@eggjs/jsonp 3.0.0 → 4.0.0-beta.17

package/dist/commonjs/error/JSONPForbiddenReferrerError.js

@@ -1,16 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.JSONPForbiddenReferrerError = void 0;
-class JSONPForbiddenReferrerError extends Error {
-    referrer;
-    status;
-    constructor(message, referrer, status) {
-        super(message);
-        this.name = this.constructor.name;
-        this.referrer = referrer;
-        this.status = status;
-        Error.captureStackTrace(this, this.constructor);
-    }
-}
-exports.JSONPForbiddenReferrerError = JSONPForbiddenReferrerError;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSlNPTlBGb3JiaWRkZW5SZWZlcnJlckVycm9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2Vycm9yL0pTT05QRm9yYmlkZGVuUmVmZXJyZXJFcnJvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFhLDJCQUE0QixTQUFRLEtBQUs7SUFDcEQsUUFBUSxDQUFTO0lBQ2pCLE1BQU0sQ0FBUztJQUVmLFlBQVksT0FBZSxFQUFFLFFBQWdCLEVBQUUsTUFBYztRQUMzRCxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDZixJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDO1FBQ2xDLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxDQUFDO1FBQ3pCLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBQ3JCLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2xELENBQUM7Q0FDRjtBQVhELGtFQVdDIn0=

package/dist/commonjs/index.d.ts

@@ -1 +0,0 @@
-import './types.js';

package/dist/commonjs/index.js

@@ -1,4 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-require("./types.js");
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSxzQkFBb0IifQ==

package/dist/commonjs/lib/private_key.d.ts

@@ -1 +0,0 @@
-export declare const JSONP_CONFIG: unique symbol;

package/dist/commonjs/lib/private_key.js

@@ -1,5 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.JSONP_CONFIG = void 0;
-exports.JSONP_CONFIG = Symbol('jsonp#config');
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJpdmF0ZV9rZXkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL3ByaXZhdGVfa2V5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFhLFFBQUEsWUFBWSxHQUFHLE1BQU0sQ0FBQyxjQUFjLENBQUMsQ0FBQyJ9

package/dist/commonjs/package.json

@@ -1,3 +0,0 @@
-{
-  "type": "commonjs"
-}

package/dist/commonjs/types.d.ts

@@ -1,50 +0,0 @@
-import type { MiddlewareFunc } from '@eggjs/core';
-/**
- * jsonp options
- * @member Config#jsonp
- */
-export interface JSONPConfig {
-    /**
-     * jsonp callback methods key, default to `['_callback', 'callback' ]`
-     */
-    callback: string[] | string;
-    /**
-     * callback method name's max length, default to `50`
-     */
-    limit: number;
-    /**
-     * enable csrf check or not, default to `false`
-     */
-    csrf: boolean;
-    /**
-     * referrer white list, default to `undefined`
-     */
-    whiteList?: string | RegExp | (string | RegExp)[];
-}
-declare module '@eggjs/core' {
-    interface EggAppConfig {
-        jsonp: JSONPConfig;
-    }
-    interface Context {
-        /**
-         * detect if response should be jsonp
-         */
-        acceptJSONP: boolean;
-        /**
-         * JSONP wrap body function
-         * Set jsonp response wrap function, other plugin can use it.
-         * If not necessary, please don't use this method in your application code.
-         * @param {Object} body response body
-         * @private
-         */
-        createJsonpBody(body: any): void;
-    }
-    interface EggCore {
-        /**
-         * return a middleware to enable jsonp response.
-         * will do some security check inside.
-         * @public
-         */
-        jsonp(initOptions?: Partial<JSONPConfig>): MiddlewareFunc;
-    }
-}

package/dist/commonjs/types.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/esm/app/extend/application.d.ts

@@ -1,10 +0,0 @@
-import { EggCore, type MiddlewareFunc } from '@eggjs/core';
-import { JSONPConfig } from '../../types.js';
-export default class JSONPApplication extends EggCore {
-    /**
-     * return a middleware to enable jsonp response.
-     * will do some security check inside.
-     * @public
-     */
-    jsonp(initOptions?: Partial<JSONPConfig>): MiddlewareFunc;
-}

package/dist/esm/app/extend/application.js

@@ -1,112 +0,0 @@
-import { debuglog } from 'node:util';
-import { parse as urlParse } from 'node:url';
-import { EggCore } from '@eggjs/core';
-import { JSONP_CONFIG } from '../../lib/private_key.js';
-import { JSONPForbiddenReferrerError } from '../../error/JSONPForbiddenReferrerError.js';
-const debug = debuglog('@egg/jsonp/app/extend/application');
-export default class JSONPApplication extends EggCore {
-    /**
-     * return a middleware to enable jsonp response.
-     * will do some security check inside.
-     * @public
-     */
-    jsonp(initOptions = {}) {
-        const options = {
-            ...this.config.jsonp,
-            ...initOptions,
-        };
-        if (!Array.isArray(options.callback)) {
-            options.callback = [options.callback];
-        }
-        const csrfEnable = this.plugins.security && this.plugins.security.enable // security enable
-            && this.config.security.csrf && this.config.security.csrf.enable !== false // csrf enable
-            && options.csrf; // jsonp csrf enabled
-        const validateReferrer = options.whiteList && createValidateReferer(options.whiteList);
-        if (!csrfEnable && !validateReferrer) {
-            this.coreLogger.warn('[@eggjs/jsonp] SECURITY WARNING!! csrf check and referrer check are both closed!');
-        }
-        /**
-         * jsonp request security check, pass if
-         *
-         * 1. hit referrer white list
-         * 2. or pass csrf check
-         * 3. both check are disabled
-         *
-         * @param {Context} ctx request context
-         */
-        function securityAssert(ctx) {
-            // all disabled. don't need check
-            if (!csrfEnable && !validateReferrer)
-                return;
-            // pass referrer check
-            const referrer = ctx.get('referrer');
-            if (validateReferrer && validateReferrer(referrer))
-                return;
-            if (csrfEnable && validateCsrf(ctx))
-                return;
-            throw new JSONPForbiddenReferrerError('jsonp request security validate failed', referrer, 403);
-        }
-        return async function jsonp(ctx, next) {
-            const jsonpFunction = getJsonpFunction(ctx.query, options.callback);
-            ctx[JSONP_CONFIG] = {
-                jsonpFunction,
-                options,
-            };
-            // before handle request, must do some security checks
-            securityAssert(ctx);
-            await next();
-            // generate jsonp body
-            ctx.createJsonpBody(ctx.body);
-        };
-    }
-}
-function createValidateReferer(whiteList) {
-    if (!Array.isArray(whiteList)) {
-        whiteList = [whiteList];
-    }
-    return (referrer) => {
-        let parsed;
-        for (const rule of whiteList) {
-            if (rule instanceof RegExp) {
-                if (rule.test(referrer)) {
-                    // regexp(/^https?:\/\/github.com\//): test the referrer with rule
-                    return true;
-                }
-                continue;
-            }
-            parsed = parsed ?? urlParse(referrer);
-            const hostname = parsed.hostname || '';
-            // check if referrer's hostname match the string rule
-            if (rule[0] === '.' &&
-                (hostname.endsWith(rule) || hostname === rule.slice(1))) {
-                // string start with `.`(.github.com): referrer's hostname must ends with rule
-                return true;
-            }
-            else if (hostname === rule) {
-                // string not start with `.`(github.com): referrer's hostname must strict equal to rule
-                return true;
-            }
-        }
-        // no rule matched
-        return false;
-    };
-}
-function validateCsrf(ctx) {
-    try {
-        // TODO(fengmk2): remove this when @eggjs/security support ctx.assertCsrf type define
-        ctx.assertCsrf();
-        return true;
-    }
-    catch (err) {
-        debug('validate csrf failed: %s', err);
-        return false;
-    }
-}
-function getJsonpFunction(query, callbacks) {
-    for (const callback of callbacks) {
-        if (query[callback]) {
-            return query[callback];
-        }
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwbGljYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hcHBsaWNhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxLQUFLLElBQUksUUFBUSxFQUEyQixNQUFNLFVBQVUsQ0FBQztBQUV0RSxPQUFPLEVBQUUsT0FBTyxFQUF1QixNQUFNLGFBQWEsQ0FBQztBQUMzRCxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFeEQsT0FBTyxFQUFFLDJCQUEyQixFQUFFLE1BQU0sNENBQTRDLENBQUM7QUFHekYsTUFBTSxLQUFLLEdBQUcsUUFBUSxDQUFDLG1DQUFtQyxDQUFDLENBQUM7QUFFNUQsTUFBTSxDQUFDLE9BQU8sT0FBTyxnQkFBaUIsU0FBUSxPQUFPO0lBQ25EOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsY0FBb0MsRUFBRTtRQUMxQyxNQUFNLE9BQU8sR0FBRztZQUNkLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLO1lBQ3BCLEdBQUcsV0FBVztTQUN5QixDQUFDO1FBQzFDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ3JDLE9BQU8sQ0FBQyxRQUFRLEdBQUcsQ0FBRSxPQUFPLENBQUMsUUFBUSxDQUFFLENBQUM7UUFDMUMsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0I7ZUFDdEYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLGNBQWM7ZUFDdEYsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLHFCQUFxQjtRQUV4QyxNQUFNLGdCQUFnQixHQUFHLE9BQU8sQ0FBQyxTQUFTLElBQUkscUJBQXFCLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRXZGLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3JDLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLGtGQUFrRixDQUFDLENBQUM7UUFDM0csQ0FBQztRQUNEOzs7Ozs7OztXQVFHO1FBQ0gsU0FBUyxjQUFjLENBQUMsR0FBaUI7WUFDdkMsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxnQkFBZ0I7Z0JBQUUsT0FBTztZQUU3QyxzQkFBc0I7WUFDdEIsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLEdBQUcsQ0FBUyxVQUFVLENBQUMsQ0FBQztZQUM3QyxJQUFJLGdCQUFnQixJQUFJLGdCQUFnQixDQUFDLFFBQVEsQ0FBQztnQkFBRSxPQUFPO1lBQzNELElBQUksVUFBVSxJQUFJLFlBQVksQ0FBQyxHQUFHLENBQUM7Z0JBQUUsT0FBTztZQUU1QyxNQUFNLElBQUksMkJBQTJCLENBQ25DLHdDQUF3QyxFQUN4QyxRQUFRLEVBQ1IsR0FBRyxDQUFDLENBQUM7UUFDVCxDQUFDO1FBRUQsT0FBTyxLQUFLLFVBQVUsS0FBSyxDQUFDLEdBQWlCLEVBQUUsSUFBSTtZQUNqRCxNQUFNLGFBQWEsR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUVwRSxHQUFHLENBQUMsWUFBWSxDQUFDLEdBQUc7Z0JBQ2xCLGFBQWE7Z0JBQ2IsT0FBTzthQUNSLENBQUM7WUFFRixzREFBc0Q7WUFDdEQsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBRXBCLE1BQU0sSUFBSSxFQUFFLENBQUM7WUFFYixzQkFBc0I7WUFDdEIsR0FBRyxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDaEMsQ0FBQyxDQUFDO0lBQ0osQ0FBQztDQUNGO0FBRUQsU0FBUyxxQkFBcUIsQ0FBQyxTQUE2QztJQUMxRSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQzlCLFNBQVMsR0FBRyxDQUFFLFNBQVMsQ0FBRSxDQUFDO0lBQzVCLENBQUM7SUFFRCxPQUFPLENBQUMsUUFBZ0IsRUFBRSxFQUFFO1FBQzFCLElBQUksTUFBc0MsQ0FBQztRQUMzQyxLQUFLLE1BQU0sSUFBSSxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQzdCLElBQUksSUFBSSxZQUFZLE1BQU0sRUFBRSxDQUFDO2dCQUMzQixJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztvQkFDeEIsa0VBQWtFO29CQUNsRSxPQUFPLElBQUksQ0FBQztnQkFDZCxDQUFDO2dCQUNELFNBQVM7WUFDWCxDQUFDO1lBRUQsTUFBTSxHQUFHLE1BQU0sSUFBSSxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDdEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7WUFFdkMscURBQXFEO1lBQ3JELElBQUksSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUc7Z0JBQ2pCLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxRQUFRLEtBQUssSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQzFELDhFQUE4RTtnQkFDOUUsT0FBTyxJQUFJLENBQUM7WUFDZCxDQUFDO2lCQUFNLElBQUksUUFBUSxLQUFLLElBQUksRUFBRSxDQUFDO2dCQUM3Qix1RkFBdUY7Z0JBQ3ZGLE9BQU8sSUFBSSxDQUFDO1lBQ2QsQ0FBQztRQUNILENBQUM7UUFFRCxrQkFBa0I7UUFDbEIsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUyxZQUFZLENBQUMsR0FBUTtJQUM1QixJQUFJLENBQUM7UUFDSCxxRkFBcUY7UUFDckYsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDYixLQUFLLENBQUMsMEJBQTBCLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDdkMsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0FBQ0gsQ0FBQztBQUVELFNBQVMsZ0JBQWdCLENBQUMsS0FBcUIsRUFBRSxTQUFtQjtJQUNsRSxLQUFLLE1BQU0sUUFBUSxJQUFJLFNBQVMsRUFBRSxDQUFDO1FBQ2pDLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDcEIsT0FBTyxLQUFLLENBQUMsUUFBUSxDQUFXLENBQUM7UUFDbkMsQ0FBQztJQUNILENBQUM7QUFDSCxDQUFDIn0=

package/dist/esm/app/extend/context.d.ts

@@ -1,15 +0,0 @@
-import { Context } from '@eggjs/core';
-export default class JSONPContext extends Context {
-    /**
-     * detect if response should be jsonp
-     */
-    get acceptJSONP(): boolean;
-    /**
-     * JSONP wrap body function
-     * Set jsonp response wrap function, other plugin can use it.
-     * If not necessary, please don't use this method in your application code.
-     * @param {Object} body response body
-     * @private
-     */
-    createJsonpBody(body: any): void;
-}

package/dist/esm/app/extend/context.js

@@ -1,32 +0,0 @@
-import { jsonp as jsonpBody } from 'jsonp-body';
-import { Context } from '@eggjs/core';
-import { JSONP_CONFIG } from '../../lib/private_key.js';
-export default class JSONPContext extends Context {
-    /**
-     * detect if response should be jsonp
-     */
-    get acceptJSONP() {
-        const jsonpConfig = Reflect.get(this, JSONP_CONFIG);
-        return !!(jsonpConfig?.jsonpFunction);
-    }
-    /**
-     * JSONP wrap body function
-     * Set jsonp response wrap function, other plugin can use it.
-     * If not necessary, please don't use this method in your application code.
-     * @param {Object} body response body
-     * @private
-     */
-    createJsonpBody(body) {
-        const jsonpConfig = Reflect.get(this, JSONP_CONFIG);
-        if (!jsonpConfig?.jsonpFunction) {
-            this.body = body;
-            return;
-        }
-        this.set('x-content-type-options', 'nosniff');
-        this.type = 'js';
-        body = body === undefined ? null : body;
-        // protect from jsonp xss
-        this.body = jsonpBody(body, jsonpConfig.jsonpFunction, jsonpConfig.options);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29udGV4dC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hcHAvZXh0ZW5kL2NvbnRleHQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLEtBQUssSUFBSSxTQUFTLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFDaEQsT0FBTyxFQUFFLE9BQU8sRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUN0QyxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFeEQsTUFBTSxDQUFDLE9BQU8sT0FBTyxZQUFhLFNBQVEsT0FBTztJQUMvQzs7T0FFRztJQUNILElBQUksV0FBVztRQUNiLE1BQU0sV0FBVyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBUSxDQUFDO1FBQzNELE9BQU8sQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxlQUFlLENBQUMsSUFBUztRQUN2QixNQUFNLFdBQVcsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxZQUFZLENBQVEsQ0FBQztRQUMzRCxJQUFJLENBQUMsV0FBVyxFQUFFLGFBQWEsRUFBRSxDQUFDO1lBQ2hDLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDO1lBQ2pCLE9BQU87UUFDVCxDQUFDO1FBRUQsSUFBSSxDQUFDLEdBQUcsQ0FBQyx3QkFBd0IsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUM5QyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQztRQUNqQixJQUFJLEdBQUcsSUFBSSxLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7UUFDeEMseUJBQXlCO1FBQ3pCLElBQUksQ0FBQyxJQUFJLEdBQUcsU0FBUyxDQUFDLElBQUksRUFBRSxXQUFXLENBQUMsYUFBYSxFQUFFLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUM5RSxDQUFDO0NBQ0YifQ==

package/dist/esm/config/config.default.d.ts

@@ -1,5 +0,0 @@
-import type { JSONPConfig } from '../types.js';
-declare const _default: {
-    jsonp: JSONPConfig;
-};
-export default _default;

package/dist/esm/config/config.default.js

@@ -1,9 +0,0 @@
-export default {
-    jsonp: {
-        limit: 50,
-        callback: ['_callback', 'callback'],
-        csrf: false,
-        whiteList: undefined,
-    },
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmRlZmF1bHQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY29uZmlnL2NvbmZpZy5kZWZhdWx0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLGVBQWU7SUFDYixLQUFLLEVBQUU7UUFDTCxLQUFLLEVBQUUsRUFBRTtRQUNULFFBQVEsRUFBRSxDQUFFLFdBQVcsRUFBRSxVQUFVLENBQUU7UUFDckMsSUFBSSxFQUFFLEtBQUs7UUFDWCxTQUFTLEVBQUUsU0FBUztLQUNOO0NBQ2pCLENBQUMifQ==

package/dist/esm/error/JSONPForbiddenReferrerError.d.ts

@@ -1,5 +0,0 @@
-export declare class JSONPForbiddenReferrerError extends Error {
-    referrer: string;
-    status: number;
-    constructor(message: string, referrer: string, status: number);
-}

package/dist/esm/error/JSONPForbiddenReferrerError.js

@@ -1,12 +0,0 @@
-export class JSONPForbiddenReferrerError extends Error {
-    referrer;
-    status;
-    constructor(message, referrer, status) {
-        super(message);
-        this.name = this.constructor.name;
-        this.referrer = referrer;
-        this.status = status;
-        Error.captureStackTrace(this, this.constructor);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSlNPTlBGb3JiaWRkZW5SZWZlcnJlckVycm9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2Vycm9yL0pTT05QRm9yYmlkZGVuUmVmZXJyZXJFcnJvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxNQUFNLE9BQU8sMkJBQTRCLFNBQVEsS0FBSztJQUNwRCxRQUFRLENBQVM7SUFDakIsTUFBTSxDQUFTO0lBRWYsWUFBWSxPQUFlLEVBQUUsUUFBZ0IsRUFBRSxNQUFjO1FBQzNELEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNmLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUM7UUFDbEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLENBQUM7UUFDekIsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDckIsS0FBSyxDQUFDLGlCQUFpQixDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDbEQsQ0FBQztDQUNGIn0=

package/dist/esm/index.d.ts

@@ -1 +0,0 @@
-import './types.js';

package/dist/esm/index.js

@@ -1,2 +0,0 @@
-import './types.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxZQUFZLENBQUMifQ==

package/dist/esm/lib/private_key.d.ts

@@ -1 +0,0 @@
-export declare const JSONP_CONFIG: unique symbol;

package/dist/esm/lib/private_key.js

@@ -1,2 +0,0 @@
-export const JSONP_CONFIG = Symbol('jsonp#config');
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJpdmF0ZV9rZXkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL3ByaXZhdGVfa2V5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsY0FBYyxDQUFDLENBQUMifQ==

package/dist/esm/package.json

@@ -1,3 +0,0 @@
-{
-  "type": "module"
-}

package/dist/esm/types.d.ts

@@ -1,50 +0,0 @@
-import type { MiddlewareFunc } from '@eggjs/core';
-/**
- * jsonp options
- * @member Config#jsonp
- */
-export interface JSONPConfig {
-    /**
-     * jsonp callback methods key, default to `['_callback', 'callback' ]`
-     */
-    callback: string[] | string;
-    /**
-     * callback method name's max length, default to `50`
-     */
-    limit: number;
-    /**
-     * enable csrf check or not, default to `false`
-     */
-    csrf: boolean;
-    /**
-     * referrer white list, default to `undefined`
-     */
-    whiteList?: string | RegExp | (string | RegExp)[];
-}
-declare module '@eggjs/core' {
-    interface EggAppConfig {
-        jsonp: JSONPConfig;
-    }
-    interface Context {
-        /**
-         * detect if response should be jsonp
-         */
-        acceptJSONP: boolean;
-        /**
-         * JSONP wrap body function
-         * Set jsonp response wrap function, other plugin can use it.
-         * If not necessary, please don't use this method in your application code.
-         * @param {Object} body response body
-         * @private
-         */
-        createJsonpBody(body: any): void;
-    }
-    interface EggCore {
-        /**
-         * return a middleware to enable jsonp response.
-         * will do some security check inside.
-         * @public
-         */
-        jsonp(initOptions?: Partial<JSONPConfig>): MiddlewareFunc;
-    }
-}

package/dist/esm/types.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/package.json

@@ -1,4 +0,0 @@
-{
-  "name": "@eggjs/jsonp",
-  "version": "3.0.0"
-}

package/src/app/extend/application.ts

@@ -1,131 +0,0 @@
-import { debuglog } from 'node:util';
-import { parse as urlParse, type UrlWithStringQuery } from 'node:url';
-import type { ParsedUrlQuery } from 'node:querystring';
-import { EggCore, type MiddlewareFunc } from '@eggjs/core';
-import { JSONP_CONFIG } from '../../lib/private_key.js';
-import { JSONPConfig } from '../../types.js';
-import { JSONPForbiddenReferrerError } from '../../error/JSONPForbiddenReferrerError.js';
-import JSONPContext from './context.js';
-
-const debug = debuglog('@egg/jsonp/app/extend/application');
-
-export default class JSONPApplication extends EggCore {
-  /**
-   * return a middleware to enable jsonp response.
-   * will do some security check inside.
-   * @public
-   */
-  jsonp(initOptions: Partial<JSONPConfig> = {}): MiddlewareFunc {
-    const options = {
-      ...this.config.jsonp,
-      ...initOptions,
-    } as JSONPConfig & { callback: string[] };
-    if (!Array.isArray(options.callback)) {
-      options.callback = [ options.callback ];
-    }
-
-    const csrfEnable = this.plugins.security && this.plugins.security.enable // security enable
-      && this.config.security.csrf && this.config.security.csrf.enable !== false // csrf enable
-      && options.csrf; // jsonp csrf enabled
-
-    const validateReferrer = options.whiteList && createValidateReferer(options.whiteList);
-
-    if (!csrfEnable && !validateReferrer) {
-      this.coreLogger.warn('[@eggjs/jsonp] SECURITY WARNING!! csrf check and referrer check are both closed!');
-    }
-    /**
-     * jsonp request security check, pass if
-     *
-     * 1. hit referrer white list
-     * 2. or pass csrf check
-     * 3. both check are disabled
-     *
-     * @param {Context} ctx request context
-     */
-    function securityAssert(ctx: JSONPContext) {
-      // all disabled. don't need check
-      if (!csrfEnable && !validateReferrer) return;
-
-      // pass referrer check
-      const referrer = ctx.get<string>('referrer');
-      if (validateReferrer && validateReferrer(referrer)) return;
-      if (csrfEnable && validateCsrf(ctx)) return;
-
-      throw new JSONPForbiddenReferrerError(
-        'jsonp request security validate failed',
-        referrer,
-        403);
-    }
-
-    return async function jsonp(ctx: JSONPContext, next) {
-      const jsonpFunction = getJsonpFunction(ctx.query, options.callback);
-
-      ctx[JSONP_CONFIG] = {
-        jsonpFunction,
-        options,
-      };
-
-      // before handle request, must do some security checks
-      securityAssert(ctx);
-
-      await next();
-
-      // generate jsonp body
-      ctx.createJsonpBody(ctx.body);
-    };
-  }
-}
-
-function createValidateReferer(whiteList: Required<JSONPConfig>['whiteList']) {
-  if (!Array.isArray(whiteList)) {
-    whiteList = [ whiteList ];
-  }
-
-  return (referrer: string) => {
-    let parsed: UrlWithStringQuery | undefined;
-    for (const rule of whiteList) {
-      if (rule instanceof RegExp) {
-        if (rule.test(referrer)) {
-          // regexp(/^https?:\/\/github.com\//): test the referrer with rule
-          return true;
-        }
-        continue;
-      }
-
-      parsed = parsed ?? urlParse(referrer);
-      const hostname = parsed.hostname || '';
-
-      // check if referrer's hostname match the string rule
-      if (rule[0] === '.' &&
-        (hostname.endsWith(rule) || hostname === rule.slice(1))) {
-        // string start with `.`(.github.com): referrer's hostname must ends with rule
-        return true;
-      } else if (hostname === rule) {
-        // string not start with `.`(github.com): referrer's hostname must strict equal to rule
-        return true;
-      }
-    }
-
-    // no rule matched
-    return false;
-  };
-}
-
-function validateCsrf(ctx: any) {
-  try {
-    // TODO(fengmk2): remove this when @eggjs/security support ctx.assertCsrf type define
-    ctx.assertCsrf();
-    return true;
-  } catch (err) {
-    debug('validate csrf failed: %s', err);
-    return false;
-  }
-}
-
-function getJsonpFunction(query: ParsedUrlQuery, callbacks: string[]) {
-  for (const callback of callbacks) {
-    if (query[callback]) {
-      return query[callback] as string;
-    }
-  }
-}

package/src/app/extend/context.ts

@@ -1,34 +0,0 @@
-import { jsonp as jsonpBody } from 'jsonp-body';
-import { Context } from '@eggjs/core';
-import { JSONP_CONFIG } from '../../lib/private_key.js';
-
-export default class JSONPContext extends Context {
-  /**
-   * detect if response should be jsonp
-   */
-  get acceptJSONP() {
-    const jsonpConfig = Reflect.get(this, JSONP_CONFIG) as any;
-    return !!(jsonpConfig?.jsonpFunction);
-  }
-
-  /**
-   * JSONP wrap body function
-   * Set jsonp response wrap function, other plugin can use it.
-   * If not necessary, please don't use this method in your application code.
-   * @param {Object} body response body
-   * @private
-   */
-  createJsonpBody(body: any) {
-    const jsonpConfig = Reflect.get(this, JSONP_CONFIG) as any;
-    if (!jsonpConfig?.jsonpFunction) {
-      this.body = body;
-      return;
-    }
-
-    this.set('x-content-type-options', 'nosniff');
-    this.type = 'js';
-    body = body === undefined ? null : body;
-    // protect from jsonp xss
-    this.body = jsonpBody(body, jsonpConfig.jsonpFunction, jsonpConfig.options);
-  }
-}

package/src/config/config.default.ts

@@ -1,10 +0,0 @@
-import type { JSONPConfig } from '../types.js';
-
-export default {
-  jsonp: {
-    limit: 50,
-    callback: [ '_callback', 'callback' ],
-    csrf: false,
-    whiteList: undefined,
-  } as JSONPConfig,
-};

package/src/error/JSONPForbiddenReferrerError.ts

@@ -1,12 +0,0 @@
-export class JSONPForbiddenReferrerError extends Error {
-  referrer: string;
-  status: number;
-
-  constructor(message: string, referrer: string, status: number) {
-    super(message);
-    this.name = this.constructor.name;
-    this.referrer = referrer;
-    this.status = status;
-    Error.captureStackTrace(this, this.constructor);
-  }
-}

package/src/index.ts

@@ -1 +0,0 @@
-import './types.js';

package/src/lib/private_key.ts

@@ -1 +0,0 @@
-export const JSONP_CONFIG = Symbol('jsonp#config');

package/src/types.ts

@@ -1,55 +0,0 @@
-import type { MiddlewareFunc } from '@eggjs/core';
-
-/**
- * jsonp options
- * @member Config#jsonp
- */
-export interface JSONPConfig {
-  /**
-   * jsonp callback methods key, default to `['_callback', 'callback' ]`
-   */
-  callback: string[] | string;
-  /**
-   * callback method name's max length, default to `50`
-   */
-  limit: number;
-  /**
-   * enable csrf check or not, default to `false`
-   */
-  csrf: boolean;
-  /**
-   * referrer white list, default to `undefined`
-   */
-  whiteList?: string | RegExp | (string | RegExp)[];
-}
-
-declare module '@eggjs/core' {
-  // add EggAppConfig overrides types
-  interface EggAppConfig {
-    jsonp: JSONPConfig;
-  }
-
-  interface Context {
-    /**
-     * detect if response should be jsonp
-     */
-    acceptJSONP: boolean;
-    /**
-     * JSONP wrap body function
-     * Set jsonp response wrap function, other plugin can use it.
-     * If not necessary, please don't use this method in your application code.
-     * @param {Object} body response body
-     * @private
-     */
-    createJsonpBody(body: any): void;
-  }
-
-  interface EggCore {
-    /**
-     * return a middleware to enable jsonp response.
-     * will do some security check inside.
-     * @public
-     */
-    jsonp(initOptions?: Partial<JSONPConfig>): MiddlewareFunc;
-  }
-}

package/src/typings/index.d.ts

@@ -1,4 +0,0 @@
-// make sure to import egg typings and let typescript know about it
-// @see https://github.com/whxaxes/blog/issues/11
-// and https://www.typescriptlang.org/docs/handbook/declaration-merging.html
-import 'egg';