npm - @eggjs/security - Versions diffs - 5.0.0-beta.18 → 5.0.0-beta.20 - Mend

@eggjs/security 5.0.0-beta.18 → 5.0.0-beta.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/dist/agent.js +1 -1
package/dist/app/extend/agent.d.ts +2 -1
package/dist/app/extend/agent.js +1 -1
package/dist/app/extend/application.d.ts +3 -11
package/dist/app/extend/application.js +2 -30
package/dist/app/extend/context.d.ts +3 -60
package/dist/app/extend/context.js +2 -189
package/dist/app/extend/helper.d.ts +8 -8
package/dist/app/extend/helper.js +11 -1
package/dist/app/extend/response.d.ts +3 -38
package/dist/app/extend/response.js +3 -68
package/dist/app/middleware/securities.js +12 -1
package/dist/app.js +2 -2
package/dist/application-COC0mYEe.js +32 -0
package/dist/application-n5bk2L_z.d.ts +12 -0
package/dist/cliFilter-7BSD8Nc_.js +18 -0
package/dist/cliFilter-DKZxCxSe.d.ts +7 -0
package/dist/config/config.default.d.ts +1 -869
package/dist/config/config.default.js +1 -164
package/dist/config.default-AcwQOAG0.js +166 -0
package/dist/config.default-D8v08Vox.d.ts +870 -0
package/dist/context-C-N1IY85.d.ts +95 -0
package/dist/context-e-QJTKfq.js +191 -0
package/dist/csp-BW5AJd_f.js +46 -0
package/dist/csrf-9aSLHiby.js +33 -0
package/dist/dta-DVAKEpJ3.js +13 -0
package/dist/escape-Dex_Pk9e.d.ts +2 -0
package/dist/escape-p8-cW8c_.js +7 -0
package/dist/escapeShellArg-BnzDicAC.d.ts +4 -0
package/dist/escapeShellArg-C0v1ZeCl.js +7 -0
package/dist/escapeShellCmd-CkAdyhtO.js +15 -0
package/dist/escapeShellCmd-DQZZIHde.d.ts +4 -0
package/dist/helper-DylzfQ_5.js +25 -0
package/dist/hsts-CWMKNTEh.js +19 -0
package/dist/index.d.ts +5 -1
package/dist/index.js +6 -3
package/dist/lib/extend/safe_curl.d.ts +2 -19
package/dist/lib/extend/safe_curl.js +1 -17
package/dist/lib/helper/cliFilter.d.ts +1 -6
package/dist/lib/helper/cliFilter.js +1 -16
package/dist/lib/helper/escape.d.ts +1 -1
package/dist/lib/helper/escape.js +1 -5
package/dist/lib/helper/escapeShellArg.d.ts +1 -3
package/dist/lib/helper/escapeShellArg.js +1 -5
package/dist/lib/helper/escapeShellCmd.d.ts +1 -3
package/dist/lib/helper/escapeShellCmd.js +1 -13
package/dist/lib/helper/index.d.ts +9 -9
package/dist/lib/helper/index.js +11 -23
package/dist/lib/helper/shtml.d.ts +1 -5
package/dist/lib/helper/shtml.js +2 -51
package/dist/lib/helper/sjs.d.ts +1 -6
package/dist/lib/helper/sjs.js +1 -34
package/dist/lib/helper/sjson.d.ts +1 -3
package/dist/lib/helper/sjson.js +2 -30
package/dist/lib/helper/spath.d.ts +1 -6
package/dist/lib/helper/spath.js +1 -14
package/dist/lib/helper/surl.d.ts +1 -5
package/dist/lib/helper/surl.js +1 -23
package/dist/lib/middlewares/csp.d.ts +1 -1
package/dist/lib/middlewares/csp.js +2 -44
package/dist/lib/middlewares/csrf.d.ts +1 -1
package/dist/lib/middlewares/csrf.js +2 -31
package/dist/lib/middlewares/dta.js +2 -11
package/dist/lib/middlewares/hsts.d.ts +1 -1
package/dist/lib/middlewares/hsts.js +2 -17
package/dist/lib/middlewares/index.d.ts +1 -1
package/dist/lib/middlewares/index.js +12 -25
package/dist/lib/middlewares/methodnoallow.js +1 -13
package/dist/lib/middlewares/noopen.d.ts +1 -1
package/dist/lib/middlewares/noopen.js +2 -15
package/dist/lib/middlewares/nosniff.d.ts +1 -1
package/dist/lib/middlewares/nosniff.js +2 -25
package/dist/lib/middlewares/referrerPolicy.d.ts +1 -1
package/dist/lib/middlewares/referrerPolicy.js +2 -29
package/dist/lib/middlewares/xframe.d.ts +1 -1
package/dist/lib/middlewares/xframe.js +2 -16
package/dist/lib/middlewares/xssProtection.d.ts +1 -1
package/dist/lib/middlewares/xssProtection.js +2 -15
package/dist/lib/utils.d.ts +1 -1
package/dist/lib/utils.js +1 -125
package/dist/methodnoallow-BAZONArS.js +15 -0
package/dist/middlewares-CkQjv8t0.js +27 -0
package/dist/noopen-C3jUBwoH.js +17 -0
package/dist/nosniff-CcLkhX2I.js +27 -0
package/dist/referrerPolicy-D4Uafq6c.js +31 -0
package/dist/response-BFnHAJrV.js +69 -0
package/dist/safe_curl-UlViaxoF.js +19 -0
package/dist/safe_curl-mqZZv_YQ.d.ts +20 -0
package/dist/shtml-CAquTzgV.d.ts +6 -0
package/dist/shtml-CgF4kOx-.js +53 -0
package/dist/sjs-Cbmkk5xS.js +36 -0
package/dist/sjs-QZIJYS71.d.ts +7 -0
package/dist/sjson-BetFnVR6.js +32 -0
package/dist/sjson-O-vKJPws.d.ts +4 -0
package/dist/spath-Bu9sy6Kz.js +16 -0
package/dist/spath-DseDPHxf.d.ts +7 -0
package/dist/surl-ClleTea7.js +25 -0
package/dist/surl-JV70X_RZ.d.ts +6 -0
package/dist/types-BZR2U30p.d.ts +38 -0
package/dist/types-DnJpiSJb.js +1 -0
package/dist/types.d.ts +3 -38
package/dist/types.js +2 -0
package/dist/utils-Cajs5P8M.js +127 -0
package/dist/xframe-q9fEZkVI.js +18 -0
package/dist/xssProtection-D5QsHX-e.js +17 -0
package/package.json +8 -8

package/dist/config/config.default.js CHANGED Viewed

@@ -1,166 +1,3 @@
-import z from "zod";
-import { Context } from "egg";
+import { LookupAddress, SecurityConfig, SecurityHelperConfig, SecurityMiddlewareName, config_default_default } from "../config.default-AcwQOAG0.js";
-//#region src/config/config.default.ts
-const CSRFSupportRequestItem = z.object({
-	path: z.instanceof(RegExp),
-	methods: z.array(z.string())
-});
-const LookupAddress = z.object({
-	address: z.string(),
-	family: z.number()
-});
-const LookupAddressAndStringArray = z.union([z.string(), LookupAddress]).array();
-const SSRFCheckAddressFunction = z.function().args(z.union([
-	z.string(),
-	LookupAddress,
-	LookupAddressAndStringArray
-]), z.union([z.number(), z.string()]), z.string()).returns(z.boolean());
-const SecurityMiddlewareName = z.enum([
-	"csrf",
-	"hsts",
-	"methodnoallow",
-	"noopen",
-	"nosniff",
-	"csp",
-	"xssProtection",
-	"xframe",
-	"dta"
-]);
-/**
-* (ctx) => boolean
-*/
-const IgnoreOrMatchHandler = z.function().args(z.instanceof(Context)).returns(z.boolean());
-const IgnoreOrMatch = z.union([
-	z.string(),
-	z.instanceof(RegExp),
-	IgnoreOrMatchHandler
-]);
-const IgnoreOrMatchOption = z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional();
-const SecurityConfig = z.object({
-	domainWhiteList: z.array(z.string()).default([]),
-	protocolWhiteList: z.array(z.string()).default([]),
-	defaultMiddleware: z.union([z.string(), z.array(SecurityMiddlewareName)]).default(SecurityMiddlewareName.options),
-	csrf: z.preprocess((val) => {
-		if (typeof val === "boolean") return { enable: val };
-		return val;
-	}, z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true),
-		type: z.enum([
-			"ctoken",
-			"referer",
-			"all",
-			"any"
-		]).default("ctoken"),
-		ignoreJSON: z.boolean().default(false),
-		cookieName: z.union([z.string(), z.array(z.string())]).default("csrfToken"),
-		sessionName: z.string().default("csrfToken"),
-		headerName: z.string().default("x-csrf-token"),
-		bodyName: z.union([z.string(), z.array(z.string())]).default("_csrf"),
-		queryName: z.union([z.string(), z.array(z.string())]).default("_csrf"),
-		rotateWhenInvalid: z.boolean().default(false),
-		useSession: z.boolean().default(false),
-		cookieDomain: z.union([z.string(), z.function().args(z.instanceof(Context)).returns(z.string())]).optional(),
-		supportedRequests: z.array(CSRFSupportRequestItem).default([{
-			path: /^\//,
-			methods: [
-				"POST",
-				"PATCH",
-				"DELETE",
-				"PUT",
-				"CONNECT"
-			]
-		}]),
-		refererWhiteList: z.array(z.string()).default([]),
-		cookieOptions: z.object({
-			signed: z.boolean(),
-			httpOnly: z.boolean(),
-			overwrite: z.boolean()
-		}).default({
-			signed: false,
-			httpOnly: false,
-			overwrite: true
-		})
-	}).default({})),
-	xframe: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true),
-		value: z.string().default("SAMEORIGIN")
-	}).default({}),
-	hsts: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(false),
-		maxAge: z.number().default(365 * 24 * 3600),
-		includeSubdomains: z.boolean().default(false)
-	}).default({}),
-	methodnoallow: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	noopen: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	nosniff: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	xssProtection: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true),
-		value: z.coerce.string().default("1; mode=block")
-	}).default({}),
-	csp: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(false),
-		policy: z.record(z.union([
-			z.string(),
-			z.array(z.string()),
-			z.boolean()
-		])).default({}),
-		reportOnly: z.boolean().optional(),
-		supportIE: z.boolean().optional()
-	}).default({}),
-	referrerPolicy: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(false),
-		value: z.string().default("no-referrer-when-downgrade")
-	}).default({}),
-	dta: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	ssrf: z.object({
-		ipBlackList: z.array(z.string()).optional(),
-		ipExceptionList: z.array(z.string()).optional(),
-		hostnameExceptionList: z.array(z.string()).optional(),
-		checkAddress: SSRFCheckAddressFunction.optional()
-	}).default({}),
-	match: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
-	ignore: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
-	__protocolWhiteListSet: z.set(z.string()).optional().readonly()
-});
-const SecurityHelperOnTagAttrHandler = z.function().args(z.string(), z.string(), z.string(), z.boolean()).returns(z.union([z.string(), z.void()]));
-const SecurityHelperConfig = z.object({ shtml: z.object({
-	whiteList: z.record(z.array(z.string())).optional(),
-	domainWhiteList: z.array(z.string()).optional(),
-	onTagAttr: SecurityHelperOnTagAttrHandler.optional()
-}).default({}) });
-var config_default_default = {
-	security: SecurityConfig.parse({}),
-	helper: SecurityHelperConfig.parse({})
-};
-//#endregion
 export { LookupAddress, SecurityConfig, SecurityHelperConfig, SecurityMiddlewareName, config_default_default as default };

package/dist/config.default-AcwQOAG0.js ADDED Viewed

@@ -0,0 +1,166 @@
+import z from "zod";
+import { Context } from "egg";
+//#region src/config/config.default.ts
+const CSRFSupportRequestItem = z.object({
+	path: z.instanceof(RegExp),
+	methods: z.array(z.string())
+});
+const LookupAddress = z.object({
+	address: z.string(),
+	family: z.number()
+});
+const LookupAddressAndStringArray = z.union([z.string(), LookupAddress]).array();
+const SSRFCheckAddressFunction = z.function().args(z.union([
+	z.string(),
+	LookupAddress,
+	LookupAddressAndStringArray
+]), z.union([z.number(), z.string()]), z.string()).returns(z.boolean());
+const SecurityMiddlewareName = z.enum([
+	"csrf",
+	"hsts",
+	"methodnoallow",
+	"noopen",
+	"nosniff",
+	"csp",
+	"xssProtection",
+	"xframe",
+	"dta"
+]);
+/**
+* (ctx) => boolean
+*/
+const IgnoreOrMatchHandler = z.function().args(z.instanceof(Context)).returns(z.boolean());
+const IgnoreOrMatch = z.union([
+	z.string(),
+	z.instanceof(RegExp),
+	IgnoreOrMatchHandler
+]);
+const IgnoreOrMatchOption = z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional();
+const SecurityConfig = z.object({
+	domainWhiteList: z.array(z.string()).default([]),
+	protocolWhiteList: z.array(z.string()).default([]),
+	defaultMiddleware: z.union([z.string(), z.array(SecurityMiddlewareName)]).default(SecurityMiddlewareName.options),
+	csrf: z.preprocess((val) => {
+		if (typeof val === "boolean") return { enable: val };
+		return val;
+	}, z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true),
+		type: z.enum([
+			"ctoken",
+			"referer",
+			"all",
+			"any"
+		]).default("ctoken"),
+		ignoreJSON: z.boolean().default(false),
+		cookieName: z.union([z.string(), z.array(z.string())]).default("csrfToken"),
+		sessionName: z.string().default("csrfToken"),
+		headerName: z.string().default("x-csrf-token"),
+		bodyName: z.union([z.string(), z.array(z.string())]).default("_csrf"),
+		queryName: z.union([z.string(), z.array(z.string())]).default("_csrf"),
+		rotateWhenInvalid: z.boolean().default(false),
+		useSession: z.boolean().default(false),
+		cookieDomain: z.union([z.string(), z.function().args(z.instanceof(Context)).returns(z.string())]).optional(),
+		supportedRequests: z.array(CSRFSupportRequestItem).default([{
+			path: /^\//,
+			methods: [
+				"POST",
+				"PATCH",
+				"DELETE",
+				"PUT",
+				"CONNECT"
+			]
+		}]),
+		refererWhiteList: z.array(z.string()).default([]),
+		cookieOptions: z.object({
+			signed: z.boolean(),
+			httpOnly: z.boolean(),
+			overwrite: z.boolean()
+		}).default({
+			signed: false,
+			httpOnly: false,
+			overwrite: true
+		})
+	}).default({})),
+	xframe: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true),
+		value: z.string().default("SAMEORIGIN")
+	}).default({}),
+	hsts: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(false),
+		maxAge: z.number().default(365 * 24 * 3600),
+		includeSubdomains: z.boolean().default(false)
+	}).default({}),
+	methodnoallow: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true)
+	}).default({}),
+	noopen: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true)
+	}).default({}),
+	nosniff: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true)
+	}).default({}),
+	xssProtection: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true),
+		value: z.coerce.string().default("1; mode=block")
+	}).default({}),
+	csp: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(false),
+		policy: z.record(z.union([
+			z.string(),
+			z.array(z.string()),
+			z.boolean()
+		])).default({}),
+		reportOnly: z.boolean().optional(),
+		supportIE: z.boolean().optional()
+	}).default({}),
+	referrerPolicy: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(false),
+		value: z.string().default("no-referrer-when-downgrade")
+	}).default({}),
+	dta: z.object({
+		match: IgnoreOrMatchOption,
+		ignore: IgnoreOrMatchOption,
+		enable: z.boolean().default(true)
+	}).default({}),
+	ssrf: z.object({
+		ipBlackList: z.array(z.string()).optional(),
+		ipExceptionList: z.array(z.string()).optional(),
+		hostnameExceptionList: z.array(z.string()).optional(),
+		checkAddress: SSRFCheckAddressFunction.optional()
+	}).default({}),
+	match: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
+	ignore: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
+	__protocolWhiteListSet: z.set(z.string()).optional().readonly()
+});
+const SecurityHelperOnTagAttrHandler = z.function().args(z.string(), z.string(), z.string(), z.boolean()).returns(z.union([z.string(), z.void()]));
+const SecurityHelperConfig = z.object({ shtml: z.object({
+	whiteList: z.record(z.array(z.string())).optional(),
+	domainWhiteList: z.array(z.string()).optional(),
+	onTagAttr: SecurityHelperOnTagAttrHandler.optional()
+}).default({}) });
+var config_default_default = {
+	security: SecurityConfig.parse({}),
+	helper: SecurityHelperConfig.parse({})
+};
+//#endregion
+export { LookupAddress, SecurityConfig, SecurityHelperConfig, SecurityMiddlewareName, config_default_default };