@holo-js/security 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-3J5QRTPZ.mjs +156 -0
- package/dist/client.d.ts +19 -0
- package/dist/client.mjs +47 -0
- package/dist/contracts.d.ts +137 -0
- package/dist/contracts.mjs +24 -0
- package/dist/drivers/redis-adapter.d.ts +71 -0
- package/dist/drivers/redis-adapter.mjs +212 -0
- package/dist/index.d.ts +199 -0
- package/dist/index.mjs +916 -0
- package/package.json +58 -0
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
import * as _holo_js_config from '@holo-js/config';
|
|
2
|
+
import { NormalizedSecurityLimiterConfig, HoloSecurityConfig, NormalizedHoloSecurityConfig } from '@holo-js/config';
|
|
3
|
+
export { HoloSecurityConfig, HoloSecurityCsrfConfig, HoloSecurityRateLimitConfig, NormalizedHoloSecurityConfig, NormalizedHoloSecurityCsrfConfig, NormalizedHoloSecurityRateLimitConfig, NormalizedSecurityLimiterConfig, SecurityLimiterConfig, SecurityRateLimitContext, SecurityRateLimitDriver, SecurityRateLimitFileConfig, SecurityRateLimitKeyResolver, SecurityRateLimitMemoryConfig, SecurityRateLimitRedisConfig, defineSecurityConfig } from '@holo-js/config';
|
|
4
|
+
import { SecurityCsrfField, SecurityProtectOptions, SecurityClearRateLimitOptions, SecurityRateLimitCallOptions, SecurityRateLimitHitResult, SecurityRateLimitStore, SecurityRateLimitStoreFactoryOptions, SecurityRateLimitRedisDriverAdapter, SecurityRuntimeBindings, SecurityRuntimeFacade, ip } from './contracts.js';
|
|
5
|
+
export { SecurityClientBindings, SecurityClientConfig, SecurityCsrfError, SecurityCsrfFacade, SecurityDefaultRateLimitKeyResolver, SecurityRateLimitBucketSnapshot, SecurityRateLimitError, createFileRateLimitStoreConfig, createMemoryRateLimitStoreConfig, createRedisRateLimitStoreConfig, defineRateLimiter, defineSecurityRuntimeBindings, limit, securityInternals } from './contracts.js';
|
|
6
|
+
|
|
7
|
+
declare function parseCookieHeader(header: string | null | undefined): Readonly<Record<string, string>>;
|
|
8
|
+
declare function serializeCookie(name: string, value: string, options?: {
|
|
9
|
+
readonly secure?: boolean;
|
|
10
|
+
}): string;
|
|
11
|
+
declare function isSafeMethod(method: string): boolean;
|
|
12
|
+
declare function matchesPathPattern(pathname: string, pattern: string): boolean;
|
|
13
|
+
declare function isExcludedPath(request: Request): boolean;
|
|
14
|
+
declare function createCsrfToken(): string;
|
|
15
|
+
declare function getCsrfSigningKey(): string;
|
|
16
|
+
declare function encodeCsrfToken(nonce: string): string;
|
|
17
|
+
declare function decodeCsrfToken(token: string): {
|
|
18
|
+
readonly nonce: string;
|
|
19
|
+
readonly signature: string;
|
|
20
|
+
} | null;
|
|
21
|
+
declare function isValidSignedCsrfToken(token: string): boolean;
|
|
22
|
+
declare function getCookieToken(request: Request): string | undefined;
|
|
23
|
+
declare function getRequestToken(request: Request): Promise<string | undefined>;
|
|
24
|
+
declare function token(request: Request): Promise<string>;
|
|
25
|
+
declare function field(request: Request): Promise<SecurityCsrfField>;
|
|
26
|
+
declare function cookie(request: Request, explicitToken?: string): Promise<string>;
|
|
27
|
+
declare function verify(request: Request): Promise<void>;
|
|
28
|
+
declare function protect(request: Request, options?: SecurityProtectOptions): Promise<void>;
|
|
29
|
+
declare const csrf: Readonly<{
|
|
30
|
+
token: typeof token;
|
|
31
|
+
field: typeof field;
|
|
32
|
+
cookie: typeof cookie;
|
|
33
|
+
verify: typeof verify;
|
|
34
|
+
}>;
|
|
35
|
+
declare const csrfInternals: {
|
|
36
|
+
createCsrfToken: typeof createCsrfToken;
|
|
37
|
+
generatedTokenCache: WeakMap<Request, string>;
|
|
38
|
+
getCookieToken: typeof getCookieToken;
|
|
39
|
+
getRequestToken: typeof getRequestToken;
|
|
40
|
+
isExcludedPath: typeof isExcludedPath;
|
|
41
|
+
isSafeMethod: typeof isSafeMethod;
|
|
42
|
+
matchesPathPattern: typeof matchesPathPattern;
|
|
43
|
+
parseCookieHeader: typeof parseCookieHeader;
|
|
44
|
+
serializeCookie: typeof serializeCookie;
|
|
45
|
+
decodeCsrfToken: typeof decodeCsrfToken;
|
|
46
|
+
encodeCsrfToken: typeof encodeCsrfToken;
|
|
47
|
+
getCsrfSigningKey: typeof getCsrfSigningKey;
|
|
48
|
+
isValidSignedCsrfToken: typeof isValidSignedCsrfToken;
|
|
49
|
+
};
|
|
50
|
+
|
|
51
|
+
declare function encodeBucketPart(value: string): string;
|
|
52
|
+
declare function createLimiterPrefix(limiter: string): string;
|
|
53
|
+
declare function createBucketKey(limiter: string, key: string): string;
|
|
54
|
+
declare function getRateLimitStore(): SecurityRateLimitStore;
|
|
55
|
+
declare function resolveLimiterConfig(name: string): NormalizedSecurityLimiterConfig;
|
|
56
|
+
declare function normalizeResolvedLimiterKey(value: string | number | null | undefined, label: string): string;
|
|
57
|
+
declare function defaultRateLimitKey(request: Request): Promise<string>;
|
|
58
|
+
declare function resolveLimiterKey(name: string, limiter: NormalizedSecurityLimiterConfig, options: SecurityRateLimitCallOptions): Promise<string>;
|
|
59
|
+
declare function rateLimit(name: string, options: SecurityRateLimitCallOptions): Promise<SecurityRateLimitHitResult>;
|
|
60
|
+
declare function clearRateLimit(options: SecurityClearRateLimitOptions): Promise<boolean | number>;
|
|
61
|
+
declare const rateLimitInternals: {
|
|
62
|
+
createBucketKey: typeof createBucketKey;
|
|
63
|
+
createLimiterPrefix: typeof createLimiterPrefix;
|
|
64
|
+
encodeBucketPart: typeof encodeBucketPart;
|
|
65
|
+
defaultRateLimitKey: typeof defaultRateLimitKey;
|
|
66
|
+
getRateLimitStore: typeof getRateLimitStore;
|
|
67
|
+
normalizeResolvedLimiterKey: typeof normalizeResolvedLimiterKey;
|
|
68
|
+
resolveLimiterConfig: typeof resolveLimiterConfig;
|
|
69
|
+
resolveLimiterKey: typeof resolveLimiterKey;
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
declare function normalizeStoreConfig(config: HoloSecurityConfig | NormalizedHoloSecurityConfig): NormalizedHoloSecurityConfig;
|
|
73
|
+
declare function createRateLimitStoreFromConfig(config: HoloSecurityConfig | NormalizedHoloSecurityConfig, options?: SecurityRateLimitStoreFactoryOptions): SecurityRateLimitStore;
|
|
74
|
+
declare const securityStoreInternals: {
|
|
75
|
+
normalizeStoreConfig: typeof normalizeStoreConfig;
|
|
76
|
+
};
|
|
77
|
+
|
|
78
|
+
type FileRateLimitBucket = {
|
|
79
|
+
namespace: string;
|
|
80
|
+
keyHash: string;
|
|
81
|
+
prefixHashes: readonly string[];
|
|
82
|
+
attempts: number;
|
|
83
|
+
expiresAt: Date;
|
|
84
|
+
};
|
|
85
|
+
interface FileRateLimitStoreOptions {
|
|
86
|
+
readonly now?: () => Date;
|
|
87
|
+
readonly lockRetryDelayMs?: number;
|
|
88
|
+
readonly lockTimeoutMs?: number;
|
|
89
|
+
}
|
|
90
|
+
declare function createBucketHash(key: string): string;
|
|
91
|
+
declare function getBucketPath(root: string, key: string): string;
|
|
92
|
+
declare function serializeBucket(bucket: FileRateLimitBucket): string;
|
|
93
|
+
declare function deserializeBucket(raw: string): FileRateLimitBucket;
|
|
94
|
+
declare function readBucket(path: string): Promise<FileRateLimitBucket | null>;
|
|
95
|
+
declare function isExpired$1(bucket: FileRateLimitBucket, now: Date): boolean;
|
|
96
|
+
declare function writeBucket(path: string, bucket: FileRateLimitBucket): Promise<void>;
|
|
97
|
+
declare function deleteBucket(path: string): Promise<void>;
|
|
98
|
+
declare function getBucketLockPath(path: string): string;
|
|
99
|
+
declare function sleep(delayMs: number): Promise<void>;
|
|
100
|
+
declare function withBucketLock<TValue>(path: string, options: {
|
|
101
|
+
readonly retryDelayMs: number;
|
|
102
|
+
readonly timeoutMs: number;
|
|
103
|
+
}, operation: () => Promise<TValue>): Promise<TValue>;
|
|
104
|
+
declare function listBucketPaths(root: string): Promise<string[]>;
|
|
105
|
+
declare function createSnapshot$2(key: string, bucket: FileRateLimitBucket, maxAttempts: number): SecurityRateLimitHitResult['snapshot'];
|
|
106
|
+
declare function createFileRateLimitStore(root: string, options?: FileRateLimitStoreOptions): SecurityRateLimitStore;
|
|
107
|
+
declare const fileRateLimitDriverInternals: {
|
|
108
|
+
createBucketHash: typeof createBucketHash;
|
|
109
|
+
createSnapshot: typeof createSnapshot$2;
|
|
110
|
+
deleteBucket: typeof deleteBucket;
|
|
111
|
+
deserializeBucket: typeof deserializeBucket;
|
|
112
|
+
getBucketPath: typeof getBucketPath;
|
|
113
|
+
isExpired: typeof isExpired$1;
|
|
114
|
+
listBucketPaths: typeof listBucketPaths;
|
|
115
|
+
readBucket: typeof readBucket;
|
|
116
|
+
serializeBucket: typeof serializeBucket;
|
|
117
|
+
sleep: typeof sleep;
|
|
118
|
+
getBucketLockPath: typeof getBucketLockPath;
|
|
119
|
+
withBucketLock: typeof withBucketLock;
|
|
120
|
+
writeBucket: typeof writeBucket;
|
|
121
|
+
};
|
|
122
|
+
|
|
123
|
+
type MemoryRateLimitBucket = {
|
|
124
|
+
key: string;
|
|
125
|
+
attempts: number;
|
|
126
|
+
expiresAt: Date;
|
|
127
|
+
};
|
|
128
|
+
interface MemoryRateLimitStoreOptions {
|
|
129
|
+
readonly now?: () => Date;
|
|
130
|
+
readonly maxBuckets?: number;
|
|
131
|
+
readonly pruneIntervalMs?: number;
|
|
132
|
+
}
|
|
133
|
+
declare function createSnapshot$1(key: string, bucket: MemoryRateLimitBucket, maxAttempts: number): SecurityRateLimitHitResult['snapshot'];
|
|
134
|
+
declare function isExpired(bucket: MemoryRateLimitBucket, now: Date): boolean;
|
|
135
|
+
declare function createMemoryRateLimitStore(options?: MemoryRateLimitStoreOptions): SecurityRateLimitStore;
|
|
136
|
+
declare const memoryRateLimitDriverInternals: {
|
|
137
|
+
createSnapshot: typeof createSnapshot$1;
|
|
138
|
+
isExpired: typeof isExpired;
|
|
139
|
+
};
|
|
140
|
+
|
|
141
|
+
interface RedisRateLimitStoreOptions {
|
|
142
|
+
readonly now?: () => Date;
|
|
143
|
+
}
|
|
144
|
+
declare function assertNonNegativeInteger(value: unknown, label: string): number;
|
|
145
|
+
declare function createSnapshot(key: string, attempts: number, maxAttempts: number, expiresAt: Date): SecurityRateLimitHitResult['snapshot'];
|
|
146
|
+
declare function createRedisRateLimitStore(adapter: SecurityRateLimitRedisDriverAdapter, options?: RedisRateLimitStoreOptions): SecurityRateLimitStore;
|
|
147
|
+
declare const redisRateLimitDriverInternals: {
|
|
148
|
+
assertNonNegativeInteger: typeof assertNonNegativeInteger;
|
|
149
|
+
createSnapshot: typeof createSnapshot;
|
|
150
|
+
};
|
|
151
|
+
|
|
152
|
+
type RuntimeSecurityState = {
|
|
153
|
+
bindings?: SecurityRuntimeFacade;
|
|
154
|
+
};
|
|
155
|
+
declare function getSecurityRuntimeState(): RuntimeSecurityState;
|
|
156
|
+
declare class SecurityRuntimeNotConfiguredError extends Error {
|
|
157
|
+
constructor();
|
|
158
|
+
}
|
|
159
|
+
declare function configureSecurityRuntime(bindings?: SecurityRuntimeBindings): void;
|
|
160
|
+
declare function getSecurityRuntime(): SecurityRuntimeFacade;
|
|
161
|
+
declare function getSecurityRuntimeBindings(): SecurityRuntimeFacade | undefined;
|
|
162
|
+
declare function resetSecurityRuntime(): void;
|
|
163
|
+
declare const securityRuntimeInternals: {
|
|
164
|
+
getSecurityRuntimeState: typeof getSecurityRuntimeState;
|
|
165
|
+
};
|
|
166
|
+
|
|
167
|
+
declare const security: Readonly<{
|
|
168
|
+
configureSecurityRuntime: typeof configureSecurityRuntime;
|
|
169
|
+
getSecurityRuntime: typeof getSecurityRuntime;
|
|
170
|
+
getSecurityRuntimeBindings: typeof getSecurityRuntimeBindings;
|
|
171
|
+
resetSecurityRuntime: typeof resetSecurityRuntime;
|
|
172
|
+
csrf: Readonly<{
|
|
173
|
+
token: typeof token;
|
|
174
|
+
field: typeof field;
|
|
175
|
+
cookie: typeof cookie;
|
|
176
|
+
verify: typeof verify;
|
|
177
|
+
}>;
|
|
178
|
+
protect: typeof protect;
|
|
179
|
+
defaultRateLimitKey: typeof defaultRateLimitKey;
|
|
180
|
+
rateLimit: typeof rateLimit;
|
|
181
|
+
clearRateLimit: typeof clearRateLimit;
|
|
182
|
+
limit: Readonly<{
|
|
183
|
+
perMinute(maxAttempts: number): {
|
|
184
|
+
readonly maxAttempts: number;
|
|
185
|
+
readonly decaySeconds: number;
|
|
186
|
+
by(key: _holo_js_config.SecurityRateLimitKeyResolver<Readonly<Record<string, unknown>> | undefined>): _holo_js_config.SecurityLimiterConfig<Readonly<Record<string, unknown>> | undefined>;
|
|
187
|
+
define(): _holo_js_config.SecurityLimiterConfig<Readonly<Record<string, unknown>> | undefined>;
|
|
188
|
+
};
|
|
189
|
+
perHour(maxAttempts: number): {
|
|
190
|
+
readonly maxAttempts: number;
|
|
191
|
+
readonly decaySeconds: number;
|
|
192
|
+
by(key: _holo_js_config.SecurityRateLimitKeyResolver<Readonly<Record<string, unknown>> | undefined>): _holo_js_config.SecurityLimiterConfig<Readonly<Record<string, unknown>> | undefined>;
|
|
193
|
+
define(): _holo_js_config.SecurityLimiterConfig<Readonly<Record<string, unknown>> | undefined>;
|
|
194
|
+
};
|
|
195
|
+
}>;
|
|
196
|
+
ip: typeof ip;
|
|
197
|
+
}>;
|
|
198
|
+
|
|
199
|
+
export { SecurityClearRateLimitOptions, SecurityCsrfField, SecurityProtectOptions, SecurityRateLimitCallOptions, SecurityRateLimitHitResult, SecurityRateLimitRedisDriverAdapter, SecurityRateLimitStore, SecurityRateLimitStoreFactoryOptions, SecurityRuntimeBindings, SecurityRuntimeFacade, SecurityRuntimeNotConfiguredError, clearRateLimit, configureSecurityRuntime, cookie as createCsrfCookie, field as createCsrfField, token as createCsrfToken, createFileRateLimitStore, createMemoryRateLimitStore, createRateLimitStoreFromConfig, createRedisRateLimitStore, csrf, csrfInternals, security as default, defaultRateLimitKey, fileRateLimitDriverInternals, getSecurityRuntime, getSecurityRuntimeBindings, ip, memoryRateLimitDriverInternals, protect, rateLimit, rateLimitInternals, redisRateLimitDriverInternals, resetSecurityRuntime, securityRuntimeInternals, securityStoreInternals, verify as verifyCsrfRequest };
|