@eggjs/security 5.0.0-beta.34 → 5.0.0-beta.36

package/dist/agent.d.ts

@@ -1,6 +1,10 @@
-import type { ILifecycleBoot, Agent } from 'egg';
-export default class AgentBoot implements ILifecycleBoot {
-    private readonly agent;
-    constructor(agent: Agent);
-    configWillLoad(): Promise<void>;
+import { Agent, ILifecycleBoot } from "egg";
+
+//#region src/agent.d.ts
+declare class AgentBoot implements ILifecycleBoot {
+  private readonly agent;
+  constructor(agent: Agent);
+  configWillLoad(): Promise<void>;
 }
+//#endregion
+export { AgentBoot as default };

package/dist/agent.js

@@ -1,11 +1,15 @@
 import { preprocessConfig } from "./lib/utils.js";
-export default class AgentBoot {
-    agent;
-    constructor(agent) {
-        this.agent = agent;
-    }
-    async configWillLoad() {
-        preprocessConfig(this.agent.config.security);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvYWdlbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFbEQsTUFBTSxDQUFDLE9BQU8sT0FBTyxTQUFTO0lBQ1gsS0FBSyxDQUFDO0lBRXZCLFlBQVksS0FBWTtRQUN0QixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQixDQUFDO0lBRUQsS0FBSyxDQUFDLGNBQWM7UUFDbEIsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDL0MsQ0FBQztDQUNGIn0=
+
+//#region src/agent.ts
+var AgentBoot = class {
+	agent;
+	constructor(agent) {
+		this.agent = agent;
+	}
+	async configWillLoad() {
+		preprocessConfig(this.agent.config.security);
+	}
+};
+
+//#endregion
+export { AgentBoot as default };

package/dist/app/extend/agent.d.ts

@@ -1,5 +1,9 @@
-import { Agent } from 'egg';
-import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.ts';
-export default class SecurityAgent extends Agent {
-    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../lib/extend/safe_curl.js";
+import { Agent } from "egg";
+
+//#region src/app/extend/agent.d.ts
+declare class SecurityAgent extends Agent {
+  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
 }
+//#endregion
+export { SecurityAgent as default };

package/dist/app/extend/agent.js

@@ -1,8 +1,12 @@
-import { Agent } from 'egg';
-import { safeCurlForApplication, } from "../../lib/extend/safe_curl.js";
-export default class SecurityAgent extends Agent {
-    async safeCurl(url, options) {
-        return await safeCurlForApplication(this, url, options);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWdlbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hZ2VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRTVCLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLENBQUMsT0FBTyxPQUFPLGFBQWMsU0FBUSxLQUFLO0lBQzlDLEtBQUssQ0FBQyxRQUFRLENBQVUsR0FBeUIsRUFBRSxPQUEyQjtRQUM1RSxPQUFPLE1BQU0sc0JBQXNCLENBQUksSUFBSSxFQUFFLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM3RCxDQUFDO0NBQ0YifQ==
+import { safeCurlForApplication } from "../../lib/extend/safe_curl.js";
+import { Agent } from "egg";
+
+//#region src/app/extend/agent.ts
+var SecurityAgent = class extends Agent {
+	async safeCurl(url, options) {
+		return await safeCurlForApplication(this, url, options);
+	}
+};
+
+//#endregion
+export { SecurityAgent as default };

package/dist/app/extend/application.d.ts

@@ -1,8 +1,12 @@
-import { Application } from 'egg';
-import { type HttpClientRequestURL, type HttpClientOptions, type HttpClientResponse } from '../../lib/extend/safe_curl.ts';
-export default class SecurityApplication extends Application {
-    injectCsrf(html: string): string;
-    injectNonce(html: string): string;
-    injectHijackingDefense(html: string): string;
-    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../lib/extend/safe_curl.js";
+import { Application } from "egg";
+
+//#region src/app/extend/application.d.ts
+declare class SecurityApplication extends Application {
+  injectCsrf(html: string): string;
+  injectNonce(html: string): string;
+  injectHijackingDefense(html: string): string;
+  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
 }
+//#endregion
+export { SecurityApplication as default };

package/dist/app/extend/application.js

@@ -1,32 +1,32 @@
-import { Application } from 'egg';
-import { safeCurlForApplication, } from "../../lib/extend/safe_curl.js";
-const INPUT_CSRF = '\r\n<input type="hidden" name="_csrf" value="{{ctx.csrf}}" /></form>';
-const INJECTION_DEFENSE = '<!--for injection--><!--</html>--><!--for injection-->';
-export default class SecurityApplication extends Application {
-    injectCsrf(html) {
-        html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
-            const match = $2;
-            if (match.indexOf('name="_csrf"') !== -1 || match.indexOf("name='_csrf'") !== -1) {
-                return $1 + match + '</form>';
-            }
-            return $1 + match + INPUT_CSRF;
-        });
-        return html;
-    }
-    injectNonce(html) {
-        html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
-            if (!$1.includes('nonce=')) {
-                $1 += ' nonce="{{ctx.nonce}}"';
-            }
-            return '<script' + $1 + '>' + $2 + '</script>';
-        });
-        return html;
-    }
-    injectHijackingDefense(html) {
-        return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
-    }
-    async safeCurl(url, options) {
-        return await safeCurlForApplication(this, url, options);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwbGljYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXBwL2V4dGVuZC9hcHBsaWNhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRWxDLE9BQU8sRUFDTCxzQkFBc0IsR0FJdkIsTUFBTSwrQkFBK0IsQ0FBQztBQUV2QyxNQUFNLFVBQVUsR0FBRyxzRUFBc0UsQ0FBQztBQUMxRixNQUFNLGlCQUFpQixHQUFHLHdEQUF3RCxDQUFDO0FBRW5GLE1BQU0sQ0FBQyxPQUFPLE9BQU8sbUJBQW9CLFNBQVEsV0FBVztJQUMxRCxVQUFVLENBQUMsSUFBWTtRQUNyQixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQ0FBaUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDbkUsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ2pCLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ2pGLE9BQU8sRUFBRSxHQUFHLEtBQUssR0FBRyxTQUFTLENBQUM7WUFDaEMsQ0FBQztZQUNELE9BQU8sRUFBRSxHQUFHLEtBQUssR0FBRyxVQUFVLENBQUM7UUFDakMsQ0FBQyxDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxXQUFXLENBQUMsSUFBWTtRQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQywyQ0FBMkMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDN0UsSUFBSSxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsRUFBRSxJQUFJLHdCQUF3QixDQUFDO1lBQ2pDLENBQUM7WUFDRCxPQUFPLFNBQVMsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLEVBQUUsR0FBRyxXQUFXLENBQUM7UUFDakQsQ0FBQyxDQUFDLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxzQkFBc0IsQ0FBQyxJQUFZO1FBQ2pDLE9BQU8saUJBQWlCLEdBQUcsSUFBSSxHQUFHLGlCQUFpQixDQUFDO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsUUFBUSxDQUFVLEdBQXlCLEVBQUUsT0FBMkI7UUFDNUUsT0FBTyxNQUFNLHNCQUFzQixDQUFJLElBQUksRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDN0QsQ0FBQztDQUNGIn0=
+import { safeCurlForApplication } from "../../lib/extend/safe_curl.js";
+import { Application } from "egg";
+
+//#region src/app/extend/application.ts
+const INPUT_CSRF = "\r\n<input type=\"hidden\" name=\"_csrf\" value=\"{{ctx.csrf}}\" /></form>";
+const INJECTION_DEFENSE = "<!--for injection--><!--</html>--><!--for injection-->";
+var SecurityApplication = class extends Application {
+	injectCsrf(html) {
+		html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
+			const match = $2;
+			if (match.indexOf("name=\"_csrf\"") !== -1 || match.indexOf("name='_csrf'") !== -1) return $1 + match + "</form>";
+			return $1 + match + INPUT_CSRF;
+		});
+		return html;
+	}
+	injectNonce(html) {
+		html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
+			if (!$1.includes("nonce=")) $1 += " nonce=\"{{ctx.nonce}}\"";
+			return "<script" + $1 + ">" + $2 + "<\/script>";
+		});
+		return html;
+	}
+	injectHijackingDefense(html) {
+		return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
+	}
+	async safeCurl(url, options) {
+		return await safeCurlForApplication(this, url, options);
+	}
+};
+
+//#endregion
+export { SecurityApplication as default };

package/dist/app/extend/context.d.ts

@@ -1,52 +1,56 @@
-import { Context } from 'egg';
-import type { HttpClientRequestURL, HttpClientOptions, HttpClientResponse } from '../../lib/extend/safe_curl.ts';
-import type { SecurityConfig } from '../../config/config.default.ts';
-import type SecurityResponse from './response.ts';
-export default class SecurityContext extends Context {
-    response: SecurityResponse;
-    get securityOptions(): Partial<SecurityConfig>;
-    /**
-     * Check whether the specific `domain` is in / matches the whiteList or not.
-     * @param {string} domain The assigned domain.
-     * @param {Array<string>} [customWhiteList] The custom white list for domain.
-     * @return {boolean} If the domain is in / matches the whiteList, return true;
-     * otherwise false.
-     */
-    isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
-    get nonce(): string;
-    /**
-     * get csrf token, general use in template
-     * @return {String} csrf token
-     * @public
-     */
-    get csrf(): string;
-    /**
-     * get csrf secret from session or cookie
-     * @return {String} csrf secret
-     * @private
-     */
-    private getCsrfSecret;
-    /**
-     * ensure csrf secret exists in session or cookie.
-     * @param {Boolean} [rotate] reset secret even if the secret exists
-     * @public
-     */
-    ensureCsrfSecret(rotate?: boolean): void;
-    private getInputToken;
-    /**
-     * rotate csrf secret exists in session or cookie.
-     * must rotate the secret when user login
-     * @public
-     */
-    rotateCsrfSecret(): void;
-    /**
-     * assert csrf token/referer is present
-     * @public
-     */
-    assertCsrf(): void;
-    private csrfCtokenCheck;
-    private csrfRefererCheck;
-    private logCsrfNotice;
-    safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-    unsafeRedirect(url: string, alt?: string): void;
+import { SecurityConfig } from "../../config/config.default.js";
+import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "../../lib/extend/safe_curl.js";
+import SecurityResponse from "./response.js";
+import { Context } from "egg";
+
+//#region src/app/extend/context.d.ts
+declare class SecurityContext extends Context {
+  response: SecurityResponse;
+  get securityOptions(): Partial<SecurityConfig>;
+  /**
+  * Check whether the specific `domain` is in / matches the whiteList or not.
+  * @param {string} domain The assigned domain.
+  * @param {Array<string>} [customWhiteList] The custom white list for domain.
+  * @return {boolean} If the domain is in / matches the whiteList, return true;
+  * otherwise false.
+  */
+  isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
+  get nonce(): string;
+  /**
+  * get csrf token, general use in template
+  * @return {String} csrf token
+  * @public
+  */
+  get csrf(): string;
+  /**
+  * get csrf secret from session or cookie
+  * @return {String} csrf secret
+  * @private
+  */
+  private getCsrfSecret;
+  /**
+  * ensure csrf secret exists in session or cookie.
+  * @param {Boolean} [rotate] reset secret even if the secret exists
+  * @public
+  */
+  ensureCsrfSecret(rotate?: boolean): void;
+  private getInputToken;
+  /**
+  * rotate csrf secret exists in session or cookie.
+  * must rotate the secret when user login
+  * @public
+  */
+  rotateCsrfSecret(): void;
+  /**
+  * assert csrf token/referer is present
+  * @public
+  */
+  assertCsrf(): void;
+  private csrfCtokenCheck;
+  private csrfRefererCheck;
+  private logCsrfNotice;
+  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+  unsafeRedirect(url: string, alt?: string): void;
 }
+//#endregion
+export { SecurityContext as default };