@eggjs/security 5.0.0-beta.27 → 5.0.0-beta.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/app/extend/context.d.ts +5 -11
  2. package/dist/app/extend/context.js +28 -30
  3. package/dist/app/extend/helper.d.ts +3 -12
  4. package/dist/app/extend/helper.js +3 -2
  5. package/dist/app/middleware/securities.d.ts +2 -3
  6. package/dist/app/middleware/securities.js +3 -3
  7. package/dist/config/config.default.d.ts +30 -838
  8. package/dist/config/config.default.js +19 -17
  9. package/dist/lib/extend/safe_curl.d.ts +1 -1
  10. package/dist/lib/helper/index.d.ts +2 -2
  11. package/dist/lib/helper/index.js +3 -2
  12. package/dist/lib/helper/shtml.js +1 -1
  13. package/dist/lib/middlewares/index.d.ts +22 -12
  14. package/dist/lib/middlewares/index.js +3 -2
  15. package/dist/lib/middlewares/referrerPolicy.js +1 -2
  16. package/dist/lib/utils.d.ts +1 -1
  17. package/dist/lib/utils.js +1 -1
  18. package/package.json +10 -10
package/dist/config/config.default.d.ts CHANGED
@@ -1,867 +1,59 @@
1
1
  import z from 'zod';
2
2
  import { Context } from 'egg';
3
3
  declare const CSRFSupportRequestItem: z.ZodObject<{
4
- path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
5
- methods: z.ZodArray<z.ZodString, "many">;
6
- }, "strip", z.ZodTypeAny, {
7
- path: RegExp;
8
- methods: string[];
9
- }, {
10
- path: RegExp;
11
- methods: string[];
4
+ path: z.ZodType<RegExp>;
5
+ methods: z.ZodArray<z.ZodString>;
12
6
  }>;
13
7
  export type CSRFSupportRequestItem = z.infer<typeof CSRFSupportRequestItem>;
14
8
  export declare const LookupAddress: z.ZodObject<{
15
9
  address: z.ZodString;
16
10
  family: z.ZodNumber;
17
- }, "strip", z.ZodTypeAny, {
18
- address: string;
19
- family: number;
20
- }, {
21
- address: string;
22
- family: number;
23
11
  }>;
24
12
  export type LookupAddress = z.infer<typeof LookupAddress>;
25
- declare const SSRFCheckAddressFunction: z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
26
- address: z.ZodString;
27
- family: z.ZodNumber;
28
- }, "strip", z.ZodTypeAny, {
29
- address: string;
30
- family: number;
31
- }, {
32
- address: string;
33
- family: number;
34
- }>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
35
- address: z.ZodString;
36
- family: z.ZodNumber;
37
- }, "strip", z.ZodTypeAny, {
38
- address: string;
39
- family: number;
40
- }, {
41
- address: string;
42
- family: number;
43
- }>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
13
+ declare const LookupAddressAndStringArray: z.ZodArray<z.ZodUnion<[z.ZodString, typeof LookupAddress]>>;
14
+ declare const SSRFCheckAddressFunction: z.ZodFunction<z.ZodTuple<[
15
+ z.ZodUnion<[z.ZodString, typeof LookupAddress, typeof LookupAddressAndStringArray]>,
16
+ z.ZodUnion<[z.ZodNumber, z.ZodString]>,
17
+ z.ZodString
18
+ ], z.ZodUnknown>, z.ZodBoolean>;
44
19
  /**
45
20
  * SSRF check address function
46
21
  * `(address, family, hostname) => boolean`
47
22
  */
48
23
  export type SSRFCheckAddressFunction = z.infer<typeof SSRFCheckAddressFunction>;
49
- export declare const SecurityMiddlewareName: z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>;
24
+ export declare const SecurityMiddlewareName: z.ZodEnum<[
25
+ 'csrf',
26
+ 'hsts',
27
+ 'methodnoallow',
28
+ 'noopen',
29
+ 'nosniff',
30
+ 'csp',
31
+ 'xssProtection',
32
+ 'xframe',
33
+ 'dta'
34
+ ]>;
50
35
  export type SecurityMiddlewareName = z.infer<typeof SecurityMiddlewareName>;
51
36
  /**
52
37
  * (ctx) => boolean
53
38
  */
54
- declare const IgnoreOrMatchHandler: z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>;
39
+ declare const IgnoreOrMatchHandler: z.ZodFunction<z.ZodTuple<[z.ZodType<Context>], z.ZodUnknown>, z.ZodBoolean>;
55
40
  export type IgnoreOrMatchHandler = z.infer<typeof IgnoreOrMatchHandler>;
56
- declare const IgnoreOrMatch: z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>;
41
+ declare const IgnoreOrMatch: z.ZodUnion<[z.ZodString, z.ZodType<RegExp>, typeof IgnoreOrMatchHandler]>;
57
42
  export type IgnoreOrMatch = z.infer<typeof IgnoreOrMatch>;
58
- declare const IgnoreOrMatchOption: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
43
+ declare const IgnoreOrMatchOption: z.ZodOptional<z.ZodUnion<[typeof IgnoreOrMatch, z.ZodArray<typeof IgnoreOrMatch>]>>;
59
44
  export type IgnoreOrMatchOption = z.infer<typeof IgnoreOrMatchOption>;
60
- export declare const SecurityConfig: z.ZodObject<{
61
- /**
62
- * domain white list
63
- *
64
- * Default to `[]`
65
- */
66
- domainWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
67
- /**
68
- * protocol white list
69
- *
70
- * Default to `[]`
71
- */
72
- protocolWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
73
- /**
74
- * default open security middleware
75
- *
76
- * Default to `'csrf,hsts,methodnoallow,noopen,nosniff,csp,xssProtection,xframe,dta'`
77
- */
78
- defaultMiddleware: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>, "many">]>>;
79
- /**
80
- * whether defend csrf attack
81
- */
82
- csrf: z.ZodEffects<z.ZodDefault<z.ZodObject<{
83
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
84
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
85
- /**
86
- * Default to `true`
87
- */
88
- enable: z.ZodDefault<z.ZodBoolean>;
89
- /**
90
- * csrf token detect source type
91
- *
92
- * Default to `'ctoken'`
93
- */
94
- type: z.ZodDefault<z.ZodEnum<["ctoken", "referer", "all", "any"]>>;
95
- /**
96
- * ignore json request
97
- *
98
- * Default to `false`
99
- *
100
- * @deprecated is not safe now, don't use it
101
- */
102
- ignoreJSON: z.ZodDefault<z.ZodBoolean>;
103
- /**
104
- * csrf token cookie name
105
- *
106
- * Default to `'csrfToken'`
107
- */
108
- cookieName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
109
- /**
110
- * csrf token session name
111
- *
112
- * Default to `'csrfToken'`
113
- */
114
- sessionName: z.ZodDefault<z.ZodString>;
115
- /**
116
- * csrf token request header name
117
- *
118
- * Default to `'x-csrf-token'`
119
- */
120
- headerName: z.ZodDefault<z.ZodString>;
121
- /**
122
- * csrf token request body field name
123
- *
124
- * Default to `'_csrf'`
125
- */
126
- bodyName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
127
- /**
128
- * csrf token request query field name
129
- *
130
- * Default to `'_csrf'`
131
- */
132
- queryName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
133
- /**
134
- * rotate csrf token when it is invalid
135
- *
136
- * Default to `false`
137
- */
138
- rotateWhenInvalid: z.ZodDefault<z.ZodBoolean>;
139
- /**
140
- * These config works when using `'ctoken'` type
141
- *
142
- * Default to `false`
143
- */
144
- useSession: z.ZodDefault<z.ZodBoolean>;
145
- /**
146
- * csrf token cookie domain setting,
147
- * can be `(ctx) => string` or `string`
148
- *
149
- * Default to `undefined`, auto set the cookie domain in the safe way
150
- */
151
- cookieDomain: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodString>]>>;
152
- /**
153
- * csrf token check requests config
154
- */
155
- supportedRequests: z.ZodDefault<z.ZodArray<z.ZodObject<{
156
- path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
157
- methods: z.ZodArray<z.ZodString, "many">;
158
- }, "strip", z.ZodTypeAny, {
159
- path: RegExp;
160
- methods: string[];
161
- }, {
162
- path: RegExp;
163
- methods: string[];
164
- }>, "many">>;
165
- /**
166
- * referer or origin header white list.
167
- * It only works when using `'referer'` type
168
- *
169
- * Default to `[]`
170
- */
171
- refererWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
172
- /**
173
- * csrf token cookie options
174
- *
175
- * Default to `{
176
- * signed: false,
177
- * httpOnly: false,
178
- * overwrite: true,
179
- * }`
180
- */
181
- cookieOptions: z.ZodDefault<z.ZodObject<{
182
- signed: z.ZodBoolean;
183
- httpOnly: z.ZodBoolean;
184
- overwrite: z.ZodBoolean;
185
- }, "strip", z.ZodTypeAny, {
186
- signed: boolean;
187
- overwrite: boolean;
188
- httpOnly: boolean;
189
- }, {
190
- signed: boolean;
191
- overwrite: boolean;
192
- httpOnly: boolean;
193
- }>>;
194
- }, "strip", z.ZodTypeAny, {
195
- type: "referer" | "all" | "ctoken" | "any";
196
- enable: boolean;
197
- ignoreJSON: boolean;
198
- cookieName: string | string[];
199
- sessionName: string;
200
- headerName: string;
201
- bodyName: string | string[];
202
- queryName: string | string[];
203
- rotateWhenInvalid: boolean;
204
- useSession: boolean;
205
- supportedRequests: {
206
- path: RegExp;
207
- methods: string[];
208
- }[];
209
- refererWhiteList: string[];
210
- cookieOptions: {
211
- signed: boolean;
212
- overwrite: boolean;
213
- httpOnly: boolean;
214
- };
215
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
216
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
217
- cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
218
- }, {
219
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
220
- type?: "referer" | "all" | "ctoken" | "any" | undefined;
221
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
222
- enable?: boolean | undefined;
223
- ignoreJSON?: boolean | undefined;
224
- cookieName?: string | string[] | undefined;
225
- sessionName?: string | undefined;
226
- headerName?: string | undefined;
227
- bodyName?: string | string[] | undefined;
228
- queryName?: string | string[] | undefined;
229
- rotateWhenInvalid?: boolean | undefined;
230
- useSession?: boolean | undefined;
231
- cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
232
- supportedRequests?: {
233
- path: RegExp;
234
- methods: string[];
235
- }[] | undefined;
236
- refererWhiteList?: string[] | undefined;
237
- cookieOptions?: {
238
- signed: boolean;
239
- overwrite: boolean;
240
- httpOnly: boolean;
241
- } | undefined;
242
- }>>, {
243
- type: "referer" | "all" | "ctoken" | "any";
244
- enable: boolean;
245
- ignoreJSON: boolean;
246
- cookieName: string | string[];
247
- sessionName: string;
248
- headerName: string;
249
- bodyName: string | string[];
250
- queryName: string | string[];
251
- rotateWhenInvalid: boolean;
252
- useSession: boolean;
253
- supportedRequests: {
254
- path: RegExp;
255
- methods: string[];
256
- }[];
257
- refererWhiteList: string[];
258
- cookieOptions: {
259
- signed: boolean;
260
- overwrite: boolean;
261
- httpOnly: boolean;
262
- };
263
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
264
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
265
- cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
266
- }, unknown>;
267
- /**
268
- * whether enable X-Frame-Options response header
269
- */
270
- xframe: z.ZodDefault<z.ZodObject<{
271
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
272
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
273
- /**
274
- * Default to `true`
275
- */
276
- enable: z.ZodDefault<z.ZodBoolean>;
277
- /**
278
- * X-Frame-Options value, can be `'DENY'`, `'SAMEORIGIN'`, `'ALLOW-FROM https://example.com'`
279
- *
280
- * Default to `'SAMEORIGIN'`
281
- */
282
- value: z.ZodDefault<z.ZodString>;
283
- }, "strip", z.ZodTypeAny, {
284
- enable: boolean;
285
- value: string;
286
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
287
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
288
- }, {
289
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
290
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
291
- enable?: boolean | undefined;
292
- value?: string | undefined;
293
- }>>;
294
- /**
295
- * whether enable Strict-Transport-Security response header
296
- */
297
- hsts: z.ZodDefault<z.ZodObject<{
298
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
299
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
300
- /**
301
- * Default to `false`
302
- */
303
- enable: z.ZodDefault<z.ZodBoolean>;
304
- /**
305
- * Max age of Strict-Transport-Security in seconds
306
- *
307
- * Default to `365 * 24 * 3600`
308
- */
309
- maxAge: z.ZodDefault<z.ZodNumber>;
310
- /**
311
- * Whether include sub domains
312
- *
313
- * Default to `false`
314
- */
315
- includeSubdomains: z.ZodDefault<z.ZodBoolean>;
316
- }, "strip", z.ZodTypeAny, {
317
- enable: boolean;
318
- maxAge: number;
319
- includeSubdomains: boolean;
320
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
321
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
322
- }, {
323
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
324
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
325
- enable?: boolean | undefined;
326
- maxAge?: number | undefined;
327
- includeSubdomains?: boolean | undefined;
328
- }>>;
329
- /**
330
- * whether enable Http Method filter
331
- */
332
- methodnoallow: z.ZodDefault<z.ZodObject<{
333
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
334
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
335
- /**
336
- * Default to `true`
337
- */
338
- enable: z.ZodDefault<z.ZodBoolean>;
339
- }, "strip", z.ZodTypeAny, {
340
- enable: boolean;
341
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
342
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
343
- }, {
344
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
345
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
346
- enable?: boolean | undefined;
347
- }>>;
348
- /**
349
- * whether enable IE automatically download open
350
- */
351
- noopen: z.ZodDefault<z.ZodObject<{
352
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
353
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
354
- /**
355
- * Default to `true`
356
- */
357
- enable: z.ZodDefault<z.ZodBoolean>;
358
- }, "strip", z.ZodTypeAny, {
359
- enable: boolean;
360
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
361
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
362
- }, {
363
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
364
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
365
- enable?: boolean | undefined;
366
- }>>;
367
- /**
368
- * whether enable IE8 automatically detect mime
369
- */
370
- nosniff: z.ZodDefault<z.ZodObject<{
371
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
372
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
373
- /**
374
- * Default to `true`
375
- */
376
- enable: z.ZodDefault<z.ZodBoolean>;
377
- }, "strip", z.ZodTypeAny, {
378
- enable: boolean;
379
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
380
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
381
- }, {
382
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
383
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
384
- enable?: boolean | undefined;
385
- }>>;
386
- /**
387
- * whether enable IE8 XSS Filter
388
- */
389
- xssProtection: z.ZodDefault<z.ZodObject<{
390
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
391
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
392
- /**
393
- * Default to `true`
394
- */
395
- enable: z.ZodDefault<z.ZodBoolean>;
396
- /**
397
- * X-XSS-Protection response header value
398
- *
399
- * Default to `'1; mode=block'`
400
- */
401
- value: z.ZodDefault<z.ZodString>;
402
- }, "strip", z.ZodTypeAny, {
403
- enable: boolean;
404
- value: string;
405
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
406
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
407
- }, {
408
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
409
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
410
- enable?: boolean | undefined;
411
- value?: string | undefined;
412
- }>>;
413
- /**
414
- * content security policy config
415
- */
416
- csp: z.ZodDefault<z.ZodObject<{
417
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
418
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
419
- /**
420
- * Default to `false`
421
- */
422
- enable: z.ZodDefault<z.ZodBoolean>;
423
- policy: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">, z.ZodBoolean]>>>;
424
- /**
425
- * whether enable report only mode
426
- * Default to `undefined`
427
- */
428
- reportOnly: z.ZodOptional<z.ZodBoolean>;
429
- /**
430
- * whether support IE
431
- * Default to `undefined`
432
- */
433
- supportIE: z.ZodOptional<z.ZodBoolean>;
434
- }, "strip", z.ZodTypeAny, {
435
- enable: boolean;
436
- policy: Record<string, string | boolean | string[]>;
437
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
438
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
439
- reportOnly?: boolean | undefined;
440
- supportIE?: boolean | undefined;
441
- }, {
442
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
443
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
444
- enable?: boolean | undefined;
445
- policy?: Record<string, string | boolean | string[]> | undefined;
446
- reportOnly?: boolean | undefined;
447
- supportIE?: boolean | undefined;
448
- }>>;
449
- /**
450
- * whether enable referrer policy
451
- * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
452
- */
453
- referrerPolicy: z.ZodDefault<z.ZodObject<{
454
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
455
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
456
- /**
457
- * Default to `false`
458
- */
459
- enable: z.ZodDefault<z.ZodBoolean>;
460
- /**
461
- * referrer policy value
462
- *
463
- * Default to `'no-referrer-when-downgrade'`
464
- */
465
- value: z.ZodDefault<z.ZodString>;
466
- }, "strip", z.ZodTypeAny, {
467
- enable: boolean;
468
- value: string;
469
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
470
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
471
- }, {
472
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
473
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
474
- enable?: boolean | undefined;
475
- value?: string | undefined;
476
- }>>;
477
- /**
478
- * whether enable auto avoid directory traversal attack
479
- */
480
- dta: z.ZodDefault<z.ZodObject<{
481
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
482
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
483
- /**
484
- * Default to `true`
485
- */
486
- enable: z.ZodDefault<z.ZodBoolean>;
487
- }, "strip", z.ZodTypeAny, {
488
- enable: boolean;
489
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
490
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
491
- }, {
492
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
493
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
494
- enable?: boolean | undefined;
495
- }>>;
496
- ssrf: z.ZodDefault<z.ZodObject<{
497
- ipBlackList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
498
- ipExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
499
- hostnameExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
500
- checkAddress: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
501
- address: z.ZodString;
502
- family: z.ZodNumber;
503
- }, "strip", z.ZodTypeAny, {
504
- address: string;
505
- family: number;
506
- }, {
507
- address: string;
508
- family: number;
509
- }>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
510
- address: z.ZodString;
511
- family: z.ZodNumber;
512
- }, "strip", z.ZodTypeAny, {
513
- address: string;
514
- family: number;
515
- }, {
516
- address: string;
517
- family: number;
518
- }>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>>;
519
- }, "strip", z.ZodTypeAny, {
520
- ipBlackList?: string[] | undefined;
521
- ipExceptionList?: string[] | undefined;
522
- hostnameExceptionList?: string[] | undefined;
523
- checkAddress?: ((args_0: string | {
524
- address: string;
525
- family: number;
526
- } | (string | {
527
- address: string;
528
- family: number;
529
- })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
530
- }, {
531
- ipBlackList?: string[] | undefined;
532
- ipExceptionList?: string[] | undefined;
533
- hostnameExceptionList?: string[] | undefined;
534
- checkAddress?: ((args_0: string | {
535
- address: string;
536
- family: number;
537
- } | (string | {
538
- address: string;
539
- family: number;
540
- })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
541
- }>>;
542
- match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
543
- ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
544
- __protocolWhiteListSet: z.ZodReadonly<z.ZodOptional<z.ZodSet<z.ZodString>>>;
545
- }, "strip", z.ZodTypeAny, {
546
- domainWhiteList: string[];
547
- protocolWhiteList: string[];
548
- csrf: {
549
- type: "referer" | "all" | "ctoken" | "any";
550
- enable: boolean;
551
- ignoreJSON: boolean;
552
- cookieName: string | string[];
553
- sessionName: string;
554
- headerName: string;
555
- bodyName: string | string[];
556
- queryName: string | string[];
557
- rotateWhenInvalid: boolean;
558
- useSession: boolean;
559
- supportedRequests: {
560
- path: RegExp;
561
- methods: string[];
562
- }[];
563
- refererWhiteList: string[];
564
- cookieOptions: {
565
- signed: boolean;
566
- overwrite: boolean;
567
- httpOnly: boolean;
568
- };
569
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
570
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
571
- cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
572
- };
573
- hsts: {
574
- enable: boolean;
575
- maxAge: number;
576
- includeSubdomains: boolean;
577
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
578
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
579
- };
580
- methodnoallow: {
581
- enable: boolean;
582
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
583
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
584
- };
585
- noopen: {
586
- enable: boolean;
587
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
588
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
589
- };
590
- nosniff: {
591
- enable: boolean;
592
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
593
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
594
- };
595
- csp: {
596
- enable: boolean;
597
- policy: Record<string, string | boolean | string[]>;
598
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
599
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
600
- reportOnly?: boolean | undefined;
601
- supportIE?: boolean | undefined;
602
- };
603
- xssProtection: {
604
- enable: boolean;
605
- value: string;
606
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
607
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
608
- };
609
- xframe: {
610
- enable: boolean;
611
- value: string;
612
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
613
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
614
- };
615
- dta: {
616
- enable: boolean;
617
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
618
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
619
- };
620
- defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
621
- referrerPolicy: {
622
- enable: boolean;
623
- value: string;
624
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
625
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
626
- };
627
- ssrf: {
628
- ipBlackList?: string[] | undefined;
629
- ipExceptionList?: string[] | undefined;
630
- hostnameExceptionList?: string[] | undefined;
631
- checkAddress?: ((args_0: string | {
632
- address: string;
633
- family: number;
634
- } | (string | {
635
- address: string;
636
- family: number;
637
- })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
638
- };
639
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
640
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
641
- __protocolWhiteListSet?: ReadonlySet<string> | undefined;
642
- }, {
643
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
644
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
645
- domainWhiteList?: string[] | undefined;
646
- protocolWhiteList?: string[] | undefined;
647
- csrf?: unknown;
648
- hsts?: {
649
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
650
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
651
- enable?: boolean | undefined;
652
- maxAge?: number | undefined;
653
- includeSubdomains?: boolean | undefined;
654
- } | undefined;
655
- methodnoallow?: {
656
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
657
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
658
- enable?: boolean | undefined;
659
- } | undefined;
660
- noopen?: {
661
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
662
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
663
- enable?: boolean | undefined;
664
- } | undefined;
665
- nosniff?: {
666
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
667
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
668
- enable?: boolean | undefined;
669
- } | undefined;
670
- csp?: {
671
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
672
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
673
- enable?: boolean | undefined;
674
- policy?: Record<string, string | boolean | string[]> | undefined;
675
- reportOnly?: boolean | undefined;
676
- supportIE?: boolean | undefined;
677
- } | undefined;
678
- xssProtection?: {
679
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
680
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
681
- enable?: boolean | undefined;
682
- value?: string | undefined;
683
- } | undefined;
684
- xframe?: {
685
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
686
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
687
- enable?: boolean | undefined;
688
- value?: string | undefined;
689
- } | undefined;
690
- dta?: {
691
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
692
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
693
- enable?: boolean | undefined;
694
- } | undefined;
695
- defaultMiddleware?: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[] | undefined;
696
- referrerPolicy?: {
697
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
698
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
699
- enable?: boolean | undefined;
700
- value?: string | undefined;
701
- } | undefined;
702
- ssrf?: {
703
- ipBlackList?: string[] | undefined;
704
- ipExceptionList?: string[] | undefined;
705
- hostnameExceptionList?: string[] | undefined;
706
- checkAddress?: ((args_0: string | {
707
- address: string;
708
- family: number;
709
- } | (string | {
710
- address: string;
711
- family: number;
712
- })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
713
- } | undefined;
714
- __protocolWhiteListSet?: ReadonlySet<string> | undefined;
715
- }>;
45
+ export declare const SecurityConfig: z.ZodObject<any>;
716
46
  export type SecurityConfig = z.infer<typeof SecurityConfig>;
717
47
  declare const SecurityHelperOnTagAttrHandler: z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>;
718
48
  /**
719
49
  * (tag: string, name: string, value: string, isWhiteAttr: boolean) => string | void
720
50
  */
721
51
  export type SecurityHelperOnTagAttrHandler = z.infer<typeof SecurityHelperOnTagAttrHandler>;
722
- export declare const SecurityHelperConfig: z.ZodObject<{
723
- shtml: z.ZodDefault<z.ZodObject<{
724
- /**
725
- * tag attribute white list
726
- */
727
- whiteList: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
728
- /**
729
- * domain white list
730
- * @deprecated use `config.security.domainWhiteList` instead
731
- */
732
- domainWhiteList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
733
- /**
734
- * tag attribute handler
735
- */
736
- onTagAttr: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>>;
737
- }, "strip", z.ZodTypeAny, {
738
- domainWhiteList?: string[] | undefined;
739
- whiteList?: Record<string, string[]> | undefined;
740
- onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
741
- }, {
742
- domainWhiteList?: string[] | undefined;
743
- whiteList?: Record<string, string[]> | undefined;
744
- onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
745
- }>>;
746
- }, "strip", z.ZodTypeAny, {
747
- shtml: {
748
- domainWhiteList?: string[] | undefined;
749
- whiteList?: Record<string, string[]> | undefined;
750
- onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
751
- };
752
- }, {
753
- shtml?: {
754
- domainWhiteList?: string[] | undefined;
755
- whiteList?: Record<string, string[]> | undefined;
756
- onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
757
- } | undefined;
758
- }>;
52
+ export declare const SecurityHelperConfig: z.ZodObject<any>;
759
53
  export type SecurityHelperConfig = z.infer<typeof SecurityHelperConfig>;
760
- declare const _default: {
761
- security: {
762
- domainWhiteList: string[];
763
- protocolWhiteList: string[];
764
- csrf: {
765
- type: "referer" | "all" | "ctoken" | "any";
766
- enable: boolean;
767
- ignoreJSON: boolean;
768
- cookieName: string | string[];
769
- sessionName: string;
770
- headerName: string;
771
- bodyName: string | string[];
772
- queryName: string | string[];
773
- rotateWhenInvalid: boolean;
774
- useSession: boolean;
775
- supportedRequests: {
776
- path: RegExp;
777
- methods: string[];
778
- }[];
779
- refererWhiteList: string[];
780
- cookieOptions: {
781
- signed: boolean;
782
- overwrite: boolean;
783
- httpOnly: boolean;
784
- };
785
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
786
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
787
- cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
788
- };
789
- hsts: {
790
- enable: boolean;
791
- maxAge: number;
792
- includeSubdomains: boolean;
793
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
794
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
795
- };
796
- methodnoallow: {
797
- enable: boolean;
798
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
799
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
800
- };
801
- noopen: {
802
- enable: boolean;
803
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
804
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
805
- };
806
- nosniff: {
807
- enable: boolean;
808
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
809
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
810
- };
811
- csp: {
812
- enable: boolean;
813
- policy: Record<string, string | boolean | string[]>;
814
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
815
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
816
- reportOnly?: boolean | undefined;
817
- supportIE?: boolean | undefined;
818
- };
819
- xssProtection: {
820
- enable: boolean;
821
- value: string;
822
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
823
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
824
- };
825
- xframe: {
826
- enable: boolean;
827
- value: string;
828
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
829
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
830
- };
831
- dta: {
832
- enable: boolean;
833
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
834
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
835
- };
836
- defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
837
- referrerPolicy: {
838
- enable: boolean;
839
- value: string;
840
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
841
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
842
- };
843
- ssrf: {
844
- ipBlackList?: string[] | undefined;
845
- ipExceptionList?: string[] | undefined;
846
- hostnameExceptionList?: string[] | undefined;
847
- checkAddress?: ((args_0: string | {
848
- address: string;
849
- family: number;
850
- } | (string | {
851
- address: string;
852
- family: number;
853
- })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
854
- };
855
- match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
856
- ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
857
- __protocolWhiteListSet?: ReadonlySet<string> | undefined;
858
- };
859
- helper: {
860
- shtml: {
861
- domainWhiteList?: string[] | undefined;
862
- whiteList?: Record<string, string[]> | undefined;
863
- onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
864
- };
865
- };
866
- };
867
- export default _default;
54
+ interface PluginConfig {
55
+ security: SecurityConfig;
56
+ helper: SecurityHelperConfig;
57
+ }
58
+ declare const config: PluginConfig;
59
+ export default config;