@dwp/govuk-casa 9.6.6 → 10.0.0

package/dist/middleware/sanitise-fields.js

@@ -1,19 +1,23 @@
-"use strict";
 // Sanitise the fields submitted from a form
 // - Coerce each field to its correct type
 // - Remove an extraneous fields that are not know to the application
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const field_js_1 = __importDefault(require("../lib/field.js"));
-const JourneyContext_js_1 = __importDefault(require("../lib/JourneyContext.js"));
-exports.default = ({ waypoint, fields = [] }) => {
+import fieldFactory from "../lib/field.js";
+import JourneyContext from "../lib/JourneyContext.js";
+import NullObject from "../lib/NullObject.js";
+/**
+ * Get "sanitise fields" middleware for a given waypoint
+ *
+ * @param {object} opts Options
+ * @param {string} opts.waypoint Waypoint
+ * @param {PageField[]} opts.fields Fields to sanitise
+ * @returns {import("express").RequestHandler[]} Middleware functions
+ */
+export default ({ waypoint, fields = [] }) => {
     // Add some common, transient fields to ensure they survive beyond this sanitisation process
-    fields.push((0, field_js_1.default)("_csrf", { persist: false }).processor((value) => String(value)));
-    fields.push((0, field_js_1.default)("contextid", { persist: false }).processor((value) => String(value)));
-    fields.push((0, field_js_1.default)("edit", { persist: false }).processor((value) => String(value)));
-    fields.push((0, field_js_1.default)("editorigin", { persist: false }).processor((value) => String(value)));
+    fields.push(fieldFactory("_csrf", { persist: false }).processor((value) => String(value)));
+    fields.push(fieldFactory("contextid", { persist: false }).processor((value) => String(value)));
+    fields.push(fieldFactory("edit", { persist: false }).processor((value) => String(value)));
+    fields.push(fieldFactory("editorigin", { persist: false }).processor((value) => String(value)));
     // Middleware
     return [
         (req, res, next) => {
@@ -21,19 +25,20 @@ exports.default = ({ waypoint, fields = [] }) => {
             // those that do not have an entry in `fields`)
             // EsLint disabled as `fields`, `i` & `name` are only controlled by dev
             /* eslint-disable security/detect-object-injection */
-            const prunedBody = Object.create(null);
+            const prunedBody = new NullObject();
             for (let i = 0, l = fields.length; i < l; i++) {
-                if (Object.hasOwn(req.body, fields[i].name) &&
+                if (req.body &&
+                    Object.hasOwn(req.body, fields[i].name) &&
                     req.body[fields[i].name] !== undefined) {
                     prunedBody[fields[i].name] = req.body[fields[i].name];
                 }
             }
             /* eslint-enable security/detect-object-injection */
-            const journeyContext = JourneyContext_js_1.default.fromContext(req.casa.journeyContext, req);
+            const journeyContext = JourneyContext.fromContext(req.casa.journeyContext, req);
             journeyContext.setDataForPage(waypoint, prunedBody);
             // Second, prune any fields that do not pass the validation conditional,
             // and process those that do.
-            const sanitisedBody = Object.create(null);
+            const sanitisedBody = new NullObject();
             for (let i = 0, l = fields.length; i < l; i++) {
                 const field = fields[i]; /* eslint-disable-line security/detect-object-injection */
                 const fieldValue = field.getValue(prunedBody);
@@ -52,4 +57,7 @@ exports.default = ({ waypoint, fields = [] }) => {
         },
     ];
 };
-//# sourceMappingURL=sanitise-fields.js.map
+/**
+ * @typedef {import("../casa").PageField} PageField
+ * @access private
+ */

package/dist/middleware/serve-first-waypoint.d.ts

@@ -2,3 +2,4 @@ declare function _default({ plan }: Plan): ExpressRequestHandler[];
 export default _default;
 export type ExpressRequestHandler = import("express").RequestHandler;
 export type Plan = import("../casa").Plan;
+//# sourceMappingURL=serve-first-waypoint.d.ts.map

package/dist/middleware/serve-first-waypoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"serve-first-waypoint.d.ts","sourceRoot":"","sources":["../../src/middleware/serve-first-waypoint.js"],"names":[],"mappings":"AAmBe,oCAHJ,IAAI,GACF,qBAAqB,EAAE,CAYnC;;oCA1BY,OAAO,SAAS,EAAE,cAAc;mBAKhC,OAAO,SAAS,EAAE,IAAI"}

package/dist/middleware/serve-first-waypoint.js

@@ -1,6 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const utils_js_1 = require("../lib/utils.js");
+import { validateUrlPath } from "../lib/utils.js";
 /**
  * @typedef {import("express").RequestHandler} ExpressRequestHandler
  * @access private
@@ -16,13 +14,12 @@ const utils_js_1 = require("../lib/utils.js");
  * @param {Plan} plan CASA Plan
  * @returns {ExpressRequestHandler[]} Array of middleware
  */
-exports.default = ({ plan }) => [
+export default ({ plan }) => [
     (req, res) => {
         const reqUrl = new URL(req.url, "https://placeholder.test/");
-        const reqPath = (0, utils_js_1.validateUrlPath)(`${req.baseUrl}${reqUrl.pathname}${plan.getWaypoints()[0]}`);
+        const reqPath = validateUrlPath(`${req.baseUrl}${reqUrl.pathname}${plan.getWaypoints()[0]}`);
         let reqParams = reqUrl.searchParams.toString();
         reqParams = reqParams ? `?${reqParams}` : "";
         res.redirect(302, `${reqPath}${reqParams}`);
     },
 ];
-//# sourceMappingURL=serve-first-waypoint.js.map

package/dist/middleware/session.d.ts

@@ -26,4 +26,19 @@ export default function sessionMiddleware({ cookieParserMiddleware, secret, name
     cookiePath?: string | undefined;
     store?: object | undefined;
 }): RequestHandler[];
+/**
+ * Get the last modified time of the touch cookie
+ */
+export type touchModified = (req: ExpressRequest) => any;
+/**
+ * Set the touch cookie on the response
+ */
+export type touchCookie = (res: ExpressResponse) => any;
+/**
+ * Remove the touch cookie on the response
+ */
+export type removeTouchCookie = (res: ExpressResponse) => any;
 export type RequestHandler = import("express").RequestHandler;
+export type ExpressRequest = import("express").Request;
+export type ExpressResponse = import("express").Response;
+//# sourceMappingURL=session.d.ts.map

package/dist/middleware/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/middleware/session.js"],"names":[],"mappings":"AA8EA;;;;;;;;;;;;;;;;;GAiBG;AACH,qIAVG;IAA6B,sBAAsB,EAA3C,cAAc;IACD,MAAM,EAAnB,MAAM;IACO,IAAI,EAAjB,MAAM;IACQ,MAAM,EAApB,OAAO;IACM,GAAG,EAAhB,MAAM;IACkB,cAAc;IACxB,UAAU;IACV,KAAK;CAC3B,GAAU,cAAc,EAAE,CA0E5B;;;;kCAIU,cAAc;;;;gCAMd,eAAe;;;;sCAMf,eAAe;6BAKb,OAAO,SAAS,EAAE,cAAc;6BAKhC,OAAO,SAAS,EAAE,OAAO;8BAKzB,OAAO,SAAS,EAAE,QAAQ"}

package/dist/middleware/session.js

@@ -1,55 +1,22 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = sessionMiddleware;
 // A last-modified cookie is used to control whether the end user sees a
 // session-timeout page, or they are simply given a new session without
 // interrupting their journey.
-const express_session_1 = __importStar(require("express-session"));
-const logger_js_1 = __importDefault(require("../lib/logger.js"));
-const utils_js_1 = require("../lib/utils.js");
+import expressSession, { MemoryStore } from "express-session";
+import logger from "../lib/logger.js";
+import { validateUrlPath } from "../lib/utils.js";
+const log = logger("middleware:session");
 /**
- * @typedef {import("express").RequestHandler} RequestHandler
- * @access private
+ * Session expiry middleware
+ *
+ * @param {number} ttl Session data time-to-live
+ * @param {lastTouched} lastTouched Function to get last modified time of touch
+ *   cookie
+ * @param {touchCookie} touchCookie Function to reset the touch cookie
+ * @param {removeTouchCookie} removeTouchCookie Function to remove touch cookie
+ * @returns {RequestHandler} Middleware functions
  */
-const log = (0, logger_js_1.default)("middleware:session");
-const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (req, res, next) => {
-    const lastModified = getCookie(req);
+const sessionExpiryMiddleware = (ttl, lastTouched, touchCookie, removeTouchCookie) => (req, res, next) => {
+    const lastModified = lastTouched(req);
     const age = Math.floor(Date.now() * 0.001) - lastModified;
     if (lastModified === 0) {
         // New session, or grace period cookie no longer available after
@@ -63,9 +30,9 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
             }
             else {
                 touchCookie(res);
-                if (req.method === "POST") {
+                if (req.method === "POST" && req.body._csrf) {
                     log.info("The CSRF token for this POST request will now be invalid for this regenerated session. Redirecting to app mount point.");
-                    res.redirect(302, (0, utils_js_1.validateUrlPath)(`${req.baseUrl}/`));
+                    res.redirect(302, validateUrlPath(`${req.baseUrl}/`));
                 }
                 else {
                     next();
@@ -83,12 +50,12 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
                 next(err);
             }
             else {
-                removeCookie(res);
+                removeTouchCookie(res);
                 const params = new URLSearchParams({
                     referrer: req.originalUrl,
                     lang: language,
                 });
-                res.redirect(302, (0, utils_js_1.validateUrlPath)(`${req.baseUrl}/session-timeout`) +
+                res.redirect(302, validateUrlPath(`${req.baseUrl}/session-timeout`) +
                     `?${params.toString()}`);
             }
         });
@@ -117,7 +84,7 @@ const sessionExpiryMiddleware = (ttl, getCookie, touchCookie, removeCookie) => (
  * @param {object} [opts.store] Storage instance
  * @returns {RequestHandler[]} Middleware functions
  */
-function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl, cookieSameSite = true, cookiePath = "/", store = new express_session_1.MemoryStore(), }) {
+export default function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl, cookieSameSite = true, cookiePath = "/", store = new MemoryStore(), }) {
     const commonCookieOptions = {
         httpOnly: true,
         path: cookiePath,
@@ -134,13 +101,15 @@ function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl,
         maxAge: (ttl + ttlGrace) * 1000,
         signed: true,
     };
-    const getCookie = (req) => {
+    /** @type {lastTouched} */
+    const lastTouched = (req) => {
         // Disabled eslint as `touchCookieName` is a constant, known value
         const lastModified = Date.parse(
         /* eslint-disable-next-line security/detect-object-injection */
         String(req.signedCookies[touchCookieName] ?? "1970-01-01T00:00:00+0000"));
         return Number.isNaN(lastModified) ? 0 : Math.floor(lastModified * 0.001);
     };
+    /** @type {touchCookie} */
     const touchCookie = (res) => {
         // Touch cookie expiry is a short period after the session ttl. This gives
         // a small period of time where a user will see the session-timeout message,
@@ -148,11 +117,12 @@ function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl,
         // to the start of their journey.
         res.cookie(touchCookieName, new Date(Date.now()).toUTCString(), touchCookieOptions);
     };
-    const removeCookie = (res) => {
+    /** @type {removeTouchCookie} */
+    const removeTouchCookie = (res) => {
         res.clearCookie(touchCookieName, touchCookieOptions);
     };
     return [
-        (0, express_session_1.default)({
+        expressSession({
             secret,
             name,
             saveUninitialized: false,
@@ -164,7 +134,33 @@ function sessionMiddleware({ cookieParserMiddleware, secret, name, secure, ttl,
             store,
         }),
         cookieParserMiddleware,
-        sessionExpiryMiddleware(ttl, getCookie, touchCookie, removeCookie),
+        sessionExpiryMiddleware(ttl, lastTouched, touchCookie, removeTouchCookie),
     ];
 }
-//# sourceMappingURL=session.js.map
+/**
+ * @callback touchModified Get the last modified time of the touch cookie
+ * @param {ExpressRequest} req Express request
+ * @access private
+ */
+/**
+ * @callback touchCookie Set the touch cookie on the response
+ * @param {ExpressResponse} res Express response
+ * @access private
+ */
+/**
+ * @callback removeTouchCookie Remove the touch cookie on the response
+ * @param {ExpressResponse} res Express response
+ * @access private
+ */
+/**
+ * @typedef {import("express").RequestHandler} RequestHandler
+ * @access private
+ */
+/**
+ * @typedef {import("express").Request} ExpressRequest
+ * @access private
+ */
+/**
+ * @typedef {import("express").Response} ExpressResponse
+ * @access private
+ */

package/dist/middleware/skip-waypoint.d.ts

@@ -1,4 +1,5 @@
 declare function _default({ waypoint }: {
-    waypoint: any;
-}): ((req: any, res: any, next: any) => any)[];
+    waypoint: string;
+}): import("express").RequestHandler[];
 export default _default;
+//# sourceMappingURL=skip-waypoint.d.ts.map

package/dist/middleware/skip-waypoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skip-waypoint.d.ts","sourceRoot":"","sources":["../../src/middleware/skip-waypoint.js"],"names":[],"mappings":"AAee,wCAHZ;IAAqB,QAAQ,EAArB,MAAM;CACd,GAAU,OAAO,SAAS,EAAE,cAAc,EAAE,CAgC9C"}

package/dist/middleware/skip-waypoint.js

@@ -1,16 +1,18 @@
-"use strict";
 // Mark a waypoint as skipped
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const JourneyContext_js_1 = __importDefault(require("../lib/JourneyContext.js"));
-const waypoint_url_js_1 = __importDefault(require("../lib/waypoint-url.js"));
-const logger_js_1 = __importDefault(require("../lib/logger.js"));
-const log = (0, logger_js_1.default)("middleware:skip-waypoint");
-exports.default = ({ waypoint }) => [
+import JourneyContext from "../lib/JourneyContext.js";
+import waypointUrl from "../lib/waypoint-url.js";
+import logger from "../lib/logger.js";
+const log = logger("middleware:skip-waypoint");
+/**
+ * Get "skip waypoint" middleware for a given waypoint
+ *
+ * @param {object} opts Options
+ * @param {string} opts.waypoint Waypoint
+ * @returns {import("express").RequestHandler[]} Middleware functions
+ */
+export default ({ waypoint }) => [
     (req, res, next) => {
-        if (!Object.hasOwn(req.query, "skipto")) {
+        if (!req.query || !Object.hasOwn(req.query, "skipto")) {
             return next();
         }
         const skipTo = String(req.query.skipto);
@@ -18,8 +20,8 @@ exports.default = ({ waypoint }) => [
         log.info(`Marking waypoint "${waypoint}" as skipped`);
         req.casa.journeyContext.clearValidationErrorsForPage(waypoint);
         req.casa.journeyContext.setSkipped(waypoint, { to: skipTo });
-        JourneyContext_js_1.default.putContext(req.session, req.casa.journeyContext);
-        const redirectUrl = (0, waypoint_url_js_1.default)({
+        JourneyContext.putContext(req.session, req.casa.journeyContext);
+        const redirectUrl = waypointUrl({
             mountUrl: `${req.baseUrl}/`,
             waypoint: skipTo,
             edit: req.casa.editMode,
@@ -37,4 +39,3 @@ exports.default = ({ waypoint }) => [
         });
     },
 ];
-//# sourceMappingURL=skip-waypoint.js.map

package/dist/middleware/steer-journey.d.ts

@@ -1,6 +1,7 @@
 declare function _default({ waypoint, plan }: {
     waypoint: string;
     plan: Plan;
-}): void;
+}): import("express").RequestHandler[];
 export default _default;
 export type Plan = typeof import("../lib/Plan");
+//# sourceMappingURL=steer-journey.d.ts.map

package/dist/middleware/steer-journey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"steer-journey.d.ts","sourceRoot":"","sources":["../../src/middleware/steer-journey.js"],"names":[],"mappings":"AAsBe,8CAJZ;IAAoB,QAAQ,EAApB,MAAM;IACI,IAAI,EAAd,IAAI;CACZ,GAAU,OAAO,SAAS,EAAE,cAAc,EAAE,CAuE9C"}

package/dist/middleware/steer-journey.js

@@ -1,13 +1,8 @@
-"use strict";
 // This sits in front of all other middleware and prevents the user from
 // "jumping ahead" in the Plan.
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const waypoint_url_js_1 = __importDefault(require("../lib/waypoint-url.js"));
-const logger_js_1 = __importDefault(require("../lib/logger.js"));
-const log = (0, logger_js_1.default)("middleware:steer-journey");
+import waypointUrl from "../lib/waypoint-url.js";
+import logger from "../lib/logger.js";
+const log = logger("middleware:steer-journey");
 /**
  * @typedef {import("../lib/Plan")} Plan
  * @access private
@@ -19,9 +14,9 @@ const log = (0, logger_js_1.default)("middleware:steer-journey");
  * @param {object} obj Options
  * @param {string} obj.waypoint Current waypoint
  * @param {Plan} obj.plan CASA Plan
- * @returns {void}
+ * @returns {import("express").RequestHandler[]} Middleware functions
  */
-exports.default = ({ waypoint, plan }) => [
+export default ({ waypoint, plan }) => [
     (req, res, next) => {
         const mountUrl = `${req.baseUrl}/`;
         // If the requested waypoint doesn't exist in the traversed journey, send
@@ -30,7 +25,7 @@ exports.default = ({ waypoint, plan }) => [
         if (traversed.indexOf(waypoint) === -1) {
             const redirectTo = traversed[traversed.length - 1];
             log.trace(`Attempted to access "${waypoint}" when not in the journey; redirecting to "${redirectTo}"`);
-            return res.redirect(302, (0, waypoint_url_js_1.default)({
+            return res.redirect(302, waypointUrl({
                 waypoint: redirectTo,
                 mountUrl,
                 journeyContext: req.casa.journeyContext,
@@ -59,7 +54,7 @@ exports.default = ({ waypoint, plan }) => [
             stopCondition: () => true, // stop at the first one
         });
         res.locals.casa.journeyPreviousUrl = prevRoute.target
-            ? (0, waypoint_url_js_1.default)({
+            ? waypointUrl({
                 mountUrl,
                 journeyContext: req.casa.journeyContext,
                 waypoint: prevRoute.target,
@@ -71,4 +66,3 @@ exports.default = ({ waypoint, plan }) => [
         return next();
     },
 ];
-//# sourceMappingURL=steer-journey.js.map

package/dist/middleware/strip-proxy-path.d.ts

@@ -1,4 +1,5 @@
 declare function _default({ mountUrl }: {
-    mountUrl?: string | undefined;
-}): ((req: any, res: any, next: any) => void)[];
+    mountUrl: string;
+}): import("express").RequestHandler[];
 export default _default;
+//# sourceMappingURL=strip-proxy-path.d.ts.map

package/dist/middleware/strip-proxy-path.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strip-proxy-path.d.ts","sourceRoot":"","sources":["../../src/middleware/strip-proxy-path.js"],"names":[],"mappings":"AAyBe,wCAHZ;IAAqB,QAAQ,EAArB,MAAM;CACd,GAAU,OAAO,SAAS,EAAE,cAAc,EAAE,CAsC9C"}

package/dist/middleware/strip-proxy-path.js

@@ -1,26 +1,27 @@
-"use strict";
-// Strip any "proxy path" prefix present on the request URL
-//
-// The default "mountUrl" will be match whatever path that the CASA app
-// instance will be mounted onto. So if you mount on `/a/b/c` then all
-// URLs generated for the browser will be prefixed with `/a/b/c`.
-//
-// Defining a `mountUrl` will change that behaviour into a "proxy mode".
-// This mode assumes you have a forwarding proxy that will alter
-// the incoming request paths from `mountUrl` to the original path you
-// have mounted this CASA app instance onto.
-//
-// For example, if you mount the app on `/a/b/c/x`, but want the browser
-// URLs to just use the `/x` prefix, then pass a `mountUrl` of `/x`.
-//
-// See docs in `docs/guides/setup-behind-a-proxy.md`
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const logger_js_1 = __importDefault(require("../lib/logger.js"));
-const log = (0, logger_js_1.default)("casa:middleware:strip-proxy-path");
-exports.default = ({ mountUrl = "/" }) => [
+import logger from "../lib/logger.js";
+const log = logger("casa:middleware:strip-proxy-path");
+/**
+ * Strip any "proxy path" prefix present on the request URL
+ *
+ * The default "mountUrl" will be match whatever path that the CASA app instance
+ * will be mounted onto. So if you mount on `/a/b/c` then all URLs generated for
+ * the browser will be prefixed with `/a/b/c`.
+ *
+ * Defining a `mountUrl` will change that behaviour into a "proxy mode". This
+ * mode assumes you have a forwarding proxy that will alter the incoming request
+ * paths from `mountUrl` to the original path you have mounted this CASA app
+ * instance onto.
+ *
+ * For example, if you mount the app on `/a/b/c/x`, but want the browser URLs to
+ * just use the `/x` prefix, then pass a `mountUrl` of `/x`.
+ *
+ * See docs in `docs/guides/setup-behind-a-proxy.md`
+ *
+ * @param {object} opts Options
+ * @param {string} opts.mountUrl CASA mount URL
+ * @returns {import("express").RequestHandler[]} Middleware functions
+ */
+export default ({ mountUrl = "/" }) => [
     (req, res, next) => {
         // TODO:
         // We _may_ have to start tracking the various prefix in order to differentiate
@@ -53,4 +54,3 @@ exports.default = ({ mountUrl = "/" }) => [
         }
     },
 ];
-//# sourceMappingURL=strip-proxy-path.js.map

package/dist/middleware/validate-fields.d.ts

@@ -1,6 +1,9 @@
 declare function _default({ waypoint, fields, plan }: {
-    waypoint: any;
-    fields?: never[] | undefined;
-    plan: any;
-}): ((req: any, res: any, next: any) => any)[];
+    waypoint: string;
+    fields: PageField[];
+    plan: Plan;
+}): import("express").RequestHandler[];
 export default _default;
+export type Plan = import("../casa").Plan;
+export type PageField = import("../casa").PageField;
+//# sourceMappingURL=validate-fields.d.ts.map

package/dist/middleware/validate-fields.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-fields.d.ts","sourceRoot":"","sources":["../../src/middleware/validate-fields.js"],"names":[],"mappings":"AAkCe,sDALZ;IAAqB,QAAQ,EAArB,MAAM;IACY,MAAM,EAAxB,SAAS,EAAE;IACA,IAAI,EAAf,IAAI;CACZ,GAAU,OAAO,SAAS,EAAE,cAAc,EAAE,CA0D9C;;mBAGY,OAAO,SAAS,EAAE,IAAI;wBAKtB,OAAO,SAAS,EAAE,SAAS"}

package/dist/middleware/validate-fields.js

@@ -1,11 +1,6 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
 // Validate the data captured in the journey context
-const JourneyContext_js_1 = __importDefault(require("../lib/JourneyContext.js"));
-const constants_js_1 = require("../lib/constants.js");
+import JourneyContext from "../lib/JourneyContext.js";
+import { REQUEST_PHASE_VALIDATE } from "../lib/constants.js";
 const updateContext = ({ waypoint, errors = null, journeyContext, session, }) => {
     // Set validation state
     if (errors === null) {
@@ -15,13 +10,22 @@ const updateContext = ({ waypoint, errors = null, journeyContext, session, }) =>
         journeyContext.setValidationErrorsForPage(waypoint, errors);
     }
     // Save to session
-    JourneyContext_js_1.default.putContext(session, journeyContext, {
+    JourneyContext.putContext(session, journeyContext, {
         userInfo: {
-            casaRequestPhase: constants_js_1.REQUEST_PHASE_VALIDATE,
+            casaRequestPhase: REQUEST_PHASE_VALIDATE,
         },
     });
 };
-exports.default = ({ waypoint, fields = [], plan }) => [
+/**
+ * Get "sanitise fields" middleware for a given waypoint
+ *
+ * @param {object} opts Options
+ * @param {string} opts.waypoint Waypoint
+ * @param {PageField[]} opts.fields Fields to validate
+ * @param {Plan} opts.plan CASA Plan
+ * @returns {import("express").RequestHandler[]} Middleware functions
+ */
+export default ({ waypoint, fields = [], plan }) => [
     (req, res, next) => {
         const mountUrl = `${req.baseUrl}/`;
         // Run validators for every field to build up a complete list of errors
@@ -71,4 +75,11 @@ exports.default = ({ waypoint, fields = [], plan }) => [
         return next();
     },
 ];
-//# sourceMappingURL=validate-fields.js.map
+/**
+ * @typedef {import("../casa").Plan} Plan
+ * @access private
+ */
+/**
+ * @typedef {import("../casa").PageField} PageField
+ * @access private
+ */

package/dist/routes/ancillary.d.ts

@@ -20,3 +20,4 @@ export type AncillaryRouterOptions = {
     sessionTtl: number;
 };
 import MutableRouter from "../lib/MutableRouter.js";
+//# sourceMappingURL=ancillary.d.ts.map

package/dist/routes/ancillary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ancillary.d.ts","sourceRoot":"","sources":["../../src/routes/ancillary.js"],"names":[],"mappings":"AAEA;;;GAGG;AAEH;;;;;;GAMG;AACH,wDAJW,sBAAsB,GACpB,aAAa,CAezB;;;;;;;;gBAtBa,MAAM;;0BAJM,yBAAyB"}

package/dist/routes/ancillary.js

@@ -1,10 +1,4 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = ancillaryRouter;
-const MutableRouter_js_1 = __importDefault(require("../lib/MutableRouter.js"));
+import MutableRouter from "../lib/MutableRouter.js";
 /**
  * @typedef {object} AncillaryRouterOptions Options to configure static router
  * @property {number} sessionTtl Session timeout (seconds)
@@ -16,9 +10,9 @@ const MutableRouter_js_1 = __importDefault(require("../lib/MutableRouter.js"));
  * @returns {MutableRouter} ExpressJS Router instance
  * @access private
  */
-function ancillaryRouter({ sessionTtl }) {
+export default function ancillaryRouter({ sessionTtl }) {
     // Router
-    const router = new MutableRouter_js_1.default({ mergeParams: true });
+    const router = new MutableRouter({ mergeParams: true });
     // Session timeout
     router.all("/session-timeout", (req, res) => {
         res.render("casa/session-timeout.njk", {
@@ -27,4 +21,3 @@ function ancillaryRouter({ sessionTtl }) {
     });
     return router;
 }
-//# sourceMappingURL=ancillary.js.map

package/dist/routes/journey.d.ts

@@ -8,6 +8,9 @@
  */
 export default function journeyRouter({ globalHooks, pages, plan, csrfMiddleware, globalErrorVisibility, }: JourneyRouterOptions): MutableRouter;
 export function generateGovukErrors(errors: Record<string, ValidationError>, req: import("express").Request): GovUkErrorObject[];
+export type GlobalHook = import("../casa.js").GlobalHook;
+export type Page = import("../casa.js").Page;
+export type Plan = import("../casa.js").Plan;
 export type ValidationError = import("../casa.js").ValidationError;
 export type GovUkErrorObject = {
     /**
@@ -36,8 +39,10 @@ export type JourneyRouterOptions = {
      */
     plan: Plan;
     /**
-     * Middleware for providing CSRF controls
+     * Middleware for
+     * providing CSRF controls
      */
-    csrfMiddleware: Function[];
+    csrfMiddleware: import("express").RequestHandler[];
 };
 import MutableRouter from "../lib/MutableRouter.js";
+//# sourceMappingURL=journey.d.ts.map

package/dist/routes/journey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"journey.d.ts","sourceRoot":"","sources":["../../src/routes/journey.js"],"names":[],"mappings":"AAkHA;;;;;;;GAOG;AACH,4GAJW,oBAAoB,GAClB,aAAa,CAqPzB;AA3RM,4CALI,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,OAE/B,OAAO,SAAS,EAAE,OAAO,GACvB,gBAAgB,EAAE,CAM1B;yBArEQ,OAAO,YAAY,EAAE,UAAU;mBAK/B,OAAO,YAAY,EAAE,IAAI;mBAKzB,OAAO,YAAY,EAAE,IAAI;8BAIxB,OAAO,YAAY,EAAE,eAAe;;;;;UAIpC,MAAM;;;;UACN,MAAM;;;;;;;;;iBAKN,UAAU,EAAE;;;;WACZ,IAAI,EAAE;;;;UACN,IAAI;;;;;oBACJ,OAAO,SAAS,EAAE,cAAc,EAAE;;0BA3CtB,yBAAyB"}