@eggjs/security 4.0.1 → 5.0.0-beta.15

package/dist/config/config.default.d.ts

@@ -0,0 +1,874 @@
+import z from "zod";
+import { Context } from "egg";
+
+//#region src/config/config.default.d.ts
+declare const CSRFSupportRequestItem: z.ZodObject<{
+  path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+  methods: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+  path: RegExp;
+  methods: string[];
+}, {
+  path: RegExp;
+  methods: string[];
+}>;
+type CSRFSupportRequestItem = z.infer<typeof CSRFSupportRequestItem>;
+declare const LookupAddress: z.ZodObject<{
+  address: z.ZodString;
+  family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+  address: string;
+  family: number;
+}, {
+  address: string;
+  family: number;
+}>;
+type LookupAddress = z.infer<typeof LookupAddress>;
+declare const SSRFCheckAddressFunction: z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+  address: z.ZodString;
+  family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+  address: string;
+  family: number;
+}, {
+  address: string;
+  family: number;
+}>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+  address: z.ZodString;
+  family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+  address: string;
+  family: number;
+}, {
+  address: string;
+  family: number;
+}>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
+/**
+ * SSRF check address function
+ * `(address, family, hostname) => boolean`
+ */
+type SSRFCheckAddressFunction = z.infer<typeof SSRFCheckAddressFunction>;
+declare const SecurityMiddlewareName: z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>;
+type SecurityMiddlewareName = z.infer<typeof SecurityMiddlewareName>;
+/**
+ * (ctx) => boolean
+ */
+declare const IgnoreOrMatchHandler: z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>;
+type IgnoreOrMatchHandler = z.infer<typeof IgnoreOrMatchHandler>;
+declare const IgnoreOrMatch: z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>;
+type IgnoreOrMatch = z.infer<typeof IgnoreOrMatch>;
+declare const IgnoreOrMatchOption: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+type IgnoreOrMatchOption = z.infer<typeof IgnoreOrMatchOption>;
+/**
+ * security options
+ * @member Config#security
+ */
+declare const SecurityConfig: z.ZodObject<{
+  /**
+   * domain white list
+   *
+   * Default to `[]`
+   */
+  domainWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+  /**
+   * protocol white list
+   *
+   * Default to `[]`
+   */
+  protocolWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+  /**
+   * default open security middleware
+   *
+   * Default to `'csrf,hsts,methodnoallow,noopen,nosniff,csp,xssProtection,xframe,dta'`
+   */
+  defaultMiddleware: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>, "many">]>>;
+  /**
+   * whether defend csrf attack
+   */
+  csrf: z.ZodEffects<z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * csrf token detect source type
+     *
+     * Default to `'ctoken'`
+     */
+    type: z.ZodDefault<z.ZodEnum<["ctoken", "referer", "all", "any"]>>;
+    /**
+     * ignore json request
+     *
+     * Default to `false`
+     *
+     * @deprecated is not safe now, don't use it
+     */
+    ignoreJSON: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * csrf token cookie name
+     *
+     * Default to `'csrfToken'`
+     */
+    cookieName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+    /**
+     * csrf token session name
+     *
+     * Default to `'csrfToken'`
+     */
+    sessionName: z.ZodDefault<z.ZodString>;
+    /**
+     * csrf token request header name
+     *
+     * Default to `'x-csrf-token'`
+     */
+    headerName: z.ZodDefault<z.ZodString>;
+    /**
+     * csrf token request body field name
+     *
+     * Default to `'_csrf'`
+     */
+    bodyName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+    /**
+     * csrf token request query field name
+     *
+     * Default to `'_csrf'`
+     */
+    queryName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+    /**
+     * rotate csrf token when it is invalid
+     *
+     * Default to `false`
+     */
+    rotateWhenInvalid: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * These config works when using `'ctoken'` type
+     *
+     * Default to `false`
+     */
+    useSession: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * csrf token cookie domain setting,
+     * can be `(ctx) => string` or `string`
+     *
+     * Default to `undefined`, auto set the cookie domain in the safe way
+     */
+    cookieDomain: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodString>]>>;
+    /**
+     * csrf token check requests config
+     */
+    supportedRequests: z.ZodDefault<z.ZodArray<z.ZodObject<{
+      path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+      methods: z.ZodArray<z.ZodString, "many">;
+    }, "strip", z.ZodTypeAny, {
+      path: RegExp;
+      methods: string[];
+    }, {
+      path: RegExp;
+      methods: string[];
+    }>, "many">>;
+    /**
+     * referer or origin header white list.
+     * It only works when using `'referer'` type
+     *
+     * Default to `[]`
+     */
+    refererWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * csrf token cookie options
+     *
+     * Default to `{
+     *   signed: false,
+     *   httpOnly: false,
+     *   overwrite: true,
+     * }`
+     */
+    cookieOptions: z.ZodDefault<z.ZodObject<{
+      signed: z.ZodBoolean;
+      httpOnly: z.ZodBoolean;
+      overwrite: z.ZodBoolean;
+    }, "strip", z.ZodTypeAny, {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    }, {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    }>>;
+  }, "strip", z.ZodTypeAny, {
+    type: "ctoken" | "referer" | "all" | "any";
+    enable: boolean;
+    ignoreJSON: boolean;
+    cookieName: string | string[];
+    sessionName: string;
+    headerName: string;
+    bodyName: string | string[];
+    queryName: string | string[];
+    rotateWhenInvalid: boolean;
+    useSession: boolean;
+    supportedRequests: {
+      path: RegExp;
+      methods: string[];
+    }[];
+    refererWhiteList: string[];
+    cookieOptions: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+  }, {
+    type?: "ctoken" | "referer" | "all" | "any" | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    ignoreJSON?: boolean | undefined;
+    cookieName?: string | string[] | undefined;
+    sessionName?: string | undefined;
+    headerName?: string | undefined;
+    bodyName?: string | string[] | undefined;
+    queryName?: string | string[] | undefined;
+    rotateWhenInvalid?: boolean | undefined;
+    useSession?: boolean | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    supportedRequests?: {
+      path: RegExp;
+      methods: string[];
+    }[] | undefined;
+    refererWhiteList?: string[] | undefined;
+    cookieOptions?: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    } | undefined;
+  }>>, {
+    type: "ctoken" | "referer" | "all" | "any";
+    enable: boolean;
+    ignoreJSON: boolean;
+    cookieName: string | string[];
+    sessionName: string;
+    headerName: string;
+    bodyName: string | string[];
+    queryName: string | string[];
+    rotateWhenInvalid: boolean;
+    useSession: boolean;
+    supportedRequests: {
+      path: RegExp;
+      methods: string[];
+    }[];
+    refererWhiteList: string[];
+    cookieOptions: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+  }, unknown>;
+  /**
+   * whether enable X-Frame-Options response header
+   */
+  xframe: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * X-Frame-Options value, can be `'DENY'`, `'SAMEORIGIN'`, `'ALLOW-FROM https://example.com'`
+     *
+     * Default to `'SAMEORIGIN'`
+     */
+    value: z.ZodDefault<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    value?: string | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable Strict-Transport-Security response header
+   */
+  hsts: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `false`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Max age of Strict-Transport-Security in seconds
+     *
+     * Default to `365 * 24 * 3600`
+     */
+    maxAge: z.ZodDefault<z.ZodNumber>;
+    /**
+     * Whether include sub domains
+     *
+     * Default to `false`
+     */
+    includeSubdomains: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    maxAge: number;
+    includeSubdomains: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    maxAge?: number | undefined;
+    includeSubdomains?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable Http Method filter
+   */
+  methodnoallow: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable IE automatically download open
+   */
+  noopen: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable IE8 automatically detect mime
+   */
+  nosniff: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable IE8 XSS Filter
+   */
+  xssProtection: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * X-XSS-Protection response header value
+     *
+     * Default to `'1; mode=block'`
+     */
+    value: z.ZodDefault<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    value?: string | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * content security policy config
+   */
+  csp: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `false`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    policy: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">, z.ZodBoolean]>>>;
+    /**
+     * whether enable report only mode
+     * Default to `undefined`
+     */
+    reportOnly: z.ZodOptional<z.ZodBoolean>;
+    /**
+     * whether support IE
+     * Default to `undefined`
+     */
+    supportIE: z.ZodOptional<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    policy: Record<string, string | boolean | string[]>;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    policy?: Record<string, string | boolean | string[]> | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable referrer policy
+   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+   */
+  referrerPolicy: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `false`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * referrer policy value
+     *
+     * Default to `'no-referrer-when-downgrade'`
+     */
+    value: z.ZodDefault<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    value?: string | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable auto avoid directory traversal attack
+   */
+  dta: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  ssrf: z.ZodDefault<z.ZodObject<{
+    ipBlackList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    ipExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    hostnameExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    checkAddress: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+      address: z.ZodString;
+      family: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+      address: string;
+      family: number;
+    }, {
+      address: string;
+      family: number;
+    }>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+      address: z.ZodString;
+      family: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+      address: string;
+      family: number;
+    }, {
+      address: string;
+      family: number;
+    }>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>>;
+  }, "strip", z.ZodTypeAny, {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  }, {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  }>>;
+  match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+  ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+  __protocolWhiteListSet: z.ZodReadonly<z.ZodOptional<z.ZodSet<z.ZodString>>>;
+}, "strip", z.ZodTypeAny, {
+  domainWhiteList: string[];
+  protocolWhiteList: string[];
+  csrf: {
+    type: "ctoken" | "referer" | "all" | "any";
+    enable: boolean;
+    ignoreJSON: boolean;
+    cookieName: string | string[];
+    sessionName: string;
+    headerName: string;
+    bodyName: string | string[];
+    queryName: string | string[];
+    rotateWhenInvalid: boolean;
+    useSession: boolean;
+    supportedRequests: {
+      path: RegExp;
+      methods: string[];
+    }[];
+    refererWhiteList: string[];
+    cookieOptions: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+  };
+  hsts: {
+    enable: boolean;
+    maxAge: number;
+    includeSubdomains: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  methodnoallow: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  noopen: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  nosniff: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  csp: {
+    enable: boolean;
+    policy: Record<string, string | boolean | string[]>;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  };
+  xssProtection: {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  xframe: {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  dta: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+  referrerPolicy: {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  ssrf: {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  };
+  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}, {
+  domainWhiteList?: string[] | undefined;
+  protocolWhiteList?: string[] | undefined;
+  csrf?: unknown;
+  hsts?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    maxAge?: number | undefined;
+    includeSubdomains?: boolean | undefined;
+  } | undefined;
+  methodnoallow?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  noopen?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  nosniff?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  csp?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    policy?: Record<string, string | boolean | string[]> | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  } | undefined;
+  xssProtection?: {
+    value?: string | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  xframe?: {
+    value?: string | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  dta?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  defaultMiddleware?: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[] | undefined;
+  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  referrerPolicy?: {
+    value?: string | undefined;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  ssrf?: {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  } | undefined;
+  __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}>;
+type SecurityConfig = z.infer<typeof SecurityConfig>;
+declare const SecurityHelperOnTagAttrHandler: z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>;
+/**
+ * (tag: string, name: string, value: string, isWhiteAttr: boolean) => string | void
+ */
+type SecurityHelperOnTagAttrHandler = z.infer<typeof SecurityHelperOnTagAttrHandler>;
+declare const SecurityHelperConfig: z.ZodObject<{
+  shtml: z.ZodDefault<z.ZodObject<{
+    /**
+     * tag attribute white list
+     */
+    whiteList: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+    /**
+     * domain white list
+     * @deprecated use `config.security.domainWhiteList` instead
+     */
+    domainWhiteList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * tag attribute handler
+     */
+    onTagAttr: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>>;
+  }, "strip", z.ZodTypeAny, {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  }, {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  }>>;
+}, "strip", z.ZodTypeAny, {
+  shtml: {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  };
+}, {
+  shtml?: {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  } | undefined;
+}>;
+type SecurityHelperConfig = z.infer<typeof SecurityHelperConfig>;
+declare const _default: {
+  security: {
+    domainWhiteList: string[];
+    protocolWhiteList: string[];
+    csrf: {
+      type: "ctoken" | "referer" | "all" | "any";
+      enable: boolean;
+      ignoreJSON: boolean;
+      cookieName: string | string[];
+      sessionName: string;
+      headerName: string;
+      bodyName: string | string[];
+      queryName: string | string[];
+      rotateWhenInvalid: boolean;
+      useSession: boolean;
+      supportedRequests: {
+        path: RegExp;
+        methods: string[];
+      }[];
+      refererWhiteList: string[];
+      cookieOptions: {
+        signed: boolean;
+        httpOnly: boolean;
+        overwrite: boolean;
+      };
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    };
+    hsts: {
+      enable: boolean;
+      maxAge: number;
+      includeSubdomains: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    methodnoallow: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    noopen: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    nosniff: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    csp: {
+      enable: boolean;
+      policy: Record<string, string | boolean | string[]>;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      reportOnly?: boolean | undefined;
+      supportIE?: boolean | undefined;
+    };
+    xssProtection: {
+      value: string;
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    xframe: {
+      value: string;
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    dta: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+    referrerPolicy: {
+      value: string;
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    ssrf: {
+      ipBlackList?: string[] | undefined;
+      ipExceptionList?: string[] | undefined;
+      hostnameExceptionList?: string[] | undefined;
+      checkAddress?: ((args_0: string | {
+        address: string;
+        family: number;
+      } | (string | {
+        address: string;
+        family: number;
+      })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+  };
+  helper: {
+    shtml: {
+      domainWhiteList?: string[] | undefined;
+      whiteList?: Record<string, string[]> | undefined;
+      onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    };
+  };
+};
+//#endregion
+export { CSRFSupportRequestItem, IgnoreOrMatch, IgnoreOrMatchHandler, IgnoreOrMatchOption, LookupAddress, SSRFCheckAddressFunction, SecurityConfig, SecurityHelperConfig, SecurityHelperOnTagAttrHandler, SecurityMiddlewareName, _default as default };