@eggjs/security 5.0.0-beta.17 → 5.0.0-beta.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/config/config.default.d.ts +19 -19
  2. package/dist/lib/extend/safe_curl.d.ts +2 -2
  3. package/dist/lib/middlewares/index.d.ts +11 -11
  4. package/package.json +8 -8
package/dist/config/config.default.d.ts CHANGED
@@ -218,8 +218,8 @@ declare const SecurityConfig: z.ZodObject<{
218
218
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
219
219
  cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
220
220
  }, {
221
- type?: "ctoken" | "referer" | "all" | "any" | undefined;
222
221
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
222
+ type?: "ctoken" | "referer" | "all" | "any" | undefined;
223
223
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
224
224
  enable?: boolean | undefined;
225
225
  ignoreJSON?: boolean | undefined;
@@ -288,8 +288,8 @@ declare const SecurityConfig: z.ZodObject<{
288
288
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
289
289
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
290
290
  }, {
291
- value?: string | undefined;
292
291
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
292
+ value?: string | undefined;
293
293
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
294
294
  enable?: boolean | undefined;
295
295
  }>>;
@@ -407,8 +407,8 @@ declare const SecurityConfig: z.ZodObject<{
407
407
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
408
408
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
409
409
  }, {
410
- value?: string | undefined;
411
410
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
411
+ value?: string | undefined;
412
412
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
413
413
  enable?: boolean | undefined;
414
414
  }>>;
@@ -471,8 +471,8 @@ declare const SecurityConfig: z.ZodObject<{
471
471
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
472
472
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
473
473
  }, {
474
- value?: string | undefined;
475
474
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
475
+ value?: string | undefined;
476
476
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
477
477
  enable?: boolean | undefined;
478
478
  }>>;
@@ -545,8 +545,6 @@ declare const SecurityConfig: z.ZodObject<{
545
545
  ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
546
546
  __protocolWhiteListSet: z.ZodReadonly<z.ZodOptional<z.ZodSet<z.ZodString>>>;
547
547
  }, "strip", z.ZodTypeAny, {
548
- domainWhiteList: string[];
549
- protocolWhiteList: string[];
550
548
  csrf: {
551
549
  type: "ctoken" | "referer" | "all" | "any";
552
550
  enable: boolean;
@@ -619,6 +617,8 @@ declare const SecurityConfig: z.ZodObject<{
619
617
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
620
618
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
621
619
  };
620
+ domainWhiteList: string[];
621
+ protocolWhiteList: string[];
622
622
  defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
623
623
  referrerPolicy: {
624
624
  value: string;
@@ -642,8 +642,7 @@ declare const SecurityConfig: z.ZodObject<{
642
642
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
643
643
  __protocolWhiteListSet?: ReadonlySet<string> | undefined;
644
644
  }, {
645
- domainWhiteList?: string[] | undefined;
646
- protocolWhiteList?: string[] | undefined;
645
+ match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
647
646
  csrf?: unknown;
648
647
  hsts?: {
649
648
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
@@ -676,14 +675,14 @@ declare const SecurityConfig: z.ZodObject<{
676
675
  supportIE?: boolean | undefined;
677
676
  } | undefined;
678
677
  xssProtection?: {
679
- value?: string | undefined;
680
678
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
679
+ value?: string | undefined;
681
680
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
682
681
  enable?: boolean | undefined;
683
682
  } | undefined;
684
683
  xframe?: {
685
- value?: string | undefined;
686
684
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
685
+ value?: string | undefined;
687
686
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
688
687
  enable?: boolean | undefined;
689
688
  } | undefined;
@@ -692,12 +691,13 @@ declare const SecurityConfig: z.ZodObject<{
692
691
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
693
692
  enable?: boolean | undefined;
694
693
  } | undefined;
694
+ domainWhiteList?: string[] | undefined;
695
+ protocolWhiteList?: string[] | undefined;
695
696
  defaultMiddleware?: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[] | undefined;
696
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
697
697
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
698
698
  referrerPolicy?: {
699
- value?: string | undefined;
700
699
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
700
+ value?: string | undefined;
701
701
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
702
702
  enable?: boolean | undefined;
703
703
  } | undefined;
@@ -737,32 +737,30 @@ declare const SecurityHelperConfig: z.ZodObject<{
737
737
  */
738
738
  onTagAttr: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>>;
739
739
  }, "strip", z.ZodTypeAny, {
740
- whiteList?: Record<string, string[]> | undefined;
741
740
  domainWhiteList?: string[] | undefined;
741
+ whiteList?: Record<string, string[]> | undefined;
742
742
  onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
743
743
  }, {
744
- whiteList?: Record<string, string[]> | undefined;
745
744
  domainWhiteList?: string[] | undefined;
745
+ whiteList?: Record<string, string[]> | undefined;
746
746
  onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
747
747
  }>>;
748
748
  }, "strip", z.ZodTypeAny, {
749
749
  shtml: {
750
- whiteList?: Record<string, string[]> | undefined;
751
750
  domainWhiteList?: string[] | undefined;
751
+ whiteList?: Record<string, string[]> | undefined;
752
752
  onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
753
753
  };
754
754
  }, {
755
755
  shtml?: {
756
- whiteList?: Record<string, string[]> | undefined;
757
756
  domainWhiteList?: string[] | undefined;
757
+ whiteList?: Record<string, string[]> | undefined;
758
758
  onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
759
759
  } | undefined;
760
760
  }>;
761
761
  type SecurityHelperConfig = z.infer<typeof SecurityHelperConfig>;
762
762
  declare const _default: {
763
763
  security: {
764
- domainWhiteList: string[];
765
- protocolWhiteList: string[];
766
764
  csrf: {
767
765
  type: "ctoken" | "referer" | "all" | "any";
768
766
  enable: boolean;
@@ -835,6 +833,8 @@ declare const _default: {
835
833
  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
836
834
  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
837
835
  };
836
+ domainWhiteList: string[];
837
+ protocolWhiteList: string[];
838
838
  defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
839
839
  referrerPolicy: {
840
840
  value: string;
@@ -860,8 +860,8 @@ declare const _default: {
860
860
  };
861
861
  helper: {
862
862
  shtml: {
863
- whiteList?: Record<string, string[]> | undefined;
864
863
  domainWhiteList?: string[] | undefined;
864
+ whiteList?: Record<string, string[]> | undefined;
865
865
  onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
866
866
  };
867
867
  };
package/dist/lib/extend/safe_curl.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { SSRFCheckAddressFunction } from "../../config/config.default.js";
2
- import * as egg0 from "egg";
2
+ import * as egg10 from "egg";
3
3
  import { EggApplicationCore } from "egg";
4
4
 
5
5
  //#region src/lib/extend/safe_curl.d.ts
@@ -15,6 +15,6 @@ type HttpClientResponse<T = any> = Awaited<ReturnType<HttpClient['prototype']['r
15
15
  /**
16
16
  * safe curl with ssrf protection
17
17
  */
18
- declare function safeCurlForApplication<T = any>(app: EggApplicationCore, url: HttpClientRequestURL, options?: HttpClientOptions): Promise<egg0.HttpClientResponse<T>>;
18
+ declare function safeCurlForApplication<T = any>(app: EggApplicationCore, url: HttpClientRequestURL, options?: HttpClientOptions): Promise<egg10.HttpClientResponse<T>>;
19
19
  //#endregion
20
20
  export { HttpClientOptions, HttpClientRequestURL, HttpClientResponse, safeCurlForApplication };
package/dist/lib/middlewares/index.d.ts CHANGED
@@ -1,18 +1,18 @@
1
1
  import { SecurityConfig } from "../../config/config.default.js";
2
- import * as egg1 from "egg";
2
+ import * as egg0 from "egg";
3
3
 
4
4
  //#region src/lib/middlewares/index.d.ts
5
5
  declare const _default: {
6
- csp: (options: SecurityConfig["csp"]) => egg1.MiddlewareFunc;
7
- csrf: (options: SecurityConfig["csrf"]) => egg1.MiddlewareFunc;
8
- dta: () => egg1.MiddlewareFunc;
9
- hsts: (options: SecurityConfig["hsts"]) => egg1.MiddlewareFunc;
10
- methodnoallow: () => egg1.MiddlewareFunc;
11
- noopen: (options: SecurityConfig["noopen"]) => egg1.MiddlewareFunc;
12
- nosniff: (options: SecurityConfig["nosniff"]) => egg1.MiddlewareFunc;
13
- referrerPolicy: (options: SecurityConfig["referrerPolicy"]) => egg1.MiddlewareFunc;
14
- xframe: (options: SecurityConfig["xframe"]) => egg1.MiddlewareFunc;
15
- xssProtection: (options: SecurityConfig["xssProtection"]) => egg1.MiddlewareFunc;
6
+ csp: (options: SecurityConfig["csp"]) => egg0.MiddlewareFunc;
7
+ csrf: (options: SecurityConfig["csrf"]) => egg0.MiddlewareFunc;
8
+ dta: () => egg0.MiddlewareFunc;
9
+ hsts: (options: SecurityConfig["hsts"]) => egg0.MiddlewareFunc;
10
+ methodnoallow: () => egg0.MiddlewareFunc;
11
+ noopen: (options: SecurityConfig["noopen"]) => egg0.MiddlewareFunc;
12
+ nosniff: (options: SecurityConfig["nosniff"]) => egg0.MiddlewareFunc;
13
+ referrerPolicy: (options: SecurityConfig["referrerPolicy"]) => egg0.MiddlewareFunc;
14
+ xframe: (options: SecurityConfig["xframe"]) => egg0.MiddlewareFunc;
15
+ xssProtection: (options: SecurityConfig["xssProtection"]) => egg0.MiddlewareFunc;
16
16
  };
17
17
  //#endregion
18
18
  export { _default as default };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@eggjs/security",
3
- "version": "5.0.0-beta.17",
3
+ "version": "5.0.0-beta.19",
4
4
  "type": "module",
5
5
  "publishConfig": {
6
6
  "access": "public"
@@ -84,25 +84,25 @@
84
84
  "zod": "^3.24.1"
85
85
  },
86
86
  "peerDependencies": {
87
- "egg": "4.1.0-beta.17"
87
+ "egg": "4.1.0-beta.19"
88
88
  },
89
89
  "devDependencies": {
90
90
  "@types/escape-html": "^1.0.4",
91
91
  "@types/extend": "^3.0.4",
92
92
  "@types/koa-compose": "^3.2.8",
93
93
  "@types/mocha": "^10.0.10",
94
- "@types/node": "24.5.2",
94
+ "@types/node": "^24.6.2",
95
95
  "@types/type-is": "^1.6.6",
96
96
  "beautify-benchmark": "^0.2.4",
97
97
  "benchmark": "^2.1.4",
98
98
  "egg-view-nunjucks": "^2.3.0",
99
99
  "spy": "^1.0.0",
100
100
  "tsdown": "^0.15.4",
101
- "typescript": "5.9.2",
102
- "vitest": "4.0.0-beta.13",
103
- "@eggjs/supertest": "9.0.0-beta.17",
104
- "@eggjs/mock": "7.0.0-beta.17",
105
- "@eggjs/tsconfig": "3.1.0-beta.17"
101
+ "typescript": "^5.9.3",
102
+ "vitest": "4.0.0-beta.16",
103
+ "@eggjs/mock": "7.0.0-beta.19",
104
+ "@eggjs/supertest": "9.0.0-beta.19",
105
+ "@eggjs/tsconfig": "3.1.0-beta.19"
106
106
  },
107
107
  "files": [
108
108
  "dist"