@eggjs/security 5.0.0-beta.35 → 5.0.0-beta.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent.d.ts +9 -5
- package/dist/agent.js +14 -10
- package/dist/app/extend/agent.d.ts +8 -4
- package/dist/app/extend/agent.js +12 -8
- package/dist/app/extend/application.d.ts +11 -7
- package/dist/app/extend/application.js +32 -32
- package/dist/app/extend/context.d.ts +55 -51
- package/dist/app/extend/context.js +185 -240
- package/dist/app/extend/helper.d.ts +5 -2
- package/dist/app/extend/helper.js +8 -6
- package/dist/app/extend/response.d.ts +38 -34
- package/dist/app/extend/response.js +69 -82
- package/dist/app/middleware/securities.d.ts +5 -2
- package/dist/app/middleware/securities.js +38 -52
- package/dist/app.d.ts +9 -5
- package/dist/app.js +23 -25
- package/dist/config/config.default.d.ts +34 -45
- package/dist/config/config.default.js +158 -362
- package/dist/config/config.local.d.ts +6 -3
- package/dist/config/config.local.js +6 -8
- package/dist/index.d.ts +20 -16
- package/dist/index.js +24 -21
- package/dist/lib/extend/safe_curl.d.ts +16 -13
- package/dist/lib/extend/safe_curl.js +17 -23
- package/dist/lib/helper/cliFilter.d.ts +4 -4
- package/dist/lib/helper/cliFilter.js +16 -15
- package/dist/lib/helper/escape.d.ts +2 -2
- package/dist/lib/helper/escape.js +7 -3
- package/dist/lib/helper/escapeShellArg.d.ts +4 -1
- package/dist/lib/helper/escapeShellArg.js +6 -4
- package/dist/lib/helper/escapeShellCmd.d.ts +4 -1
- package/dist/lib/helper/escapeShellCmd.js +14 -13
- package/dist/lib/helper/index.d.ts +22 -19
- package/dist/lib/helper/index.js +19 -15
- package/dist/lib/helper/shtml.d.ts +6 -2
- package/dist/lib/helper/shtml.js +52 -68
- package/dist/lib/helper/sjs.d.ts +4 -4
- package/dist/lib/helper/sjs.js +31 -44
- package/dist/lib/helper/sjson.d.ts +4 -1
- package/dist/lib/helper/sjson.js +28 -35
- package/dist/lib/helper/spath.d.ts +7 -5
- package/dist/lib/helper/spath.js +15 -24
- package/dist/lib/helper/surl.d.ts +6 -2
- package/dist/lib/helper/surl.js +22 -27
- package/dist/lib/middlewares/csp.d.ts +6 -3
- package/dist/lib/middlewares/csp.js +43 -54
- package/dist/lib/middlewares/csrf.d.ts +6 -3
- package/dist/lib/middlewares/csrf.js +31 -35
- package/dist/lib/middlewares/dta.d.ts +5 -2
- package/dist/lib/middlewares/dta.js +11 -10
- package/dist/lib/middlewares/hsts.d.ts +6 -3
- package/dist/lib/middlewares/hsts.js +17 -19
- package/dist/lib/middlewares/index.d.ts +24 -21
- package/dist/lib/middlewares/index.js +26 -22
- package/dist/lib/middlewares/methodnoallow.d.ts +5 -2
- package/dist/lib/middlewares/methodnoallow.js +13 -18
- package/dist/lib/middlewares/noopen.d.ts +6 -3
- package/dist/lib/middlewares/noopen.js +14 -13
- package/dist/lib/middlewares/nosniff.d.ts +6 -3
- package/dist/lib/middlewares/nosniff.js +22 -24
- package/dist/lib/middlewares/referrerPolicy.d.ts +6 -3
- package/dist/lib/middlewares/referrerPolicy.js +27 -30
- package/dist/lib/middlewares/xframe.d.ts +6 -3
- package/dist/lib/middlewares/xframe.js +16 -15
- package/dist/lib/middlewares/xssProtection.d.ts +6 -3
- package/dist/lib/middlewares/xssProtection.js +15 -12
- package/dist/lib/utils.d.ts +22 -17
- package/dist/lib/utils.js +112 -177
- package/dist/types.d.ts +38 -36
- package/dist/types.js +1 -2
- package/package.json +31 -37
package/dist/types.d.ts
CHANGED
|
@@ -1,36 +1,38 @@
|
|
|
1
|
-
import
|
|
2
|
-
import
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
1
|
+
import { SecurityConfig, SecurityHelperConfig } from "./config/config.default.js";
|
|
2
|
+
import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "./lib/extend/safe_curl.js";
|
|
3
|
+
|
|
4
|
+
//#region src/types.d.ts
|
|
5
|
+
declare module "egg" {
|
|
6
|
+
interface EggAppConfig {
|
|
7
|
+
/**
|
|
8
|
+
* security options
|
|
9
|
+
* @member Config#security
|
|
10
|
+
*/
|
|
11
|
+
security: SecurityConfig;
|
|
12
|
+
helper: SecurityHelperConfig;
|
|
13
|
+
}
|
|
14
|
+
interface Agent {
|
|
15
|
+
safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
|
|
16
|
+
}
|
|
17
|
+
interface Application {
|
|
18
|
+
injectCsrf(html: string): string;
|
|
19
|
+
injectNonce(html: string): string;
|
|
20
|
+
injectHijackingDefense(html: string): string;
|
|
21
|
+
safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
|
|
22
|
+
}
|
|
23
|
+
interface Context {
|
|
24
|
+
get securityOptions(): Partial<SecurityConfig & SecurityHelperConfig>;
|
|
25
|
+
isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
|
|
26
|
+
get nonce(): string;
|
|
27
|
+
get csrf(): string;
|
|
28
|
+
ensureCsrfSecret(rotate?: boolean): void;
|
|
29
|
+
rotateCsrfSecret(): void;
|
|
30
|
+
assertCsrf(): void;
|
|
31
|
+
safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
|
|
32
|
+
unsafeRedirect(url: string, alt?: string): void;
|
|
33
|
+
}
|
|
34
|
+
interface Response {
|
|
35
|
+
unsafeRedirect(url: string, alt?: string): void;
|
|
36
|
+
redirect(url: string, alt?: string): void;
|
|
37
|
+
}
|
|
38
|
+
}
|
package/dist/types.js
CHANGED
|
@@ -1,2 +1 @@
|
|
|
1
|
-
export {};
|
|
2
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9
|
|
1
|
+
export { };
|
package/package.json
CHANGED
|
@@ -1,31 +1,31 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@eggjs/security",
|
|
3
|
-
"version": "5.0.0-beta.
|
|
4
|
-
"type": "module",
|
|
5
|
-
"publishConfig": {
|
|
6
|
-
"access": "public"
|
|
7
|
-
},
|
|
3
|
+
"version": "5.0.0-beta.36",
|
|
8
4
|
"description": "security plugin in egg framework",
|
|
9
5
|
"keywords": [
|
|
10
6
|
"egg",
|
|
11
|
-
"eggPlugin",
|
|
12
7
|
"egg-plugin",
|
|
8
|
+
"eggPlugin",
|
|
13
9
|
"security"
|
|
14
10
|
],
|
|
15
|
-
"
|
|
16
|
-
"type": "git",
|
|
17
|
-
"url": "git+https://github.com/eggjs/egg.git",
|
|
18
|
-
"directory": "plugins/security"
|
|
19
|
-
},
|
|
11
|
+
"homepage": "https://github.com/eggjs/egg/tree/next/plugins/security#readme",
|
|
20
12
|
"bugs": {
|
|
21
13
|
"url": "https://github.com/eggjs/egg/issues"
|
|
22
14
|
},
|
|
23
|
-
"homepage": "https://github.com/eggjs/egg/tree/next/plugins/security#readme",
|
|
24
|
-
"author": "jtyjty99999",
|
|
25
15
|
"license": "MIT",
|
|
26
|
-
"
|
|
27
|
-
|
|
16
|
+
"author": "jtyjty99999",
|
|
17
|
+
"repository": {
|
|
18
|
+
"type": "git",
|
|
19
|
+
"url": "git+https://github.com/eggjs/egg.git",
|
|
20
|
+
"directory": "plugins/security"
|
|
28
21
|
},
|
|
22
|
+
"files": [
|
|
23
|
+
"dist"
|
|
24
|
+
],
|
|
25
|
+
"type": "module",
|
|
26
|
+
"main": "./dist/index.js",
|
|
27
|
+
"module": "./dist/index.js",
|
|
28
|
+
"types": "./dist/index.d.ts",
|
|
29
29
|
"exports": {
|
|
30
30
|
".": "./dist/index.js",
|
|
31
31
|
"./agent": "./dist/agent.js",
|
|
@@ -64,6 +64,9 @@
|
|
|
64
64
|
"./types": "./dist/types.js",
|
|
65
65
|
"./package.json": "./package.json"
|
|
66
66
|
},
|
|
67
|
+
"publishConfig": {
|
|
68
|
+
"access": "public"
|
|
69
|
+
},
|
|
67
70
|
"dependencies": {
|
|
68
71
|
"@eggjs/ip": "^2.1.0",
|
|
69
72
|
"csrf": "^3.1.0",
|
|
@@ -75,41 +78,32 @@
|
|
|
75
78
|
"type-is": "^2.0.0",
|
|
76
79
|
"xss": "^1.0.15",
|
|
77
80
|
"zod": "^3.24.1",
|
|
78
|
-
"@eggjs/path-matching": "3.0.0-beta.
|
|
79
|
-
},
|
|
80
|
-
"peerDependencies": {
|
|
81
|
-
"egg": "4.1.0-beta.35"
|
|
81
|
+
"@eggjs/path-matching": "3.0.0-beta.36"
|
|
82
82
|
},
|
|
83
83
|
"devDependencies": {
|
|
84
84
|
"@types/escape-html": "^1.0.4",
|
|
85
85
|
"@types/extend": "^3.0.4",
|
|
86
86
|
"@types/koa-compose": "^3.2.8",
|
|
87
87
|
"@types/mocha": "^10.0.10",
|
|
88
|
-
"@types/node": "^24.10.
|
|
88
|
+
"@types/node": "^24.10.2",
|
|
89
89
|
"@types/type-is": "^1.6.6",
|
|
90
90
|
"beautify-benchmark": "^0.2.4",
|
|
91
91
|
"benchmark": "^2.1.4",
|
|
92
92
|
"egg-view-nunjucks": "^2.3.0",
|
|
93
93
|
"spy": "^1.0.0",
|
|
94
|
-
"tsdown": "^0.17.0",
|
|
95
94
|
"typescript": "^5.9.3",
|
|
96
|
-
"
|
|
97
|
-
"@eggjs/
|
|
98
|
-
"@eggjs/
|
|
99
|
-
"
|
|
100
|
-
|
|
95
|
+
"@eggjs/mock": "7.0.0-beta.36",
|
|
96
|
+
"@eggjs/supertest": "9.0.0-beta.36",
|
|
97
|
+
"@eggjs/tsconfig": "3.1.0-beta.36",
|
|
98
|
+
"egg": "4.1.0-beta.36"
|
|
99
|
+
},
|
|
100
|
+
"peerDependencies": {
|
|
101
|
+
"egg": "4.1.0-beta.36"
|
|
102
|
+
},
|
|
103
|
+
"engines": {
|
|
104
|
+
"node": ">= 22.18.0"
|
|
101
105
|
},
|
|
102
|
-
"files": [
|
|
103
|
-
"dist"
|
|
104
|
-
],
|
|
105
|
-
"main": "./dist/index.js",
|
|
106
|
-
"module": "./dist/index.js",
|
|
107
|
-
"types": "./dist/index.d.ts",
|
|
108
106
|
"scripts": {
|
|
109
|
-
"
|
|
110
|
-
"typecheck": "tsc --noEmit",
|
|
111
|
-
"lint": "oxlint --type-aware",
|
|
112
|
-
"lint:fix": "npm run lint -- --fix",
|
|
113
|
-
"test": "npm run lint:fix && vitest"
|
|
107
|
+
"typecheck": "tsgo --noEmit"
|
|
114
108
|
}
|
|
115
109
|
}
|