npm - @eggjs/security - Versions diffs - 5.0.0-beta.19 → 5.0.0-beta.21 - Mend

@eggjs/security 5.0.0-beta.19 → 5.0.0-beta.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/agent.d.ts +5 -9
package/dist/agent.js +10 -14
package/dist/app/extend/agent.d.ts +4 -8
package/dist/app/extend/agent.js +8 -12
package/dist/app/extend/application.d.ts +7 -11
package/dist/app/extend/application.js +32 -32
package/dist/app/extend/context.d.ts +52 -55
package/dist/app/extend/context.js +241 -188
package/dist/app/extend/helper.d.ts +10 -22
package/dist/app/extend/helper.js +5 -7
package/dist/app/extend/response.d.ts +34 -38
package/dist/app/extend/response.js +82 -69
package/dist/app/middleware/securities.d.ts +4 -8
package/dist/app/middleware/securities.js +52 -38
package/dist/app.d.ts +5 -9
package/dist/app.js +24 -22
package/dist/config/config.default.d.ts +784 -787
package/dist/config/config.default.js +356 -156
package/dist/config/config.local.d.ts +2 -5
package/dist/config/config.local.js +8 -5
package/dist/index.d.ts +4 -1
package/dist/index.js +2 -2
package/dist/lib/extend/safe_curl.d.ts +9 -13
package/dist/lib/extend/safe_curl.js +23 -17
package/dist/lib/helper/cliFilter.d.ts +1 -4
package/dist/lib/helper/cliFilter.js +15 -16
package/dist/lib/helper/escape.d.ts +2 -2
package/dist/lib/helper/escape.js +3 -7
package/dist/lib/helper/escapeShellArg.d.ts +1 -4
package/dist/lib/helper/escapeShellArg.js +4 -6
package/dist/lib/helper/escapeShellCmd.d.ts +1 -4
package/dist/lib/helper/escapeShellCmd.js +13 -14
package/dist/lib/helper/index.d.ts +19 -22
package/dist/lib/helper/index.js +15 -19
package/dist/lib/helper/shtml.d.ts +2 -6
package/dist/lib/helper/shtml.js +68 -52
package/dist/lib/helper/sjs.d.ts +1 -4
package/dist/lib/helper/sjs.js +44 -31
package/dist/lib/helper/sjson.d.ts +1 -4
package/dist/lib/helper/sjson.js +35 -28
package/dist/lib/helper/spath.d.ts +5 -7
package/dist/lib/helper/spath.js +24 -15
package/dist/lib/helper/surl.d.ts +2 -6
package/dist/lib/helper/surl.js +27 -22
package/dist/lib/middlewares/csp.d.ts +3 -6
package/dist/lib/middlewares/csp.js +54 -43
package/dist/lib/middlewares/csrf.d.ts +3 -6
package/dist/lib/middlewares/csrf.js +35 -31
package/dist/lib/middlewares/dta.d.ts +2 -5
package/dist/lib/middlewares/dta.js +10 -11
package/dist/lib/middlewares/hsts.d.ts +3 -6
package/dist/lib/middlewares/hsts.js +19 -17
package/dist/lib/middlewares/index.d.ts +11 -16
package/dist/lib/middlewares/index.js +22 -26
package/dist/lib/middlewares/methodnoallow.d.ts +2 -5
package/dist/lib/middlewares/methodnoallow.js +18 -13
package/dist/lib/middlewares/noopen.d.ts +3 -6
package/dist/lib/middlewares/noopen.js +13 -15
package/dist/lib/middlewares/nosniff.d.ts +3 -6
package/dist/lib/middlewares/nosniff.js +24 -23
package/dist/lib/middlewares/referrerPolicy.d.ts +3 -6
package/dist/lib/middlewares/referrerPolicy.js +31 -27
package/dist/lib/middlewares/xframe.d.ts +3 -6
package/dist/lib/middlewares/xframe.js +15 -16
package/dist/lib/middlewares/xssProtection.d.ts +3 -6
package/dist/lib/middlewares/xssProtection.js +12 -15
package/dist/lib/utils.d.ts +12 -17
package/dist/lib/utils.js +177 -112
package/dist/types.d.ts +35 -37
package/dist/types.js +2 -1
package/package.json +6 -6

package/dist/agent.d.ts CHANGED Viewed

@@ -1,10 +1,6 @@
-import { Agent, ILifecycleBoot } from "egg";
-//#region src/agent.d.ts
-declare class AgentBoot implements ILifecycleBoot {
-  private readonly agent;
-  constructor(agent: Agent);
-  configWillLoad(): Promise<void>;
+import type { ILifecycleBoot, Agent } from 'egg';
+export default class AgentBoot implements ILifecycleBoot {
+    private readonly agent;
+    constructor(agent: Agent);
+    configWillLoad(): Promise<void>;
 }
-//#endregion
-export { AgentBoot as default };

package/dist/agent.js CHANGED Viewed

@@ -1,15 +1,11 @@
 import { preprocessConfig } from "./lib/utils.js";
-//#region src/agent.ts
-var AgentBoot = class {
-	agent;
-	constructor(agent) {
-		this.agent = agent;
-	}
-	async configWillLoad() {
-		preprocessConfig(this.agent.config.security);
-	}
-};
-//#endregion
-export { AgentBoot as default };
+export default class AgentBoot {
+    agent;
+    constructor(agent) {
+        this.agent = agent;
+    }
+    async configWillLoad() {
+        preprocessConfig(this.agent.config.security);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvYWdlbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFbEQsTUFBTSxDQUFDLE9BQU8sT0FBTyxTQUFTO0lBQ1gsS0FBSyxDQUFDO0lBRXZCLFlBQVksS0FBWTtRQUN0QixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQixDQUFDO0lBRUQsS0FBSyxDQUFDLGNBQWM7UUFDbEIsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDL0MsQ0FBQztDQUNGIn0=

package/dist/app/extend/agent.d.ts CHANGED Viewed

@@ -1,9 +1,5 @@
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../lib/extend/safe_curl.js";
-import { Agent } from "egg";
-//#region src/app/extend/agent.d.ts
-declare class SecurityAgent extends Agent {
-  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+import { Agent } from 'egg';
+import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.ts';
+export default class SecurityAgent extends Agent {
+    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
 }
-//#endregion
-export { SecurityAgent as default };

package/dist/app/extend/agent.js CHANGED Viewed

@@ -1,12 +1,8 @@
-import { safeCurlForApplication } from "../../lib/extend/safe_curl.js";
-import { Agent } from "egg";
-//#region src/app/extend/agent.ts
-var SecurityAgent = class extends Agent {
-	async safeCurl(url, options) {
-		return await safeCurlForApplication(this, url, options);
-	}
-};
-//#endregion
-export { SecurityAgent as default };
+import { Agent } from 'egg';
+import { safeCurlForApplication, } from "../../lib/extend/safe_curl.js";
+export default class SecurityAgent extends Agent {
+    async safeCurl(url, options) {
+        return await safeCurlForApplication(this, url, options);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hZ2VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRTVCLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLENBQUMsT0FBTyxPQUFPLGFBQWMsU0FBUSxLQUFLO0lBQzlDLEtBQUssQ0FBQyxRQUFRLENBQVUsR0FBeUIsRUFBRSxPQUEyQjtRQUM1RSxPQUFPLE1BQU0sc0JBQXNCLENBQUksSUFBSSxFQUFFLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM3RCxDQUFDO0NBQ0YifQ==

package/dist/app/extend/application.d.ts CHANGED Viewed

@@ -1,12 +1,8 @@
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../lib/extend/safe_curl.js";
-import { Application } from "egg";
-//#region src/app/extend/application.d.ts
-declare class SecurityApplication extends Application {
-  injectCsrf(html: string): string;
-  injectNonce(html: string): string;
-  injectHijackingDefense(html: string): string;
-  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+import { Application } from 'egg';
+import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.ts';
+export default class SecurityApplication extends Application {
+    injectCsrf(html: string): string;
+    injectNonce(html: string): string;
+    injectHijackingDefense(html: string): string;
+    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
 }
-//#endregion
-export { SecurityApplication as default };

package/dist/app/extend/application.js CHANGED Viewed

@@ -1,32 +1,32 @@
-import { safeCurlForApplication } from "../../lib/extend/safe_curl.js";
-import { Application } from "egg";
-//#region src/app/extend/application.ts
-const INPUT_CSRF = "\r\n<input type=\"hidden\" name=\"_csrf\" value=\"{{ctx.csrf}}\" /></form>";
-const INJECTION_DEFENSE = "<!--for injection--><!--</html>--><!--for injection-->";
-var SecurityApplication = class extends Application {
-	injectCsrf(html) {
-		html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
-			const match = $2;
-			if (match.indexOf("name=\"_csrf\"") !== -1 || match.indexOf("name='_csrf'") !== -1) return $1 + match + "</form>";
-			return $1 + match + INPUT_CSRF;
-		});
-		return html;
-	}
-	injectNonce(html) {
-		html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
-			if (!$1.includes("nonce=")) $1 += " nonce=\"{{ctx.nonce}}\"";
-			return "<script" + $1 + ">" + $2 + "<\/script>";
-		});
-		return html;
-	}
-	injectHijackingDefense(html) {
-		return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
-	}
-	async safeCurl(url, options) {
-		return await safeCurlForApplication(this, url, options);
-	}
-};
-//#endregion
-export { SecurityApplication as default };
+import { Application } from 'egg';
+import { safeCurlForApplication, } from "../../lib/extend/safe_curl.js";
+const INPUT_CSRF = '\r\n<input type="hidden" name="_csrf" value="{{ctx.csrf}}" /></form>';
+const INJECTION_DEFENSE = '<!--for injection--><!--</html>--><!--for injection-->';
+export default class SecurityApplication extends Application {
+    injectCsrf(html) {
+        html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
+            const match = $2;
+            if (match.indexOf('name="_csrf"') !== -1 || match.indexOf("name='_csrf'") !== -1) {
+                return $1 + match + '</form>';
+            }
+            return $1 + match + INPUT_CSRF;
+        });
+        return html;
+    }
+    injectNonce(html) {
+        html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
+            if (!$1.includes('nonce=')) {
+                $1 += ' nonce="{{ctx.nonce}}"';
+            }
+            return '<script' + $1 + '>' + $2 + '</script>';
+        });
+        return html;
+    }
+    injectHijackingDefense(html) {
+        return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
+    }
+    async safeCurl(url, options) {
+        return await safeCurlForApplication(this, url, options);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwbGljYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hcHBsaWNhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRWxDLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLFVBQVUsR0FBRyxzRUFBc0UsQ0FBQztBQUMxRixNQUFNLGlCQUFpQixHQUFHLHdEQUF3RCxDQUFDO0FBRW5GLE1BQU0sQ0FBQyxPQUFPLE9BQU8sbUJBQW9CLFNBQVEsV0FBVztJQUMxRCxVQUFVLENBQUMsSUFBWTtRQUNyQixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQ0FBaUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDbkUsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ2pCLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ2pGLE9BQU8sRUFBRSxHQUFHLEtBQUssR0FBRyxTQUFTLENBQUM7WUFDaEMsQ0FBQztZQUNELE9BQU8sRUFBRSxHQUFHLEtBQUssR0FBRyxVQUFVLENBQUM7UUFDakMsQ0FBQyxDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxXQUFXLENBQUMsSUFBWTtRQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQywyQ0FBMkMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDN0UsSUFBSSxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsRUFBRSxJQUFJLHdCQUF3QixDQUFDO1lBQ2pDLENBQUM7WUFDRCxPQUFPLFNBQVMsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLEVBQUUsR0FBRyxXQUFXLENBQUM7UUFDakQsQ0FBQyxDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxzQkFBc0IsQ0FBQyxJQUFZO1FBQ2pDLE9BQU8saUJBQWlCLEdBQUcsSUFBSSxHQUFHLGlCQUFpQixDQUFDO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsUUFBUSxDQUFVLEdBQXlCLEVBQUUsT0FBMkI7UUFDNUUsT0FBTyxNQUFNLHNCQUFzQixDQUFJLElBQUksRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDN0QsQ0FBQztDQUNGIn0=

package/dist/app/extend/context.d.ts CHANGED Viewed

@@ -1,61 +1,58 @@
-import { SecurityConfig } from "../../config/config.default.js";
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../lib/extend/safe_curl.js";
-import SecurityResponse from "./response.js";
-import { Context } from "egg";
-//#region src/app/extend/context.d.ts
+import { Context } from 'egg';
+import type { HttpClientRequestURL, HttpClientOptions, HttpClientResponse } from '../../lib/extend/safe_curl.ts';
+import type { SecurityConfig } from '../../config/config.default.ts';
+import type SecurityResponse from './response.ts';
 declare const CSRF_SECRET: unique symbol;
 declare const LOG_CSRF_NOTICE: unique symbol;
 declare const INPUT_TOKEN: unique symbol;
 declare const CSRF_REFERER_CHECK: unique symbol;
 declare const CSRF_CTOKEN_CHECK: unique symbol;
-declare class SecurityContext extends Context {
-  response: SecurityResponse;
-  get securityOptions(): Partial<SecurityConfig>;
-  /**
-   * Check whether the specific `domain` is in / matches the whiteList or not.
-   * @param {string} domain The assigned domain.
-   * @param {Array<string>} [customWhiteList] The custom white list for domain.
-   * @return {boolean} If the domain is in / matches the whiteList, return true;
-   * otherwise false.
-   */
-  isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
-  get nonce(): string;
-  /**
-   * get csrf token, general use in template
-   * @return {String} csrf token
-   * @public
-   */
-  get csrf(): string;
-  /**
-   * get csrf secret from session or cookie
-   * @return {String} csrf secret
-   * @private
-   */
-  get [CSRF_SECRET](): string;
-  /**
-   * ensure csrf secret exists in session or cookie.
-   * @param {Boolean} [rotate] reset secret even if the secret exists
-   * @public
-   */
-  ensureCsrfSecret(rotate?: boolean): void;
-  get [INPUT_TOKEN](): string;
-  /**
-   * rotate csrf secret exists in session or cookie.
-   * must rotate the secret when user login
-   * @public
-   */
-  rotateCsrfSecret(): void;
-  /**
-   * assert csrf token/referer is present
-   * @public
-   */
-  assertCsrf(): void;
-  [CSRF_CTOKEN_CHECK](): "missing csrf token" | "invalid csrf token" | undefined;
-  [CSRF_REFERER_CHECK](): "missing csrf referer or origin" | "invalid csrf referer or origin" | undefined;
-  [LOG_CSRF_NOTICE](msg: string): void;
-  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-  unsafeRedirect(url: string, alt?: string): void;
+export default class SecurityContext extends Context {
+    response: SecurityResponse;
+    get securityOptions(): Partial<SecurityConfig>;
+    /**
+     * Check whether the specific `domain` is in / matches the whiteList or not.
+     * @param {string} domain The assigned domain.
+     * @param {Array<string>} [customWhiteList] The custom white list for domain.
+     * @return {boolean} If the domain is in / matches the whiteList, return true;
+     * otherwise false.
+     */
+    isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
+    get nonce(): string;
+    /**
+     * get csrf token, general use in template
+     * @return {String} csrf token
+     * @public
+     */
+    get csrf(): string;
+    /**
+     * get csrf secret from session or cookie
+     * @return {String} csrf secret
+     * @private
+     */
+    get [CSRF_SECRET](): string;
+    /**
+     * ensure csrf secret exists in session or cookie.
+     * @param {Boolean} [rotate] reset secret even if the secret exists
+     * @public
+     */
+    ensureCsrfSecret(rotate?: boolean): void;
+    get [INPUT_TOKEN](): string;
+    /**
+     * rotate csrf secret exists in session or cookie.
+     * must rotate the secret when user login
+     * @public
+     */
+    rotateCsrfSecret(): void;
+    /**
+     * assert csrf token/referer is present
+     * @public
+     */
+    assertCsrf(): void;
+    [CSRF_CTOKEN_CHECK](): "missing csrf token" | "invalid csrf token" | undefined;
+    [CSRF_REFERER_CHECK](): "missing csrf referer or origin" | "invalid csrf referer or origin" | undefined;
+    [LOG_CSRF_NOTICE](msg: string): void;
+    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+    unsafeRedirect(url: string, alt?: string): void;
 }
-//#endregion
-export { SecurityContext as default };
+export {};