npm - @eggjs/security - Versions diffs - 4.0.0 - Mend

@eggjs/security 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (183) hide show

package/LICENSE +21 -0
package/README.md +569 -0
package/README.zh-CN.md +441 -0
package/dist/commonjs/agent.d.ts +6 -0
package/dist/commonjs/agent.js +14 -0
package/dist/commonjs/app/extend/agent.d.ts +5 -0
package/dist/commonjs/app/extend/agent.js +11 -0
package/dist/commonjs/app/extend/application.d.ts +16 -0
package/dist/commonjs/app/extend/application.js +35 -0
package/dist/commonjs/app/extend/context.d.ts +68 -0
package/dist/commonjs/app/extend/context.js +283 -0
package/dist/commonjs/app/extend/helper.d.ts +12 -0
package/dist/commonjs/app/extend/helper.js +10 -0
package/dist/commonjs/app/extend/response.d.ts +41 -0
package/dist/commonjs/app/extend/response.js +85 -0
package/dist/commonjs/app/middleware/securities.d.ts +4 -0
package/dist/commonjs/app/middleware/securities.js +55 -0
package/dist/commonjs/app.d.ts +6 -0
package/dist/commonjs/app.js +29 -0
package/dist/commonjs/config/config.default.d.ts +871 -0
package/dist/commonjs/config/config.default.js +357 -0
package/dist/commonjs/config/config.local.d.ts +5 -0
package/dist/commonjs/config/config.local.js +10 -0
package/dist/commonjs/index.d.ts +1 -0
package/dist/commonjs/index.js +14 -0
package/dist/commonjs/lib/extend/safe_curl.d.ts +16 -0
package/dist/commonjs/lib/extend/safe_curl.js +28 -0
package/dist/commonjs/lib/helper/cliFilter.d.ts +4 -0
package/dist/commonjs/lib/helper/cliFilter.js +20 -0
package/dist/commonjs/lib/helper/escape.d.ts +2 -0
package/dist/commonjs/lib/helper/escape.js +8 -0
package/dist/commonjs/lib/helper/escapeShellArg.d.ts +1 -0
package/dist/commonjs/lib/helper/escapeShellArg.js +8 -0
package/dist/commonjs/lib/helper/escapeShellCmd.d.ts +1 -0
package/dist/commonjs/lib/helper/escapeShellCmd.js +17 -0
package/dist/commonjs/lib/helper/index.d.ts +21 -0
package/dist/commonjs/lib/helper/index.js +26 -0
package/dist/commonjs/lib/helper/shtml.d.ts +2 -0
package/dist/commonjs/lib/helper/shtml.js +76 -0
package/dist/commonjs/lib/helper/sjs.d.ts +4 -0
package/dist/commonjs/lib/helper/sjs.js +52 -0
package/dist/commonjs/lib/helper/sjson.d.ts +1 -0
package/dist/commonjs/lib/helper/sjson.js +45 -0
package/dist/commonjs/lib/helper/spath.d.ts +5 -0
package/dist/commonjs/lib/helper/spath.js +28 -0
package/dist/commonjs/lib/helper/surl.d.ts +2 -0
package/dist/commonjs/lib/helper/surl.js +33 -0
package/dist/commonjs/lib/middlewares/csp.d.ts +4 -0
package/dist/commonjs/lib/middlewares/csp.js +68 -0
package/dist/commonjs/lib/middlewares/csrf.d.ts +4 -0
package/dist/commonjs/lib/middlewares/csrf.js +42 -0
package/dist/commonjs/lib/middlewares/dta.d.ts +3 -0
package/dist/commonjs/lib/middlewares/dta.js +14 -0
package/dist/commonjs/lib/middlewares/hsts.d.ts +4 -0
package/dist/commonjs/lib/middlewares/hsts.js +23 -0
package/dist/commonjs/lib/middlewares/index.d.ts +13 -0
package/dist/commonjs/lib/middlewares/index.js +28 -0
package/dist/commonjs/lib/middlewares/methodnoallow.d.ts +3 -0
package/dist/commonjs/lib/middlewares/methodnoallow.js +22 -0
package/dist/commonjs/lib/middlewares/noopen.d.ts +4 -0
package/dist/commonjs/lib/middlewares/noopen.js +17 -0
package/dist/commonjs/lib/middlewares/nosniff.d.ts +4 -0
package/dist/commonjs/lib/middlewares/nosniff.js +30 -0
package/dist/commonjs/lib/middlewares/referrerPolicy.d.ts +4 -0
package/dist/commonjs/lib/middlewares/referrerPolicy.js +36 -0
package/dist/commonjs/lib/middlewares/xframe.d.ts +4 -0
package/dist/commonjs/lib/middlewares/xframe.js +19 -0
package/dist/commonjs/lib/middlewares/xssProtection.d.ts +4 -0
package/dist/commonjs/lib/middlewares/xssProtection.js +16 -0
package/dist/commonjs/lib/utils.d.ts +19 -0
package/dist/commonjs/lib/utils.js +206 -0
package/dist/commonjs/package.json +3 -0
package/dist/commonjs/types.d.ts +10 -0
package/dist/commonjs/types.js +5 -0
package/dist/esm/agent.d.ts +6 -0
package/dist/esm/agent.js +11 -0
package/dist/esm/app/extend/agent.d.ts +5 -0
package/dist/esm/app/extend/agent.js +8 -0
package/dist/esm/app/extend/application.d.ts +16 -0
package/dist/esm/app/extend/application.js +32 -0
package/dist/esm/app/extend/context.d.ts +68 -0
package/dist/esm/app/extend/context.js +244 -0
package/dist/esm/app/extend/helper.d.ts +12 -0
package/dist/esm/app/extend/helper.js +5 -0
package/dist/esm/app/extend/response.d.ts +41 -0
package/dist/esm/app/extend/response.js +82 -0
package/dist/esm/app/middleware/securities.d.ts +4 -0
package/dist/esm/app/middleware/securities.js +50 -0
package/dist/esm/app.d.ts +6 -0
package/dist/esm/app.js +26 -0
package/dist/esm/config/config.default.d.ts +871 -0
package/dist/esm/config/config.default.js +351 -0
package/dist/esm/config/config.local.d.ts +5 -0
package/dist/esm/config/config.local.js +8 -0
package/dist/esm/index.d.ts +1 -0
package/dist/esm/index.js +12 -0
package/dist/esm/lib/extend/safe_curl.d.ts +16 -0
package/dist/esm/lib/extend/safe_curl.js +25 -0
package/dist/esm/lib/helper/cliFilter.d.ts +4 -0
package/dist/esm/lib/helper/cliFilter.js +17 -0
package/dist/esm/lib/helper/escape.d.ts +2 -0
package/dist/esm/lib/helper/escape.js +3 -0
package/dist/esm/lib/helper/escapeShellArg.d.ts +1 -0
package/dist/esm/lib/helper/escapeShellArg.js +5 -0
package/dist/esm/lib/helper/escapeShellCmd.d.ts +1 -0
package/dist/esm/lib/helper/escapeShellCmd.js +14 -0
package/dist/esm/lib/helper/index.d.ts +21 -0
package/dist/esm/lib/helper/index.js +21 -0
package/dist/esm/lib/helper/shtml.d.ts +2 -0
package/dist/esm/lib/helper/shtml.js +70 -0
package/dist/esm/lib/helper/sjs.d.ts +4 -0
package/dist/esm/lib/helper/sjs.js +49 -0
package/dist/esm/lib/helper/sjson.d.ts +1 -0
package/dist/esm/lib/helper/sjson.js +39 -0
package/dist/esm/lib/helper/spath.d.ts +5 -0
package/dist/esm/lib/helper/spath.js +25 -0
package/dist/esm/lib/helper/surl.d.ts +2 -0
package/dist/esm/lib/helper/surl.js +30 -0
package/dist/esm/lib/middlewares/csp.d.ts +4 -0
package/dist/esm/lib/middlewares/csp.js +63 -0
package/dist/esm/lib/middlewares/csrf.d.ts +4 -0
package/dist/esm/lib/middlewares/csrf.js +37 -0
package/dist/esm/lib/middlewares/dta.d.ts +3 -0
package/dist/esm/lib/middlewares/dta.js +12 -0
package/dist/esm/lib/middlewares/hsts.d.ts +4 -0
package/dist/esm/lib/middlewares/hsts.js +21 -0
package/dist/esm/lib/middlewares/index.d.ts +13 -0
package/dist/esm/lib/middlewares/index.js +23 -0
package/dist/esm/lib/middlewares/methodnoallow.d.ts +3 -0
package/dist/esm/lib/middlewares/methodnoallow.js +20 -0
package/dist/esm/lib/middlewares/noopen.d.ts +4 -0
package/dist/esm/lib/middlewares/noopen.js +15 -0
package/dist/esm/lib/middlewares/nosniff.d.ts +4 -0
package/dist/esm/lib/middlewares/nosniff.js +28 -0
package/dist/esm/lib/middlewares/referrerPolicy.d.ts +4 -0
package/dist/esm/lib/middlewares/referrerPolicy.js +34 -0
package/dist/esm/lib/middlewares/xframe.d.ts +4 -0
package/dist/esm/lib/middlewares/xframe.js +17 -0
package/dist/esm/lib/middlewares/xssProtection.d.ts +4 -0
package/dist/esm/lib/middlewares/xssProtection.js +14 -0
package/dist/esm/lib/utils.d.ts +19 -0
package/dist/esm/lib/utils.js +194 -0
package/dist/esm/package.json +3 -0
package/dist/esm/types.d.ts +10 -0
package/dist/esm/types.js +3 -0
package/dist/package.json +4 -0
package/package.json +116 -0
package/src/agent.ts +14 -0
package/src/app/extend/agent.ts +14 -0
package/src/app/extend/application.ts +51 -0
package/src/app/extend/context.ts +282 -0
package/src/app/extend/helper.ts +5 -0
package/src/app/extend/response.ts +95 -0
package/src/app/middleware/securities.ts +63 -0
package/src/app.ts +31 -0
package/src/config/config.default.ts +379 -0
package/src/config/config.local.ts +9 -0
package/src/index.ts +12 -0
package/src/lib/extend/safe_curl.ts +35 -0
package/src/lib/helper/cliFilter.ts +20 -0
package/src/lib/helper/escape.ts +3 -0
package/src/lib/helper/escapeShellArg.ts +4 -0
package/src/lib/helper/escapeShellCmd.ts +16 -0
package/src/lib/helper/index.ts +21 -0
package/src/lib/helper/shtml.ts +77 -0
package/src/lib/helper/sjs.ts +57 -0
package/src/lib/helper/sjson.ts +35 -0
package/src/lib/helper/spath.ts +27 -0
package/src/lib/helper/surl.ts +35 -0
package/src/lib/middlewares/csp.ts +70 -0
package/src/lib/middlewares/csrf.ts +44 -0
package/src/lib/middlewares/dta.ts +13 -0
package/src/lib/middlewares/hsts.ts +24 -0
package/src/lib/middlewares/index.ts +23 -0
package/src/lib/middlewares/methodnoallow.ts +23 -0
package/src/lib/middlewares/noopen.ts +18 -0
package/src/lib/middlewares/nosniff.ts +32 -0
package/src/lib/middlewares/referrerPolicy.ts +39 -0
package/src/lib/middlewares/xframe.ts +20 -0
package/src/lib/middlewares/xssProtection.ts +17 -0
package/src/lib/utils.ts +208 -0
package/src/types.ts +16 -0
package/src/typings/index.d.ts +4 -0

package/dist/esm/config/config.default.d.ts ADDED Viewed

@@ -0,0 +1,871 @@
+import z from 'zod';
+import { Context } from '@eggjs/core';
+declare const CSRFSupportRequestItem: z.ZodObject<{
+    path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+    methods: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    path: RegExp;
+    methods: string[];
+}, {
+    path: RegExp;
+    methods: string[];
+}>;
+export type CSRFSupportRequestItem = z.infer<typeof CSRFSupportRequestItem>;
+export declare const LookupAddress: z.ZodObject<{
+    address: z.ZodString;
+    family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    family: number;
+}, {
+    address: string;
+    family: number;
+}>;
+export type LookupAddress = z.infer<typeof LookupAddress>;
+declare const SSRFCheckAddressFunction: z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+    address: z.ZodString;
+    family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    family: number;
+}, {
+    address: string;
+    family: number;
+}>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+    address: z.ZodString;
+    family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    family: number;
+}, {
+    address: string;
+    family: number;
+}>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
+/**
+ * SSRF check address function
+ * `(address, family, hostname) => boolean`
+ */
+export type SSRFCheckAddressFunction = z.infer<typeof SSRFCheckAddressFunction>;
+export declare const SecurityMiddlewareName: z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>;
+export type SecurityMiddlewareName = z.infer<typeof SecurityMiddlewareName>;
+/**
+ * (ctx) => boolean
+ */
+declare const IgnoreOrMatchHandler: z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>;
+export type IgnoreOrMatchHandler = z.infer<typeof IgnoreOrMatchHandler>;
+declare const IgnoreOrMatch: z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>;
+export type IgnoreOrMatch = z.infer<typeof IgnoreOrMatch>;
+declare const IgnoreOrMatchOption: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+export type IgnoreOrMatchOption = z.infer<typeof IgnoreOrMatchOption>;
+/**
+ * security options
+ * @member Config#security
+ */
+export declare const SecurityConfig: z.ZodObject<{
+    /**
+     * domain white list
+     *
+     * Default to `[]`
+     */
+    domainWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * protocol white list
+     *
+     * Default to `[]`
+     */
+    protocolWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * default open security middleware
+     *
+     * Default to `'csrf,hsts,methodnoallow,noopen,nosniff,csp,xssProtection,xframe,dta'`
+     */
+    defaultMiddleware: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>, "many">]>>;
+    /**
+     * whether defend csrf attack
+     */
+    csrf: z.ZodEffects<z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * csrf token detect source type
+         *
+         * Default to `'ctoken'`
+         */
+        type: z.ZodDefault<z.ZodEnum<["ctoken", "referer", "all", "any"]>>;
+        /**
+         * ignore json request
+         *
+         * Default to `false`
+         *
+         * @deprecated is not safe now, don't use it
+         */
+        ignoreJSON: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * csrf token cookie name
+         *
+         * Default to `'csrfToken'`
+         */
+        cookieName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+        /**
+         * csrf token session name
+         *
+         * Default to `'csrfToken'`
+         */
+        sessionName: z.ZodDefault<z.ZodString>;
+        /**
+         * csrf token request header name
+         *
+         * Default to `'x-csrf-token'`
+         */
+        headerName: z.ZodDefault<z.ZodString>;
+        /**
+         * csrf token request body field name
+         *
+         * Default to `'_csrf'`
+         */
+        bodyName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+        /**
+         * csrf token request query field name
+         *
+         * Default to `'_csrf'`
+         */
+        queryName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+        /**
+         * rotate csrf token when it is invalid
+         *
+         * Default to `false`
+         */
+        rotateWhenInvalid: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * These config works when using `'ctoken'` type
+         *
+         * Default to `false`
+         */
+        useSession: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * csrf token cookie domain setting,
+         * can be `(ctx) => string` or `string`
+         *
+         * Default to `undefined`, auto set the cookie domain in the safe way
+         */
+        cookieDomain: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodString>]>>;
+        /**
+         * csrf token check requests config
+         */
+        supportedRequests: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+            methods: z.ZodArray<z.ZodString, "many">;
+        }, "strip", z.ZodTypeAny, {
+            path: RegExp;
+            methods: string[];
+        }, {
+            path: RegExp;
+            methods: string[];
+        }>, "many">>;
+        /**
+         * referer or origin header white list.
+         * It only works when using `'referer'` type
+         *
+         * Default to `[]`
+         */
+        refererWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        /**
+         * csrf token cookie options
+         *
+         * Default to `{
+         *   signed: false,
+         *   httpOnly: false,
+         *   overwrite: true,
+         * }`
+         */
+        cookieOptions: z.ZodDefault<z.ZodObject<{
+            signed: z.ZodBoolean;
+            httpOnly: z.ZodBoolean;
+            overwrite: z.ZodBoolean;
+        }, "strip", z.ZodTypeAny, {
+            signed: boolean;
+            httpOnly: boolean;
+            overwrite: boolean;
+        }, {
+            signed: boolean;
+            httpOnly: boolean;
+            overwrite: boolean;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        type: "ctoken" | "referer" | "all" | "any";
+        enable: boolean;
+        ignoreJSON: boolean;
+        cookieName: string | string[];
+        sessionName: string;
+        headerName: string;
+        bodyName: string | string[];
+        queryName: string | string[];
+        rotateWhenInvalid: boolean;
+        useSession: boolean;
+        supportedRequests: {
+            path: RegExp;
+            methods: string[];
+        }[];
+        refererWhiteList: string[];
+        cookieOptions: {
+            signed: boolean;
+            httpOnly: boolean;
+            overwrite: boolean;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    }, {
+        type?: "ctoken" | "referer" | "all" | "any" | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        ignoreJSON?: boolean | undefined;
+        cookieName?: string | string[] | undefined;
+        sessionName?: string | undefined;
+        headerName?: string | undefined;
+        bodyName?: string | string[] | undefined;
+        queryName?: string | string[] | undefined;
+        rotateWhenInvalid?: boolean | undefined;
+        useSession?: boolean | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+        supportedRequests?: {
+            path: RegExp;
+            methods: string[];
+        }[] | undefined;
+        refererWhiteList?: string[] | undefined;
+        cookieOptions?: {
+            signed: boolean;
+            httpOnly: boolean;
+            overwrite: boolean;
+        } | undefined;
+    }>>, {
+        type: "ctoken" | "referer" | "all" | "any";
+        enable: boolean;
+        ignoreJSON: boolean;
+        cookieName: string | string[];
+        sessionName: string;
+        headerName: string;
+        bodyName: string | string[];
+        queryName: string | string[];
+        rotateWhenInvalid: boolean;
+        useSession: boolean;
+        supportedRequests: {
+            path: RegExp;
+            methods: string[];
+        }[];
+        refererWhiteList: string[];
+        cookieOptions: {
+            signed: boolean;
+            httpOnly: boolean;
+            overwrite: boolean;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    }, unknown>;
+    /**
+     * whether enable X-Frame-Options response header
+     */
+    xframe: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * X-Frame-Options value, can be `'DENY'`, `'SAMEORIGIN'`, `'ALLOW-FROM https://example.com'`
+         *
+         * Default to `'SAMEORIGIN'`
+         */
+        value: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        value?: string | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable Strict-Transport-Security response header
+     */
+    hsts: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `false`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Max age of Strict-Transport-Security in seconds
+         *
+         * Default to `365 * 24 * 3600`
+         */
+        maxAge: z.ZodDefault<z.ZodNumber>;
+        /**
+         * Whether include sub domains
+         *
+         * Default to `false`
+         */
+        includeSubdomains: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        maxAge: number;
+        includeSubdomains: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        maxAge?: number | undefined;
+        includeSubdomains?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable Http Method filter
+     */
+    methodnoallow: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable IE automatically download open
+     */
+    noopen: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable IE8 automatically detect mime
+     */
+    nosniff: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable IE8 XSS Filter
+     */
+    xssProtection: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * X-XSS-Protection response header value
+         *
+         * Default to `'1; mode=block'`
+         */
+        value: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        value?: string | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * content security policy config
+     */
+    csp: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `false`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        policy: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">, z.ZodBoolean]>>>;
+        /**
+         * whether enable report only mode
+         * Default to `undefined`
+         */
+        reportOnly: z.ZodOptional<z.ZodBoolean>;
+        /**
+         * whether support IE
+         * Default to `undefined`
+         */
+        supportIE: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        policy: Record<string, string | boolean | string[]>;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        policy?: Record<string, string | boolean | string[]> | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable referrer policy
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+     */
+    referrerPolicy: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `false`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * referrer policy value
+         *
+         * Default to `'no-referrer-when-downgrade'`
+         */
+        value: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        value?: string | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable auto avoid directory traversal attack
+     */
+    dta: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    ssrf: z.ZodDefault<z.ZodObject<{
+        ipBlackList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        ipExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        hostnameExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        checkAddress: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+            address: z.ZodString;
+            family: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            address: string;
+            family: number;
+        }, {
+            address: string;
+            family: number;
+        }>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+            address: z.ZodString;
+            family: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            address: string;
+            family: number;
+        }, {
+            address: string;
+            family: number;
+        }>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>>;
+    }, "strip", z.ZodTypeAny, {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    }, {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    }>>;
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    __protocolWhiteListSet: z.ZodReadonly<z.ZodOptional<z.ZodSet<z.ZodString>>>;
+}, "strip", z.ZodTypeAny, {
+    domainWhiteList: string[];
+    protocolWhiteList: string[];
+    csrf: {
+        type: "ctoken" | "referer" | "all" | "any";
+        enable: boolean;
+        ignoreJSON: boolean;
+        cookieName: string | string[];
+        sessionName: string;
+        headerName: string;
+        bodyName: string | string[];
+        queryName: string | string[];
+        rotateWhenInvalid: boolean;
+        useSession: boolean;
+        supportedRequests: {
+            path: RegExp;
+            methods: string[];
+        }[];
+        refererWhiteList: string[];
+        cookieOptions: {
+            signed: boolean;
+            httpOnly: boolean;
+            overwrite: boolean;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    };
+    hsts: {
+        enable: boolean;
+        maxAge: number;
+        includeSubdomains: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    methodnoallow: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    noopen: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    nosniff: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    csp: {
+        enable: boolean;
+        policy: Record<string, string | boolean | string[]>;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    };
+    xssProtection: {
+        value: string;
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    xframe: {
+        value: string;
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    dta: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+    referrerPolicy: {
+        value: string;
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    ssrf: {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}, {
+    domainWhiteList?: string[] | undefined;
+    protocolWhiteList?: string[] | undefined;
+    csrf?: unknown;
+    hsts?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        maxAge?: number | undefined;
+        includeSubdomains?: boolean | undefined;
+    } | undefined;
+    methodnoallow?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    noopen?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    nosniff?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    csp?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        policy?: Record<string, string | boolean | string[]> | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    } | undefined;
+    xssProtection?: {
+        value?: string | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    xframe?: {
+        value?: string | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    dta?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    defaultMiddleware?: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[] | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    referrerPolicy?: {
+        value?: string | undefined;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    ssrf?: {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    } | undefined;
+    __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}>;
+export type SecurityConfig = z.infer<typeof SecurityConfig>;
+declare const SecurityHelperOnTagAttrHandler: z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>;
+/**
+ * (tag: string, name: string, value: string, isWhiteAttr: boolean) => string | void
+ */
+export type SecurityHelperOnTagAttrHandler = z.infer<typeof SecurityHelperOnTagAttrHandler>;
+export declare const SecurityHelperConfig: z.ZodObject<{
+    shtml: z.ZodDefault<z.ZodObject<{
+        /**
+         * tag attribute white list
+         */
+        whiteList: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+        /**
+         * domain white list
+         * @deprecated use `config.security.domainWhiteList` instead
+         */
+        domainWhiteList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        /**
+         * tag attribute handler
+         */
+        onTagAttr: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>>;
+    }, "strip", z.ZodTypeAny, {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    }, {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    shtml: {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    };
+}, {
+    shtml?: {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    } | undefined;
+}>;
+export type SecurityHelperConfig = z.infer<typeof SecurityHelperConfig>;
+declare const _default: {
+    security: {
+        domainWhiteList: string[];
+        protocolWhiteList: string[];
+        csrf: {
+            type: "ctoken" | "referer" | "all" | "any";
+            enable: boolean;
+            ignoreJSON: boolean;
+            cookieName: string | string[];
+            sessionName: string;
+            headerName: string;
+            bodyName: string | string[];
+            queryName: string | string[];
+            rotateWhenInvalid: boolean;
+            useSession: boolean;
+            supportedRequests: {
+                path: RegExp;
+                methods: string[];
+            }[];
+            refererWhiteList: string[];
+            cookieOptions: {
+                signed: boolean;
+                httpOnly: boolean;
+                overwrite: boolean;
+            };
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+        };
+        hsts: {
+            enable: boolean;
+            maxAge: number;
+            includeSubdomains: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        methodnoallow: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        noopen: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        nosniff: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        csp: {
+            enable: boolean;
+            policy: Record<string, string | boolean | string[]>;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            reportOnly?: boolean | undefined;
+            supportIE?: boolean | undefined;
+        };
+        xssProtection: {
+            value: string;
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        xframe: {
+            value: string;
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        dta: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+        referrerPolicy: {
+            value: string;
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        ssrf: {
+            ipBlackList?: string[] | undefined;
+            ipExceptionList?: string[] | undefined;
+            hostnameExceptionList?: string[] | undefined;
+            checkAddress?: ((args_0: string | {
+                address: string;
+                family: number;
+            } | (string | {
+                address: string;
+                family: number;
+            })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+    };
+    helper: {
+        shtml: {
+            domainWhiteList?: string[] | undefined;
+            whiteList?: Record<string, string[]> | undefined;
+            onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+        };
+    };
+};
+export default _default;