package/src/middleware/serve-first-waypoint.js +12 -10
- package/src/middleware/session.js +97 -65
- package/src/middleware/skip-waypoint.js +7 -9
- package/src/middleware/steer-journey.js +39 -27
- package/src/middleware/strip-proxy-path.js +8 -7
- package/src/middleware/validate-fields.js +5 -12
- package/src/routes/ancillary.js +4 -6
- package/src/routes/journey.js +158 -78
- package/src/routes/static.js +64 -26
package/dist/middleware/post.js
CHANGED
|
@@ -6,11 +6,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.default = postMiddleware;
|
|
7
7
|
// 2 middleware: one as a fallback 404 handler, one to handle thrown errors
|
|
8
8
|
const logger_js_1 = __importDefault(require("../lib/logger.js"));
|
|
9
|
-
|
|
9
|
+
/**
|
|
10
|
+
* @typedef {import("express").RequestHandler} RequestHandler
|
|
11
|
+
* @access private
|
|
12
|
+
*/
|
|
13
|
+
const log = (0, logger_js_1.default)("middleware:post");
|
|
14
|
+
/** @returns {RequestHandler[]} Middleware functions */
|
|
10
15
|
function postMiddleware() {
|
|
11
16
|
return [
|
|
12
17
|
(req, res) => {
|
|
13
|
-
res.status(404).render(
|
|
18
|
+
res.status(404).render("casa/errors/404.njk");
|
|
14
19
|
},
|
|
15
20
|
/* eslint-disable-next-line no-unused-vars */
|
|
16
21
|
(err, req, res, next) => {
|
|
@@ -18,36 +23,48 @@ function postMiddleware() {
|
|
|
18
23
|
// In some cases, an error may have been thrown before the template assets
|
|
19
24
|
// have had a chance to initialise. So we use a hardcoded template in
|
|
20
25
|
// these cases to ensure the user sees an appropriate message.
|
|
21
|
-
let TEMPLATE =
|
|
26
|
+
let TEMPLATE = "casa/errors/500.njk";
|
|
22
27
|
if (!res.locals.t) {
|
|
23
|
-
res.locals.t = () =>
|
|
28
|
+
res.locals.t = () => "";
|
|
24
29
|
res.locals.casa = Object.assign(Object.assign({}, (_a = res.locals) === null || _a === void 0 ? void 0 : _a.casa), { mountUrl: `${req.baseUrl}/` });
|
|
25
|
-
TEMPLATE =
|
|
30
|
+
TEMPLATE = "casa/errors/static.njk";
|
|
26
31
|
}
|
|
27
32
|
// CSRF token is invalid in some way
|
|
28
|
-
if ((err === null || err === void 0 ? void 0 : err.code) ===
|
|
29
|
-
log.info(
|
|
30
|
-
return res
|
|
33
|
+
if ((err === null || err === void 0 ? void 0 : err.code) === "EBADCSRFTOKEN") {
|
|
34
|
+
log.info("CSRF validation has failed. This may be caused by the user submitting a stale form from a previous session [EBADCSRFTOKEN]");
|
|
35
|
+
return res
|
|
36
|
+
.status(403)
|
|
37
|
+
.render(TEMPLATE, { errorCode: "bad_csrf_token", error: err });
|
|
31
38
|
}
|
|
32
39
|
// Body parsing verification check failed
|
|
33
|
-
if ((err === null || err === void 0 ? void 0 : err.type) ===
|
|
34
|
-
log.info(
|
|
35
|
-
return res
|
|
40
|
+
if ((err === null || err === void 0 ? void 0 : err.type) === "entity.verify.failed") {
|
|
41
|
+
log.info("Body parser verification has failed. This has been caused by the user submitting a payload containing invalid data [entity.verify.failed]");
|
|
42
|
+
return res
|
|
43
|
+
.status(403)
|
|
44
|
+
.render(TEMPLATE, { errorCode: "invalid_payload", error: err });
|
|
36
45
|
}
|
|
37
46
|
// Too many parameters submitted
|
|
38
|
-
if ((err === null || err === void 0 ? void 0 : err.type) ===
|
|
39
|
-
log.info(
|
|
40
|
-
return res.status(413).render(TEMPLATE, {
|
|
47
|
+
if ((err === null || err === void 0 ? void 0 : err.type) === "parameters.too.many") {
|
|
48
|
+
log.info("The request contains more parameters than is currently allowed [parameters.too.many]");
|
|
49
|
+
return res.status(413).render(TEMPLATE, {
|
|
50
|
+
errorCode: "parameter_limit_exceeded",
|
|
51
|
+
error: err,
|
|
52
|
+
});
|
|
41
53
|
}
|
|
42
54
|
// Overall payload too large
|
|
43
|
-
if ((err === null || err === void 0 ? void 0 : err.type) ===
|
|
55
|
+
if ((err === null || err === void 0 ? void 0 : err.type) === "entity.too.large") {
|
|
44
56
|
log.info(`The request payload is too large. Received ${err.length}b with a maximum of ${err.limit}b [parameters.too.many]`);
|
|
45
|
-
return res
|
|
57
|
+
return res
|
|
58
|
+
.status(413)
|
|
59
|
+
.render(TEMPLATE, { errorCode: "payload_size_exceeded", error: err });
|
|
46
60
|
}
|
|
47
61
|
// Unaccept request method
|
|
48
|
-
if ((err === null || err === void 0 ? void 0 : err.code) ===
|
|
62
|
+
if ((err === null || err === void 0 ? void 0 : err.code) === "unaccepted_request_method") {
|
|
49
63
|
log.info(err.message);
|
|
50
|
-
return res.status(400).render(TEMPLATE, {
|
|
64
|
+
return res.status(400).render(TEMPLATE, {
|
|
65
|
+
errorCode: "unaccepted_request_method",
|
|
66
|
+
error: err,
|
|
67
|
+
});
|
|
51
68
|
}
|
|
52
69
|
// Unknown error
|
|
53
70
|
log.error(`Unknown error: ${err.message}; stacktrace: ${err.stack}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../src/middleware/post.js"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../src/middleware/post.js"],"names":[],"mappings":";;;;;AAWA,iCA2EC;AAtFD,2EAA2E;AAC3E,iEAAsC;AAEtC;;;GAGG;AAEH,MAAM,GAAG,GAAG,IAAA,mBAAM,EAAC,iBAAiB,CAAC,CAAC;AAEtC,uDAAuD;AACvD,SAAwB,cAAc;IACpC,OAAO;QACL,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAChD,CAAC;QACD,6CAA6C;QAC7C,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;;YACtB,0EAA0E;YAC1E,qEAAqE;YACrE,8DAA8D;YAC9D,IAAI,QAAQ,GAAG,qBAAqB,CAAC;YACrC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;gBAClB,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,MAAM,CAAC,IAAI,mCACV,MAAA,GAAG,CAAC,MAAM,0CAAE,IAAI,KACnB,QAAQ,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG,GAC5B,CAAC;gBACF,QAAQ,GAAG,wBAAwB,CAAC;YACtC,CAAC;YAED,oCAAoC;YACpC,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,MAAK,eAAe,EAAE,CAAC;gBAClC,GAAG,CAAC,IAAI,CACN,4HAA4H,CAC7H,CAAC;gBACF,OAAO,GAAG;qBACP,MAAM,CAAC,GAAG,CAAC;qBACX,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACnE,CAAC;YAED,yCAAyC;YACzC,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,MAAK,sBAAsB,EAAE,CAAC;gBACzC,GAAG,CAAC,IAAI,CACN,2IAA2I,CAC5I,CAAC;gBACF,OAAO,GAAG;qBACP,MAAM,CAAC,GAAG,CAAC;qBACX,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,iBAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACpE,CAAC;YAED,gCAAgC;YAChC,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,MAAK,qBAAqB,EAAE,CAAC;gBACxC,GAAG,CAAC,IAAI,CACN,sFAAsF,CACvF,CAAC;gBACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE;oBACtC,SAAS,EAAE,0BAA0B;oBACrC,KAAK,EAAE,GAAG;iBACX,CAAC,CAAC;YACL,CAAC;YAED,4BAA4B;YAC5B,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,MAAK,kBAAkB,EAAE,CAAC;gBACrC,GAAG,CAAC,IAAI,CACN,8CAA8C,GAAG,CAAC,MAAM,uBAAuB,GAAG,CAAC,KAAK,yBAAyB,CAClH,CAAC;gBACF,OAAO,GAAG;qBACP,MAAM,CAAC,GAAG,CAAC;qBACX,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,uBAAuB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,0BAA0B;YAC1B,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,MAAK,2BAA2B,EAAE,CAAC;gBAC9C,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACtB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE;oBACtC,SAAS,EAAE,2BAA2B;oBACtC,KAAK,EAAE,GAAG;iBACX,CAAC,CAAC;YACL,CAAC;YAED,gBAAgB;YAChB,GAAG,CAAC,KAAK,CAAC,kBAAkB,GAAG,CAAC,OAAO,iBAAiB,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACrE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1D,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/middleware/pre.d.ts
CHANGED
package/dist/middleware/pre.js
CHANGED
|
@@ -9,10 +9,10 @@ const helmet_1 = __importDefault(require("helmet"));
|
|
|
9
9
|
* @access private
|
|
10
10
|
* @typedef {import('../casa').HelmetConfigurator} HelmetConfigurator
|
|
11
11
|
*/
|
|
12
|
-
const GA_DOMAIN =
|
|
13
|
-
const GA_ANALYTICS_DOMAIN =
|
|
14
|
-
const GTM_DOMAIN =
|
|
15
|
-
const GTM_PREVIEW_DOMAIN =
|
|
12
|
+
const GA_DOMAIN = "*.google-analytics.com";
|
|
13
|
+
const GA_ANALYTICS_DOMAIN = "*.analytics.google.com";
|
|
14
|
+
const GTM_DOMAIN = "*.googletagmanager.com";
|
|
15
|
+
const GTM_PREVIEW_DOMAIN = "https://tagmanager.google.com";
|
|
16
16
|
/**
|
|
17
17
|
* Extracts the CSP nonce used in every template, and makes it available as a
|
|
18
18
|
* nonce value in the CSP header.
|
|
@@ -35,12 +35,12 @@ function casaCspNonce(req, res) {
|
|
|
35
35
|
* @param {HelmetConfigurator} opts.helmetConfigurator Function to customise Helmet configuration
|
|
36
36
|
* @returns {Function[]} List of middleware
|
|
37
37
|
*/
|
|
38
|
-
exports.default = ({ helmetConfigurator = (config) =>
|
|
38
|
+
exports.default = ({ helmetConfigurator = (config) => config } = {}) => [
|
|
39
39
|
// Only allow certain request methods
|
|
40
40
|
(req, res, next) => {
|
|
41
|
-
if (req.method !==
|
|
41
|
+
if (req.method !== "GET" && req.method !== "POST") {
|
|
42
42
|
const err = new Error(`Unaccepted request method, "${String(req.method).substr(0, 7)}"`);
|
|
43
|
-
err.code =
|
|
43
|
+
err.code = "unaccepted_request_method";
|
|
44
44
|
next(err);
|
|
45
45
|
}
|
|
46
46
|
else {
|
|
@@ -52,16 +52,15 @@ exports.default = ({ helmetConfigurator = (config) => (config), } = {}) => [
|
|
|
52
52
|
// The `no-store` setting is to specifically disable the bfcache and prevent
|
|
53
53
|
// possible leakage of information.
|
|
54
54
|
(req, res, next) => {
|
|
55
|
-
res.set(
|
|
56
|
-
res.set(
|
|
57
|
-
res.set(
|
|
58
|
-
res.set('x-robots-tag', 'noindex, nofollow');
|
|
55
|
+
res.set("cache-control", "no-cache, no-store, must-revalidate, private");
|
|
56
|
+
res.set("expires", 0);
|
|
57
|
+
res.set("x-robots-tag", "noindex, nofollow");
|
|
59
58
|
next();
|
|
60
59
|
},
|
|
61
60
|
// Generate nonces ready for use in Content-Security-Policy header and
|
|
62
61
|
// govuk-frontend template. This same none can be used wherever required.
|
|
63
62
|
(req, res, next) => {
|
|
64
|
-
res.locals.cspNonce = (0, crypto_1.randomBytes)(16).toString(
|
|
63
|
+
res.locals.cspNonce = (0, crypto_1.randomBytes)(16).toString("hex");
|
|
65
64
|
next();
|
|
66
65
|
},
|
|
67
66
|
// Helmet suite of headers
|
|
@@ -70,15 +69,38 @@ exports.default = ({ helmetConfigurator = (config) => (config), } = {}) => [
|
|
|
70
69
|
contentSecurityPolicy: {
|
|
71
70
|
useDefaults: true,
|
|
72
71
|
directives: {
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
72
|
+
"default-src": ["'none'"],
|
|
73
|
+
"script-src": [
|
|
74
|
+
"'self'",
|
|
75
|
+
GA_DOMAIN,
|
|
76
|
+
GTM_DOMAIN,
|
|
77
|
+
GTM_PREVIEW_DOMAIN,
|
|
78
|
+
casaCspNonce,
|
|
79
|
+
],
|
|
80
|
+
"img-src": [
|
|
81
|
+
"'self'",
|
|
82
|
+
GA_DOMAIN,
|
|
83
|
+
GA_ANALYTICS_DOMAIN,
|
|
84
|
+
GTM_DOMAIN,
|
|
85
|
+
"https://ssl.gstatic.com",
|
|
86
|
+
"https://www.gstatic.com",
|
|
87
|
+
"https://fonts.gstatic.com",
|
|
88
|
+
],
|
|
89
|
+
"connect-src": ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN],
|
|
90
|
+
"frame-src": ["'self'", GTM_DOMAIN],
|
|
91
|
+
"frame-ancestors": ["'self'"],
|
|
92
|
+
"form-action": ["'self'"],
|
|
93
|
+
"style-src": [
|
|
94
|
+
"'self'",
|
|
95
|
+
"https://fonts.googleapis.com",
|
|
96
|
+
GTM_PREVIEW_DOMAIN,
|
|
97
|
+
GTM_DOMAIN,
|
|
98
|
+
casaCspNonce,
|
|
99
|
+
"'sha256-xWGOGGMGQQ+IV0Om4xzgbDHXUh/+L1c375p0Pb6vF9A='",
|
|
100
|
+
"'sha256-9HGruJg4WccHXas5I1NmLn7tI1TDh6N26o6+/dy8sm4='",
|
|
101
|
+
"'sha256-oM0kKtU+nugIwjuYHkXXVoKGVNhC/DCUnIVdSVBMkaQ='",
|
|
102
|
+
],
|
|
103
|
+
"font-src": ["'self'", "data:", "https://fonts.gstatic.com"],
|
|
82
104
|
},
|
|
83
105
|
},
|
|
84
106
|
// // Require referrer to aid navigation
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pre.js","sourceRoot":"","sources":["../../src/middleware/pre.js"],"names":[],"mappings":";;;;;AAAA,mCAAqC;AACrC,oDAA4B;AAE5B;;;GAGG;AAEH,MAAM,SAAS,GAAG,wBAAwB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;AACrD,MAAM,UAAU,GAAG,wBAAwB,CAAC;AAC5C,MAAM,kBAAkB,GAAG,+BAA+B,CAAC;AAE3D;;;;;;;;;;;GAWG;AACH,SAAS,YAAY,CAAC,GAAG,EAAE,GAAG;IAC5B,OAAO,UAAU,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACH,kBAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"pre.js","sourceRoot":"","sources":["../../src/middleware/pre.js"],"names":[],"mappings":";;;;;AAAA,mCAAqC;AACrC,oDAA4B;AAE5B;;;GAGG;AAEH,MAAM,SAAS,GAAG,wBAAwB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;AACrD,MAAM,UAAU,GAAG,wBAAwB,CAAC;AAC5C,MAAM,kBAAkB,GAAG,+BAA+B,CAAC;AAE3D;;;;;;;;;;;GAWG;AACH,SAAS,YAAY,CAAC,GAAG,EAAE,GAAG;IAC5B,OAAO,UAAU,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACH,kBAAe,CAAC,EAAE,kBAAkB,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IACnE,qCAAqC;IACrC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjB,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,+BAA+B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAClE,CAAC;YACF,GAAG,CAAC,IAAI,GAAG,2BAA2B,CAAC;YACvC,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;aAAM,CAAC;YACN,IAAI,EAAE,CAAC;QACT,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,2BAA2B;IAC3B,4EAA4E;IAC5E,mCAAmC;IACnC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjB,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,8CAA8C,CAAC,CAAC;QACzE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;QAC7C,IAAI,EAAE,CAAC;IACT,CAAC;IAED,sEAAsE;IACtE,yEAAyE;IACzE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjB,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,EAAE,CAAC;IACT,CAAC;IAED,0BAA0B;IAC1B,IAAA,gBAAM,EACJ,kBAAkB,CAAC;QACjB,qEAAqE;QACrE,qBAAqB,EAAE;YACrB,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE;gBACV,aAAa,EAAE,CAAC,QAAQ,CAAC;gBACzB,YAAY,EAAE;oBACZ,QAAQ;oBACR,SAAS;oBACT,UAAU;oBACV,kBAAkB;oBAClB,YAAY;iBACb;gBACD,SAAS,EAAE;oBACT,QAAQ;oBACR,SAAS;oBACT,mBAAmB;oBACnB,UAAU;oBACV,yBAAyB;oBACzB,yBAAyB;oBACzB,2BAA2B;iBAC5B;gBACD,aAAa,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,mBAAmB,EAAE,UAAU,CAAC;gBACrE,WAAW,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;gBACnC,iBAAiB,EAAE,CAAC,QAAQ,CAAC;gBAC7B,aAAa,EAAE,CAAC,QAAQ,CAAC;gBACzB,WAAW,EAAE;oBACX,QAAQ;oBACR,8BAA8B;oBAC9B,kBAAkB;oBAClB,UAAU;oBACV,YAAY;oBACZ,uDAAuD;oBACvD,uDAAuD;oBACvD,uDAAuD;iBACxD;gBACD,UAAU,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,2BAA2B,CAAC;aAC7D;SACF;QAED,wCAAwC;QACxC,8CAA8C;KAC/C,CAAC,CACH;CACF,CAAC"}
|
|
@@ -11,7 +11,7 @@ const JourneyContext_js_1 = __importDefault(require("../lib/JourneyContext.js"))
|
|
|
11
11
|
const waypoint_url_js_1 = __importDefault(require("../lib/waypoint-url.js"));
|
|
12
12
|
const logger_js_1 = __importDefault(require("../lib/logger.js"));
|
|
13
13
|
const constants_js_1 = require("../lib/constants.js");
|
|
14
|
-
const log = (0, logger_js_1.default)(
|
|
14
|
+
const log = (0, logger_js_1.default)("middleware:progress-journey");
|
|
15
15
|
const saveAndRedirect = (session, journeyContext, url, res, next) => {
|
|
16
16
|
JourneyContext_js_1.default.putContext(session, journeyContext, {
|
|
17
17
|
userInfo: {
|
|
@@ -25,7 +25,7 @@ const saveAndRedirect = (session, journeyContext, url, res, next) => {
|
|
|
25
25
|
res.redirect(302, url);
|
|
26
26
|
});
|
|
27
27
|
};
|
|
28
|
-
exports.default = ({ waypoint, plan
|
|
28
|
+
exports.default = ({ waypoint, plan }) => [
|
|
29
29
|
(req, res, next) => {
|
|
30
30
|
// Determine the next available waypoint after the current one
|
|
31
31
|
const traversed = plan.traverse(req.casa.journeyContext);
|
|
@@ -48,9 +48,9 @@ exports.default = ({ waypoint, plan, }) => [
|
|
|
48
48
|
// they want to force the user to re-visit particular waypoints during this
|
|
49
49
|
// "jumping" phase.
|
|
50
50
|
if (req.casa.editMode && req.casa.editOrigin) {
|
|
51
|
-
const url = new URL(req.casa.editOrigin,
|
|
52
|
-
url.searchParams.append(
|
|
53
|
-
url.searchParams.append(
|
|
51
|
+
const url = new URL(req.casa.editOrigin, "https://placeholder.test/");
|
|
52
|
+
url.searchParams.append("edit", "true");
|
|
53
|
+
url.searchParams.append("editorigin", req.casa.editOrigin);
|
|
54
54
|
const redirectUrl = (0, waypoint_url_js_1.default)({ waypoint: url.pathname }) + url.search.toString();
|
|
55
55
|
log.debug(`Edit mode detected; redirecting to ${redirectUrl}`);
|
|
56
56
|
return saveAndRedirect(req.session, req.casa.journeyContext, redirectUrl, res, next);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"progress-journey.js","sourceRoot":"","sources":["../../src/middleware/progress-journey.js"],"names":[],"mappings":";AAAA,wCAAwC;AACxC,wEAAwE;AACxE,cAAc;;;;;AAEd,6DAAkC;AAClC,iFAAsD;AACtD,6EAAiD;AACjD,iEAAsC;AACtC,sDAA6D;AAE7D,MAAM,GAAG,GAAG,IAAA,mBAAM,EAAC,6BAA6B,CAAC,CAAC;AAElD,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IAClE,2BAAc,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc,EAAE;QACjD,QAAQ,EAAE;YACR,gBAAgB,EAAE,qCAAsB;SACzC;KACF,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;QACnB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,kBAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"progress-journey.js","sourceRoot":"","sources":["../../src/middleware/progress-journey.js"],"names":[],"mappings":";AAAA,wCAAwC;AACxC,wEAAwE;AACxE,cAAc;;;;;AAEd,6DAAkC;AAClC,iFAAsD;AACtD,6EAAiD;AACjD,iEAAsC;AACtC,sDAA6D;AAE7D,MAAM,GAAG,GAAG,IAAA,mBAAM,EAAC,6BAA6B,CAAC,CAAC;AAElD,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IAClE,2BAAc,CAAC,UAAU,CAAC,OAAO,EAAE,cAAc,EAAE;QACjD,QAAQ,EAAE;YACR,gBAAgB,EAAE,qCAAsB;SACzC;KACF,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;QACnB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,kBAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACrC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjB,8DAA8D;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CACxB,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAC3C,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CACjD,CAAC;QACF,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;QACxD,GAAG,CAAC,KAAK,CACP,kBAAkB,YAAY,iBAAiB,SAAS,uBAAuB,QAAQ,oBAAoB,YAAY,EAAE,CAC1H,CAAC;QAEF,YAAY;QACZ,sEAAsE;QACtE,wEAAwE;QACxE,yEAAyE;QACzE,yEAAyE;QACzE,oCAAoC;QACpC,EAAE;QACF,yEAAyE;QACzE,yEAAyE;QACzE,4BAA4B;QAC5B,EAAE;QACF,yEAAyE;QACzE,2EAA2E;QAC3E,mBAAmB;QACnB,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,2BAA2B,CAAC,CAAC;YACtE,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACxC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC3D,MAAM,WAAW,GACf,IAAA,yBAAW,EAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAElE,GAAG,CAAC,KAAK,CAAC,sCAAsC,WAAW,EAAE,CAAC,CAAC;YAE/D,OAAO,eAAe,CACpB,GAAG,CAAC,OAAO,EACX,GAAG,CAAC,IAAI,CAAC,cAAc,EACvB,WAAW,EACX,GAAG,EACH,IAAI,CACL,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,yEAAyE;QACzE,uDAAuD;QACvD,0EAA0E;QAC1E,oDAAoD;QACpD,yEAAyE;QACzE,gCAAgC;QAChC,wBAAwB;QACxB,sCAAsC;QACtC,8EAA8E;QAC9E,IAAI,iBAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,GAAG,CAAC,KAAK,CACP,+DAA+D,YAAY,EAAE,CAC9E,CAAC;YACF,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,4BAA4B,CAAC,YAAY,CAAC,CAAC;QACrE,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAA,yBAAW,EAAC;YAC1B,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG;YAC3B,cAAc,EAAE,GAAG,CAAC,IAAI,CAAC,cAAc;YACvC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU;SAChC,CAAC,CAAC;QAEH,mBAAmB;QACnB,GAAG,CAAC,KAAK,CAAC,kBAAkB,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,eAAe,CACpB,GAAG,CAAC,OAAO,EACX,GAAG,CAAC,IAAI,CAAC,cAAc,EACvB,OAAO,EACP,GAAG,EACH,IAAI,CACL,CAAC;IACJ,CAAC;CACF,CAAC"}
|
|
@@ -9,12 +9,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
9
9
|
const lodash_1 = __importDefault(require("lodash"));
|
|
10
10
|
const field_js_1 = __importDefault(require("../lib/field.js"));
|
|
11
11
|
const JourneyContext_js_1 = __importDefault(require("../lib/JourneyContext.js"));
|
|
12
|
-
exports.default = ({ waypoint, fields = []
|
|
12
|
+
exports.default = ({ waypoint, fields = [] }) => {
|
|
13
13
|
// Add some common, transient fields to ensure they survive beyond this sanitisation process
|
|
14
|
-
fields.push((0, field_js_1.default)(
|
|
15
|
-
fields.push((0, field_js_1.default)(
|
|
16
|
-
fields.push((0, field_js_1.default)(
|
|
17
|
-
fields.push((0, field_js_1.default)(
|
|
14
|
+
fields.push((0, field_js_1.default)("_csrf", { persist: false }).processor((value) => String(value)));
|
|
15
|
+
fields.push((0, field_js_1.default)("contextid", { persist: false }).processor((value) => String(value)));
|
|
16
|
+
fields.push((0, field_js_1.default)("edit", { persist: false }).processor((value) => String(value)));
|
|
17
|
+
fields.push((0, field_js_1.default)("editorigin", { persist: false }).processor((value) => String(value)));
|
|
18
18
|
// Middleware
|
|
19
19
|
return [
|
|
20
20
|
(req, res, next) => {
|
|
@@ -24,7 +24,8 @@ exports.default = ({ waypoint, fields = [], }) => {
|
|
|
24
24
|
/* eslint-disable security/detect-object-injection */
|
|
25
25
|
const prunedBody = Object.create(null);
|
|
26
26
|
for (let i = 0, l = fields.length; i < l; i++) {
|
|
27
|
-
if (lodash_1.default.has(req.body, fields[i].name) &&
|
|
27
|
+
if (lodash_1.default.has(req.body, fields[i].name) &&
|
|
28
|
+
req.body[fields[i].name] !== undefined) {
|
|
28
29
|
prunedBody[fields[i].name] = req.body[fields[i].name];
|
|
29
30
|
}
|
|
30
31
|
}
|
|
@@ -37,11 +38,12 @@ exports.default = ({ waypoint, fields = [], }) => {
|
|
|
37
38
|
for (let i = 0, l = fields.length; i < l; i++) {
|
|
38
39
|
const field = fields[i]; /* eslint-disable-line security/detect-object-injection */
|
|
39
40
|
const fieldValue = field.getValue(prunedBody);
|
|
40
|
-
if (fieldValue !== undefined &&
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
41
|
+
if (fieldValue !== undefined &&
|
|
42
|
+
field.testConditions({
|
|
43
|
+
fieldValue,
|
|
44
|
+
waypoint,
|
|
45
|
+
journeyContext,
|
|
46
|
+
})) {
|
|
45
47
|
field.putValue(sanitisedBody, field.applyProcessors(fieldValue));
|
|
46
48
|
}
|
|
47
49
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitise-fields.js","sourceRoot":"","sources":["../../src/middleware/sanitise-fields.js"],"names":[],"mappings":";AAAA,4CAA4C;AAC5C,0CAA0C;AAC1C,qEAAqE;;;;;AAErE,oDAAuB;AACvB,+DAA2C;AAC3C,iFAAsD;AAEtD,kBAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"sanitise-fields.js","sourceRoot":"","sources":["../../src/middleware/sanitise-fields.js"],"names":[],"mappings":";AAAA,4CAA4C;AAC5C,0CAA0C;AAC1C,qEAAqE;;;;;AAErE,oDAAuB;AACvB,+DAA2C;AAC3C,iFAAsD;AAEtD,kBAAe,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,EAAE,EAAE,EAAE,EAAE;IAC3C,4FAA4F;IAC5F,MAAM,CAAC,IAAI,CACT,IAAA,kBAAY,EAAC,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAC5D,MAAM,CAAC,KAAK,CAAC,CACd,CACF,CAAC;IACF,MAAM,CAAC,IAAI,CACT,IAAA,kBAAY,EAAC,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAChE,MAAM,CAAC,KAAK,CAAC,CACd,CACF,CAAC;IACF,MAAM,CAAC,IAAI,CACT,IAAA,kBAAY,EAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAC3D,MAAM,CAAC,KAAK,CAAC,CACd,CACF,CAAC;IACF,MAAM,CAAC,IAAI,CACT,IAAA,kBAAY,EAAC,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CACjE,MAAM,CAAC,KAAK,CAAC,CACd,CACF,CAAC;IAEF,aAAa;IACb,OAAO;QACL,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACjB,sEAAsE;YACtE,+CAA+C;YAC/C,uEAAuE;YACvE,qDAAqD;YACrD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,IACE,gBAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;oBAC/B,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,EACtC,CAAC;oBACD,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YACD,oDAAoD;YAEpD,MAAM,cAAc,GAAG,2BAAc,CAAC,WAAW,CAC/C,GAAG,CAAC,IAAI,CAAC,cAAc,EACvB,GAAG,CACJ,CAAC;YACF,cAAc,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAEpD,wEAAwE;YACxE,6BAA6B;YAC7B,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,MAAM,KAAK,GACT,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,0DAA0D;gBACvE,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAE9C,IACE,UAAU,KAAK,SAAS;oBACxB,KAAK,CAAC,cAAc,CAAC;wBACnB,UAAU;wBACV,QAAQ;wBACR,cAAc;qBACf,CAAC,EACF,CAAC;oBACD,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC;gBACnE,CAAC;YACH,CAAC;YAED,+DAA+D;YAC/D,GAAG,CAAC,IAAI,GAAG,aAAa,CAAC;YACzB,IAAI,EAAE,CAAC;QACT,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
declare function _default({ plan
|
|
1
|
+
declare function _default({ plan }: Plan): ExpressRequestHandler[];
|
|
2
2
|
export default _default;
|
|
3
3
|
export type ExpressRequestHandler = import("express").RequestHandler;
|
|
4
4
|
export type Plan = import("../casa").Plan;
|
|
@@ -16,11 +16,13 @@ const utils_js_1 = require("../lib/utils.js");
|
|
|
16
16
|
* @param {Plan} plan CASA Plan
|
|
17
17
|
* @returns {ExpressRequestHandler[]} Array of middleware
|
|
18
18
|
*/
|
|
19
|
-
exports.default = ({ plan
|
|
20
|
-
|
|
19
|
+
exports.default = ({ plan }) => [
|
|
20
|
+
(req, res) => {
|
|
21
|
+
const reqUrl = new URL(req.url, "https://placeholder.test/");
|
|
21
22
|
const reqPath = (0, utils_js_1.validateUrlPath)(`${req.baseUrl}${reqUrl.pathname}${plan.getWaypoints()[0]}`);
|
|
22
23
|
let reqParams = reqUrl.searchParams.toString();
|
|
23
|
-
reqParams = reqParams ? `?${reqParams}` :
|
|
24
|
+
reqParams = reqParams ? `?${reqParams}` : "";
|
|
24
25
|
res.redirect(302, `${reqPath}${reqParams}`);
|
|
25
|
-
}
|
|
26
|
+
},
|
|
27
|
+
];
|
|
26
28
|
//# sourceMappingURL=serve-first-waypoint.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serve-first-waypoint.js","sourceRoot":"","sources":["../../src/middleware/serve-first-waypoint.js"],"names":[],"mappings":";;AAAA,8CAAkD;AAElD;;;GAGG;AAEH;;;GAGG;AAEH;;;;;;GAMG;AACH,kBAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"serve-first-waypoint.js","sourceRoot":"","sources":["../../src/middleware/serve-first-waypoint.js"],"names":[],"mappings":";;AAAA,8CAAkD;AAElD;;;GAGG;AAEH;;;GAGG;AAEH;;;;;;GAMG;AACH,kBAAe,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC3B,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,2BAA2B,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAA,0BAAe,EAC7B,GAAG,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAC5D,CAAC;QACF,IAAI,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC/C,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,SAAS,EAAE,CAAC,CAAC;IAC9C,CAAC;CACF,CAAC"}
|
|
@@ -1,10 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Produces three middleware functions:
|
|
3
|
+
*
|
|
4
|
+
* - Set the session cookie
|
|
5
|
+
* - Parse request cookies
|
|
6
|
+
* - Handle expiry of server-side session
|
|
7
|
+
*
|
|
8
|
+
* @param {object} opts Options
|
|
9
|
+
* @param {RequestHandler} opts.cookieParserMiddleware Cookie parsing middleware
|
|
10
|
+
* @param {string} opts.secret Session encryption secret
|
|
11
|
+
* @param {string} opts.name Session cookie name
|
|
12
|
+
* @param {boolean} opts.secure Secure cookies only
|
|
13
|
+
* @param {number} opts.ttl Session data time-to-live
|
|
14
|
+
* @param {boolean | string} [opts.cookieSameSite] Cooke SameSite setting
|
|
15
|
+
* @param {string} [opts.cookiePath] Cookie path
|
|
16
|
+
* @param {object} [opts.store] Storage instance
|
|
17
|
+
* @returns {RequestHandler[]} Middleware functions
|
|
18
|
+
*/
|
|
1
19
|
export default function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl, cookieSameSite, cookiePath, store, }: {
|
|
2
|
-
cookieParserMiddleware:
|
|
3
|
-
secret:
|
|
4
|
-
name:
|
|
5
|
-
secure:
|
|
6
|
-
ttl:
|
|
7
|
-
cookieSameSite?: boolean | undefined;
|
|
20
|
+
cookieParserMiddleware: RequestHandler;
|
|
21
|
+
secret: string;
|
|
22
|
+
name: string;
|
|
23
|
+
secure: boolean;
|
|
24
|
+
ttl: number;
|
|
25
|
+
cookieSameSite?: string | boolean | undefined;
|
|
8
26
|
cookiePath?: string | undefined;
|
|
9
|
-
store?:
|
|
10
|
-
}):
|
|
27
|
+
store?: object | undefined;
|
|
28
|
+
}): RequestHandler[];
|
|
29
|
+
export type RequestHandler = import("express").RequestHandler;
|
|
@@ -15,13 +15,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
|
|
|
15
15
|
}) : function(o, v) {
|
|
16
16
|
o["default"] = v;
|
|
17
17
|
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
};
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
25
35
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
36
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
37
|
};
|
|
@@ -33,7 +43,11 @@ exports.default = sessionMiddleware;
|
|
|
33
43
|
const express_session_1 = __importStar(require("express-session"));
|
|
34
44
|
const logger_js_1 = __importDefault(require("../lib/logger.js"));
|
|
35
45
|
const utils_js_1 = require("../lib/utils.js");
|
|
36
|
-
|
|
46
|
+
/**
|
|
47
|
+
* @typedef {import("express").RequestHandler} RequestHandler
|
|
48
|
+
* @access private
|
|
49
|
+
*/
|
|
50
|
+
const log = (0, logger_js_1.default)("middleware:session");
|
|
37
51
|
const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (req, res, next) => {
|
|
38
52
|
var _a;
|
|
39
53
|
const lastModified = getCookie(req);
|
|
@@ -43,15 +57,15 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
|
|
|
43
57
|
// expiring; generate a new session, and create grace-period cookie.
|
|
44
58
|
// This will invalidate any CSRF tokens, so by letting the request POST
|
|
45
59
|
// requests through the user may see a 500 error response.
|
|
46
|
-
log.info(
|
|
60
|
+
log.info("Session is new, or grace period has expired. Regenerating session.");
|
|
47
61
|
req.session.regenerate((err) => {
|
|
48
62
|
if (err) {
|
|
49
63
|
next(err);
|
|
50
64
|
}
|
|
51
65
|
else {
|
|
52
66
|
touchCookie(res);
|
|
53
|
-
if (req.method ===
|
|
54
|
-
log.info(
|
|
67
|
+
if (req.method === "POST") {
|
|
68
|
+
log.info("The CSRF token for this POST request will now be invalid for this regenerated session. Redirecting to app mount point.");
|
|
55
69
|
res.redirect(302, (0, utils_js_1.validateUrlPath)(`${req.baseUrl}/`));
|
|
56
70
|
}
|
|
57
71
|
else {
|
|
@@ -63,8 +77,8 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
|
|
|
63
77
|
else if (age > ttl) {
|
|
64
78
|
// Cookie has become stale and server session will have been removed;
|
|
65
79
|
// redirect to session-timeout
|
|
66
|
-
log.info(
|
|
67
|
-
const language = (_a = req.session.language) !== null && _a !== void 0 ? _a :
|
|
80
|
+
log.info("Session has timed out within grace period. Destroying session and redirecting to timeout page.");
|
|
81
|
+
const language = (_a = req.session.language) !== null && _a !== void 0 ? _a : "en";
|
|
68
82
|
req.session.destroy((err) => {
|
|
69
83
|
if (err) {
|
|
70
84
|
next(err);
|
|
@@ -75,8 +89,8 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
|
|
|
75
89
|
referrer: req.originalUrl,
|
|
76
90
|
lang: language,
|
|
77
91
|
});
|
|
78
|
-
|
|
79
|
-
|
|
92
|
+
res.redirect(302, (0, utils_js_1.validateUrlPath)(`${req.baseUrl}/session-timeout`) +
|
|
93
|
+
`?${params.toString()}`);
|
|
80
94
|
}
|
|
81
95
|
});
|
|
82
96
|
}
|
|
@@ -86,27 +100,41 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
|
|
|
86
100
|
next();
|
|
87
101
|
}
|
|
88
102
|
};
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
103
|
+
/**
|
|
104
|
+
* Produces three middleware functions:
|
|
105
|
+
*
|
|
106
|
+
* - Set the session cookie
|
|
107
|
+
* - Parse request cookies
|
|
108
|
+
* - Handle expiry of server-side session
|
|
109
|
+
*
|
|
110
|
+
* @param {object} opts Options
|
|
111
|
+
* @param {RequestHandler} opts.cookieParserMiddleware Cookie parsing middleware
|
|
112
|
+
* @param {string} opts.secret Session encryption secret
|
|
113
|
+
* @param {string} opts.name Session cookie name
|
|
114
|
+
* @param {boolean} opts.secure Secure cookies only
|
|
115
|
+
* @param {number} opts.ttl Session data time-to-live
|
|
116
|
+
* @param {boolean | string} [opts.cookieSameSite] Cooke SameSite setting
|
|
117
|
+
* @param {string} [opts.cookiePath] Cookie path
|
|
118
|
+
* @param {object} [opts.store] Storage instance
|
|
119
|
+
* @returns {RequestHandler[]} Middleware functions
|
|
120
|
+
*/
|
|
121
|
+
function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl, cookieSameSite = true, cookiePath = "/", store = new express_session_1.MemoryStore(), }) {
|
|
94
122
|
const commonCookieOptions = {
|
|
95
123
|
httpOnly: true,
|
|
96
124
|
path: cookiePath,
|
|
97
125
|
secure,
|
|
98
126
|
};
|
|
99
127
|
if (cookieSameSite !== false) {
|
|
100
|
-
commonCookieOptions.sameSite =
|
|
128
|
+
commonCookieOptions.sameSite =
|
|
129
|
+
cookieSameSite === true ? "Strict" : cookieSameSite;
|
|
101
130
|
}
|
|
102
131
|
const ttlGrace = 1800; // user will see session-timeout if session expires within 30mins
|
|
103
132
|
const touchCookieName = `${name}.t`;
|
|
104
133
|
const touchCookieOptions = Object.assign(Object.assign({}, commonCookieOptions), { maxAge: (ttl + ttlGrace) * 1000, signed: true });
|
|
105
134
|
const getCookie = (req) => {
|
|
106
|
-
var _a;
|
|
107
135
|
// Disabled eslint as `touchCookieName` is a constant, known value
|
|
108
|
-
|
|
109
|
-
const lastModified = Date.parse(String((_a = req.signedCookies[touchCookieName]) !== null && _a !== void 0 ? _a :
|
|
136
|
+
var _a;
|
|
137
|
+
const lastModified = Date.parse(String((_a = req.signedCookies[touchCookieName]) !== null && _a !== void 0 ? _a : "1970-01-01T00:00:00+0000"));
|
|
110
138
|
return Number.isNaN(lastModified) ? 0 : Math.floor(lastModified * 0.001);
|
|
111
139
|
};
|
|
112
140
|
const touchCookie = (res) => {
|
|
@@ -114,7 +142,7 @@ function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl,
|
|
|
114
142
|
// a small period of time where a user will see the session-timeout message,
|
|
115
143
|
// which is important to avoid the confusion of simply being redirected back
|
|
116
144
|
// to the start of their journey.
|
|
117
|
-
res.cookie(touchCookieName,
|
|
145
|
+
res.cookie(touchCookieName, new Date(Date.now()).toUTCString(), touchCookieOptions);
|
|
118
146
|
};
|
|
119
147
|
const removeCookie = (res) => {
|
|
120
148
|
res.clearCookie(touchCookieName, touchCookieOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/middleware/session.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/middleware/session.js"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2FA,oCAqEC;AAhKD,wEAAwE;AACxE,uEAAuE;AACvE,8BAA8B;AAC9B,mEAA8D;AAC9D,iEAAsC;AACtC,8CAAkD;AAElD;;;GAGG;AAEH,MAAM,GAAG,GAAG,IAAA,mBAAM,EAAC,oBAAoB,CAAC,CAAC;AAEzC,MAAM,uBAAuB,GAC3B,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,YAAY,CAAC;IAE1D,IAAI,YAAY,KAAK,CAAC,EAAE,CAAC;QACvB,gEAAgE;QAChE,oEAAoE;QACpE,uEAAuE;QACvE,0DAA0D;QAC1D,GAAG,CAAC,IAAI,CACN,oEAAoE,CACrE,CAAC;QACF,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,GAAG,CAAC,CAAC;gBACjB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC1B,GAAG,CAAC,IAAI,CACN,wHAAwH,CACzH,CAAC;oBACF,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAA,0BAAe,EAAC,GAAG,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;gBACxD,CAAC;qBAAM,CAAC;oBACN,IAAI,EAAE,CAAC;gBACT,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,GAAG,GAAG,GAAG,EAAE,CAAC;QACrB,qEAAqE;QACrE,8BAA8B;QAC9B,GAAG,CAAC,IAAI,CACN,gGAAgG,CACjG,CAAC;QACF,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,QAAQ,mCAAI,IAAI,CAAC;QAC9C,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC1B,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,GAAG,CAAC,CAAC;gBAClB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;oBACjC,QAAQ,EAAE,GAAG,CAAC,WAAW;oBACzB,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;gBAEH,GAAG,CAAC,QAAQ,CACV,GAAG,EACH,IAAA,0BAAe,EAAC,GAAG,GAAG,CAAC,OAAO,kBAAkB,CAAC;oBAC/C,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAC1B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,WAAW,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,CAAC;IACT,CAAC;AACH,CAAC,CAAC;AAEJ;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAwB,iBAAiB,CAAC,EACxC,sBAAsB,EACtB,MAAM,EACN,IAAI,EACJ,MAAM,EACN,GAAG,EACH,cAAc,GAAG,IAAI,EACrB,UAAU,GAAG,GAAG,EAChB,KAAK,GAAG,IAAI,6BAAW,EAAE,GAC1B;IACC,MAAM,mBAAmB,GAAG;QAC1B,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,UAAU;QAChB,MAAM;KACP,CAAC;IAEF,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;QAC7B,mBAAmB,CAAC,QAAQ;YAC1B,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC;IACxD,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,iEAAiE;IACxF,MAAM,eAAe,GAAG,GAAG,IAAI,IAAI,CAAC;IACpC,MAAM,kBAAkB,mCACnB,mBAAmB,KACtB,MAAM,EAAE,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,IAAI,EAC/B,MAAM,EAAE,IAAI,GACb,CAAC;IAEF,MAAM,SAAS,GAAG,CAAC,GAAG,EAAE,EAAE;QACxB,kEAAkE;;QAElE,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAC7B,MAAM,CAAC,MAAA,GAAG,CAAC,aAAa,CAAC,eAAe,CAAC,mCAAI,0BAA0B,CAAC,CACzE,CAAC;QACF,OAAO,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,KAAK,CAAC,CAAC;IAC3E,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,EAAE;QAC1B,0EAA0E;QAC1E,4EAA4E;QAC5E,4EAA4E;QAC5E,iCAAiC;QACjC,GAAG,CAAC,MAAM,CACR,eAAe,EACf,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE,EAClC,kBAAkB,CACnB,CAAC;IACJ,CAAC,CAAC;IAEF,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,EAAE;QAC3B,GAAG,CAAC,WAAW,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,OAAO;QACL,IAAA,yBAAc,EAAC;YACb,MAAM;YACN,IAAI;YACJ,iBAAiB,EAAE,KAAK;YACxB,MAAM,EAAE,KAAK;YACb,MAAM,kCACD,mBAAmB,KACtB,MAAM,EAAE,IAAI,GACb;YACD,KAAK;SACN,CAAC;QACF,sBAAsB;QACtB,uBAAuB,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,CAAC;KACnE,CAAC;AACJ,CAAC"}
|
|
@@ -9,10 +9,10 @@ const JourneyContext_js_1 = __importDefault(require("../lib/JourneyContext.js"))
|
|
|
9
9
|
const waypoint_url_js_1 = __importDefault(require("../lib/waypoint-url.js"));
|
|
10
10
|
const logger_js_1 = __importDefault(require("../lib/logger.js"));
|
|
11
11
|
const { has } = lodash_1.default;
|
|
12
|
-
const log = (0, logger_js_1.default)(
|
|
13
|
-
exports.default = ({ waypoint
|
|
12
|
+
const log = (0, logger_js_1.default)("middleware:skip-waypoint");
|
|
13
|
+
exports.default = ({ waypoint }) => [
|
|
14
14
|
(req, res, next) => {
|
|
15
|
-
if (!has(req.query,
|
|
15
|
+
if (!has(req.query, "skipto")) {
|
|
16
16
|
return next();
|
|
17
17
|
}
|
|
18
18
|
const skipTo = String(req.query.skipto);
|