@eggjs/security 5.0.0-beta.20 → 5.0.0-beta.22

package/dist/agent.d.ts

@@ -1,10 +1,6 @@
-import { Agent, ILifecycleBoot } from "egg";
-
-//#region src/agent.d.ts
-declare class AgentBoot implements ILifecycleBoot {
-  private readonly agent;
-  constructor(agent: Agent);
-  configWillLoad(): Promise<void>;
+import type { ILifecycleBoot, Agent } from 'egg';
+export default class AgentBoot implements ILifecycleBoot {
+    private readonly agent;
+    constructor(agent: Agent);
+    configWillLoad(): Promise<void>;
 }
-//#endregion
-export { AgentBoot as default };

package/dist/agent.js

@@ -1,15 +1,11 @@
-import { preprocessConfig } from "./utils-Cajs5P8M.js";
-
-//#region src/agent.ts
-var AgentBoot = class {
-	agent;
-	constructor(agent) {
-		this.agent = agent;
-	}
-	async configWillLoad() {
-		preprocessConfig(this.agent.config.security);
-	}
-};
-
-//#endregion
-export { AgentBoot as default };
+import { preprocessConfig } from "./lib/utils.js";
+export default class AgentBoot {
+    agent;
+    constructor(agent) {
+        this.agent = agent;
+    }
+    async configWillLoad() {
+        preprocessConfig(this.agent.config.security);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvYWdlbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFbEQsTUFBTSxDQUFDLE9BQU8sT0FBTyxTQUFTO0lBQ1gsS0FBSyxDQUFDO0lBRXZCLFlBQVksS0FBWTtRQUN0QixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQixDQUFDO0lBRUQsS0FBSyxDQUFDLGNBQWM7UUFDbEIsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDL0MsQ0FBQztDQUNGIn0=

package/dist/app/extend/agent.d.ts

@@ -1,10 +1,5 @@
-import "../../config.default-D8v08Vox.js";
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../safe_curl-mqZZv_YQ.js";
-import { Agent } from "egg";
-
-//#region src/app/extend/agent.d.ts
-declare class SecurityAgent extends Agent {
-  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+import { Agent } from 'egg';
+import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.ts';
+export default class SecurityAgent extends Agent {
+    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
 }
-//#endregion
-export { SecurityAgent as default };

package/dist/app/extend/agent.js

@@ -1,12 +1,8 @@
-import { safeCurlForApplication } from "../../safe_curl-UlViaxoF.js";
-import { Agent } from "egg";
-
-//#region src/app/extend/agent.ts
-var SecurityAgent = class extends Agent {
-	async safeCurl(url, options) {
-		return await safeCurlForApplication(this, url, options);
-	}
-};
-
-//#endregion
-export { SecurityAgent as default };
+import { Agent } from 'egg';
+import { safeCurlForApplication, } from "../../lib/extend/safe_curl.js";
+export default class SecurityAgent extends Agent {
+    async safeCurl(url, options) {
+        return await safeCurlForApplication(this, url, options);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hZ2VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRTVCLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLENBQUMsT0FBTyxPQUFPLGFBQWMsU0FBUSxLQUFLO0lBQzlDLEtBQUssQ0FBQyxRQUFRLENBQVUsR0FBeUIsRUFBRSxPQUEyQjtRQUM1RSxPQUFPLE1BQU0sc0JBQXNCLENBQUksSUFBSSxFQUFFLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM3RCxDQUFDO0NBQ0YifQ==

package/dist/app/extend/application.d.ts

@@ -1,4 +1,8 @@
-import "../../config.default-D8v08Vox.js";
-import "../../safe_curl-mqZZv_YQ.js";
-import { SecurityApplication } from "../../application-n5bk2L_z.js";
-export { SecurityApplication as default };
+import { Application } from 'egg';
+import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.ts';
+export default class SecurityApplication extends Application {
+    injectCsrf(html: string): string;
+    injectNonce(html: string): string;
+    injectHijackingDefense(html: string): string;
+    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+}

package/dist/app/extend/application.js

@@ -1,4 +1,32 @@
-import "../../safe_curl-UlViaxoF.js";
-import { SecurityApplication } from "../../application-COC0mYEe.js";
-
-export { SecurityApplication as default };
+import { Application } from 'egg';
+import { safeCurlForApplication, } from "../../lib/extend/safe_curl.js";
+const INPUT_CSRF = '\r\n<input type="hidden" name="_csrf" value="{{ctx.csrf}}" /></form>';
+const INJECTION_DEFENSE = '<!--for injection--><!--</html>--><!--for injection-->';
+export default class SecurityApplication extends Application {
+    injectCsrf(html) {
+        html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
+            const match = $2;
+            if (match.indexOf('name="_csrf"') !== -1 || match.indexOf("name='_csrf'") !== -1) {
+                return $1 + match + '</form>';
+            }
+            return $1 + match + INPUT_CSRF;
+        });
+        return html;
+    }
+    injectNonce(html) {
+        html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
+            if (!$1.includes('nonce=')) {
+                $1 += ' nonce="{{ctx.nonce}}"';
+            }
+            return '<script' + $1 + '>' + $2 + '</script>';
+        });
+        return html;
+    }
+    injectHijackingDefense(html) {
+        return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
+    }
+    async safeCurl(url, options) {
+        return await safeCurlForApplication(this, url, options);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwbGljYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hcHBsaWNhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRWxDLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLFVBQVUsR0FBRyxzRUFBc0UsQ0FBQztBQUMxRixNQUFNLGlCQUFpQixHQUFHLHdEQUF3RCxDQUFDO0FBRW5GLE1BQU0sQ0FBQyxPQUFPLE9BQU8sbUJBQW9CLFNBQVEsV0FBVztJQUMxRCxVQUFVLENBQUMsSUFBWTtRQUNyQixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQ0FBaUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDbkUsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ2pCLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ2pGLE9BQU8sRUFBRSxHQUFHLEtBQUssR0FBRyxTQUFTLENBQUM7WUFDaEMsQ0FBQztZQUNELE9BQU8sRUFBRSxHQUFHLEtBQUssR0FBRyxVQUFVLENBQUM7UUFDakMsQ0FBQyxDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxXQUFXLENBQUMsSUFBWTtRQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQywyQ0FBMkMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDN0UsSUFBSSxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsRUFBRSxJQUFJLHdCQUF3QixDQUFDO1lBQ2pDLENBQUM7WUFDRCxPQUFPLFNBQVMsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLEVBQUUsR0FBRyxXQUFXLENBQUM7UUFDakQsQ0FBQyxDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxzQkFBc0IsQ0FBQyxJQUFZO1FBQ2pDLE9BQU8saUJBQWlCLEdBQUcsSUFBSSxHQUFHLGlCQUFpQixDQUFDO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsUUFBUSxDQUFVLEdBQXlCLEVBQUUsT0FBMkI7UUFDNUUsT0FBTyxNQUFNLHNCQUFzQixDQUFJLElBQUksRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDN0QsQ0FBQztDQUNGIn0=

package/dist/app/extend/context.d.ts

@@ -1,4 +1,58 @@
-import "../../config.default-D8v08Vox.js";
-import "../../safe_curl-mqZZv_YQ.js";
-import { SecurityContext } from "../../context-C-N1IY85.js";
-export { SecurityContext as default };
+import { Context } from 'egg';
+import type { HttpClientRequestURL, HttpClientOptions, HttpClientResponse } from '../../lib/extend/safe_curl.ts';
+import type { SecurityConfig } from '../../config/config.default.ts';
+import type SecurityResponse from './response.ts';
+declare const CSRF_SECRET: unique symbol;
+declare const LOG_CSRF_NOTICE: unique symbol;
+declare const INPUT_TOKEN: unique symbol;
+declare const CSRF_REFERER_CHECK: unique symbol;
+declare const CSRF_CTOKEN_CHECK: unique symbol;
+export default class SecurityContext extends Context {
+    response: SecurityResponse;
+    get securityOptions(): Partial<SecurityConfig>;
+    /**
+     * Check whether the specific `domain` is in / matches the whiteList or not.
+     * @param {string} domain The assigned domain.
+     * @param {Array<string>} [customWhiteList] The custom white list for domain.
+     * @return {boolean} If the domain is in / matches the whiteList, return true;
+     * otherwise false.
+     */
+    isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
+    get nonce(): string;
+    /**
+     * get csrf token, general use in template
+     * @return {String} csrf token
+     * @public
+     */
+    get csrf(): string;
+    /**
+     * get csrf secret from session or cookie
+     * @return {String} csrf secret
+     * @private
+     */
+    get [CSRF_SECRET](): string;
+    /**
+     * ensure csrf secret exists in session or cookie.
+     * @param {Boolean} [rotate] reset secret even if the secret exists
+     * @public
+     */
+    ensureCsrfSecret(rotate?: boolean): void;
+    get [INPUT_TOKEN](): string;
+    /**
+     * rotate csrf secret exists in session or cookie.
+     * must rotate the secret when user login
+     * @public
+     */
+    rotateCsrfSecret(): void;
+    /**
+     * assert csrf token/referer is present
+     * @public
+     */
+    assertCsrf(): void;
+    [CSRF_CTOKEN_CHECK](): "missing csrf token" | "invalid csrf token" | undefined;
+    [CSRF_REFERER_CHECK](): "missing csrf referer or origin" | "invalid csrf referer or origin" | undefined;
+    [LOG_CSRF_NOTICE](msg: string): void;
+    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+    unsafeRedirect(url: string, alt?: string): void;
+}
+export {};

package/dist/app/extend/context.js

@@ -1,4 +1,244 @@
-import "../../utils-Cajs5P8M.js";
-import { SecurityContext } from "../../context-e-QJTKfq.js";
-
-export { SecurityContext as default };
+import { debuglog } from 'node:util';
+import { nanoid } from 'nanoid/non-secure';
+import Tokens from 'csrf';
+import { Context } from 'egg';
+import * as utils from "../../lib/utils.js";
+const debug = debuglog('egg/security/app/extend/context');
+const tokens = new Tokens();
+const CSRF_SECRET = Symbol('egg-security#CSRF_SECRET');
+const _CSRF_SECRET = Symbol('egg-security#_CSRF_SECRET');
+const NEW_CSRF_SECRET = Symbol('egg-security#NEW_CSRF_SECRET');
+const LOG_CSRF_NOTICE = Symbol('egg-security#LOG_CSRF_NOTICE');
+const INPUT_TOKEN = Symbol('egg-security#INPUT_TOKEN');
+const NONCE_CACHE = Symbol('egg-security#NONCE_CACHE');
+const SECURITY_OPTIONS = Symbol('egg-security#SECURITY_OPTIONS');
+const CSRF_REFERER_CHECK = Symbol('egg-security#CSRF_REFERER_CHECK');
+const CSRF_CTOKEN_CHECK = Symbol('egg-security#CSRF_CTOKEN_CHECK');
+function findToken(obj, keys) {
+    if (!obj)
+        return;
+    if (!keys || !keys.length)
+        return;
+    if (typeof keys === 'string')
+        return obj[keys];
+    for (const key of keys) {
+        if (obj[key])
+            return obj[key];
+    }
+}
+export default class SecurityContext extends Context {
+    get securityOptions() {
+        if (!this[SECURITY_OPTIONS]) {
+            this[SECURITY_OPTIONS] = {};
+        }
+        return this[SECURITY_OPTIONS];
+    }
+    /**
+     * Check whether the specific `domain` is in / matches the whiteList or not.
+     * @param {string} domain The assigned domain.
+     * @param {Array<string>} [customWhiteList] The custom white list for domain.
+     * @return {boolean} If the domain is in / matches the whiteList, return true;
+     * otherwise false.
+     */
+    isSafeDomain(domain, customWhiteList) {
+        const domainWhiteList = customWhiteList && customWhiteList.length > 0 ? customWhiteList : this.app.config.security.domainWhiteList;
+        return utils.isSafeDomain(domain, domainWhiteList);
+    }
+    // Add nonce, random characters will be OK.
+    // https://w3c.github.io/webappsec/specs/content-security-policy/#nonce_source
+    get nonce() {
+        if (!this[NONCE_CACHE]) {
+            this[NONCE_CACHE] = nanoid(16);
+        }
+        return this[NONCE_CACHE];
+    }
+    /**
+     * get csrf token, general use in template
+     * @return {String} csrf token
+     * @public
+     */
+    get csrf() {
+        // csrfSecret can be rotate, use NEW_CSRF_SECRET first
+        const secret = this[NEW_CSRF_SECRET] || this[CSRF_SECRET];
+        debug('get csrf token, NEW_CSRF_SECRET: %s, _CSRF_SECRET: %s', this[NEW_CSRF_SECRET], this[CSRF_SECRET]);
+        //  In order to protect against BREACH attacks,
+        //  the token is not simply the secret;
+        //  a random salt is prepended to the secret and used to scramble it.
+        //  http://breachattack.com/
+        return secret ? tokens.create(secret) : '';
+    }
+    /**
+     * get csrf secret from session or cookie
+     * @return {String} csrf secret
+     * @private
+     */
+    get [CSRF_SECRET]() {
+        if (this[_CSRF_SECRET]) {
+            return this[_CSRF_SECRET];
+        }
+        let { useSession, sessionName, cookieName: cookieNames, cookieOptions } = this.app.config.security.csrf;
+        // get secret from session or cookie
+        if (useSession) {
+            this[_CSRF_SECRET] = this.session[sessionName] || '';
+        }
+        else {
+            // cookieName support array. so we can change csrf cookie name smoothly
+            if (!Array.isArray(cookieNames)) {
+                cookieNames = [cookieNames];
+            }
+            for (const cookieName of cookieNames) {
+                this[_CSRF_SECRET] = this.cookies.get(cookieName, { signed: cookieOptions.signed }) || '';
+                if (this[_CSRF_SECRET]) {
+                    break;
+                }
+            }
+        }
+        return this[_CSRF_SECRET];
+    }
+    /**
+     * ensure csrf secret exists in session or cookie.
+     * @param {Boolean} [rotate] reset secret even if the secret exists
+     * @public
+     */
+    ensureCsrfSecret(rotate) {
+        if (this[CSRF_SECRET] && !rotate)
+            return;
+        debug('ensure csrf secret, exists: %s, rotate; %s', this[CSRF_SECRET], rotate);
+        const secret = tokens.secretSync();
+        this[NEW_CSRF_SECRET] = secret;
+        let { useSession, sessionName, cookieDomain, cookieName: cookieNames, cookieOptions, } = this.app.config.security.csrf;
+        if (useSession) {
+            // TODO(fengmk2): need to refactor egg-session plugin to support ctx.session type define
+            this.session[sessionName] = secret;
+        }
+        else {
+            if (typeof cookieDomain === 'function') {
+                cookieDomain = cookieDomain(this);
+            }
+            const cookieOpts = {
+                domain: cookieDomain,
+                ...cookieOptions,
+            };
+            // cookieName support array. so we can change csrf cookie name smoothly
+            if (!Array.isArray(cookieNames)) {
+                cookieNames = [cookieNames];
+            }
+            for (const cookieName of cookieNames) {
+                this.cookies.set(cookieName, secret, cookieOpts);
+            }
+        }
+    }
+    get [INPUT_TOKEN]() {
+        const { headerName, bodyName, queryName } = this.app.config.security.csrf;
+        // try order: query, body, header
+        const token = findToken(this.request.query, queryName) ||
+            findToken(this.request.body, bodyName) ||
+            (headerName && this.request.get(headerName));
+        debug('get token: %j, secret: %j', token, this[CSRF_SECRET]);
+        return token;
+    }
+    /**
+     * rotate csrf secret exists in session or cookie.
+     * must rotate the secret when user login
+     * @public
+     */
+    rotateCsrfSecret() {
+        if (!this[NEW_CSRF_SECRET] && this[CSRF_SECRET]) {
+            this.ensureCsrfSecret(true);
+        }
+    }
+    /**
+     * assert csrf token/referer is present
+     * @public
+     */
+    assertCsrf() {
+        if (utils.checkIfIgnore(this.app.config.security.csrf, this)) {
+            debug('%s, ignore by csrf options', this.path);
+            return;
+        }
+        const { type } = this.app.config.security.csrf;
+        let message;
+        const messages = [];
+        switch (type) {
+            case 'ctoken':
+                message = this[CSRF_CTOKEN_CHECK]();
+                if (message)
+                    this.throw(403, message);
+                break;
+            case 'referer':
+                message = this[CSRF_REFERER_CHECK]();
+                if (message)
+                    this.throw(403, message);
+                break;
+            case 'all':
+                message = this[CSRF_CTOKEN_CHECK]();
+                if (message)
+                    this.throw(403, message);
+                message = this[CSRF_REFERER_CHECK]();
+                if (message)
+                    this.throw(403, message);
+                break;
+            case 'any':
+                message = this[CSRF_CTOKEN_CHECK]();
+                if (!message)
+                    return;
+                messages.push(message);
+                message = this[CSRF_REFERER_CHECK]();
+                if (!message)
+                    return;
+                messages.push(message);
+                this.throw(403, `both ctoken and referer check error: ${messages.join(', ')}`);
+                break;
+            default:
+                this.throw(`invalid type ${type}`);
+        }
+    }
+    [CSRF_CTOKEN_CHECK]() {
+        if (!this[CSRF_SECRET]) {
+            debug('missing csrf token');
+            this[LOG_CSRF_NOTICE]('missing csrf token');
+            return 'missing csrf token';
+        }
+        const token = this[INPUT_TOKEN];
+        // AJAX requests get csrf token from cookie, in this situation token will equal to secret
+        // synchronize form requests' token always changing to protect against BREACH attacks
+        if (token !== this[CSRF_SECRET] && !tokens.verify(this[CSRF_SECRET], token)) {
+            debug('verify secret and token error');
+            this[LOG_CSRF_NOTICE]('invalid csrf token');
+            const { rotateWhenInvalid } = this.app.config.security.csrf;
+            if (rotateWhenInvalid) {
+                this.rotateCsrfSecret();
+            }
+            return 'invalid csrf token';
+        }
+    }
+    [CSRF_REFERER_CHECK]() {
+        const { refererWhiteList } = this.app.config.security.csrf;
+        // check Origin/Referer headers
+        const referer = (this.headers.referer ?? this.headers.origin ?? '').toLowerCase();
+        if (!referer) {
+            debug('missing csrf referer or origin');
+            this[LOG_CSRF_NOTICE]('missing csrf referer or origin');
+            return 'missing csrf referer or origin';
+        }
+        const host = utils.getFromUrl(referer, 'host');
+        const domainList = refererWhiteList.concat(this.host);
+        if (!host || !utils.isSafeDomain(host, domainList)) {
+            debug('verify referer or origin error');
+            this[LOG_CSRF_NOTICE]('invalid csrf referer or origin');
+            return 'invalid csrf referer or origin';
+        }
+    }
+    [LOG_CSRF_NOTICE](msg) {
+        if (this.app.config.env === 'local') {
+            this.logger.warn(`${msg}. See https://eggjs.org/zh-CN/core/security/#%E5%AE%89%E5%85%A8%E5%A8%81%E8%83%81-csrf-%E7%9A%84%E9%98%B2%E8%8C%83`);
+        }
+    }
+    async safeCurl(url, options) {
+        return await this.app.safeCurl(url, options);
+    }
+    unsafeRedirect(url, alt) {
+        this.response.unsafeRedirect(url, alt);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29udGV4dC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hcHAvZXh0ZW5kL2NvbnRleHQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUVyQyxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDM0MsT0FBTyxNQUFNLE1BQU0sTUFBTSxDQUFDO0FBQzFCLE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxLQUFLLENBQUM7QUFFOUIsT0FBTyxLQUFLLEtBQUssTUFBTSxvQkFBb0IsQ0FBQztBQUs1QyxNQUFNLEtBQUssR0FBRyxRQUFRLENBQUMsaUNBQWlDLENBQUMsQ0FBQztBQUUxRCxNQUFNLE1BQU0sR0FBRyxJQUFJLE1BQU0sRUFBRSxDQUFDO0FBRTVCLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0FBQ3ZELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0FBQ3pELE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO0FBQy9ELE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO0FBQy9ELE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0FBQ3ZELE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0FBQ3ZELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxDQUFDLCtCQUErQixDQUFDLENBQUM7QUFDakUsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsaUNBQWlDLENBQUMsQ0FBQztBQUNyRSxNQUFNLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0FBRW5FLFNBQVMsU0FBUyxDQUFDLEdBQTJCLEVBQUUsSUFBdUI7SUFDckUsSUFBSSxDQUFDLEdBQUc7UUFBRSxPQUFPO0lBQ2pCLElBQUksQ0FBQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTTtRQUFFLE9BQU87SUFDbEMsSUFBSSxPQUFPLElBQUksS0FBSyxRQUFRO1FBQUUsT0FBTyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDL0MsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUN2QixJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFBRSxPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNoQyxDQUFDO0FBQ0gsQ0FBQztBQUVELE1BQU0sQ0FBQyxPQUFPLE9BQU8sZUFBZ0IsU0FBUSxPQUFPO0lBR2xELElBQUksZUFBZTtRQUNqQixJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDOUIsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUE0QixDQUFDO0lBQzNELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxZQUFZLENBQUMsTUFBYyxFQUFFLGVBQTBCO1FBQ3JELE1BQU0sZUFBZSxHQUNuQixlQUFlLElBQUksZUFBZSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQztRQUM3RyxPQUFPLEtBQUssQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLGVBQWUsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRCwyQ0FBMkM7SUFDM0MsOEVBQThFO0lBQzlFLElBQUksS0FBSztRQUNQLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUN2QixJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxXQUFXLENBQVcsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILElBQUksSUFBSTtRQUNOLHNEQUFzRDtRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzFELEtBQUssQ0FBQyx1REFBdUQsRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUM7UUFDekcsK0NBQStDO1FBQy9DLHVDQUF1QztRQUN2QyxxRUFBcUU7UUFDckUsNEJBQTRCO1FBQzVCLE9BQU8sTUFBTSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQWdCLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNmLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDdkIsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFXLENBQUM7UUFDdEMsQ0FBQztRQUNELElBQUksRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQztRQUN4RyxvQ0FBb0M7UUFDcEMsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNmLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBSSxJQUFJLENBQUMsT0FBZSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNoRSxDQUFDO2FBQU0sQ0FBQztZQUNOLHVFQUF1RTtZQUN2RSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO2dCQUNoQyxXQUFXLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUM5QixDQUFDO1lBQ0QsS0FBSyxNQUFNLFVBQVUsSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDckMsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRSxFQUFFLE1BQU0sRUFBRSxhQUFhLENBQUMsTUFBTSxFQUFFLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQzFGLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7b0JBQ3ZCLE1BQU07Z0JBQ1IsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFXLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxnQkFBZ0IsQ0FBQyxNQUFnQjtRQUMvQixJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU07WUFBRSxPQUFPO1FBQ3pDLEtBQUssQ0FBQyw0Q0FBNEMsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDL0UsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ25DLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxNQUFNLENBQUM7UUFDL0IsSUFBSSxFQUNGLFVBQVUsRUFDVixXQUFXLEVBQ1gsWUFBWSxFQUNaLFVBQVUsRUFBRSxXQUFXLEVBQ3ZCLGFBQWEsR0FDZCxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7UUFFbEMsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNmLHdGQUF3RjtZQUN2RixJQUFJLENBQUMsT0FBZSxDQUFDLFdBQVcsQ0FBQyxHQUFHLE1BQU0sQ0FBQztRQUM5QyxDQUFDO2FBQU0sQ0FBQztZQUNOLElBQUksT0FBTyxZQUFZLEtBQUssVUFBVSxFQUFFLENBQUM7Z0JBQ3ZDLFlBQVksR0FBRyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDcEMsQ0FBQztZQUNELE1BQU0sVUFBVSxHQUFHO2dCQUNqQixNQUFNLEVBQUUsWUFBWTtnQkFDcEIsR0FBRyxhQUFhO2FBQ2pCLENBQUM7WUFDRix1RUFBdUU7WUFDdkUsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztnQkFDaEMsV0FBVyxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDOUIsQ0FBQztZQUNELEtBQUssTUFBTSxVQUFVLElBQUksV0FBVyxFQUFFLENBQUM7Z0JBQ3JDLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRSxNQUFNLEVBQUUsVUFBVSxDQUFDLENBQUM7WUFDbkQsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNmLE1BQU0sRUFBRSxVQUFVLEVBQUUsUUFBUSxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7UUFDMUUsaUNBQWlDO1FBQ2pDLE1BQU0sS0FBSyxHQUNULFNBQVMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxTQUFTLENBQUM7WUFDeEMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQztZQUN0QyxDQUFDLFVBQVUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBUyxVQUFVLENBQUMsQ0FBQyxDQUFDO1FBQ3ZELEtBQUssQ0FBQywyQkFBMkIsRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUM7UUFDN0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILGdCQUFnQjtRQUNkLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDaEQsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzlCLENBQUM7SUFDSCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsVUFBVTtRQUNSLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDN0QsS0FBSyxDQUFDLDRCQUE0QixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMvQyxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1FBQy9DLElBQUksT0FBTyxDQUFDO1FBQ1osTUFBTSxRQUFRLEdBQUcsRUFBRSxDQUFDO1FBQ3BCLFFBQVEsSUFBSSxFQUFFLENBQUM7WUFDYixLQUFLLFFBQVE7Z0JBQ1gsT0FBTyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLElBQUksT0FBTztvQkFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztnQkFDdEMsTUFBTTtZQUNSLEtBQUssU0FBUztnQkFDWixPQUFPLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FBQztnQkFDckMsSUFBSSxPQUFPO29CQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO2dCQUN0QyxNQUFNO1lBQ1IsS0FBSyxLQUFLO2dCQUNSLE9BQU8sR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsRUFBRSxDQUFDO2dCQUNwQyxJQUFJLE9BQU87b0JBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7Z0JBQ3RDLE9BQU8sR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDO2dCQUNyQyxJQUFJLE9BQU87b0JBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7Z0JBQ3RDLE1BQU07WUFDUixLQUFLLEtBQUs7Z0JBQ1IsT0FBTyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLElBQUksQ0FBQyxPQUFPO29CQUFFLE9BQU87Z0JBQ3JCLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ3ZCLE9BQU8sR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDO2dCQUNyQyxJQUFJLENBQUMsT0FBTztvQkFBRSxPQUFPO2dCQUNyQixRQUFRLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUN2QixJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSx3Q0FBd0MsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7Z0JBQy9FLE1BQU07WUFDUjtnQkFDRSxJQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7SUFDSCxDQUFDO0lBRUQsQ0FBQyxpQkFBaUIsQ0FBQztRQUNqQixJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDdkIsS0FBSyxDQUFDLG9CQUFvQixDQUFDLENBQUM7WUFDNUIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLG9CQUFvQixDQUFDLENBQUM7WUFDNUMsT0FBTyxvQkFBb0IsQ0FBQztRQUM5QixDQUFDO1FBQ0QsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ2hDLHlGQUF5RjtRQUN6RixxRkFBcUY7UUFDckYsSUFBSSxLQUFLLEtBQUssSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUM1RSxLQUFLLENBQUMsK0JBQStCLENBQUMsQ0FBQztZQUN2QyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsb0JBQW9CLENBQUMsQ0FBQztZQUM1QyxNQUFNLEVBQUUsaUJBQWlCLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1lBQzVELElBQUksaUJBQWlCLEVBQUUsQ0FBQztnQkFDdEIsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDMUIsQ0FBQztZQUNELE9BQU8sb0JBQW9CLENBQUM7UUFDOUIsQ0FBQztJQUNILENBQUM7SUFFRCxDQUFDLGtCQUFrQixDQUFDO1FBQ2xCLE1BQU0sRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7UUFDM0QsK0JBQStCO1FBQy9CLE1BQU0sT0FBTyxHQUFHLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFbEYsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsS0FBSyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7WUFDeEMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7WUFDeEQsT0FBTyxnQ0FBZ0MsQ0FBQztRQUMxQyxDQUFDO1FBRUQsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDL0MsTUFBTSxVQUFVLEdBQUcsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN0RCxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsVUFBVSxDQUFDLEVBQUUsQ0FBQztZQUNuRCxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztZQUN4QyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztZQUN4RCxPQUFPLGdDQUFnQyxDQUFDO1FBQzFDLENBQUM7SUFDSCxDQUFDO0lBRUQsQ0FBQyxlQUFlLENBQUMsQ0FBQyxHQUFXO1FBQzNCLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQ3BDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUNkLEdBQUcsR0FBRyxvSEFBb0gsQ0FDM0gsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLFFBQVEsQ0FBVSxHQUF5QixFQUFFLE9BQTJCO1FBQzVFLE9BQU8sTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBSSxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUVELGNBQWMsQ0FBQyxHQUFXLEVBQUUsR0FBWTtRQUN0QyxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDekMsQ0FBQztDQUNGIn0=

package/dist/app/extend/helper.d.ts

@@ -1,24 +1,12 @@
-import { cliFilter } from "../../cliFilter-DKZxCxSe.js";
-import { escapeShellArg } from "../../escapeShellArg-BnzDicAC.js";
-import { escapeShellCmd } from "../../escapeShellCmd-DQZZIHde.js";
-import { shtml } from "../../shtml-CAquTzgV.js";
-import { escapeJavaScript } from "../../sjs-QZIJYS71.js";
-import { jsonEscape } from "../../sjson-O-vKJPws.js";
-import { pathFilter } from "../../spath-DseDPHxf.js";
-import { surl } from "../../surl-JV70X_RZ.js";
-import * as escape_html0 from "escape-html";
-
-//#region src/app/extend/helper.d.ts
 declare const _default: {
-  cliFilter: typeof cliFilter;
-  escape: typeof escape_html0;
-  escapeShellArg: typeof escapeShellArg;
-  escapeShellCmd: typeof escapeShellCmd;
-  shtml: typeof shtml;
-  sjs: typeof escapeJavaScript;
-  sjson: typeof jsonEscape;
-  spath: typeof pathFilter;
-  surl: typeof surl;
+    cliFilter: typeof import("../../lib/helper/cliFilter.ts").default;
+    escape: typeof import("escape-html");
+    escapeShellArg: typeof import("../../lib/helper/escapeShellArg.ts").default;
+    escapeShellCmd: typeof import("../../lib/helper/escapeShellCmd.ts").default;
+    shtml: typeof import("../../lib/helper/shtml.ts").default;
+    sjs: typeof import("../../lib/helper/sjs.ts").default;
+    sjson: typeof import("../../lib/helper/sjson.ts").default;
+    spath: typeof import("../../lib/helper/spath.ts").default;
+    surl: typeof import("../../lib/helper/surl.ts").default;
 };
-//#endregion
-export { _default as default };
+export default _default;

package/dist/app/extend/helper.js

@@ -1,17 +1,5 @@
-import "../../utils-Cajs5P8M.js";
-import "../../cliFilter-7BSD8Nc_.js";
-import "../../escape-p8-cW8c_.js";
-import "../../escapeShellArg-C0v1ZeCl.js";
-import "../../escapeShellCmd-CkAdyhtO.js";
-import "../../shtml-CgF4kOx-.js";
-import "../../sjs-Cbmkk5xS.js";
-import "../../sjson-BetFnVR6.js";
-import "../../spath-Bu9sy6Kz.js";
-import "../../surl-ClleTea7.js";
-import { helper_default as helper_default$1 } from "../../helper-DylzfQ_5.js";
-
-//#region src/app/extend/helper.ts
-var helper_default = { ...helper_default$1 };
-
-//#endregion
-export { helper_default as default };
+import helpers from "../../lib/helper/index.js";
+export default {
+    ...helpers,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FwcC9leHRlbmQvaGVscGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sT0FBTyxNQUFNLDJCQUEyQixDQUFDO0FBRWhELGVBQWU7SUFDYixHQUFHLE9BQU87Q0FDWCxDQUFDIn0=

package/dist/app/extend/response.d.ts

@@ -1,4 +1,35 @@
-import "../../config.default-D8v08Vox.js";
-import "../../safe_curl-mqZZv_YQ.js";
-import { SecurityResponse } from "../../context-C-N1IY85.js";
-export { SecurityResponse as default };
+import { Response } from 'egg';
+import SecurityContext from './context.ts';
+export default class SecurityResponse extends Response {
+    ctx: SecurityContext;
+    /**
+     * This is an unsafe redirection, and we WON'T check if the
+     * destination url is safe or not.
+     * Please DO NOT use this method unless in some very special cases,
+     * otherwise there may be security vulnerabilities.
+     *
+     * @function Response#unsafeRedirect
+     * @param {String} url URL to forward
+     * @example
+     * ```js
+     * ctx.response.unsafeRedirect('http://www.domain.com');
+     * ctx.unsafeRedirect('http://www.domain.com');
+     * ```
+     */
+    unsafeRedirect(url: string, alt?: string): void;
+    /**
+     * A safe redirection, and we'll check if the URL is in
+     * a safe domain or not.
+     * We've overridden the default Koa's implementation by adding a
+     * white list as the filter for that.
+     *
+     * @function Response#redirect
+     * @param {String} url URL to forward
+     * @example
+     * ```js
+     * ctx.response.redirect('/login');
+     * ctx.redirect('/login');
+     * ```
+     */
+    redirect(url: string, alt?: string): void;
+}