npm - @eggjs/security - Versions diffs - 5.0.0-beta.19 → 5.0.0-beta.20 - Mend

@eggjs/security 5.0.0-beta.19 → 5.0.0-beta.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/dist/agent.js +1 -1
package/dist/app/extend/agent.d.ts +2 -1
package/dist/app/extend/agent.js +1 -1
package/dist/app/extend/application.d.ts +3 -11
package/dist/app/extend/application.js +2 -30
package/dist/app/extend/context.d.ts +3 -60
package/dist/app/extend/context.js +2 -189
package/dist/app/extend/helper.d.ts +8 -8
package/dist/app/extend/helper.js +11 -1
package/dist/app/extend/response.d.ts +3 -38
package/dist/app/extend/response.js +3 -68
package/dist/app/middleware/securities.js +12 -1
package/dist/app.js +2 -2
package/dist/application-COC0mYEe.js +32 -0
package/dist/application-n5bk2L_z.d.ts +12 -0
package/dist/cliFilter-7BSD8Nc_.js +18 -0
package/dist/cliFilter-DKZxCxSe.d.ts +7 -0
package/dist/config/config.default.d.ts +1 -869
package/dist/config/config.default.js +1 -164
package/dist/config.default-AcwQOAG0.js +166 -0
package/dist/config.default-D8v08Vox.d.ts +870 -0
package/dist/context-C-N1IY85.d.ts +95 -0
package/dist/context-e-QJTKfq.js +191 -0
package/dist/csp-BW5AJd_f.js +46 -0
package/dist/csrf-9aSLHiby.js +33 -0
package/dist/dta-DVAKEpJ3.js +13 -0
package/dist/escape-Dex_Pk9e.d.ts +2 -0
package/dist/escape-p8-cW8c_.js +7 -0
package/dist/escapeShellArg-BnzDicAC.d.ts +4 -0
package/dist/escapeShellArg-C0v1ZeCl.js +7 -0
package/dist/escapeShellCmd-CkAdyhtO.js +15 -0
package/dist/escapeShellCmd-DQZZIHde.d.ts +4 -0
package/dist/helper-DylzfQ_5.js +25 -0
package/dist/hsts-CWMKNTEh.js +19 -0
package/dist/index.d.ts +5 -1
package/dist/index.js +6 -3
package/dist/lib/extend/safe_curl.d.ts +2 -19
package/dist/lib/extend/safe_curl.js +1 -17
package/dist/lib/helper/cliFilter.d.ts +1 -6
package/dist/lib/helper/cliFilter.js +1 -16
package/dist/lib/helper/escape.d.ts +1 -1
package/dist/lib/helper/escape.js +1 -5
package/dist/lib/helper/escapeShellArg.d.ts +1 -3
package/dist/lib/helper/escapeShellArg.js +1 -5
package/dist/lib/helper/escapeShellCmd.d.ts +1 -3
package/dist/lib/helper/escapeShellCmd.js +1 -13
package/dist/lib/helper/index.d.ts +9 -9
package/dist/lib/helper/index.js +11 -23
package/dist/lib/helper/shtml.d.ts +1 -5
package/dist/lib/helper/shtml.js +2 -51
package/dist/lib/helper/sjs.d.ts +1 -6
package/dist/lib/helper/sjs.js +1 -34
package/dist/lib/helper/sjson.d.ts +1 -3
package/dist/lib/helper/sjson.js +2 -30
package/dist/lib/helper/spath.d.ts +1 -6
package/dist/lib/helper/spath.js +1 -14
package/dist/lib/helper/surl.d.ts +1 -5
package/dist/lib/helper/surl.js +1 -23
package/dist/lib/middlewares/csp.d.ts +1 -1
package/dist/lib/middlewares/csp.js +2 -44
package/dist/lib/middlewares/csrf.d.ts +1 -1
package/dist/lib/middlewares/csrf.js +2 -31
package/dist/lib/middlewares/dta.js +2 -11
package/dist/lib/middlewares/hsts.d.ts +1 -1
package/dist/lib/middlewares/hsts.js +2 -17
package/dist/lib/middlewares/index.d.ts +12 -12
package/dist/lib/middlewares/index.js +12 -25
package/dist/lib/middlewares/methodnoallow.js +1 -13
package/dist/lib/middlewares/noopen.d.ts +1 -1
package/dist/lib/middlewares/noopen.js +2 -15
package/dist/lib/middlewares/nosniff.d.ts +1 -1
package/dist/lib/middlewares/nosniff.js +2 -25
package/dist/lib/middlewares/referrerPolicy.d.ts +1 -1
package/dist/lib/middlewares/referrerPolicy.js +2 -29
package/dist/lib/middlewares/xframe.d.ts +1 -1
package/dist/lib/middlewares/xframe.js +2 -16
package/dist/lib/middlewares/xssProtection.d.ts +1 -1
package/dist/lib/middlewares/xssProtection.js +2 -15
package/dist/lib/utils.d.ts +1 -1
package/dist/lib/utils.js +1 -125
package/dist/methodnoallow-BAZONArS.js +15 -0
package/dist/middlewares-CkQjv8t0.js +27 -0
package/dist/noopen-C3jUBwoH.js +17 -0
package/dist/nosniff-CcLkhX2I.js +27 -0
package/dist/referrerPolicy-D4Uafq6c.js +31 -0
package/dist/response-BFnHAJrV.js +69 -0
package/dist/safe_curl-UlViaxoF.js +19 -0
package/dist/safe_curl-mqZZv_YQ.d.ts +20 -0
package/dist/shtml-CAquTzgV.d.ts +6 -0
package/dist/shtml-CgF4kOx-.js +53 -0
package/dist/sjs-Cbmkk5xS.js +36 -0
package/dist/sjs-QZIJYS71.d.ts +7 -0
package/dist/sjson-BetFnVR6.js +32 -0
package/dist/sjson-O-vKJPws.d.ts +4 -0
package/dist/spath-Bu9sy6Kz.js +16 -0
package/dist/spath-DseDPHxf.d.ts +7 -0
package/dist/surl-ClleTea7.js +25 -0
package/dist/surl-JV70X_RZ.d.ts +6 -0
package/dist/types-BZR2U30p.d.ts +38 -0
package/dist/types-DnJpiSJb.js +1 -0
package/dist/types.d.ts +3 -38
package/dist/types.js +2 -0
package/dist/utils-Cajs5P8M.js +127 -0
package/dist/xframe-q9fEZkVI.js +18 -0
package/dist/xssProtection-D5QsHX-e.js +17 -0
package/package.json +5 -5

package/dist/config.default-D8v08Vox.d.ts ADDED Viewed

@@ -0,0 +1,870 @@
+import z from "zod";
+import { Context } from "egg";
+//#region src/config/config.default.d.ts
+declare const CSRFSupportRequestItem: z.ZodObject<{
+  path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+  methods: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+  path: RegExp;
+  methods: string[];
+}, {
+  path: RegExp;
+  methods: string[];
+}>;
+type CSRFSupportRequestItem = z.infer<typeof CSRFSupportRequestItem>;
+declare const LookupAddress: z.ZodObject<{
+  address: z.ZodString;
+  family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+  address: string;
+  family: number;
+}, {
+  address: string;
+  family: number;
+}>;
+type LookupAddress = z.infer<typeof LookupAddress>;
+declare const SSRFCheckAddressFunction: z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+  address: z.ZodString;
+  family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+  address: string;
+  family: number;
+}, {
+  address: string;
+  family: number;
+}>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+  address: z.ZodString;
+  family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+  address: string;
+  family: number;
+}, {
+  address: string;
+  family: number;
+}>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
+/**
+ * SSRF check address function
+ * `(address, family, hostname) => boolean`
+ */
+type SSRFCheckAddressFunction = z.infer<typeof SSRFCheckAddressFunction>;
+declare const SecurityMiddlewareName: z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>;
+type SecurityMiddlewareName = z.infer<typeof SecurityMiddlewareName>;
+/**
+ * (ctx) => boolean
+ */
+declare const IgnoreOrMatchHandler: z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>;
+type IgnoreOrMatchHandler = z.infer<typeof IgnoreOrMatchHandler>;
+declare const IgnoreOrMatch: z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>;
+type IgnoreOrMatch = z.infer<typeof IgnoreOrMatch>;
+declare const IgnoreOrMatchOption: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+type IgnoreOrMatchOption = z.infer<typeof IgnoreOrMatchOption>;
+declare const SecurityConfig: z.ZodObject<{
+  /**
+   * domain white list
+   *
+   * Default to `[]`
+   */
+  domainWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+  /**
+   * protocol white list
+   *
+   * Default to `[]`
+   */
+  protocolWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+  /**
+   * default open security middleware
+   *
+   * Default to `'csrf,hsts,methodnoallow,noopen,nosniff,csp,xssProtection,xframe,dta'`
+   */
+  defaultMiddleware: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>, "many">]>>;
+  /**
+   * whether defend csrf attack
+   */
+  csrf: z.ZodEffects<z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * csrf token detect source type
+     *
+     * Default to `'ctoken'`
+     */
+    type: z.ZodDefault<z.ZodEnum<["ctoken", "referer", "all", "any"]>>;
+    /**
+     * ignore json request
+     *
+     * Default to `false`
+     *
+     * @deprecated is not safe now, don't use it
+     */
+    ignoreJSON: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * csrf token cookie name
+     *
+     * Default to `'csrfToken'`
+     */
+    cookieName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+    /**
+     * csrf token session name
+     *
+     * Default to `'csrfToken'`
+     */
+    sessionName: z.ZodDefault<z.ZodString>;
+    /**
+     * csrf token request header name
+     *
+     * Default to `'x-csrf-token'`
+     */
+    headerName: z.ZodDefault<z.ZodString>;
+    /**
+     * csrf token request body field name
+     *
+     * Default to `'_csrf'`
+     */
+    bodyName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+    /**
+     * csrf token request query field name
+     *
+     * Default to `'_csrf'`
+     */
+    queryName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+    /**
+     * rotate csrf token when it is invalid
+     *
+     * Default to `false`
+     */
+    rotateWhenInvalid: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * These config works when using `'ctoken'` type
+     *
+     * Default to `false`
+     */
+    useSession: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * csrf token cookie domain setting,
+     * can be `(ctx) => string` or `string`
+     *
+     * Default to `undefined`, auto set the cookie domain in the safe way
+     */
+    cookieDomain: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodString>]>>;
+    /**
+     * csrf token check requests config
+     */
+    supportedRequests: z.ZodDefault<z.ZodArray<z.ZodObject<{
+      path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+      methods: z.ZodArray<z.ZodString, "many">;
+    }, "strip", z.ZodTypeAny, {
+      path: RegExp;
+      methods: string[];
+    }, {
+      path: RegExp;
+      methods: string[];
+    }>, "many">>;
+    /**
+     * referer or origin header white list.
+     * It only works when using `'referer'` type
+     *
+     * Default to `[]`
+     */
+    refererWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * csrf token cookie options
+     *
+     * Default to `{
+     *   signed: false,
+     *   httpOnly: false,
+     *   overwrite: true,
+     * }`
+     */
+    cookieOptions: z.ZodDefault<z.ZodObject<{
+      signed: z.ZodBoolean;
+      httpOnly: z.ZodBoolean;
+      overwrite: z.ZodBoolean;
+    }, "strip", z.ZodTypeAny, {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    }, {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    }>>;
+  }, "strip", z.ZodTypeAny, {
+    type: "ctoken" | "referer" | "all" | "any";
+    enable: boolean;
+    ignoreJSON: boolean;
+    cookieName: string | string[];
+    sessionName: string;
+    headerName: string;
+    bodyName: string | string[];
+    queryName: string | string[];
+    rotateWhenInvalid: boolean;
+    useSession: boolean;
+    supportedRequests: {
+      path: RegExp;
+      methods: string[];
+    }[];
+    refererWhiteList: string[];
+    cookieOptions: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    type?: "ctoken" | "referer" | "all" | "any" | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    ignoreJSON?: boolean | undefined;
+    cookieName?: string | string[] | undefined;
+    sessionName?: string | undefined;
+    headerName?: string | undefined;
+    bodyName?: string | string[] | undefined;
+    queryName?: string | string[] | undefined;
+    rotateWhenInvalid?: boolean | undefined;
+    useSession?: boolean | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    supportedRequests?: {
+      path: RegExp;
+      methods: string[];
+    }[] | undefined;
+    refererWhiteList?: string[] | undefined;
+    cookieOptions?: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    } | undefined;
+  }>>, {
+    type: "ctoken" | "referer" | "all" | "any";
+    enable: boolean;
+    ignoreJSON: boolean;
+    cookieName: string | string[];
+    sessionName: string;
+    headerName: string;
+    bodyName: string | string[];
+    queryName: string | string[];
+    rotateWhenInvalid: boolean;
+    useSession: boolean;
+    supportedRequests: {
+      path: RegExp;
+      methods: string[];
+    }[];
+    refererWhiteList: string[];
+    cookieOptions: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+  }, unknown>;
+  /**
+   * whether enable X-Frame-Options response header
+   */
+  xframe: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * X-Frame-Options value, can be `'DENY'`, `'SAMEORIGIN'`, `'ALLOW-FROM https://example.com'`
+     *
+     * Default to `'SAMEORIGIN'`
+     */
+    value: z.ZodDefault<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    value?: string | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable Strict-Transport-Security response header
+   */
+  hsts: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `false`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Max age of Strict-Transport-Security in seconds
+     *
+     * Default to `365 * 24 * 3600`
+     */
+    maxAge: z.ZodDefault<z.ZodNumber>;
+    /**
+     * Whether include sub domains
+     *
+     * Default to `false`
+     */
+    includeSubdomains: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    maxAge: number;
+    includeSubdomains: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    maxAge?: number | undefined;
+    includeSubdomains?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable Http Method filter
+   */
+  methodnoallow: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable IE automatically download open
+   */
+  noopen: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable IE8 automatically detect mime
+   */
+  nosniff: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable IE8 XSS Filter
+   */
+  xssProtection: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * X-XSS-Protection response header value
+     *
+     * Default to `'1; mode=block'`
+     */
+    value: z.ZodDefault<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    value?: string | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * content security policy config
+   */
+  csp: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `false`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    policy: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">, z.ZodBoolean]>>>;
+    /**
+     * whether enable report only mode
+     * Default to `undefined`
+     */
+    reportOnly: z.ZodOptional<z.ZodBoolean>;
+    /**
+     * whether support IE
+     * Default to `undefined`
+     */
+    supportIE: z.ZodOptional<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    policy: Record<string, string | boolean | string[]>;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    policy?: Record<string, string | boolean | string[]> | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable referrer policy
+   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+   */
+  referrerPolicy: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `false`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * referrer policy value
+     *
+     * Default to `'no-referrer-when-downgrade'`
+     */
+    value: z.ZodDefault<z.ZodString>;
+  }, "strip", z.ZodTypeAny, {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    value?: string | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  /**
+   * whether enable auto avoid directory traversal attack
+   */
+  dta: z.ZodDefault<z.ZodObject<{
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    /**
+     * Default to `true`
+     */
+    enable: z.ZodDefault<z.ZodBoolean>;
+  }, "strip", z.ZodTypeAny, {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  }, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  }>>;
+  ssrf: z.ZodDefault<z.ZodObject<{
+    ipBlackList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    ipExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    hostnameExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    checkAddress: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+      address: z.ZodString;
+      family: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+      address: string;
+      family: number;
+    }, {
+      address: string;
+      family: number;
+    }>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+      address: z.ZodString;
+      family: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+      address: string;
+      family: number;
+    }, {
+      address: string;
+      family: number;
+    }>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>>;
+  }, "strip", z.ZodTypeAny, {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  }, {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  }>>;
+  match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+  ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+  __protocolWhiteListSet: z.ZodReadonly<z.ZodOptional<z.ZodSet<z.ZodString>>>;
+}, "strip", z.ZodTypeAny, {
+  csrf: {
+    type: "ctoken" | "referer" | "all" | "any";
+    enable: boolean;
+    ignoreJSON: boolean;
+    cookieName: string | string[];
+    sessionName: string;
+    headerName: string;
+    bodyName: string | string[];
+    queryName: string | string[];
+    rotateWhenInvalid: boolean;
+    useSession: boolean;
+    supportedRequests: {
+      path: RegExp;
+      methods: string[];
+    }[];
+    refererWhiteList: string[];
+    cookieOptions: {
+      signed: boolean;
+      httpOnly: boolean;
+      overwrite: boolean;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+  };
+  hsts: {
+    enable: boolean;
+    maxAge: number;
+    includeSubdomains: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  methodnoallow: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  noopen: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  nosniff: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  csp: {
+    enable: boolean;
+    policy: Record<string, string | boolean | string[]>;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  };
+  xssProtection: {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  xframe: {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  dta: {
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  domainWhiteList: string[];
+  protocolWhiteList: string[];
+  defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+  referrerPolicy: {
+    value: string;
+    enable: boolean;
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  };
+  ssrf: {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  };
+  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}, {
+  match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  csrf?: unknown;
+  hsts?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    maxAge?: number | undefined;
+    includeSubdomains?: boolean | undefined;
+  } | undefined;
+  methodnoallow?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  noopen?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  nosniff?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  csp?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+    policy?: Record<string, string | boolean | string[]> | undefined;
+    reportOnly?: boolean | undefined;
+    supportIE?: boolean | undefined;
+  } | undefined;
+  xssProtection?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    value?: string | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  xframe?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    value?: string | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  dta?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  domainWhiteList?: string[] | undefined;
+  protocolWhiteList?: string[] | undefined;
+  defaultMiddleware?: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[] | undefined;
+  ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+  referrerPolicy?: {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    value?: string | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    enable?: boolean | undefined;
+  } | undefined;
+  ssrf?: {
+    ipBlackList?: string[] | undefined;
+    ipExceptionList?: string[] | undefined;
+    hostnameExceptionList?: string[] | undefined;
+    checkAddress?: ((args_0: string | {
+      address: string;
+      family: number;
+    } | (string | {
+      address: string;
+      family: number;
+    })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+  } | undefined;
+  __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}>;
+type SecurityConfig = z.infer<typeof SecurityConfig>;
+declare const SecurityHelperOnTagAttrHandler: z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>;
+/**
+ * (tag: string, name: string, value: string, isWhiteAttr: boolean) => string | void
+ */
+type SecurityHelperOnTagAttrHandler = z.infer<typeof SecurityHelperOnTagAttrHandler>;
+declare const SecurityHelperConfig: z.ZodObject<{
+  shtml: z.ZodDefault<z.ZodObject<{
+    /**
+     * tag attribute white list
+     */
+    whiteList: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+    /**
+     * domain white list
+     * @deprecated use `config.security.domainWhiteList` instead
+     */
+    domainWhiteList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * tag attribute handler
+     */
+    onTagAttr: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>>;
+  }, "strip", z.ZodTypeAny, {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  }, {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  }>>;
+}, "strip", z.ZodTypeAny, {
+  shtml: {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  };
+}, {
+  shtml?: {
+    domainWhiteList?: string[] | undefined;
+    whiteList?: Record<string, string[]> | undefined;
+    onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+  } | undefined;
+}>;
+type SecurityHelperConfig = z.infer<typeof SecurityHelperConfig>;
+declare const _default: {
+  security: {
+    csrf: {
+      type: "ctoken" | "referer" | "all" | "any";
+      enable: boolean;
+      ignoreJSON: boolean;
+      cookieName: string | string[];
+      sessionName: string;
+      headerName: string;
+      bodyName: string | string[];
+      queryName: string | string[];
+      rotateWhenInvalid: boolean;
+      useSession: boolean;
+      supportedRequests: {
+        path: RegExp;
+        methods: string[];
+      }[];
+      refererWhiteList: string[];
+      cookieOptions: {
+        signed: boolean;
+        httpOnly: boolean;
+        overwrite: boolean;
+      };
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    };
+    hsts: {
+      enable: boolean;
+      maxAge: number;
+      includeSubdomains: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    methodnoallow: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    noopen: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    nosniff: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    csp: {
+      enable: boolean;
+      policy: Record<string, string | boolean | string[]>;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      reportOnly?: boolean | undefined;
+      supportIE?: boolean | undefined;
+    };
+    xssProtection: {
+      value: string;
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    xframe: {
+      value: string;
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    dta: {
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    domainWhiteList: string[];
+    protocolWhiteList: string[];
+    defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+    referrerPolicy: {
+      value: string;
+      enable: boolean;
+      match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+      ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    ssrf: {
+      ipBlackList?: string[] | undefined;
+      ipExceptionList?: string[] | undefined;
+      hostnameExceptionList?: string[] | undefined;
+      checkAddress?: ((args_0: string | {
+        address: string;
+        family: number;
+      } | (string | {
+        address: string;
+        family: number;
+      })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+  };
+  helper: {
+    shtml: {
+      domainWhiteList?: string[] | undefined;
+      whiteList?: Record<string, string[]> | undefined;
+      onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    };
+  };
+};
+//#endregion
+export { CSRFSupportRequestItem, IgnoreOrMatch, IgnoreOrMatchHandler, IgnoreOrMatchOption, LookupAddress, SSRFCheckAddressFunction, SecurityConfig, SecurityHelperConfig, SecurityHelperOnTagAttrHandler, SecurityMiddlewareName, _default };