npm - @eggjs/security - Versions diffs - 5.0.0-beta.19 → 5.0.0-beta.20 - Mend

@eggjs/security 5.0.0-beta.19 → 5.0.0-beta.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/dist/agent.js +1 -1
package/dist/app/extend/agent.d.ts +2 -1
package/dist/app/extend/agent.js +1 -1
package/dist/app/extend/application.d.ts +3 -11
package/dist/app/extend/application.js +2 -30
package/dist/app/extend/context.d.ts +3 -60
package/dist/app/extend/context.js +2 -189
package/dist/app/extend/helper.d.ts +8 -8
package/dist/app/extend/helper.js +11 -1
package/dist/app/extend/response.d.ts +3 -38
package/dist/app/extend/response.js +3 -68
package/dist/app/middleware/securities.js +12 -1
package/dist/app.js +2 -2
package/dist/application-COC0mYEe.js +32 -0
package/dist/application-n5bk2L_z.d.ts +12 -0
package/dist/cliFilter-7BSD8Nc_.js +18 -0
package/dist/cliFilter-DKZxCxSe.d.ts +7 -0
package/dist/config/config.default.d.ts +1 -869
package/dist/config/config.default.js +1 -164
package/dist/config.default-AcwQOAG0.js +166 -0
package/dist/config.default-D8v08Vox.d.ts +870 -0
package/dist/context-C-N1IY85.d.ts +95 -0
package/dist/context-e-QJTKfq.js +191 -0
package/dist/csp-BW5AJd_f.js +46 -0
package/dist/csrf-9aSLHiby.js +33 -0
package/dist/dta-DVAKEpJ3.js +13 -0
package/dist/escape-Dex_Pk9e.d.ts +2 -0
package/dist/escape-p8-cW8c_.js +7 -0
package/dist/escapeShellArg-BnzDicAC.d.ts +4 -0
package/dist/escapeShellArg-C0v1ZeCl.js +7 -0
package/dist/escapeShellCmd-CkAdyhtO.js +15 -0
package/dist/escapeShellCmd-DQZZIHde.d.ts +4 -0
package/dist/helper-DylzfQ_5.js +25 -0
package/dist/hsts-CWMKNTEh.js +19 -0
package/dist/index.d.ts +5 -1
package/dist/index.js +6 -3
package/dist/lib/extend/safe_curl.d.ts +2 -19
package/dist/lib/extend/safe_curl.js +1 -17
package/dist/lib/helper/cliFilter.d.ts +1 -6
package/dist/lib/helper/cliFilter.js +1 -16
package/dist/lib/helper/escape.d.ts +1 -1
package/dist/lib/helper/escape.js +1 -5
package/dist/lib/helper/escapeShellArg.d.ts +1 -3
package/dist/lib/helper/escapeShellArg.js +1 -5
package/dist/lib/helper/escapeShellCmd.d.ts +1 -3
package/dist/lib/helper/escapeShellCmd.js +1 -13
package/dist/lib/helper/index.d.ts +9 -9
package/dist/lib/helper/index.js +11 -23
package/dist/lib/helper/shtml.d.ts +1 -5
package/dist/lib/helper/shtml.js +2 -51
package/dist/lib/helper/sjs.d.ts +1 -6
package/dist/lib/helper/sjs.js +1 -34
package/dist/lib/helper/sjson.d.ts +1 -3
package/dist/lib/helper/sjson.js +2 -30
package/dist/lib/helper/spath.d.ts +1 -6
package/dist/lib/helper/spath.js +1 -14
package/dist/lib/helper/surl.d.ts +1 -5
package/dist/lib/helper/surl.js +1 -23
package/dist/lib/middlewares/csp.d.ts +1 -1
package/dist/lib/middlewares/csp.js +2 -44
package/dist/lib/middlewares/csrf.d.ts +1 -1
package/dist/lib/middlewares/csrf.js +2 -31
package/dist/lib/middlewares/dta.js +2 -11
package/dist/lib/middlewares/hsts.d.ts +1 -1
package/dist/lib/middlewares/hsts.js +2 -17
package/dist/lib/middlewares/index.d.ts +12 -12
package/dist/lib/middlewares/index.js +12 -25
package/dist/lib/middlewares/methodnoallow.js +1 -13
package/dist/lib/middlewares/noopen.d.ts +1 -1
package/dist/lib/middlewares/noopen.js +2 -15
package/dist/lib/middlewares/nosniff.d.ts +1 -1
package/dist/lib/middlewares/nosniff.js +2 -25
package/dist/lib/middlewares/referrerPolicy.d.ts +1 -1
package/dist/lib/middlewares/referrerPolicy.js +2 -29
package/dist/lib/middlewares/xframe.d.ts +1 -1
package/dist/lib/middlewares/xframe.js +2 -16
package/dist/lib/middlewares/xssProtection.d.ts +1 -1
package/dist/lib/middlewares/xssProtection.js +2 -15
package/dist/lib/utils.d.ts +1 -1
package/dist/lib/utils.js +1 -125
package/dist/methodnoallow-BAZONArS.js +15 -0
package/dist/middlewares-CkQjv8t0.js +27 -0
package/dist/noopen-C3jUBwoH.js +17 -0
package/dist/nosniff-CcLkhX2I.js +27 -0
package/dist/referrerPolicy-D4Uafq6c.js +31 -0
package/dist/response-BFnHAJrV.js +69 -0
package/dist/safe_curl-UlViaxoF.js +19 -0
package/dist/safe_curl-mqZZv_YQ.d.ts +20 -0
package/dist/shtml-CAquTzgV.d.ts +6 -0
package/dist/shtml-CgF4kOx-.js +53 -0
package/dist/sjs-Cbmkk5xS.js +36 -0
package/dist/sjs-QZIJYS71.d.ts +7 -0
package/dist/sjson-BetFnVR6.js +32 -0
package/dist/sjson-O-vKJPws.d.ts +4 -0
package/dist/spath-Bu9sy6Kz.js +16 -0
package/dist/spath-DseDPHxf.d.ts +7 -0
package/dist/surl-ClleTea7.js +25 -0
package/dist/surl-JV70X_RZ.d.ts +6 -0
package/dist/types-BZR2U30p.d.ts +38 -0
package/dist/types-DnJpiSJb.js +1 -0
package/dist/types.d.ts +3 -38
package/dist/types.js +2 -0
package/dist/utils-Cajs5P8M.js +127 -0
package/dist/xframe-q9fEZkVI.js +18 -0
package/dist/xssProtection-D5QsHX-e.js +17 -0
package/package.json +5 -5

package/dist/lib/helper/index.js CHANGED Viewed

@@ -1,25 +1,13 @@
-import cliFilter from "./cliFilter.js";
-import escape_default from "./escape.js";
-import escapeShellArg from "./escapeShellArg.js";
-import escapeShellCmd from "./escapeShellCmd.js";
-import shtml from "./shtml.js";
-import escapeJavaScript from "./sjs.js";
-import jsonEscape from "./sjson.js";
-import pathFilter from "./spath.js";
-import surl from "./surl.js";
+import "../../utils-Cajs5P8M.js";
+import "../../cliFilter-7BSD8Nc_.js";
+import "../../escape-p8-cW8c_.js";
+import "../../escapeShellArg-C0v1ZeCl.js";
+import "../../escapeShellCmd-CkAdyhtO.js";
+import "../../shtml-CgF4kOx-.js";
+import "../../sjs-Cbmkk5xS.js";
+import "../../sjson-BetFnVR6.js";
+import "../../spath-Bu9sy6Kz.js";
+import "../../surl-ClleTea7.js";
+import { helper_default } from "../../helper-DylzfQ_5.js";
-//#region src/lib/helper/index.ts
-var helper_default = {
-	cliFilter,
-	escape: escape_default,
-	escapeShellArg,
-	escapeShellCmd,
-	shtml,
-	sjs: escapeJavaScript,
-	sjson: jsonEscape,
-	spath: pathFilter,
-	surl
-};
-//#endregion
 export { helper_default as default };

package/dist/lib/helper/shtml.d.ts CHANGED Viewed

@@ -1,6 +1,2 @@
-import { BaseContextClass } from "egg";
-//#region src/lib/helper/shtml.d.ts
-declare function shtml(this: BaseContextClass, val: string): string;
-//#endregion
+import { shtml } from "../../shtml-CAquTzgV.js";
 export { shtml as default };

package/dist/lib/helper/shtml.js CHANGED Viewed

@@ -1,53 +1,4 @@
-import { getFromUrl, isSafeDomain } from "../utils.js";
-import xss from "xss";
+import "../../utils-Cajs5P8M.js";
+import { shtml } from "../../shtml-CgF4kOx-.js";
-//#region src/lib/helper/shtml.ts
-const BUILD_IN_ON_TAG_ATTR = Symbol("buildInOnTagAttr");
-function shtml(val) {
-	if (typeof val !== "string") return val;
-	const securityOptions = this.ctx.securityOptions;
-	const shtmlConfig = {
-		...this.app.config.helper.shtml,
-		...securityOptions.shtml,
-		[BUILD_IN_ON_TAG_ATTR]: void 0
-	};
-	const domainWhiteList = this.app.config.security.domainWhiteList;
-	const app = this.app;
-	if (!shtmlConfig[BUILD_IN_ON_TAG_ATTR]) {
-		shtmlConfig[BUILD_IN_ON_TAG_ATTR] = (_tag, name, value, isWhiteAttr) => {
-			if (isWhiteAttr && (name === "href" || name === "src")) {
-				if (!value) return;
-				value = String(value);
-				if (value[0] === "/" || value[0] === "#") return;
-				const hostname = getFromUrl(value, "hostname");
-				if (!hostname) return;
-				if (!isSafeDomain(hostname, domainWhiteList)) if (shtmlConfig.domainWhiteList && shtmlConfig.domainWhiteList.length > 0) {
-					app.deprecate("[@eggjs/security/lib/helper/shtml] `config.helper.shtml.domainWhiteList` has been deprecate. Please use `config.security.domainWhiteList` instead.");
-					if (!isSafeDomain(hostname, shtmlConfig.domainWhiteList)) return "";
-				} else return "";
-			}
-		};
-		if (shtmlConfig.onTagAttr) {
-			const customOnTagAttrHandler = shtmlConfig.onTagAttr;
-			shtmlConfig.onTagAttr = function(tag, name, value, isWhiteAttr) {
-				const result = customOnTagAttrHandler.apply(this, [
-					tag,
-					name,
-					value,
-					isWhiteAttr
-				]);
-				if (result !== void 0) return result;
-				return shtmlConfig[BUILD_IN_ON_TAG_ATTR].apply(this, [
-					tag,
-					name,
-					value,
-					isWhiteAttr
-				]);
-			};
-		} else shtmlConfig.onTagAttr = shtmlConfig[BUILD_IN_ON_TAG_ATTR];
-	}
-	return xss(val, shtmlConfig);
-}
-//#endregion
 export { shtml as default };

package/dist/lib/helper/sjs.d.ts CHANGED Viewed

@@ -1,7 +1,2 @@
-//#region src/lib/helper/sjs.d.ts
-/**
- * Escape JavaScript to \xHH format
- */
-declare function escapeJavaScript(text: string): string;
-//#endregion
+import { escapeJavaScript } from "../../sjs-QZIJYS71.js";
 export { escapeJavaScript as default };

package/dist/lib/helper/sjs.js CHANGED Viewed

@@ -1,36 +1,3 @@
-//#region src/lib/helper/sjs.ts
-/**
-* Escape JavaScript to \xHH format
-*/
-const MATCH_VULNERABLE_REGEXP = /[\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]/;
-const BASIC_ALPHABETS = new Set("abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""));
-const map = {
-	"	": "\\t",
-	"\n": "\\n",
-	"\r": "\\r"
-};
-function escapeJavaScript(text) {
-	const str = "" + text;
-	const match = MATCH_VULNERABLE_REGEXP.exec(str);
-	if (!match) return str;
-	let res = "";
-	let index = 0;
-	let lastIndex = 0;
-	let ascii;
-	for (index = match.index; index < str.length; index++) {
-		ascii = str[index];
-		if (BASIC_ALPHABETS.has(ascii)) continue;
-		else if (map[ascii] === void 0) {
-			const code = ascii.charCodeAt(0);
-			if (code > 127) continue;
-			else map[ascii] = "\\x" + code.toString(16);
-		}
-		if (lastIndex !== index) res += str.substring(lastIndex, index);
-		lastIndex = index + 1;
-		res += map[ascii];
-	}
-	return lastIndex !== index ? res + str.substring(lastIndex, index) : res;
-}
+import { escapeJavaScript } from "../../sjs-Cbmkk5xS.js";
-//#endregion
 export { escapeJavaScript as default };

package/dist/lib/helper/sjson.d.ts CHANGED Viewed

@@ -1,4 +1,2 @@
-//#region src/lib/helper/sjson.d.ts
-declare function jsonEscape(obj: any): string;
-//#endregion
+import { jsonEscape } from "../../sjson-O-vKJPws.js";
 export { jsonEscape as default };

package/dist/lib/helper/sjson.js CHANGED Viewed

@@ -1,32 +1,4 @@
-import escapeJavaScript from "./sjs.js";
+import "../../sjs-Cbmkk5xS.js";
+import { jsonEscape } from "../../sjson-BetFnVR6.js";
-//#region src/lib/helper/sjson.ts
-/**
-* escape json
-* for output json in script
-*/
-function sanitizeKey(obj) {
-	if (typeof obj !== "object") return obj;
-	if (Array.isArray(obj)) return obj;
-	if (obj === null) return null;
-	if (typeof obj === "boolean") return obj;
-	if (typeof obj === "number") return obj;
-	if (Buffer.isBuffer(obj)) return obj.toString();
-	for (const k in obj) {
-		const escapedK = escapeJavaScript(k);
-		if (escapedK !== k) {
-			obj[escapedK] = sanitizeKey(obj[k]);
-			obj[k] = void 0;
-		} else obj[k] = sanitizeKey(obj[k]);
-	}
-	return obj;
-}
-function jsonEscape(obj) {
-	return JSON.stringify(sanitizeKey(obj), (_k, v) => {
-		if (typeof v === "string") return escapeJavaScript(v);
-		return v;
-	});
-}
-//#endregion
 export { jsonEscape as default };

package/dist/lib/helper/spath.d.ts CHANGED Viewed

@@ -1,7 +1,2 @@
-import { BaseContextClass } from "egg";
-//#region src/lib/helper/spath.d.ts
-declare function pathFilter(this: BaseContextClass, path: string): string | null;
-//#endregion
+import { pathFilter } from "../../spath-DseDPHxf.js";
 export { pathFilter as default };

package/dist/lib/helper/spath.js CHANGED Viewed

@@ -1,16 +1,3 @@
-//#region src/lib/helper/spath.ts
-function pathFilter(path) {
-	if (typeof path !== "string") return path;
-	const pathSource = path;
-	while (path.indexOf("%") !== -1) try {
-		path = decodeURIComponent(path);
-	} catch {
-		if (process.env.NODE_ENV !== "production") this.ctx.coreLogger.warn("[@eggjs/security/lib/helper/spath] : decode file path %j failed.", path);
-		break;
-	}
-	if (path.indexOf("..") !== -1 || path[0] === "/") return null;
-	return pathSource;
-}
+import { pathFilter } from "../../spath-Bu9sy6Kz.js";
-//#endregion
 export { pathFilter as default };

package/dist/lib/helper/surl.d.ts CHANGED Viewed

@@ -1,6 +1,2 @@
-import { BaseContextClass } from "egg";
-//#region src/lib/helper/surl.d.ts
-declare function surl(this: BaseContextClass, val: string): string;
-//#endregion
+import { surl } from "../../surl-JV70X_RZ.js";
 export { surl as default };

package/dist/lib/helper/surl.js CHANGED Viewed

@@ -1,25 +1,3 @@
-//#region src/lib/helper/surl.ts
-const escapeMap = {
-	"\"": "&quot;",
-	"<": "&lt;",
-	">": "&gt;",
-	"'": "&#x27;"
-};
-function surl(val) {
-	const protocolWhiteListSet = this.app.config.security.__protocolWhiteListSet;
-	if (typeof val !== "string") return val;
-	if (val[0] !== "/") {
-		const arr = val.split("://", 2);
-		const protocol = arr.length > 1 ? arr[0].toLowerCase() : "";
-		if (protocol === "" || !protocolWhiteListSet.has(protocol)) {
-			if (this.app.config.env === "local") this.ctx.coreLogger.warn("[@eggjs/security/surl] url: %j, protocol: %j, protocol is empty or not in white list, convert to empty string", val, protocol);
-			return "";
-		}
-	}
-	return val.replace(/["'<>]/g, (ch) => {
-		return escapeMap[ch];
-	});
-}
+import { surl } from "../../surl-ClleTea7.js";
-//#endregion
 export { surl as default };

package/dist/lib/middlewares/csp.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/csp.d.ts

package/dist/lib/middlewares/csp.js CHANGED Viewed

@@ -1,46 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
-import extend from "extend";
+import "../../utils-Cajs5P8M.js";
+import { csp_default } from "../../csp-BW5AJd_f.js";
-//#region src/lib/middlewares/csp.ts
-const HEADER = ["x-content-security-policy", "content-security-policy"];
-const REPORT_ONLY_HEADER = ["x-content-security-policy-report-only", "content-security-policy-report-only"];
-const MSIE_REGEXP = / MSIE /i;
-var csp_default = (options) => {
-	return async function csp(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.csp
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		let finalHeader;
-		const matchedOption = extend(true, {}, opts.policy);
-		const bufArray = [];
-		const headers = opts.reportOnly ? REPORT_ONLY_HEADER : HEADER;
-		if (opts.supportIE && MSIE_REGEXP.test(ctx.get("user-agent"))) finalHeader = headers[0];
-		else finalHeader = headers[1];
-		for (const key in matchedOption) {
-			const value = matchedOption[key];
-			if (key === "sandbox" && value === true) bufArray.push(key);
-			else {
-				let values = Array.isArray(value) ? value : [value];
-				if (key === "script-src") {
-					if (!values.some(function(val) {
-						return val.indexOf("nonce-") !== -1;
-					})) values.push("'nonce-" + ctx.nonce + "'");
-				}
-				values = values.map(function(d) {
-					if (d.startsWith(".")) d = "*" + d;
-					return d;
-				});
-				bufArray.push(key + " " + values.join(" "));
-			}
-		}
-		const headerString = bufArray.join(";");
-		ctx.set(finalHeader, headerString);
-		ctx.set("x-csp-nonce", ctx.nonce);
-	};
-};
-//#endregion
 export { csp_default as default };

package/dist/lib/middlewares/csrf.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/csrf.d.ts

package/dist/lib/middlewares/csrf.js CHANGED Viewed

@@ -1,33 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
-import { debuglog } from "node:util";
-import typeis from "type-is";
+import "../../utils-Cajs5P8M.js";
+import { csrf_default } from "../../csrf-9aSLHiby.js";
-//#region src/lib/middlewares/csrf.ts
-const debug = debuglog("egg/security/lib/middlewares/csrf");
-var csrf_default = (options) => {
-	return function csrf(ctx, next) {
-		if (checkIfIgnore(options, ctx)) return next();
-		if ([
-			"any",
-			"all",
-			"ctoken"
-		].includes(options.type)) ctx.ensureCsrfSecret();
-		const method = ctx.method;
-		let isSupported = false;
-		for (const eachRule of options.supportedRequests) if (eachRule.path.test(ctx.path)) {
-			if (eachRule.methods.includes(method)) {
-				isSupported = true;
-				break;
-			}
-		}
-		if (!isSupported) return next();
-		if (options.ignoreJSON && typeis.is(ctx.get("content-type"), "json")) return next();
-		const body = ctx.request.body;
-		debug("%s %s, got %j", ctx.method, ctx.url, body);
-		ctx.assertCsrf();
-		return next();
-	};
-};
-//#endregion
 export { csrf_default as default };

package/dist/lib/middlewares/dta.js CHANGED Viewed

@@ -1,13 +1,4 @@
-import { isSafePath } from "../utils.js";
+import "../../utils-Cajs5P8M.js";
+import { dta_default } from "../../dta-DVAKEpJ3.js";
-//#region src/lib/middlewares/dta.ts
-var dta_default = () => {
-	return function dta(ctx, next) {
-		const path = ctx.path;
-		if (!isSafePath(path, ctx)) ctx.throw(400);
-		return next();
-	};
-};
-//#endregion
 export { dta_default as default };

package/dist/lib/middlewares/hsts.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/hsts.d.ts

package/dist/lib/middlewares/hsts.js CHANGED Viewed

@@ -1,19 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
+import "../../utils-Cajs5P8M.js";
+import { hsts_default } from "../../hsts-CWMKNTEh.js";
-//#region src/lib/middlewares/hsts.ts
-var hsts_default = (options) => {
-	return async function hsts(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.hsts
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		let val = `max-age=${opts.maxAge}`;
-		if (opts.includeSubdomains) val = `${val}; includeSubdomains`;
-		ctx.set("strict-transport-security", val);
-	};
-};
-//#endregion
 export { hsts_default as default };

package/dist/lib/middlewares/index.d.ts CHANGED Viewed

@@ -1,18 +1,18 @@
-import { SecurityConfig } from "../../config/config.default.js";
-import * as egg0 from "egg";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
+import * as egg1 from "egg";
 //#region src/lib/middlewares/index.d.ts
 declare const _default: {
-  csp: (options: SecurityConfig["csp"]) => egg0.MiddlewareFunc;
-  csrf: (options: SecurityConfig["csrf"]) => egg0.MiddlewareFunc;
-  dta: () => egg0.MiddlewareFunc;
-  hsts: (options: SecurityConfig["hsts"]) => egg0.MiddlewareFunc;
-  methodnoallow: () => egg0.MiddlewareFunc;
-  noopen: (options: SecurityConfig["noopen"]) => egg0.MiddlewareFunc;
-  nosniff: (options: SecurityConfig["nosniff"]) => egg0.MiddlewareFunc;
-  referrerPolicy: (options: SecurityConfig["referrerPolicy"]) => egg0.MiddlewareFunc;
-  xframe: (options: SecurityConfig["xframe"]) => egg0.MiddlewareFunc;
-  xssProtection: (options: SecurityConfig["xssProtection"]) => egg0.MiddlewareFunc;
+  csp: (options: SecurityConfig["csp"]) => egg1.MiddlewareFunc;
+  csrf: (options: SecurityConfig["csrf"]) => egg1.MiddlewareFunc;
+  dta: () => egg1.MiddlewareFunc;
+  hsts: (options: SecurityConfig["hsts"]) => egg1.MiddlewareFunc;
+  methodnoallow: () => egg1.MiddlewareFunc;
+  noopen: (options: SecurityConfig["noopen"]) => egg1.MiddlewareFunc;
+  nosniff: (options: SecurityConfig["nosniff"]) => egg1.MiddlewareFunc;
+  referrerPolicy: (options: SecurityConfig["referrerPolicy"]) => egg1.MiddlewareFunc;
+  xframe: (options: SecurityConfig["xframe"]) => egg1.MiddlewareFunc;
+  xssProtection: (options: SecurityConfig["xssProtection"]) => egg1.MiddlewareFunc;
 };
 //#endregion
 export { _default as default };

package/dist/lib/middlewares/index.js CHANGED Viewed

@@ -1,27 +1,14 @@
-import csp_default from "./csp.js";
-import csrf_default from "./csrf.js";
-import dta_default from "./dta.js";
-import hsts_default from "./hsts.js";
-import methodnoallow_default from "./methodnoallow.js";
-import noopen_default from "./noopen.js";
-import nosniff_default from "./nosniff.js";
-import referrerPolicy_default from "./referrerPolicy.js";
-import xframe_default from "./xframe.js";
-import xssProtection_default from "./xssProtection.js";
+import "../../utils-Cajs5P8M.js";
+import "../../csp-BW5AJd_f.js";
+import "../../csrf-9aSLHiby.js";
+import "../../dta-DVAKEpJ3.js";
+import "../../hsts-CWMKNTEh.js";
+import "../../methodnoallow-BAZONArS.js";
+import "../../noopen-C3jUBwoH.js";
+import "../../nosniff-CcLkhX2I.js";
+import "../../referrerPolicy-D4Uafq6c.js";
+import "../../xframe-q9fEZkVI.js";
+import "../../xssProtection-D5QsHX-e.js";
+import { middlewares_default } from "../../middlewares-CkQjv8t0.js";
-//#region src/lib/middlewares/index.ts
-var middlewares_default = {
-	csp: csp_default,
-	csrf: csrf_default,
-	dta: dta_default,
-	hsts: hsts_default,
-	methodnoallow: methodnoallow_default,
-	noopen: noopen_default,
-	nosniff: nosniff_default,
-	referrerPolicy: referrerPolicy_default,
-	xframe: xframe_default,
-	xssProtection: xssProtection_default
-};
-//#endregion
 export { middlewares_default as default };

package/dist/lib/middlewares/methodnoallow.js CHANGED Viewed

@@ -1,15 +1,3 @@
-import { METHODS } from "node:http";
+import { methodnoallow_default } from "../../methodnoallow-BAZONArS.js";
-//#region src/lib/middlewares/methodnoallow.ts
-const METHODS_NOT_ALLOWED = ["TRACE", "TRACK"];
-const safeHttpMethodsMap = {};
-for (const method of METHODS) if (!METHODS_NOT_ALLOWED.includes(method)) safeHttpMethodsMap[method.toUpperCase()] = true;
-var methodnoallow_default = () => {
-	return function notAllow(ctx, next) {
-		if (!safeHttpMethodsMap[ctx.method]) ctx.throw(405);
-		return next();
-	};
-};
-//#endregion
 export { methodnoallow_default as default };

package/dist/lib/middlewares/noopen.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/noopen.d.ts

package/dist/lib/middlewares/noopen.js CHANGED Viewed

@@ -1,17 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
+import "../../utils-Cajs5P8M.js";
+import { noopen_default } from "../../noopen-C3jUBwoH.js";
-//#region src/lib/middlewares/noopen.ts
-var noopen_default = (options) => {
-	return async function noopen(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.noopen
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		ctx.set("x-download-options", "noopen");
-	};
-};
-//#endregion
 export { noopen_default as default };

package/dist/lib/middlewares/nosniff.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/nosniff.d.ts

package/dist/lib/middlewares/nosniff.js CHANGED Viewed

@@ -1,27 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
+import "../../utils-Cajs5P8M.js";
+import { nosniff_default } from "../../nosniff-CcLkhX2I.js";
-//#region src/lib/middlewares/nosniff.ts
-const RedirectStatus = {
-	300: true,
-	301: true,
-	302: true,
-	303: true,
-	305: true,
-	307: true,
-	308: true
-};
-var nosniff_default = (options) => {
-	return async function nosniff(ctx, next) {
-		await next();
-		if (RedirectStatus[ctx.status]) return;
-		const opts = {
-			...options,
-			...ctx.securityOptions.nosniff
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		ctx.set("x-content-type-options", "nosniff");
-	};
-};
-//#endregion
 export { nosniff_default as default };

package/dist/lib/middlewares/referrerPolicy.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/referrerPolicy.d.ts

package/dist/lib/middlewares/referrerPolicy.js CHANGED Viewed

@@ -1,31 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
+import "../../utils-Cajs5P8M.js";
+import { referrerPolicy_default } from "../../referrerPolicy-D4Uafq6c.js";
-//#region src/lib/middlewares/referrerPolicy.ts
-const ALLOWED_POLICIES_ENUM = [
-	"no-referrer",
-	"no-referrer-when-downgrade",
-	"origin",
-	"origin-when-cross-origin",
-	"same-origin",
-	"strict-origin",
-	"strict-origin-when-cross-origin",
-	"unsafe-url",
-	""
-];
-var referrerPolicy_default = (options) => {
-	return async function referrerPolicy(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.refererPolicy,
-			...ctx.securityOptions.referrerPolicy
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		const policy = opts.value;
-		if (!ALLOWED_POLICIES_ENUM.includes(policy)) throw new Error(`"${policy}" is not available.`);
-		ctx.set("referrer-policy", policy);
-	};
-};
-//#endregion
 export { referrerPolicy_default as default };

package/dist/lib/middlewares/xframe.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/xframe.d.ts

package/dist/lib/middlewares/xframe.js CHANGED Viewed

@@ -1,18 +1,4 @@
-import { checkIfIgnore } from "../utils.js";
+import "../../utils-Cajs5P8M.js";
+import { xframe_default } from "../../xframe-q9fEZkVI.js";
-//#region src/lib/middlewares/xframe.ts
-var xframe_default = (options) => {
-	return async function xframe(ctx, next) {
-		await next();
-		const opts = {
-			...options,
-			...ctx.securityOptions.xframe
-		};
-		if (checkIfIgnore(opts, ctx)) return;
-		const value = opts.value || "SAMEORIGIN";
-		ctx.set("x-frame-options", value);
-	};
-};
-//#endregion
 export { xframe_default as default };

package/dist/lib/middlewares/xssProtection.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SecurityConfig } from "../../config/config.default.js";
+import { SecurityConfig } from "../../config.default-D8v08Vox.js";
 import { MiddlewareFunc } from "egg";
 //#region src/lib/middlewares/xssProtection.d.ts