@eggjs/security 4.0.1 → 5.0.0-beta.15

package/dist/commonjs/lib/middlewares/referrerPolicy.js

@@ -1,36 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const utils_js_1 = require("../utils.js");
-// https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Referrer-Policy
-const ALLOWED_POLICIES_ENUM = [
-    'no-referrer',
-    'no-referrer-when-downgrade',
-    'origin',
-    'origin-when-cross-origin',
-    'same-origin',
-    'strict-origin',
-    'strict-origin-when-cross-origin',
-    'unsafe-url',
-    '',
-];
-exports.default = (options) => {
-    return async function referrerPolicy(ctx, next) {
-        await next();
-        const opts = {
-            ...options,
-            // check refererPolicy for backward compatibility
-            // typo on the old version
-            // @see https://github.com/eggjs/security/blob/e3408408adec5f8d009d37f75126ed082481d0ac/lib/middlewares/referrerPolicy.js#L21C59-L21C72
-            ...ctx.securityOptions.refererPolicy,
-            ...ctx.securityOptions.referrerPolicy,
-        };
-        if ((0, utils_js_1.checkIfIgnore)(opts, ctx))
-            return;
-        const policy = opts.value;
-        if (!ALLOWED_POLICIES_ENUM.includes(policy)) {
-            throw new Error('"' + policy + '" is not available.');
-        }
-        ctx.set('referrer-policy', policy);
-    };
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVmZXJyZXJQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbGliL21pZGRsZXdhcmVzL3JlZmVycmVyUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQ0EsMENBQTRDO0FBRzVDLDRFQUE0RTtBQUM1RSxNQUFNLHFCQUFxQixHQUFHO0lBQzVCLGFBQWE7SUFDYiw0QkFBNEI7SUFDNUIsUUFBUTtJQUNSLDBCQUEwQjtJQUMxQixhQUFhO0lBQ2IsZUFBZTtJQUNmLGlDQUFpQztJQUNqQyxZQUFZO0lBQ1osRUFBRTtDQUNILENBQUM7QUFFRixrQkFBZSxDQUFDLE9BQXlDLEVBQUUsRUFBRTtJQUMzRCxPQUFPLEtBQUssVUFBVSxjQUFjLENBQUMsR0FBWSxFQUFFLElBQVU7UUFDM0QsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUViLE1BQU0sSUFBSSxHQUFHO1lBQ1gsR0FBRyxPQUFPO1lBQ1YsaURBQWlEO1lBQ2pELDBCQUEwQjtZQUMxQix1SUFBdUk7WUFDdkksR0FBSSxHQUFHLENBQUMsZUFBdUIsQ0FBQyxhQUFhO1lBQzdDLEdBQUcsR0FBRyxDQUFDLGVBQWUsQ0FBQyxjQUFjO1NBQ3RDLENBQUM7UUFDRixJQUFJLElBQUEsd0JBQWEsRUFBQyxJQUFJLEVBQUUsR0FBRyxDQUFDO1lBQUUsT0FBTztRQUVyQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDO1FBQzFCLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUM1QyxNQUFNLElBQUksS0FBSyxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcscUJBQXFCLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsR0FBRyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxNQUFNLENBQUMsQ0FBQztJQUNyQyxDQUFDLENBQUM7QUFDSixDQUFDLENBQUMifQ==

package/dist/commonjs/lib/middlewares/xframe.d.ts

@@ -1,4 +0,0 @@
-import type { Context, Next } from '@eggjs/core';
-import type { SecurityConfig } from '../../types.js';
-declare const _default: (options: SecurityConfig["xframe"]) => (ctx: Context, next: Next) => Promise<void>;
-export default _default;

package/dist/commonjs/lib/middlewares/xframe.js

@@ -1,19 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const utils_js_1 = require("../utils.js");
-exports.default = (options) => {
-    return async function xframe(ctx, next) {
-        await next();
-        const opts = {
-            ...options,
-            ...ctx.securityOptions.xframe,
-        };
-        if ((0, utils_js_1.checkIfIgnore)(opts, ctx))
-            return;
-        // DENY, SAMEORIGIN, ALLOW-FROM
-        // https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header
-        const value = opts.value || 'SAMEORIGIN';
-        ctx.set('x-frame-options', value);
-    };
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieGZyYW1lLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2xpYi9taWRkbGV3YXJlcy94ZnJhbWUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSwwQ0FBNEM7QUFHNUMsa0JBQWUsQ0FBQyxPQUFpQyxFQUFFLEVBQUU7SUFDbkQsT0FBTyxLQUFLLFVBQVUsTUFBTSxDQUFDLEdBQVksRUFBRSxJQUFVO1FBQ25ELE1BQU0sSUFBSSxFQUFFLENBQUM7UUFFYixNQUFNLElBQUksR0FBRztZQUNYLEdBQUcsT0FBTztZQUNWLEdBQUcsR0FBRyxDQUFDLGVBQWUsQ0FBQyxNQUFNO1NBQzlCLENBQUM7UUFDRixJQUFJLElBQUEsd0JBQWEsRUFBQyxJQUFJLEVBQUUsR0FBRyxDQUFDO1lBQUUsT0FBTztRQUVyQywrQkFBK0I7UUFDL0Isc0lBQXNJO1FBQ3RJLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLElBQUksWUFBWSxDQUFDO1FBQ3pDLEdBQUcsQ0FBQyxHQUFHLENBQUMsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDcEMsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=

package/dist/commonjs/lib/middlewares/xssProtection.d.ts

@@ -1,4 +0,0 @@
-import type { Context, Next } from '@eggjs/core';
-import type { SecurityConfig } from '../../types.js';
-declare const _default: (options: SecurityConfig["xssProtection"]) => (ctx: Context, next: Next) => Promise<void>;
-export default _default;

package/dist/commonjs/lib/middlewares/xssProtection.js

@@ -1,16 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const utils_js_1 = require("../utils.js");
-exports.default = (options) => {
-    return async function xssProtection(ctx, next) {
-        await next();
-        const opts = {
-            ...options,
-            ...ctx.securityOptions.xssProtection,
-        };
-        if ((0, utils_js_1.checkIfIgnore)(opts, ctx))
-            return;
-        ctx.set('x-xss-protection', opts.value);
-    };
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieHNzUHJvdGVjdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9saWIvbWlkZGxld2FyZXMveHNzUHJvdGVjdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLDBDQUE0QztBQUc1QyxrQkFBZSxDQUFDLE9BQXdDLEVBQUUsRUFBRTtJQUMxRCxPQUFPLEtBQUssVUFBVSxhQUFhLENBQUMsR0FBWSxFQUFFLElBQVU7UUFDMUQsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUViLE1BQU0sSUFBSSxHQUFHO1lBQ1gsR0FBRyxPQUFPO1lBQ1YsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLGFBQWE7U0FDckMsQ0FBQztRQUNGLElBQUksSUFBQSx3QkFBYSxFQUFDLElBQUksRUFBRSxHQUFHLENBQUM7WUFBRSxPQUFPO1FBRXJDLEdBQUcsQ0FBQyxHQUFHLENBQUMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQzFDLENBQUMsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9

package/dist/commonjs/lib/utils.d.ts

@@ -1,19 +0,0 @@
-import { Context } from '@eggjs/core';
-import type { PathMatchingFun } from 'egg-path-matching';
-import { SecurityConfig } from '../types.js';
-/**
- * Check whether a domain is in the safe domain white list or not.
- * @param {String} domain The inputted domain.
- * @param {Array<string>} whiteList The white list for domain.
- * @return {Boolean} If the `domain` is in the white list, return true; otherwise false.
- */
-export declare function isSafeDomain(domain: string, whiteList: string[]): boolean;
-export declare function isSafePath(path: string, ctx: Context): boolean;
-export declare function checkIfIgnore(opts: {
-    enable: boolean;
-    matching?: PathMatchingFun;
-}, ctx: Context): boolean;
-export declare function getCookieDomain(hostname: string): string;
-export declare function merge(origin: Record<string, any>, opts?: Record<string, any>): Record<string, any>;
-export declare function preprocessConfig(config: SecurityConfig): void;
-export declare function getFromUrl(url: string, prop?: string): string | null;

package/dist/commonjs/lib/utils.js

@@ -1,206 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isSafeDomain = isSafeDomain;
-exports.isSafePath = isSafePath;
-exports.checkIfIgnore = checkIfIgnore;
-exports.getCookieDomain = getCookieDomain;
-exports.merge = merge;
-exports.preprocessConfig = preprocessConfig;
-exports.getFromUrl = getFromUrl;
-const node_path_1 = require("node:path");
-const matcher_1 = __importDefault(require("matcher"));
-const ip_1 = __importDefault(require("@eggjs/ip"));
-/**
- * Check whether a domain is in the safe domain white list or not.
- * @param {String} domain The inputted domain.
- * @param {Array<string>} whiteList The white list for domain.
- * @return {Boolean} If the `domain` is in the white list, return true; otherwise false.
- */
-function isSafeDomain(domain, whiteList) {
-    // domain must be string, otherwise return false
-    if (typeof domain !== 'string')
-        return false;
-    // Ignore case sensitive first
-    domain = domain.toLowerCase();
-    // add prefix `.`, because all domains in white list start with `.`
-    const hostname = '.' + domain;
-    return whiteList.some(rule => {
-        // Check whether we've got '*' as a wild character symbol
-        if (rule.includes('*')) {
-            return matcher_1.default.isMatch(domain, rule);
-        }
-        // If domain is an absolute path such as `http://...`
-        // We can directly check whether it directly equals to `domain`
-        // And we don't need to cope with `endWith`.
-        if (domain === rule)
-            return true;
-        // ensure wwweggjs.com not match eggjs.com
-        if (!/^\./.test(rule))
-            rule = `.${rule}`;
-        return hostname.endsWith(rule);
-    });
-}
-function isSafePath(path, ctx) {
-    path = '.' + path;
-    if (path.includes('%')) {
-        try {
-            path = decodeURIComponent(path);
-        }
-        catch (e) {
-            if (ctx.app.config.env === 'local' || ctx.app.config.env === 'unittest') {
-                // not under production environment, output log
-                ctx.coreLogger.warn('[@eggjs/security: dta global block] : decode file path %j failed.', path);
-            }
-        }
-    }
-    const normalizePath = (0, node_path_1.normalize)(path);
-    return !(normalizePath.startsWith('../') || normalizePath.startsWith('..\\'));
-}
-function checkIfIgnore(opts, ctx) {
-    // check opts.enable first
-    if (!opts.enable)
-        return true;
-    return !opts.matching?.(ctx);
-}
-const IP_RE = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
-const topDomains = {};
-[
-    '.net.cn', '.gov.cn', '.org.cn', '.com.cn',
-].forEach(item => {
-    topDomains[item] = 2 - item.split('.').length;
-});
-function getCookieDomain(hostname) {
-    // TODO(fengmk2): support ipv6
-    if (IP_RE.test(hostname)) {
-        return hostname;
-    }
-    // app.test.domain.com => .test.domain.com
-    // app.stable.domain.com => .domain.com
-    // app.domain.com => .domain.com
-    // domain=.domain.com;
-    const splits = hostname.split('.');
-    let index = -2;
-    // only when `*.test.*.com` set `.test.*.com`
-    if (splits.length >= 4 && splits[splits.length - 3] === 'test') {
-        index = -3;
-    }
-    let domain = getDomain(splits, index);
-    if (topDomains[domain]) {
-        // app.foo.org.cn => .foo.org.cn
-        domain = getDomain(splits, index + topDomains[domain]);
-    }
-    return domain;
-}
-function getDomain(splits, index) {
-    return '.' + splits.slice(index).join('.');
-}
-function merge(origin, opts) {
-    if (!opts) {
-        return origin;
-    }
-    const res = {};
-    const originKeys = Object.keys(origin);
-    for (let i = 0; i < originKeys.length; i++) {
-        const key = originKeys[i];
-        res[key] = origin[key];
-    }
-    const keys = Object.keys(opts);
-    for (let i = 0; i < keys.length; i++) {
-        const key = keys[i];
-        res[key] = opts[key];
-    }
-    return res;
-}
-function preprocessConfig(config) {
-    // transfer ssrf.ipBlackList to ssrf.checkAddress
-    // ssrf.ipExceptionList can easily pick out unwanted ips from ipBlackList
-    // checkAddress has higher priority than ipBlackList
-    const ssrf = config.ssrf;
-    if (ssrf && ssrf.ipBlackList && !ssrf.checkAddress) {
-        const blackList = ssrf.ipBlackList.map(getContains);
-        const exceptionList = (ssrf.ipExceptionList || []).map(getContains);
-        const hostnameExceptionList = ssrf.hostnameExceptionList;
-        ssrf.checkAddress = (ipAddresses, _family, hostname) => {
-            // Check white hostname first
-            if (hostname && hostnameExceptionList) {
-                if (hostnameExceptionList.includes(hostname)) {
-                    return true;
-                }
-            }
-            // ipAddresses will be array address on Node.js >= 20
-            // [
-            //   { address: '220.181.125.241', family: 4 },
-            //   { address: '240e:964:ea02:b00:3::3ec', family: 6 }
-            // ]
-            if (!Array.isArray(ipAddresses)) {
-                ipAddresses = [ipAddresses];
-            }
-            for (const ipAddress of ipAddresses) {
-                let address;
-                if (typeof ipAddress === 'string') {
-                    address = ipAddress;
-                }
-                else {
-                    // FIXME: should support ipv6
-                    if (ipAddress.family === 6) {
-                        continue;
-                    }
-                    address = ipAddress.address;
-                }
-                // check white list first
-                for (const exception of exceptionList) {
-                    if (exception(address)) {
-                        return true;
-                    }
-                }
-                // check black list
-                for (const contains of blackList) {
-                    if (contains(address)) {
-                        return false;
-                    }
-                }
-            }
-            // default allow
-            return true;
-        };
-    }
-    // Make sure that `whiteList` or `protocolWhiteList` is case insensitive
-    config.domainWhiteList = config.domainWhiteList || [];
-    config.domainWhiteList = config.domainWhiteList.map((domain) => domain.toLowerCase());
-    config.protocolWhiteList = config.protocolWhiteList || [];
-    config.protocolWhiteList = config.protocolWhiteList.map((protocol) => protocol.toLowerCase());
-    // Make sure refererWhiteList is case insensitive
-    if (config.csrf && config.csrf.refererWhiteList) {
-        config.csrf.refererWhiteList = config.csrf.refererWhiteList.map((ref) => ref.toLowerCase());
-    }
-    // Directly converted to Set collection by a private property (not documented),
-    // And we NO LONGER need to do conversion in `foreach` again and again in `lib/helper/surl.ts`.
-    const protocolWhiteListSet = new Set(config.protocolWhiteList);
-    protocolWhiteListSet.add('http');
-    protocolWhiteListSet.add('https');
-    protocolWhiteListSet.add('file');
-    protocolWhiteListSet.add('data');
-    Object.defineProperty(config, '__protocolWhiteListSet', {
-        value: protocolWhiteListSet,
-        enumerable: false,
-    });
-}
-function getFromUrl(url, prop) {
-    try {
-        const parsed = new URL(url);
-        return prop ? Reflect.get(parsed, prop) : parsed;
-    }
-    catch {
-        return null;
-    }
-}
-function getContains(ip) {
-    if (ip_1.default.isV4Format(ip) || ip_1.default.isV6Format(ip)) {
-        return (address) => address === ip;
-    }
-    return ip_1.default.cidrSubnet(ip).contains;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL3V0aWxzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBYUEsb0NBcUJDO0FBRUQsZ0NBY0M7QUFFRCxzQ0FJQztBQVVELDBDQXNCQztBQU1ELHNCQWtCQztBQUVELDRDQTZFQztBQUVELGdDQU9DO0FBeE1ELHlDQUFzQztBQUN0QyxzREFBOEI7QUFDOUIsbURBQTJCO0FBSzNCOzs7OztHQUtHO0FBQ0gsU0FBZ0IsWUFBWSxDQUFDLE1BQWMsRUFBRSxTQUFtQjtJQUM5RCxnREFBZ0Q7SUFDaEQsSUFBSSxPQUFPLE1BQU0sS0FBSyxRQUFRO1FBQUUsT0FBTyxLQUFLLENBQUM7SUFDN0MsOEJBQThCO0lBQzlCLE1BQU0sR0FBRyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsbUVBQW1FO0lBQ25FLE1BQU0sUUFBUSxHQUFHLEdBQUcsR0FBRyxNQUFNLENBQUM7SUFFOUIsT0FBTyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFO1FBQzNCLHlEQUF5RDtRQUN6RCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN2QixPQUFPLGlCQUFPLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN2QyxDQUFDO1FBQ0QscURBQXFEO1FBQ3JELCtEQUErRDtRQUMvRCw0Q0FBNEM7UUFDNUMsSUFBSSxNQUFNLEtBQUssSUFBSTtZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ2pDLDBDQUEwQztRQUMxQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFBRSxJQUFJLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUN6QyxPQUFPLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDakMsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsU0FBZ0IsVUFBVSxDQUFDLElBQVksRUFBRSxHQUFZO0lBQ25ELElBQUksR0FBRyxHQUFHLEdBQUcsSUFBSSxDQUFDO0lBQ2xCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ3ZCLElBQUksQ0FBQztZQUNILElBQUksR0FBRyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNsQyxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxLQUFLLE9BQU8sSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEtBQUssVUFBVSxFQUFFLENBQUM7Z0JBQ3hFLCtDQUErQztnQkFDL0MsR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsbUVBQW1FLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDakcsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBQ0QsTUFBTSxhQUFhLEdBQUcsSUFBQSxxQkFBUyxFQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3RDLE9BQU8sQ0FBQyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksYUFBYSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0FBQ2hGLENBQUM7QUFFRCxTQUFnQixhQUFhLENBQUMsSUFBc0QsRUFBRSxHQUFZO0lBQ2hHLDBCQUEwQjtJQUMxQixJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU07UUFBRSxPQUFPLElBQUksQ0FBQztJQUM5QixPQUFPLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFFRCxNQUFNLEtBQUssR0FBRyxzQ0FBc0MsQ0FBQztBQUNyRCxNQUFNLFVBQVUsR0FBMkIsRUFBRSxDQUFDO0FBQzlDO0lBQ0UsU0FBUyxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsU0FBUztDQUMzQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRTtJQUNmLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUM7QUFDaEQsQ0FBQyxDQUFDLENBQUM7QUFFSCxTQUFnQixlQUFlLENBQUMsUUFBZ0I7SUFDOUMsOEJBQThCO0lBQzlCLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3pCLE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7SUFDRCwwQ0FBMEM7SUFDMUMsdUNBQXVDO0lBQ3ZDLGdDQUFnQztJQUNoQyxzQkFBc0I7SUFDdEIsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuQyxJQUFJLEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQztJQUVmLDZDQUE2QztJQUM3QyxJQUFJLE1BQU0sQ0FBQyxNQUFNLElBQUksQ0FBQyxJQUFJLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxLQUFLLE1BQU0sRUFBRSxDQUFDO1FBQy9ELEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQztJQUNiLENBQUM7SUFDRCxJQUFJLE1BQU0sR0FBRyxTQUFTLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3RDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDdkIsZ0NBQWdDO1FBQ2hDLE1BQU0sR0FBRyxTQUFTLENBQUMsTUFBTSxFQUFFLEtBQUssR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBQ0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQUVELFNBQVMsU0FBUyxDQUFDLE1BQWdCLEVBQUUsS0FBYTtJQUNoRCxPQUFPLEdBQUcsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUM3QyxDQUFDO0FBRUQsU0FBZ0IsS0FBSyxDQUFDLE1BQTJCLEVBQUUsSUFBMEI7SUFDM0UsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ1YsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUNELE1BQU0sR0FBRyxHQUF3QixFQUFFLENBQUM7SUFFcEMsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN2QyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsVUFBVSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzNDLE1BQU0sR0FBRyxHQUFHLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMxQixHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3pCLENBQUM7SUFFRCxNQUFNLElBQUksR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9CLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDckMsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3BCLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDdkIsQ0FBQztJQUNELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQztBQUVELFNBQWdCLGdCQUFnQixDQUFDLE1BQXNCO0lBQ3JELGlEQUFpRDtJQUNqRCx5RUFBeUU7SUFDekUsb0RBQW9EO0lBQ3BELE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUM7SUFDekIsSUFBSSxJQUFJLElBQUksSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUNuRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNwRCxNQUFNLGFBQWEsR0FBRyxDQUFDLElBQUksQ0FBQyxlQUFlLElBQUksRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3BFLE1BQU0scUJBQXFCLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDO1FBQ3pELElBQUksQ0FBQyxZQUFZLEdBQUcsQ0FBQyxXQUFXLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFO1lBQ3JELDZCQUE2QjtZQUM3QixJQUFJLFFBQVEsSUFBSSxxQkFBcUIsRUFBRSxDQUFDO2dCQUN0QyxJQUFJLHFCQUFxQixDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO29CQUM3QyxPQUFPLElBQUksQ0FBQztnQkFDZCxDQUFDO1lBQ0gsQ0FBQztZQUNELHFEQUFxRDtZQUNyRCxJQUFJO1lBQ0osK0NBQStDO1lBQy9DLHVEQUF1RDtZQUN2RCxJQUFJO1lBQ0osSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztnQkFDaEMsV0FBVyxHQUFHLENBQUUsV0FBVyxDQUFFLENBQUM7WUFDaEMsQ0FBQztZQUNELEtBQUssTUFBTSxTQUFTLElBQUksV0FBVyxFQUFFLENBQUM7Z0JBQ3BDLElBQUksT0FBZSxDQUFDO2dCQUNwQixJQUFJLE9BQU8sU0FBUyxLQUFLLFFBQVEsRUFBRSxDQUFDO29CQUNsQyxPQUFPLEdBQUcsU0FBUyxDQUFDO2dCQUN0QixDQUFDO3FCQUFNLENBQUM7b0JBQ04sNkJBQTZCO29CQUM3QixJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7d0JBQzNCLFNBQVM7b0JBQ1gsQ0FBQztvQkFDRCxPQUFPLEdBQUcsU0FBUyxDQUFDLE9BQU8sQ0FBQztnQkFDOUIsQ0FBQztnQkFDRCx5QkFBeUI7Z0JBQ3pCLEtBQUssTUFBTSxTQUFTLElBQUksYUFBYSxFQUFFLENBQUM7b0JBQ3RDLElBQUksU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7d0JBQ3ZCLE9BQU8sSUFBSSxDQUFDO29CQUNkLENBQUM7Z0JBQ0gsQ0FBQztnQkFDRCxtQkFBbUI7Z0JBQ25CLEtBQUssTUFBTSxRQUFRLElBQUksU0FBUyxFQUFFLENBQUM7b0JBQ2pDLElBQUksUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7d0JBQ3RCLE9BQU8sS0FBSyxDQUFDO29CQUNmLENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7WUFDRCxnQkFBZ0I7WUFDaEIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7SUFDSixDQUFDO0lBRUQsd0VBQXdFO0lBQ3hFLE1BQU0sQ0FBQyxlQUFlLEdBQUcsTUFBTSxDQUFDLGVBQWUsSUFBSSxFQUFFLENBQUM7SUFDdEQsTUFBTSxDQUFDLGVBQWUsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQWMsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFFOUYsTUFBTSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsSUFBSSxFQUFFLENBQUM7SUFDMUQsTUFBTSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFnQixFQUFFLEVBQUUsQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUV0RyxpREFBaUQ7SUFDakQsSUFBSSxNQUFNLENBQUMsSUFBSSxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUNoRCxNQUFNLENBQUMsSUFBSSxDQUFDLGdCQUFnQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBVyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUN0RyxDQUFDO0lBRUQsK0VBQStFO0lBQy9FLCtGQUErRjtJQUMvRixNQUFNLG9CQUFvQixHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQy9ELG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDbEMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ2pDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUVqQyxNQUFNLENBQUMsY0FBYyxDQUFDLE1BQU0sRUFBRSx3QkFBd0IsRUFBRTtRQUN0RCxLQUFLLEVBQUUsb0JBQW9CO1FBQzNCLFVBQVUsRUFBRSxLQUFLO0tBQ2xCLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRCxTQUFnQixVQUFVLENBQUMsR0FBVyxFQUFFLElBQWE7SUFDbkQsSUFBSSxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDNUIsT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUM7SUFDbkQsQ0FBQztJQUFDLE1BQU0sQ0FBQztRQUNQLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztBQUNILENBQUM7QUFFRCxTQUFTLFdBQVcsQ0FBQyxFQUFVO0lBQzdCLElBQUksWUFBRSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsSUFBSSxZQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDM0MsT0FBTyxDQUFDLE9BQWUsRUFBRSxFQUFFLENBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztJQUM3QyxDQUFDO0lBQ0QsT0FBTyxZQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQztBQUNwQyxDQUFDIn0=

package/dist/commonjs/package.json

@@ -1,3 +0,0 @@
-{
-  "type": "commonjs"
-}

package/dist/commonjs/types.d.ts

@@ -1,10 +0,0 @@
-import './app/extend/application.js';
-import './app/extend/context.js';
-import type { SecurityConfig, SecurityHelperConfig } from './config/config.default.js';
-export type * from './config/config.default.js';
-declare module '@eggjs/core' {
-    interface EggAppConfig {
-        security: SecurityConfig;
-        helper: SecurityHelperConfig;
-    }
-}

package/dist/commonjs/types.js

@@ -1,5 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-require("./app/extend/application.js");
-require("./app/extend/context.js");
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFBQSx1Q0FBcUM7QUFDckMsbUNBQWlDIn0=

package/dist/esm/agent.d.ts

@@ -1,6 +0,0 @@
-import type { ILifecycleBoot, EggCore } from '@eggjs/core';
-export default class AgentBoot implements ILifecycleBoot {
-    private readonly agent;
-    constructor(agent: EggCore);
-    configWillLoad(): Promise<void>;
-}

package/dist/esm/agent.js

@@ -1,11 +0,0 @@
-import { preprocessConfig } from './lib/utils.js';
-export default class AgentBoot {
-    agent;
-    constructor(agent) {
-        this.agent = agent;
-    }
-    async configWillLoad() {
-        preprocessConfig(this.agent.config.security);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYWdlbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFbEQsTUFBTSxDQUFDLE9BQU8sT0FBTyxTQUFTO0lBQ1gsS0FBSyxDQUFDO0lBRXZCLFlBQVksS0FBYztRQUN4QixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQixDQUFDO0lBRUQsS0FBSyxDQUFDLGNBQWM7UUFDbEIsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDL0MsQ0FBQztDQUNGIn0=

package/dist/esm/app/extend/agent.d.ts

@@ -1,5 +0,0 @@
-import { EggCore } from '@eggjs/core';
-import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.js';
-export default class SecurityAgent extends EggCore {
-    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-}

package/dist/esm/app/extend/agent.js

@@ -1,8 +0,0 @@
-import { EggCore } from '@eggjs/core';
-import { safeCurlForApplication, } from '../../lib/extend/safe_curl.js';
-export default class SecurityAgent extends EggCore {
-    async safeCurl(url, options) {
-        return await safeCurlForApplication(this, url, options);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hZ2VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ3RDLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLENBQUMsT0FBTyxPQUFPLGFBQWMsU0FBUSxPQUFPO0lBQ2hELEtBQUssQ0FBQyxRQUFRLENBQ1osR0FBeUIsRUFBRSxPQUEyQjtRQUN0RCxPQUFPLE1BQU0sc0JBQXNCLENBQUksSUFBSSxFQUFFLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM3RCxDQUFDO0NBQ0YifQ==

package/dist/esm/app/extend/application.d.ts

@@ -1,16 +0,0 @@
-import { EggCore } from '@eggjs/core';
-import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.js';
-export default class SecurityApplication extends EggCore {
-    injectCsrf(html: string): string;
-    injectNonce(html: string): string;
-    injectHijackingDefense(html: string): string;
-    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-}
-declare module '@eggjs/core' {
-    interface EggCore {
-        injectCsrf(html: string): string;
-        injectNonce(html: string): string;
-        injectHijackingDefense(html: string): string;
-        safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-    }
-}

package/dist/esm/app/extend/application.js

@@ -1,32 +0,0 @@
-import { EggCore } from '@eggjs/core';
-import { safeCurlForApplication, } from '../../lib/extend/safe_curl.js';
-const INPUT_CSRF = '\r\n<input type="hidden" name="_csrf" value="{{ctx.csrf}}" /></form>';
-const INJECTION_DEFENSE = '<!--for injection--><!--</html>--><!--for injection-->';
-export default class SecurityApplication extends EggCore {
-    injectCsrf(html) {
-        html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
-            const match = $2;
-            if (match.indexOf('name="_csrf"') !== -1 || match.indexOf('name=\'_csrf\'') !== -1) {
-                return $1 + match + '</form>';
-            }
-            return $1 + match + INPUT_CSRF;
-        });
-        return html;
-    }
-    injectNonce(html) {
-        html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
-            if (!$1.includes('nonce=')) {
-                $1 += ' nonce="{{ctx.nonce}}"';
-            }
-            return '<script' + $1 + '>' + $2 + '</script>';
-        });
-        return html;
-    }
-    injectHijackingDefense(html) {
-        return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
-    }
-    async safeCurl(url, options) {
-        return await safeCurlForApplication(this, url, options);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwbGljYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hcHBsaWNhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ3RDLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLFVBQVUsR0FBRyxzRUFBc0UsQ0FBQztBQUMxRixNQUFNLGlCQUFpQixHQUFHLHdEQUF3RCxDQUFDO0FBRW5GLE1BQU0sQ0FBQyxPQUFPLE9BQU8sbUJBQW9CLFNBQVEsT0FBTztJQUN0RCxVQUFVLENBQUMsSUFBWTtRQUNyQixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQ0FBaUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDbkUsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ2pCLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDbkYsT0FBTyxFQUFFLEdBQUcsS0FBSyxHQUFHLFNBQVMsQ0FBQztZQUNoQyxDQUFDO1lBQ0QsT0FBTyxFQUFFLEdBQUcsS0FBSyxHQUFHLFVBQVUsQ0FBQztRQUNqQyxDQUFDLENBQUMsQ0FBQztRQUNILE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELFdBQVcsQ0FBQyxJQUFZO1FBQ3RCLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLDJDQUEyQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtZQUM3RSxJQUFJLENBQUMsRUFBRSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUMzQixFQUFFLElBQUksd0JBQXdCLENBQUM7WUFDakMsQ0FBQztZQUNELE9BQU8sU0FBUyxHQUFHLEVBQUUsR0FBRyxHQUFHLEdBQUcsRUFBRSxHQUFHLFdBQVcsQ0FBQztRQUNqRCxDQUFDLENBQUMsQ0FBQztRQUNILE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELHNCQUFzQixDQUFDLElBQVk7UUFDakMsT0FBTyxpQkFBaUIsR0FBRyxJQUFJLEdBQUcsaUJBQWlCLENBQUM7SUFDdEQsQ0FBQztJQUVELEtBQUssQ0FBQyxRQUFRLENBQ1osR0FBeUIsRUFBRSxPQUEyQjtRQUN0RCxPQUFPLE1BQU0sc0JBQXNCLENBQUksSUFBSSxFQUFFLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM3RCxDQUFDO0NBQ0YifQ==

package/dist/esm/app/extend/context.d.ts

@@ -1,68 +0,0 @@
-import { Context } from '@eggjs/core';
-import type { HttpClientRequestURL, HttpClientOptions, HttpClientResponse } from '../../lib/extend/safe_curl.js';
-import { SecurityConfig, SecurityHelperConfig } from '../../types.js';
-declare const CSRF_SECRET: unique symbol;
-declare const LOG_CSRF_NOTICE: unique symbol;
-declare const INPUT_TOKEN: unique symbol;
-declare const CSRF_REFERER_CHECK: unique symbol;
-declare const CSRF_CTOKEN_CHECK: unique symbol;
-export default class SecurityContext extends Context {
-    get securityOptions(): Partial<SecurityConfig>;
-    /**
-     * Check whether the specific `domain` is in / matches the whiteList or not.
-     * @param {string} domain The assigned domain.
-     * @param {Array<string>} [customWhiteList] The custom white list for domain.
-     * @return {boolean} If the domain is in / matches the whiteList, return true;
-     * otherwise false.
-     */
-    isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
-    get nonce(): string;
-    /**
-     * get csrf token, general use in template
-     * @return {String} csrf token
-     * @public
-     */
-    get csrf(): string;
-    /**
-     * get csrf secret from session or cookie
-     * @return {String} csrf secret
-     * @private
-     */
-    get [CSRF_SECRET](): string;
-    /**
-     * ensure csrf secret exists in session or cookie.
-     * @param {Boolean} [rotate] reset secret even if the secret exists
-     * @public
-     */
-    ensureCsrfSecret(rotate?: boolean): void;
-    get [INPUT_TOKEN](): string;
-    /**
-     * rotate csrf secret exists in session or cookie.
-     * must rotate the secret when user login
-     * @public
-     */
-    rotateCsrfSecret(): void;
-    /**
-     * assert csrf token/referer is present
-     * @public
-     */
-    assertCsrf(): void;
-    [CSRF_CTOKEN_CHECK](): "missing csrf token" | "invalid csrf token" | undefined;
-    [CSRF_REFERER_CHECK](): "missing csrf referer or origin" | "invalid csrf referer or origin" | undefined;
-    [LOG_CSRF_NOTICE](msg: string): void;
-    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-    unsafeRedirect(url: string, alt?: string): void;
-}
-declare module '@eggjs/core' {
-    interface Context {
-        get securityOptions(): Partial<SecurityConfig & SecurityHelperConfig>;
-        isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
-        get nonce(): string;
-        get csrf(): string;
-        ensureCsrfSecret(rotate?: boolean): void;
-        rotateCsrfSecret(): void;
-        assertCsrf(): void;
-        safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-    }
-}
-export {};