@eggjs/security 4.0.1 → 5.0.0-beta.15

package/dist/commonjs/app/middleware/securities.js

@@ -1,55 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const node_assert_1 = __importDefault(require("node:assert"));
-const koa_compose_1 = __importDefault(require("koa-compose"));
-const egg_path_matching_1 = require("egg-path-matching");
-const index_js_1 = __importDefault(require("../../lib/middlewares/index.js"));
-exports.default = (_, app) => {
-    const options = app.config.security;
-    const middlewares = [];
-    const defaultMiddlewares = typeof options.defaultMiddleware === 'string'
-        ? options.defaultMiddleware.split(',').map(m => m.trim()).filter(m => !!m)
-        : options.defaultMiddleware;
-    if (options.match || options.ignore) {
-        app.coreLogger.warn('[@eggjs/security/middleware/securities] Please set `match` or `ignore` on sub config');
-    }
-    // format csrf.cookieDomain
-    const originalCookieDomain = options.csrf.cookieDomain;
-    if (originalCookieDomain && typeof originalCookieDomain !== 'function') {
-        options.csrf.cookieDomain = () => originalCookieDomain;
-    }
-    defaultMiddlewares.forEach(middlewareName => {
-        const opt = Reflect.get(options, middlewareName);
-        if (opt === false) {
-            app.coreLogger.warn('[egg-security] Please use `config.security.%s = { enable: false }` instead of `config.security.%s = false`', middlewareName, middlewareName);
-        }
-        (0, node_assert_1.default)(opt === false || typeof opt === 'object', `config.security.${middlewareName} must be an object, or false(if you turn it off)`);
-        if (opt === false || opt && opt.enable === false) {
-            return;
-        }
-        if (middlewareName === 'csrf' && opt.useSession && !app.plugins.session) {
-            throw new Error('csrf.useSession enabled, but session plugin is disabled');
-        }
-        // use opt.match first (compatibility)
-        if (opt.match && opt.ignore) {
-            app.coreLogger.warn('[@eggjs/security/middleware/securities] `options.match` and `options.ignore` are both set, using `options.match`');
-            opt.ignore = undefined;
-        }
-        if (!opt.ignore && opt.blackUrls) {
-            app.deprecate('[@eggjs/security/middleware/securities] Please use `config.security.xframe.ignore` instead, `config.security.xframe.blackUrls` will be removed very soon');
-            opt.ignore = opt.blackUrls;
-        }
-        // set matching function to security middleware options
-        opt.matching = (0, egg_path_matching_1.pathMatching)(opt);
-        const createMiddleware = index_js_1.default[middlewareName];
-        const fn = createMiddleware(opt);
-        middlewares.push(fn);
-        app.coreLogger.info('[@eggjs/security/middleware/securities] use %s middleware', middlewareName);
-    });
-    app.coreLogger.info('[@eggjs/security/middleware/securities] compose %d middlewares into one security middleware', middlewares.length);
-    return (0, koa_compose_1.default)(middlewares);
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdGllcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hcHAvbWlkZGxld2FyZS9zZWN1cml0aWVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsOERBQWlDO0FBQ2pDLDhEQUFrQztBQUNsQyx5REFBaUQ7QUFFakQsOEVBQWlFO0FBR2pFLGtCQUFlLENBQUMsQ0FBVSxFQUFFLEdBQVksRUFBRSxFQUFFO0lBQzFDLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO0lBQ3BDLE1BQU0sV0FBVyxHQUFxQixFQUFFLENBQUM7SUFDekMsTUFBTSxrQkFBa0IsR0FBRyxPQUFPLE9BQU8sQ0FBQyxpQkFBaUIsS0FBSyxRQUFRO1FBQ3RFLENBQUMsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQTZCO1FBQ3RHLENBQUMsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLENBQUM7SUFFOUIsSUFBSSxPQUFPLENBQUMsS0FBSyxJQUFJLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNwQyxHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxzRkFBc0YsQ0FBQyxDQUFDO0lBQzlHLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsTUFBTSxvQkFBb0IsR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQztJQUN2RCxJQUFJLG9CQUFvQixJQUFJLE9BQU8sb0JBQW9CLEtBQUssVUFBVSxFQUFFLENBQUM7UUFDdkUsT0FBTyxDQUFDLElBQUksQ0FBQyxZQUFZLEdBQUcsR0FBRyxFQUFFLENBQUMsb0JBQW9CLENBQUM7SUFDekQsQ0FBQztJQUVELGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsRUFBRTtRQUMxQyxNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxjQUFjLENBQVEsQ0FBQztRQUN4RCxJQUFJLEdBQUcsS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUNsQixHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyw0R0FBNEcsRUFBRSxjQUFjLEVBQUUsY0FBYyxDQUFDLENBQUM7UUFDcEssQ0FBQztRQUVELElBQUEscUJBQU0sRUFBQyxHQUFHLEtBQUssS0FBSyxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFDN0MsbUJBQW1CLGNBQWMsa0RBQWtELENBQUMsQ0FBQztRQUV2RixJQUFJLEdBQUcsS0FBSyxLQUFLLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDakQsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLGNBQWMsS0FBSyxNQUFNLElBQUksR0FBRyxDQUFDLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDeEUsTUFBTSxJQUFJLEtBQUssQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO1FBQzdFLENBQUM7UUFFRCxzQ0FBc0M7UUFDdEMsSUFBSSxHQUFHLENBQUMsS0FBSyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM1QixHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxrSEFBa0gsQ0FBQyxDQUFDO1lBQ3hJLEdBQUcsQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1FBQ3pCLENBQUM7UUFDRCxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sSUFBSSxHQUFHLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDakMsR0FBRyxDQUFDLFNBQVMsQ0FBQywwSkFBMEosQ0FBQyxDQUFDO1lBQzFLLEdBQUcsQ0FBQyxNQUFNLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQztRQUM3QixDQUFDO1FBQ0QsdURBQXVEO1FBQ3ZELEdBQUcsQ0FBQyxRQUFRLEdBQUcsSUFBQSxnQ0FBWSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRWpDLE1BQU0sZ0JBQWdCLEdBQUcsa0JBQW1CLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDN0QsTUFBTSxFQUFFLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDakMsV0FBVyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNyQixHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQywyREFBMkQsRUFBRSxjQUFjLENBQUMsQ0FBQztJQUNuRyxDQUFDLENBQUMsQ0FBQztJQUVILEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLDZGQUE2RixFQUMvRyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDdEIsT0FBTyxJQUFBLHFCQUFPLEVBQUMsV0FBVyxDQUFDLENBQUM7QUFDOUIsQ0FBQyxDQUFDIn0=

package/dist/commonjs/app.d.ts

@@ -1,6 +0,0 @@
-import type { ILifecycleBoot, EggCore } from '@eggjs/core';
-export default class AppBoot implements ILifecycleBoot {
-    private readonly app;
-    constructor(app: EggCore);
-    configWillLoad(): void;
-}

package/dist/commonjs/app.js

@@ -1,29 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const utils_js_1 = require("./lib/utils.js");
-const config_default_js_1 = require("./config/config.default.js");
-class AppBoot {
-    app;
-    constructor(app) {
-        this.app = app;
-    }
-    configWillLoad() {
-        const app = this.app;
-        app.config.coreMiddleware.push('securities');
-        // parse config and check if config is legal
-        const parsed = config_default_js_1.SecurityConfig.parse(app.config.security);
-        if (typeof app.config.security.csrf === 'boolean') {
-            // support old config: `config.security.csrf = false`
-            app.config.security.csrf = parsed.csrf;
-        }
-        if (app.config.security.csrf.enable) {
-            const { ignoreJSON } = app.config.security.csrf;
-            if (ignoreJSON) {
-                app.deprecate('[@eggjs/security/app] `config.security.csrf.ignoreJSON` is not safe now, please disable it.');
-            }
-        }
-        (0, utils_js_1.preprocessConfig)(app.config.security);
-    }
-}
-exports.default = AppBoot;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2FwcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLDZDQUFrRDtBQUNsRCxrRUFBNEQ7QUFFNUQsTUFBcUIsT0FBTztJQUNULEdBQUcsQ0FBQztJQUVyQixZQUFZLEdBQVk7UUFDdEIsSUFBSSxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUM7SUFDakIsQ0FBQztJQUVELGNBQWM7UUFDWixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDO1FBQ3JCLEdBQUcsQ0FBQyxNQUFNLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM3Qyw0Q0FBNEM7UUFDNUMsTUFBTSxNQUFNLEdBQUcsa0NBQWMsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN6RCxJQUFJLE9BQU8sR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ2xELHFEQUFxRDtZQUNyRCxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQztRQUN6QyxDQUFDO1FBRUQsSUFBSSxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDcEMsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNoRCxJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNmLEdBQUcsQ0FBQyxTQUFTLENBQUMsNkZBQTZGLENBQUMsQ0FBQztZQUMvRyxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUEsMkJBQWdCLEVBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN4QyxDQUFDO0NBQ0Y7QUExQkQsMEJBMEJDIn0=