@eggjs/security 5.0.0-beta.35 → 5.0.0-beta.36

package/dist/lib/helper/spath.js

@@ -1,25 +1,16 @@
-/**
- * File Inclusion
- */
-export default function pathFilter(path) {
-    if (typeof path !== 'string')
-        return path;
-    const pathSource = path;
-    while (path.indexOf('%') !== -1) {
-        try {
-            path = decodeURIComponent(path);
-        }
-        catch {
-            if (process.env.NODE_ENV !== 'production') {
-                // Not a PROD env, logging with a warning.
-                this.ctx.coreLogger.warn('[@eggjs/security/lib/helper/spath] : decode file path %j failed.', path);
-            }
-            break;
-        }
-    }
-    if (path.indexOf('..') !== -1 || path[0] === '/') {
-        return null;
-    }
-    return pathSource;
+//#region src/lib/helper/spath.ts
+function pathFilter(path) {
+	if (typeof path !== "string") return path;
+	const pathSource = path;
+	while (path.indexOf("%") !== -1) try {
+		path = decodeURIComponent(path);
+	} catch {
+		if (process.env.NODE_ENV !== "production") this.ctx.coreLogger.warn("[@eggjs/security/lib/helper/spath] : decode file path %j failed.", path);
+		break;
+	}
+	if (path.indexOf("..") !== -1 || path[0] === "/") return null;
+	return pathSource;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3BhdGguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL2hlbHBlci9zcGF0aC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUlILE1BQU0sQ0FBQyxPQUFPLFVBQVUsVUFBVSxDQUF5QixJQUFZO0lBQ3JFLElBQUksT0FBTyxJQUFJLEtBQUssUUFBUTtRQUFFLE9BQU8sSUFBSSxDQUFDO0lBRTFDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQztJQUV4QixPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUNoQyxJQUFJLENBQUM7WUFDSCxJQUFJLEdBQUcsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDbEMsQ0FBQztRQUFDLE1BQU0sQ0FBQztZQUNQLElBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEtBQUssWUFBWSxFQUFFLENBQUM7Z0JBQzFDLDBDQUEwQztnQkFDMUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLGtFQUFrRSxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ3JHLENBQUM7WUFDRCxNQUFNO1FBQ1IsQ0FBQztJQUNILENBQUM7SUFDRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsRUFBRSxDQUFDO1FBQ2pELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUNELE9BQU8sVUFBVSxDQUFDO0FBQ3BCLENBQUMifQ==
+
+//#endregion
+export { pathFilter as default };

package/dist/lib/helper/surl.d.ts

@@ -1,2 +1,6 @@
-import type { BaseContextClass } from 'egg';
-export default function surl(this: BaseContextClass, val: string): string;
+import { BaseContextClass } from "egg";
+
+//#region src/lib/helper/surl.d.ts
+declare function surl(this: BaseContextClass, val: string): string;
+//#endregion
+export { surl as default };

package/dist/lib/helper/surl.js

@@ -1,30 +1,25 @@
+//#region src/lib/helper/surl.ts
 const escapeMap = {
-    '"': '"',
-    '<': '&lt;',
-    '>': '&gt;',
-    "'": '&#x27;',
+	"\"": "&quot;",
+	"<": "&lt;",
+	">": "&gt;",
+	"'": "&#x27;"
 };
-export default function surl(val) {
-    // Just get the converted the protocolWhiteList in `Set` mode,
-    // Avoid conversions in `foreach`
-    const protocolWhiteListSet = this.app.config.security.__protocolWhiteListSet;
-    if (typeof val !== 'string') {
-        return val;
-    }
-    // only test on absolute path
-    if (val[0] !== '/') {
-        const arr = val.split('://', 2);
-        const protocol = arr.length > 1 ? arr[0].toLowerCase() : '';
-        if (protocol === '' || !protocolWhiteListSet.has(protocol)) {
-            if (this.app.config.env === 'local') {
-                this.ctx.coreLogger.warn('[@eggjs/security/surl] url: %j, protocol: %j, ' +
-                    'protocol is empty or not in white list, convert to empty string', val, protocol);
-            }
-            return '';
-        }
-    }
-    return val.replace(/["'<>]/g, (ch) => {
-        return escapeMap[ch];
-    });
+function surl(val) {
+	const protocolWhiteListSet = this.app.config.security.__protocolWhiteListSet;
+	if (typeof val !== "string") return val;
+	if (val[0] !== "/") {
+		const arr = val.split("://", 2);
+		const protocol = arr.length > 1 ? arr[0].toLowerCase() : "";
+		if (protocol === "" || !protocolWhiteListSet.has(protocol)) {
+			if (this.app.config.env === "local") this.ctx.coreLogger.warn("[@eggjs/security/surl] url: %j, protocol: %j, protocol is empty or not in white list, convert to empty string", val, protocol);
+			return "";
+		}
+	}
+	return val.replace(/["'<>]/g, (ch) => {
+		return escapeMap[ch];
+	});
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3VybC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9saWIvaGVscGVyL3N1cmwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsTUFBTSxTQUFTLEdBQTJCO0lBQ3hDLEdBQUcsRUFBRSxRQUFRO0lBQ2IsR0FBRyxFQUFFLE1BQU07SUFDWCxHQUFHLEVBQUUsTUFBTTtJQUNYLEdBQUcsRUFBRSxRQUFRO0NBQ2QsQ0FBQztBQUVGLE1BQU0sQ0FBQyxPQUFPLFVBQVUsSUFBSSxDQUF5QixHQUFXO0lBQzlELDhEQUE4RDtJQUM5RCxpQ0FBaUM7SUFDakMsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsc0JBQXVCLENBQUM7SUFFOUUsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUM1QixPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRCw2QkFBNkI7SUFDN0IsSUFBSSxHQUFHLENBQUMsQ0FBQyxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7UUFDbkIsTUFBTSxHQUFHLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDaEMsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzVELElBQUksUUFBUSxLQUFLLEVBQUUsSUFBSSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQzNELElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxLQUFLLE9BQU8sRUFBRSxDQUFDO2dCQUNwQyxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQ3RCLGdEQUFnRDtvQkFDOUMsaUVBQWlFLEVBQ25FLEdBQUcsRUFDSCxRQUFRLENBQ1QsQ0FBQztZQUNKLENBQUM7WUFDRCxPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDLEVBQUUsRUFBRSxFQUFFO1FBQ25DLE9BQU8sU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZCLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyJ9
+
+//#endregion
+export { surl as default };

package/dist/lib/middlewares/csp.d.ts

@@ -1,4 +1,7 @@
-import type { MiddlewareFunc } from 'egg';
-import type { SecurityConfig } from '../../config/config.default.ts';
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/csp.d.ts
 declare const _default: (options: SecurityConfig["csp"]) => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/csp.js

@@ -1,57 +1,46 @@
-import extend from 'extend';
 import { checkIfIgnore } from "../utils.js";
-const HEADER = ['x-content-security-policy', 'content-security-policy'];
-const REPORT_ONLY_HEADER = ['x-content-security-policy-report-only', 'content-security-policy-report-only'];
-// Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
+import extend from "extend";
+
+//#region src/lib/middlewares/csp.ts
+const HEADER = ["x-content-security-policy", "content-security-policy"];
+const REPORT_ONLY_HEADER = ["x-content-security-policy-report-only", "content-security-policy-report-only"];
 const MSIE_REGEXP = / MSIE /i;
-export default (options) => {
-    return async function csp(ctx, next) {
-        await next();
-        const opts = {
-            ...options,
-            ...ctx.securityOptions.csp,
-        };
-        if (checkIfIgnore(opts, ctx))
-            return;
-        let finalHeader;
-        const matchedOption = extend(true, {}, opts.policy);
-        const bufArray = [];
-        const headers = opts.reportOnly ? REPORT_ONLY_HEADER : HEADER;
-        if (opts.supportIE && MSIE_REGEXP.test(ctx.get('user-agent'))) {
-            finalHeader = headers[0];
-        }
-        else {
-            finalHeader = headers[1];
-        }
-        for (const key in matchedOption) {
-            const value = matchedOption[key];
-            // Other arrays are splitted into strings EXCEPT `sandbox`
-            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
-            if (key === 'sandbox' && value === true) {
-                bufArray.push(key);
-            }
-            else {
-                let values = (Array.isArray(value) ? value : [value]);
-                if (key === 'script-src') {
-                    const hasNonce = values.some(function (val) {
-                        return val.indexOf('nonce-') !== -1;
-                    });
-                    if (!hasNonce) {
-                        values.push("'nonce-" + ctx.nonce + "'");
-                    }
-                }
-                values = values.map(function (d) {
-                    if (d.startsWith('.')) {
-                        d = '*' + d;
-                    }
-                    return d;
-                });
-                bufArray.push(key + ' ' + values.join(' '));
-            }
-        }
-        const headerString = bufArray.join(';');
-        ctx.set(finalHeader, headerString);
-        ctx.set('x-csp-nonce', ctx.nonce);
-    };
+var csp_default = (options) => {
+	return async function csp(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.csp
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		let finalHeader;
+		const matchedOption = extend(true, {}, opts.policy);
+		const bufArray = [];
+		const headers = opts.reportOnly ? REPORT_ONLY_HEADER : HEADER;
+		if (opts.supportIE && MSIE_REGEXP.test(ctx.get("user-agent"))) finalHeader = headers[0];
+		else finalHeader = headers[1];
+		for (const key in matchedOption) {
+			const value = matchedOption[key];
+			if (key === "sandbox" && value === true) bufArray.push(key);
+			else {
+				let values = Array.isArray(value) ? value : [value];
+				if (key === "script-src") {
+					if (!values.some(function(val) {
+						return val.indexOf("nonce-") !== -1;
+					})) values.push("'nonce-" + ctx.nonce + "'");
+				}
+				values = values.map(function(d) {
+					if (d.startsWith(".")) d = "*" + d;
+					return d;
+				});
+				bufArray.push(key + " " + values.join(" "));
+			}
+		}
+		const headerString = bufArray.join(";");
+		ctx.set(finalHeader, headerString);
+		ctx.set("x-csp-nonce", ctx.nonce);
+	};
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3NwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9taWRkbGV3YXJlcy9jc3AudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxNQUFNLE1BQU0sUUFBUSxDQUFDO0FBRzVCLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFNUMsTUFBTSxNQUFNLEdBQUcsQ0FBQywyQkFBMkIsRUFBRSx5QkFBeUIsQ0FBQyxDQUFDO0FBQ3hFLE1BQU0sa0JBQWtCLEdBQUcsQ0FBQyx1Q0FBdUMsRUFBRSxxQ0FBcUMsQ0FBQyxDQUFDO0FBRTVHLHFEQUFxRDtBQUNyRCxNQUFNLFdBQVcsR0FBRyxTQUFTLENBQUM7QUFFOUIsZUFBZSxDQUFDLE9BQThCLEVBQWtCLEVBQUU7SUFDaEUsT0FBTyxLQUFLLFVBQVUsR0FBRyxDQUFDLEdBQUcsRUFBRSxJQUFJO1FBQ2pDLE1BQU0sSUFBSSxFQUFFLENBQUM7UUFFYixNQUFNLElBQUksR0FBRztZQUNYLEdBQUcsT0FBTztZQUNWLEdBQUcsR0FBRyxDQUFDLGVBQWUsQ0FBQyxHQUFHO1NBQzNCLENBQUM7UUFDRixJQUFJLGFBQWEsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDO1lBQUUsT0FBTztRQUVyQyxJQUFJLFdBQVcsQ0FBQztRQUNoQixNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsSUFBSSxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDcEQsTUFBTSxRQUFRLEdBQUcsRUFBRSxDQUFDO1FBRXBCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUM7UUFDOUQsSUFBSSxJQUFJLENBQUMsU0FBUyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFDOUQsV0FBVyxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMzQixDQUFDO2FBQU0sQ0FBQztZQUNOLFdBQVcsR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDM0IsQ0FBQztRQUVELEtBQUssTUFBTSxHQUFHLElBQUksYUFBYSxFQUFFLENBQUM7WUFDaEMsTUFBTSxLQUFLLEdBQUcsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQ2pDLDBEQUEwRDtZQUMxRCw0RkFBNEY7WUFDNUYsSUFBSSxHQUFHLEtBQUssU0FBUyxJQUFJLEtBQUssS0FBSyxJQUFJLEVBQUUsQ0FBQztnQkFDeEMsUUFBUSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUNyQixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sSUFBSSxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQWEsQ0FBQztnQkFDbEUsSUFBSSxHQUFHLEtBQUssWUFBWSxFQUFFLENBQUM7b0JBQ3pCLE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsVUFBVSxHQUFHO3dCQUN4QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7b0JBQ3RDLENBQUMsQ0FBQyxDQUFDO29CQUVILElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQzt3QkFDZCxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsR0FBRyxHQUFHLENBQUMsS0FBSyxHQUFHLEdBQUcsQ0FBQyxDQUFDO29CQUMzQyxDQUFDO2dCQUNILENBQUM7Z0JBRUQsTUFBTSxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDO29CQUM3QixJQUFJLENBQUMsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQzt3QkFDdEIsQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDLENBQUM7b0JBQ2QsQ0FBQztvQkFDRCxPQUFPLENBQUMsQ0FBQztnQkFDWCxDQUFDLENBQUMsQ0FBQztnQkFDSCxRQUFRLENBQUMsSUFBSSxDQUFDLEdBQUcsR0FBRyxHQUFHLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1lBQzlDLENBQUM7UUFDSCxDQUFDO1FBQ0QsTUFBTSxZQUFZLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN4QyxHQUFHLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUNuQyxHQUFHLENBQUMsR0FBRyxDQUFDLGFBQWEsRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDcEMsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
+
+//#endregion
+export { csp_default as default };

package/dist/lib/middlewares/csrf.d.ts

@@ -1,4 +1,7 @@
-import type { MiddlewareFunc } from 'egg';
-import type { SecurityConfig } from '../../config/config.default.ts';
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/csrf.d.ts
 declare const _default: (options: SecurityConfig["csrf"]) => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/csrf.js

@@ -1,37 +1,33 @@
-import { debuglog } from 'node:util';
-import typeis from 'type-is';
 import { checkIfIgnore } from "../utils.js";
-const debug = debuglog('egg/security/lib/middlewares/csrf');
-export default (options) => {
-    return function csrf(ctx, next) {
-        if (checkIfIgnore(options, ctx)) {
-            return next();
-        }
-        // ensure csrf token exists
-        if (['any', 'all', 'ctoken'].includes(options.type)) {
-            ctx.ensureCsrfSecret();
-        }
-        // supported requests
-        const method = ctx.method;
-        let isSupported = false;
-        for (const eachRule of options.supportedRequests) {
-            if (eachRule.path.test(ctx.path)) {
-                if (eachRule.methods.includes(method)) {
-                    isSupported = true;
-                    break;
-                }
-            }
-        }
-        if (!isSupported) {
-            return next();
-        }
-        if (options.ignoreJSON && typeis.is(ctx.get('content-type'), 'json')) {
-            return next();
-        }
-        const body = ctx.request.body;
-        debug('%s %s, got %j', ctx.method, ctx.url, body);
-        ctx.assertCsrf();
-        return next();
-    };
+import { debuglog } from "node:util";
+import typeis from "type-is";
+
+//#region src/lib/middlewares/csrf.ts
+const debug = debuglog("egg/security/lib/middlewares/csrf");
+var csrf_default = (options) => {
+	return function csrf(ctx, next) {
+		if (checkIfIgnore(options, ctx)) return next();
+		if ([
+			"any",
+			"all",
+			"ctoken"
+		].includes(options.type)) ctx.ensureCsrfSecret();
+		const method = ctx.method;
+		let isSupported = false;
+		for (const eachRule of options.supportedRequests) if (eachRule.path.test(ctx.path)) {
+			if (eachRule.methods.includes(method)) {
+				isSupported = true;
+				break;
+			}
+		}
+		if (!isSupported) return next();
+		if (options.ignoreJSON && typeis.is(ctx.get("content-type"), "json")) return next();
+		const body = ctx.request.body;
+		debug("%s %s, got %j", ctx.method, ctx.url, body);
+		ctx.assertCsrf();
+		return next();
+	};
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3NyZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9saWIvbWlkZGxld2FyZXMvY3NyZi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBR3JDLE9BQU8sTUFBTSxNQUFNLFNBQVMsQ0FBQztBQUc3QixPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBRTVDLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO0FBRTVELGVBQWUsQ0FBQyxPQUErQixFQUFrQixFQUFFO0lBQ2pFLE9BQU8sU0FBUyxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUk7UUFDNUIsSUFBSSxhQUFhLENBQUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDaEMsT0FBTyxJQUFJLEVBQUUsQ0FBQztRQUNoQixDQUFDO1FBRUQsMkJBQTJCO1FBQzNCLElBQUksQ0FBQyxLQUFLLEVBQUUsS0FBSyxFQUFFLFFBQVEsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUNwRCxHQUFHLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUN6QixDQUFDO1FBRUQscUJBQXFCO1FBQ3JCLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUM7UUFDMUIsSUFBSSxXQUFXLEdBQUcsS0FBSyxDQUFDO1FBQ3hCLEtBQUssTUFBTSxRQUFRLElBQUksT0FBTyxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDakQsSUFBSSxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztnQkFDakMsSUFBSSxRQUFRLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO29CQUN0QyxXQUFXLEdBQUcsSUFBSSxDQUFDO29CQUNuQixNQUFNO2dCQUNSLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUNELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQixPQUFPLElBQUksRUFBRSxDQUFDO1FBQ2hCLENBQUM7UUFFRCxJQUFJLE9BQU8sQ0FBQyxVQUFVLElBQUksTUFBTSxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDckUsT0FBTyxJQUFJLEVBQUUsQ0FBQztRQUNoQixDQUFDO1FBRUQsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7UUFDOUIsS0FBSyxDQUFDLGVBQWUsRUFBRSxHQUFHLENBQUMsTUFBTSxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDbEQsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pCLE9BQU8sSUFBSSxFQUFFLENBQUM7SUFDaEIsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
+
+//#endregion
+export { csrf_default as default };

package/dist/lib/middlewares/dta.d.ts

@@ -1,3 +1,6 @@
-import type { MiddlewareFunc } from 'egg';
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/dta.d.ts
 declare const _default: () => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/dta.js

@@ -1,12 +1,13 @@
 import { isSafePath } from "../utils.js";
-// https://en.wikipedia.org/wiki/Directory_traversal_attack
-export default () => {
-    return function dta(ctx, next) {
-        const path = ctx.path;
-        if (!isSafePath(path, ctx)) {
-            ctx.throw(400);
-        }
-        return next();
-    };
+
+//#region src/lib/middlewares/dta.ts
+var dta_default = () => {
+	return function dta(ctx, next) {
+		const path = ctx.path;
+		if (!isSafePath(path, ctx)) ctx.throw(400);
+		return next();
+	};
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9taWRkbGV3YXJlcy9kdGEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUV6QywyREFBMkQ7QUFDM0QsZUFBZSxHQUFtQixFQUFFO0lBQ2xDLE9BQU8sU0FBUyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUk7UUFDM0IsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQztRQUN0QixJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzNCLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDakIsQ0FBQztRQUNELE9BQU8sSUFBSSxFQUFFLENBQUM7SUFDaEIsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=
+
+//#endregion
+export { dta_default as default };

package/dist/lib/middlewares/hsts.d.ts

@@ -1,4 +1,7 @@
-import type { MiddlewareFunc } from 'egg';
-import type { SecurityConfig } from '../../config/config.default.ts';
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/hsts.d.ts
 declare const _default: (options: SecurityConfig["hsts"]) => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/hsts.js

@@ -1,21 +1,19 @@
 import { checkIfIgnore } from "../utils.js";
-// Set Strict-Transport-Security header
-export default (options) => {
-    return async function hsts(ctx, next) {
-        await next();
-        const opts = {
-            ...options,
-            ...ctx.securityOptions.hsts,
-        };
-        if (checkIfIgnore(opts, ctx))
-            return;
-        let val = `max-age=${opts.maxAge}`;
-        // If opts.includeSubdomains is defined,
-        // the rule is also valid for all the sub domains of the website
-        if (opts.includeSubdomains) {
-            val = `${val}; includeSubdomains`;
-        }
-        ctx.set('strict-transport-security', val);
-    };
+
+//#region src/lib/middlewares/hsts.ts
+var hsts_default = (options) => {
+	return async function hsts(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.hsts
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		let val = `max-age=${opts.maxAge}`;
+		if (opts.includeSubdomains) val = `${val}; includeSubdomains`;
+		ctx.set("strict-transport-security", val);
+	};
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaHN0cy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9saWIvbWlkZGxld2FyZXMvaHN0cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFHQSxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBRTVDLHVDQUF1QztBQUN2QyxlQUFlLENBQUMsT0FBK0IsRUFBa0IsRUFBRTtJQUNqRSxPQUFPLEtBQUssVUFBVSxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUk7UUFDbEMsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUViLE1BQU0sSUFBSSxHQUFHO1lBQ1gsR0FBRyxPQUFPO1lBQ1YsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLElBQUk7U0FDNUIsQ0FBQztRQUNGLElBQUksYUFBYSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUM7WUFBRSxPQUFPO1FBRXJDLElBQUksR0FBRyxHQUFHLFdBQVcsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ25DLHdDQUF3QztRQUN4QyxnRUFBZ0U7UUFDaEUsSUFBSSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUMzQixHQUFHLEdBQUcsR0FBRyxHQUFHLHFCQUFxQixDQUFDO1FBQ3BDLENBQUM7UUFDRCxHQUFHLENBQUMsR0FBRyxDQUFDLDJCQUEyQixFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQzVDLENBQUMsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
+
+//#endregion
+export { hsts_default as default };

package/dist/lib/middlewares/index.d.ts

@@ -1,23 +1,26 @@
-import csp from './csp.ts';
-import csrf from './csrf.ts';
-import dta from './dta.ts';
-import hsts from './hsts.ts';
-import methodnoallow from './methodnoallow.ts';
-import noopen from './noopen.ts';
-import nosniff from './nosniff.ts';
-import referrerPolicy from './referrerPolicy.ts';
-import xframe from './xframe.ts';
-import xssProtection from './xssProtection.ts';
+import _default from "./csp.js";
+import _default$1 from "./csrf.js";
+import _default$2 from "./dta.js";
+import _default$3 from "./hsts.js";
+import _default$4 from "./methodnoallow.js";
+import _default$5 from "./noopen.js";
+import _default$6 from "./nosniff.js";
+import _default$7 from "./referrerPolicy.js";
+import _default$8 from "./xframe.js";
+import _default$9 from "./xssProtection.js";
+
+//#region src/lib/middlewares/index.d.ts
 declare const middlewares: {
-    csp: typeof csp;
-    csrf: typeof csrf;
-    dta: typeof dta;
-    hsts: typeof hsts;
-    methodnoallow: typeof methodnoallow;
-    noopen: typeof noopen;
-    nosniff: typeof nosniff;
-    referrerPolicy: typeof referrerPolicy;
-    xframe: typeof xframe;
-    xssProtection: typeof xssProtection;
+  csp: typeof _default;
+  csrf: typeof _default$1;
+  dta: typeof _default$2;
+  hsts: typeof _default$3;
+  methodnoallow: typeof _default$4;
+  noopen: typeof _default$5;
+  nosniff: typeof _default$6;
+  referrerPolicy: typeof _default$7;
+  xframe: typeof _default$8;
+  xssProtection: typeof _default$9;
 };
-export default middlewares;
+//#endregion
+export { middlewares as default };

package/dist/lib/middlewares/index.js

@@ -1,24 +1,28 @@
-import csp from "./csp.js";
-import csrf from "./csrf.js";
-import dta from "./dta.js";
-import hsts from "./hsts.js";
-import methodnoallow from "./methodnoallow.js";
-import noopen from "./noopen.js";
-import nosniff from "./nosniff.js";
-import referrerPolicy from "./referrerPolicy.js";
-import xframe from "./xframe.js";
-import xssProtection from "./xssProtection.js";
+import csp_default from "./csp.js";
+import csrf_default from "./csrf.js";
+import dta_default from "./dta.js";
+import hsts_default from "./hsts.js";
+import methodnoallow_default from "./methodnoallow.js";
+import noopen_default from "./noopen.js";
+import nosniff_default from "./nosniff.js";
+import referrerPolicy_default from "./referrerPolicy.js";
+import xframe_default from "./xframe.js";
+import xssProtection_default from "./xssProtection.js";
+
+//#region src/lib/middlewares/index.ts
 const middlewares = {
-    csp,
-    csrf,
-    dta,
-    hsts,
-    methodnoallow,
-    noopen,
-    nosniff,
-    referrerPolicy,
-    xframe,
-    xssProtection,
+	csp: csp_default,
+	csrf: csrf_default,
+	dta: dta_default,
+	hsts: hsts_default,
+	methodnoallow: methodnoallow_default,
+	noopen: noopen_default,
+	nosniff: nosniff_default,
+	referrerPolicy: referrerPolicy_default,
+	xframe: xframe_default,
+	xssProtection: xssProtection_default
 };
-export default middlewares;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL21pZGRsZXdhcmVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sR0FBRyxNQUFNLFVBQVUsQ0FBQztBQUMzQixPQUFPLElBQUksTUFBTSxXQUFXLENBQUM7QUFDN0IsT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDO0FBQzNCLE9BQU8sSUFBSSxNQUFNLFdBQVcsQ0FBQztBQUM3QixPQUFPLGFBQWEsTUFBTSxvQkFBb0IsQ0FBQztBQUMvQyxPQUFPLE1BQU0sTUFBTSxhQUFhLENBQUM7QUFDakMsT0FBTyxPQUFPLE1BQU0sY0FBYyxDQUFDO0FBQ25DLE9BQU8sY0FBYyxNQUFNLHFCQUFxQixDQUFDO0FBQ2pELE9BQU8sTUFBTSxNQUFNLGFBQWEsQ0FBQztBQUNqQyxPQUFPLGFBQWEsTUFBTSxvQkFBb0IsQ0FBQztBQUUvQyxNQUFNLFdBQVcsR0FXYjtJQUNGLEdBQUc7SUFDSCxJQUFJO0lBQ0osR0FBRztJQUNILElBQUk7SUFDSixhQUFhO0lBQ2IsTUFBTTtJQUNOLE9BQU87SUFDUCxjQUFjO0lBQ2QsTUFBTTtJQUNOLGFBQWE7Q0FDZCxDQUFDO0FBRUYsZUFBZSxXQUFXLENBQUMifQ==
+var middlewares_default = middlewares;
+
+//#endregion
+export { middlewares_default as default };

package/dist/lib/middlewares/methodnoallow.d.ts

@@ -1,3 +1,6 @@
-import type { MiddlewareFunc } from 'egg';
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/methodnoallow.d.ts
 declare const _default: () => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/methodnoallow.js

@@ -1,20 +1,15 @@
-import { METHODS } from 'node:http';
-const METHODS_NOT_ALLOWED = ['TRACE', 'TRACK'];
+import { METHODS } from "node:http";
+
+//#region src/lib/middlewares/methodnoallow.ts
+const METHODS_NOT_ALLOWED = ["TRACE", "TRACK"];
 const safeHttpMethodsMap = {};
-for (const method of METHODS) {
-    if (!METHODS_NOT_ALLOWED.includes(method)) {
-        safeHttpMethodsMap[method.toUpperCase()] = true;
-    }
-}
-// https://www.owasp.org/index.php/Cross_Site_Tracing
-// http://jsperf.com/find-by-map-with-find-by-array
-export default () => {
-    return function notAllow(ctx, next) {
-        // ctx.method is upper case
-        if (!safeHttpMethodsMap[ctx.method]) {
-            ctx.throw(405);
-        }
-        return next();
-    };
+for (const method of METHODS) if (!METHODS_NOT_ALLOWED.includes(method)) safeHttpMethodsMap[method.toUpperCase()] = true;
+var methodnoallow_default = () => {
+	return function notAllow(ctx, next) {
+		if (!safeHttpMethodsMap[ctx.method]) ctx.throw(405);
+		return next();
+	};
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWV0aG9kbm9hbGxvdy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9saWIvbWlkZGxld2FyZXMvbWV0aG9kbm9hbGxvdy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBSXBDLE1BQU0sbUJBQW1CLEdBQUcsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7QUFDL0MsTUFBTSxrQkFBa0IsR0FBNEIsRUFBRSxDQUFDO0FBRXZELEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFLENBQUM7SUFDN0IsSUFBSSxDQUFDLG1CQUFtQixDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQzFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQyxHQUFHLElBQUksQ0FBQztJQUNsRCxDQUFDO0FBQ0gsQ0FBQztBQUVELHFEQUFxRDtBQUNyRCxtREFBbUQ7QUFDbkQsZUFBZSxHQUFtQixFQUFFO0lBQ2xDLE9BQU8sU0FBUyxRQUFRLENBQUMsR0FBRyxFQUFFLElBQUk7UUFDaEMsMkJBQTJCO1FBQzNCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNwQyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ2pCLENBQUM7UUFDRCxPQUFPLElBQUksRUFBRSxDQUFDO0lBQ2hCLENBQUMsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
+
+//#endregion
+export { methodnoallow_default as default };

package/dist/lib/middlewares/noopen.d.ts

@@ -1,4 +1,7 @@
-import type { MiddlewareFunc } from 'egg';
-import type { SecurityConfig } from '../../config/config.default.ts';
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/noopen.d.ts
 declare const _default: (options: SecurityConfig["noopen"]) => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/noopen.js

@@ -1,15 +1,16 @@
 import { checkIfIgnore } from "../utils.js";
-// @see http://blogs.msdn.com/b/ieinternals/archive/2009/06/30/internet-explorer-custom-http-headers.aspx
-export default (options) => {
-    return async function noopen(ctx, next) {
-        await next();
-        const opts = {
-            ...options,
-            ...ctx.securityOptions.noopen,
-        };
-        if (checkIfIgnore(opts, ctx))
-            return;
-        ctx.set('x-download-options', 'noopen');
-    };
+
+//#region src/lib/middlewares/noopen.ts
+var noopen_default = (options) => {
+	return async function noopen(ctx, next) {
+		await next();
+		if (checkIfIgnore({
+			...options,
+			...ctx.securityOptions.noopen
+		}, ctx)) return;
+		ctx.set("x-download-options", "noopen");
+	};
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibm9vcGVuLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9taWRkbGV3YXJlcy9ub29wZW4udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBR0EsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUU1Qyx5R0FBeUc7QUFDekcsZUFBZSxDQUFDLE9BQWlDLEVBQWtCLEVBQUU7SUFDbkUsT0FBTyxLQUFLLFVBQVUsTUFBTSxDQUFDLEdBQUcsRUFBRSxJQUFJO1FBQ3BDLE1BQU0sSUFBSSxFQUFFLENBQUM7UUFFYixNQUFNLElBQUksR0FBRztZQUNYLEdBQUcsT0FBTztZQUNWLEdBQUcsR0FBRyxDQUFDLGVBQWUsQ0FBQyxNQUFNO1NBQzlCLENBQUM7UUFDRixJQUFJLGFBQWEsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDO1lBQUUsT0FBTztRQUVyQyxHQUFHLENBQUMsR0FBRyxDQUFDLG9CQUFvQixFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQzFDLENBQUMsQ0FBQztBQUNKLENBQUMsQ0FBQyJ9
+
+//#endregion
+export { noopen_default as default };

package/dist/lib/middlewares/nosniff.d.ts

@@ -1,4 +1,7 @@
-import type { MiddlewareFunc } from 'egg';
-import type { SecurityConfig } from '../../config/config.default.ts';
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/nosniff.d.ts
 declare const _default: (options: SecurityConfig["nosniff"]) => MiddlewareFunc;
-export default _default;
+//#endregion
+export { _default as default };