npm - @eggjs/security - Versions diffs - 5.0.0-beta.20 → 5.0.0-beta.21 - Mend

@eggjs/security 5.0.0-beta.20 → 5.0.0-beta.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/dist/agent.d.ts +5 -9
package/dist/agent.js +11 -15
package/dist/app/extend/agent.d.ts +4 -9
package/dist/app/extend/agent.js +8 -12
package/dist/app/extend/application.d.ts +8 -4
package/dist/app/extend/application.js +32 -4
package/dist/app/extend/context.d.ts +58 -4
package/dist/app/extend/context.js +244 -4
package/dist/app/extend/helper.d.ts +10 -22
package/dist/app/extend/helper.js +5 -17
package/dist/app/extend/response.d.ts +35 -4
package/dist/app/extend/response.js +83 -5
package/dist/app/middleware/securities.d.ts +4 -8
package/dist/app/middleware/securities.js +52 -49
package/dist/app.d.ts +5 -9
package/dist/app.js +26 -24
package/dist/config/config.default.d.ts +867 -2
package/dist/config/config.default.js +366 -3
package/dist/config/config.local.d.ts +2 -5
package/dist/config/config.local.js +8 -5
package/dist/index.d.ts +4 -5
package/dist/index.js +5 -8
package/dist/lib/extend/safe_curl.d.ts +16 -3
package/dist/lib/extend/safe_curl.js +25 -3
package/dist/lib/helper/cliFilter.d.ts +4 -2
package/dist/lib/helper/cliFilter.js +17 -3
package/dist/lib/helper/escape.d.ts +2 -2
package/dist/lib/helper/escape.js +3 -3
package/dist/lib/helper/escapeShellArg.d.ts +1 -2
package/dist/lib/helper/escapeShellArg.js +5 -3
package/dist/lib/helper/escapeShellCmd.d.ts +1 -2
package/dist/lib/helper/escapeShellCmd.js +14 -3
package/dist/lib/helper/index.d.ts +19 -22
package/dist/lib/helper/index.js +21 -13
package/dist/lib/helper/shtml.d.ts +2 -2
package/dist/lib/helper/shtml.js +69 -4
package/dist/lib/helper/sjs.d.ts +4 -2
package/dist/lib/helper/sjs.js +49 -3
package/dist/lib/helper/sjson.d.ts +1 -2
package/dist/lib/helper/sjson.js +39 -4
package/dist/lib/helper/spath.d.ts +5 -2
package/dist/lib/helper/spath.js +25 -3
package/dist/lib/helper/surl.d.ts +2 -2
package/dist/lib/helper/surl.js +30 -3
package/dist/lib/middlewares/csp.d.ts +3 -6
package/dist/lib/middlewares/csp.js +57 -4
package/dist/lib/middlewares/csrf.d.ts +3 -6
package/dist/lib/middlewares/csrf.js +37 -4
package/dist/lib/middlewares/dta.d.ts +2 -5
package/dist/lib/middlewares/dta.js +12 -4
package/dist/lib/middlewares/hsts.d.ts +3 -6
package/dist/lib/middlewares/hsts.js +21 -4
package/dist/lib/middlewares/index.d.ts +11 -16
package/dist/lib/middlewares/index.js +23 -14
package/dist/lib/middlewares/methodnoallow.d.ts +2 -5
package/dist/lib/middlewares/methodnoallow.js +20 -3
package/dist/lib/middlewares/noopen.d.ts +3 -6
package/dist/lib/middlewares/noopen.js +15 -4
package/dist/lib/middlewares/nosniff.d.ts +3 -6
package/dist/lib/middlewares/nosniff.js +28 -4
package/dist/lib/middlewares/referrerPolicy.d.ts +3 -6
package/dist/lib/middlewares/referrerPolicy.js +35 -4
package/dist/lib/middlewares/xframe.d.ts +3 -6
package/dist/lib/middlewares/xframe.js +17 -4
package/dist/lib/middlewares/xssProtection.d.ts +3 -6
package/dist/lib/middlewares/xssProtection.js +14 -4
package/dist/lib/utils.d.ts +12 -17
package/dist/lib/utils.js +192 -3
package/dist/types.d.ts +36 -3
package/dist/types.js +2 -3
package/package.json +6 -6
package/dist/application-COC0mYEe.js +0 -32
package/dist/application-n5bk2L_z.d.ts +0 -12
package/dist/cliFilter-7BSD8Nc_.js +0 -18
package/dist/cliFilter-DKZxCxSe.d.ts +0 -7
package/dist/config.default-AcwQOAG0.js +0 -166
package/dist/config.default-D8v08Vox.d.ts +0 -870
package/dist/context-C-N1IY85.d.ts +0 -95
package/dist/context-e-QJTKfq.js +0 -191
package/dist/csp-BW5AJd_f.js +0 -46
package/dist/csrf-9aSLHiby.js +0 -33
package/dist/dta-DVAKEpJ3.js +0 -13
package/dist/escape-Dex_Pk9e.d.ts +0 -2
package/dist/escape-p8-cW8c_.js +0 -7
package/dist/escapeShellArg-BnzDicAC.d.ts +0 -4
package/dist/escapeShellArg-C0v1ZeCl.js +0 -7
package/dist/escapeShellCmd-CkAdyhtO.js +0 -15
package/dist/escapeShellCmd-DQZZIHde.d.ts +0 -4
package/dist/helper-DylzfQ_5.js +0 -25
package/dist/hsts-CWMKNTEh.js +0 -19
package/dist/methodnoallow-BAZONArS.js +0 -15
package/dist/middlewares-CkQjv8t0.js +0 -27
package/dist/noopen-C3jUBwoH.js +0 -17
package/dist/nosniff-CcLkhX2I.js +0 -27
package/dist/referrerPolicy-D4Uafq6c.js +0 -31
package/dist/response-BFnHAJrV.js +0 -69
package/dist/safe_curl-UlViaxoF.js +0 -19
package/dist/safe_curl-mqZZv_YQ.d.ts +0 -20
package/dist/shtml-CAquTzgV.d.ts +0 -6
package/dist/shtml-CgF4kOx-.js +0 -53
package/dist/sjs-Cbmkk5xS.js +0 -36
package/dist/sjs-QZIJYS71.d.ts +0 -7
package/dist/sjson-BetFnVR6.js +0 -32
package/dist/sjson-O-vKJPws.d.ts +0 -4
package/dist/spath-Bu9sy6Kz.js +0 -16
package/dist/spath-DseDPHxf.d.ts +0 -7
package/dist/surl-ClleTea7.js +0 -25
package/dist/surl-JV70X_RZ.d.ts +0 -6
package/dist/types-BZR2U30p.d.ts +0 -38
package/dist/types-DnJpiSJb.js +0 -1
package/dist/utils-Cajs5P8M.js +0 -127
package/dist/xframe-q9fEZkVI.js +0 -18
package/dist/xssProtection-D5QsHX-e.js +0 -17

package/dist/config.default-AcwQOAG0.js DELETED Viewed

@@ -1,166 +0,0 @@
-import z from "zod";
-import { Context } from "egg";
-//#region src/config/config.default.ts
-const CSRFSupportRequestItem = z.object({
-	path: z.instanceof(RegExp),
-	methods: z.array(z.string())
-});
-const LookupAddress = z.object({
-	address: z.string(),
-	family: z.number()
-});
-const LookupAddressAndStringArray = z.union([z.string(), LookupAddress]).array();
-const SSRFCheckAddressFunction = z.function().args(z.union([
-	z.string(),
-	LookupAddress,
-	LookupAddressAndStringArray
-]), z.union([z.number(), z.string()]), z.string()).returns(z.boolean());
-const SecurityMiddlewareName = z.enum([
-	"csrf",
-	"hsts",
-	"methodnoallow",
-	"noopen",
-	"nosniff",
-	"csp",
-	"xssProtection",
-	"xframe",
-	"dta"
-]);
-/**
-* (ctx) => boolean
-*/
-const IgnoreOrMatchHandler = z.function().args(z.instanceof(Context)).returns(z.boolean());
-const IgnoreOrMatch = z.union([
-	z.string(),
-	z.instanceof(RegExp),
-	IgnoreOrMatchHandler
-]);
-const IgnoreOrMatchOption = z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional();
-const SecurityConfig = z.object({
-	domainWhiteList: z.array(z.string()).default([]),
-	protocolWhiteList: z.array(z.string()).default([]),
-	defaultMiddleware: z.union([z.string(), z.array(SecurityMiddlewareName)]).default(SecurityMiddlewareName.options),
-	csrf: z.preprocess((val) => {
-		if (typeof val === "boolean") return { enable: val };
-		return val;
-	}, z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true),
-		type: z.enum([
-			"ctoken",
-			"referer",
-			"all",
-			"any"
-		]).default("ctoken"),
-		ignoreJSON: z.boolean().default(false),
-		cookieName: z.union([z.string(), z.array(z.string())]).default("csrfToken"),
-		sessionName: z.string().default("csrfToken"),
-		headerName: z.string().default("x-csrf-token"),
-		bodyName: z.union([z.string(), z.array(z.string())]).default("_csrf"),
-		queryName: z.union([z.string(), z.array(z.string())]).default("_csrf"),
-		rotateWhenInvalid: z.boolean().default(false),
-		useSession: z.boolean().default(false),
-		cookieDomain: z.union([z.string(), z.function().args(z.instanceof(Context)).returns(z.string())]).optional(),
-		supportedRequests: z.array(CSRFSupportRequestItem).default([{
-			path: /^\//,
-			methods: [
-				"POST",
-				"PATCH",
-				"DELETE",
-				"PUT",
-				"CONNECT"
-			]
-		}]),
-		refererWhiteList: z.array(z.string()).default([]),
-		cookieOptions: z.object({
-			signed: z.boolean(),
-			httpOnly: z.boolean(),
-			overwrite: z.boolean()
-		}).default({
-			signed: false,
-			httpOnly: false,
-			overwrite: true
-		})
-	}).default({})),
-	xframe: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true),
-		value: z.string().default("SAMEORIGIN")
-	}).default({}),
-	hsts: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(false),
-		maxAge: z.number().default(365 * 24 * 3600),
-		includeSubdomains: z.boolean().default(false)
-	}).default({}),
-	methodnoallow: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	noopen: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	nosniff: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	xssProtection: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true),
-		value: z.coerce.string().default("1; mode=block")
-	}).default({}),
-	csp: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(false),
-		policy: z.record(z.union([
-			z.string(),
-			z.array(z.string()),
-			z.boolean()
-		])).default({}),
-		reportOnly: z.boolean().optional(),
-		supportIE: z.boolean().optional()
-	}).default({}),
-	referrerPolicy: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(false),
-		value: z.string().default("no-referrer-when-downgrade")
-	}).default({}),
-	dta: z.object({
-		match: IgnoreOrMatchOption,
-		ignore: IgnoreOrMatchOption,
-		enable: z.boolean().default(true)
-	}).default({}),
-	ssrf: z.object({
-		ipBlackList: z.array(z.string()).optional(),
-		ipExceptionList: z.array(z.string()).optional(),
-		hostnameExceptionList: z.array(z.string()).optional(),
-		checkAddress: SSRFCheckAddressFunction.optional()
-	}).default({}),
-	match: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
-	ignore: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
-	__protocolWhiteListSet: z.set(z.string()).optional().readonly()
-});
-const SecurityHelperOnTagAttrHandler = z.function().args(z.string(), z.string(), z.string(), z.boolean()).returns(z.union([z.string(), z.void()]));
-const SecurityHelperConfig = z.object({ shtml: z.object({
-	whiteList: z.record(z.array(z.string())).optional(),
-	domainWhiteList: z.array(z.string()).optional(),
-	onTagAttr: SecurityHelperOnTagAttrHandler.optional()
-}).default({}) });
-var config_default_default = {
-	security: SecurityConfig.parse({}),
-	helper: SecurityHelperConfig.parse({})
-};
-//#endregion
-export { LookupAddress, SecurityConfig, SecurityHelperConfig, SecurityMiddlewareName, config_default_default };