@joystick.js/node-canary 0.0.0-canary.3 → 0.0.0-canary.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/middleware/index.js +5 -4
- package/dist/app/middleware/sanitizeRequestParameters.js +21 -0
- package/dist/app/sanitizeAPIResponse.js +1 -6
- package/dist/index.js +7 -1
- package/dist/lib/escapeHTML.js +9 -0
- package/dist/lib/nodeUrlPolyfills.js +7 -11
- package/dist/ssr/index.js +3 -2
- package/package.json +1 -1
- package/dist/app/middleware/sanitizeQueryParameters.js +0 -16
|
@@ -3,6 +3,7 @@ import compression from "compression";
|
|
|
3
3
|
import cookieParser from "cookie-parser";
|
|
4
4
|
import favicon from "serve-favicon";
|
|
5
5
|
import fs from "fs";
|
|
6
|
+
import { __package } from "../../index.js";
|
|
6
7
|
import insecure from "./insecure.js";
|
|
7
8
|
import requestMethods from "./requestMethods.js";
|
|
8
9
|
import bodyParser from "./bodyParser.js";
|
|
@@ -14,7 +15,7 @@ import runUserQuery from "../accounts/runUserQuery.js";
|
|
|
14
15
|
import replaceBackslashesWithForwardSlashes from "../../lib/replaceBackslashesWithForwardSlashes.js";
|
|
15
16
|
import replaceFileProtocol from "../../lib/replaceFileProtocol.js";
|
|
16
17
|
import getBuildPath from "../../lib/getBuildPath.js";
|
|
17
|
-
import
|
|
18
|
+
import sanitizeRequestParameters from "./sanitizeRequestParameters.js";
|
|
18
19
|
import session from "./session.js";
|
|
19
20
|
import csp from "./csp.js";
|
|
20
21
|
const cwd = replaceFileProtocol(replaceBackslashesWithForwardSlashes(process.cwd()));
|
|
@@ -41,7 +42,7 @@ var middleware_default = ({
|
|
|
41
42
|
}
|
|
42
43
|
next();
|
|
43
44
|
});
|
|
44
|
-
app.use(
|
|
45
|
+
app.use(sanitizeRequestParameters);
|
|
45
46
|
app.use(requestMethods);
|
|
46
47
|
if (cspConfig) {
|
|
47
48
|
app.use((req, res, next) => csp(req, res, next, cspConfig));
|
|
@@ -54,7 +55,7 @@ var middleware_default = ({
|
|
|
54
55
|
});
|
|
55
56
|
app.use("/_joystick/utils/process.js", (_req, res) => {
|
|
56
57
|
res.set("Content-Type", "text/javascript");
|
|
57
|
-
const processPolyfill = fs.readFileSync(`${
|
|
58
|
+
const processPolyfill = fs.readFileSync(`${__package}/app/utils/process.js`, "utf-8");
|
|
58
59
|
res.send(processPolyfill.replace("${NODE_ENV}", process.env.NODE_ENV));
|
|
59
60
|
});
|
|
60
61
|
app.use("/_joystick/index.client.js", express.static(`${buildPath}index.client.js`, {
|
|
@@ -65,7 +66,7 @@ var middleware_default = ({
|
|
|
65
66
|
app.use("/_joystick/ui", express.static(`${buildPath}ui`, { eTag: false, maxAge: "0" }));
|
|
66
67
|
app.use("/_joystick/hmr/client.js", (_req, res) => {
|
|
67
68
|
res.set("Content-Type", "text/javascript");
|
|
68
|
-
const hmrClient = fs.readFileSync(`${
|
|
69
|
+
const hmrClient = fs.readFileSync(`${__package}/app/middleware/hmr/client.js`, "utf-8");
|
|
69
70
|
res.send(hmrClient.replace("${process.env.PORT}", parseInt(process.env.PORT, 10) + 1));
|
|
70
71
|
});
|
|
71
72
|
app.use(favicon(faviconPath));
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import escapeHTML from "../../lib/escapeHTML.js";
|
|
2
|
+
const sanitizeParameterSet = (parameters = [], target = {}) => {
|
|
3
|
+
for (let i = 0; i < parameters?.length; i += 1) {
|
|
4
|
+
const [key, value] = parameters[i];
|
|
5
|
+
delete target[key];
|
|
6
|
+
target[escapeHTML(key)] = escapeHTML(value);
|
|
7
|
+
}
|
|
8
|
+
};
|
|
9
|
+
var sanitizeRequestParameters_default = (req, res, next) => {
|
|
10
|
+
const parameters = Object.entries(req?.params);
|
|
11
|
+
const queryParameters = Object.entries(req?.query);
|
|
12
|
+
sanitizeParameterSet(parameters, req?.params);
|
|
13
|
+
sanitizeParameterSet(queryParameters, req?.query);
|
|
14
|
+
if (req?.route?.path) {
|
|
15
|
+
req.route.path = escapeHTML(req?.route?.path);
|
|
16
|
+
}
|
|
17
|
+
next();
|
|
18
|
+
};
|
|
19
|
+
export {
|
|
20
|
+
sanitizeRequestParameters_default as default
|
|
21
|
+
};
|
|
@@ -1,10 +1,5 @@
|
|
|
1
1
|
import util from "util";
|
|
2
|
-
import
|
|
3
|
-
const escapeHTML = (string = "") => {
|
|
4
|
-
return String(string).replace(/[&<>"'`=\/]/g, function(match) {
|
|
5
|
-
return HTML_ENTITY_MAP[match];
|
|
6
|
-
});
|
|
7
|
-
};
|
|
2
|
+
import escapeHTML from "../lib/escapeHTML.js";
|
|
8
3
|
const sanitizeAPIResponse = (data = null) => {
|
|
9
4
|
let sanitizedData = data;
|
|
10
5
|
if (!util.isString(sanitizedData) && !util.isObject(sanitizedData) && !Array.isArray(sanitizedData)) {
|
package/dist/index.js
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import fs from "fs";
|
|
2
|
+
import { fileURLToPath } from "url";
|
|
3
|
+
import { dirname } from "path";
|
|
1
4
|
import sanitizeHTML from "sanitize-html";
|
|
2
5
|
import _accounts from "./app/accounts";
|
|
3
6
|
import _action from "./action/index.js";
|
|
@@ -26,16 +29,18 @@ const sanitize = {
|
|
|
26
29
|
allowedTags: sanitizeHTML.defaults.allowedTags
|
|
27
30
|
}
|
|
28
31
|
};
|
|
32
|
+
const currentFilePath = fileURLToPath(import.meta.url);
|
|
33
|
+
const __package = dirname(currentFilePath);
|
|
29
34
|
const __filename = nodeUrlPolyfills.__filename;
|
|
30
35
|
const __dirname = nodeUrlPolyfills.__dirname;
|
|
31
36
|
const id = generateId;
|
|
32
37
|
const origin = getOrigin();
|
|
33
38
|
const settings = loadSettings();
|
|
34
|
-
console.log("HERE", fs.readFileSync(__dirname("/dist/app/utils/process.js"), "utf-8"));
|
|
35
39
|
global.joystick = {
|
|
36
40
|
id: generateId,
|
|
37
41
|
emitters: {},
|
|
38
42
|
settings,
|
|
43
|
+
__package,
|
|
39
44
|
__dirname,
|
|
40
45
|
__filename
|
|
41
46
|
};
|
|
@@ -57,6 +62,7 @@ var src_default = {
|
|
|
57
62
|
export {
|
|
58
63
|
__dirname,
|
|
59
64
|
__filename,
|
|
65
|
+
__package,
|
|
60
66
|
accounts,
|
|
61
67
|
action,
|
|
62
68
|
src_default as default,
|
|
@@ -1,16 +1,12 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { fileURLToPath } from "url";
|
|
2
|
+
import { dirname } from "path";
|
|
2
3
|
var nodeUrlPolyfills_default = {
|
|
3
|
-
__filename: (url =
|
|
4
|
-
|
|
5
|
-
return "";
|
|
6
|
-
}
|
|
7
|
-
return new URL("", url).pathname;
|
|
4
|
+
__filename: (url = "") => {
|
|
5
|
+
return fileURLToPath(url);
|
|
8
6
|
},
|
|
9
|
-
__dirname: (url =
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
}
|
|
13
|
-
return new URL(".", url).pathname;
|
|
7
|
+
__dirname: (url = "") => {
|
|
8
|
+
const currentFilePath = fileURLToPath(url);
|
|
9
|
+
return dirname(currentFilePath);
|
|
14
10
|
}
|
|
15
11
|
};
|
|
16
12
|
export {
|
package/dist/ssr/index.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import fs from "fs";
|
|
2
|
+
import { __package } from "../index.js";
|
|
2
3
|
import get from "../api/get";
|
|
3
4
|
import set from "../api/set";
|
|
4
5
|
import getBrowserSafeRequest from "../app/getBrowserSafeRequest";
|
|
@@ -184,7 +185,7 @@ const getBaseCSS = (baseHTMLName = "") => {
|
|
|
184
185
|
try {
|
|
185
186
|
const customBaseCSSPathForEmail = baseHTMLName ? `${process.cwd()}/email/base_${baseHTMLName}.css` : null;
|
|
186
187
|
const customDefaultBaseCSSPathForEmail = `${process.cwd()}/email/base.css`;
|
|
187
|
-
const defaultBaseCSSPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.css` : `${
|
|
188
|
+
const defaultBaseCSSPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.css` : `${__package}/email/templates/base.css`;
|
|
188
189
|
let baseCSSPathToFetch = defaultBaseCSSPathForEmail;
|
|
189
190
|
if (fs.existsSync(customDefaultBaseCSSPathForEmail)) {
|
|
190
191
|
baseCSSPathToFetch = customDefaultBaseCSSPathForEmail;
|
|
@@ -242,7 +243,7 @@ const getBaseHTML = (isEmailRender = false, baseEmailHTMLName = "") => {
|
|
|
242
243
|
if (isEmailRender) {
|
|
243
244
|
const customBaseHTMLPathForEmail = baseEmailHTMLName ? `${process.cwd()}/email/base_${baseEmailHTMLName}.html` : null;
|
|
244
245
|
const customDefaultBaseHTMLPathForEmail = `${process.cwd()}/email/base.html`;
|
|
245
|
-
const defaultBaseHTMLPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.html` : `${
|
|
246
|
+
const defaultBaseHTMLPathForEmail = process.env.NODE_ENV === "test" ? `${process.cwd()}/src/email/templates/base.html` : `${__package}/email/templates/base.html`;
|
|
246
247
|
baseHTMLPathToFetch = defaultBaseHTMLPathForEmail;
|
|
247
248
|
if (fs.existsSync(customDefaultBaseHTMLPathForEmail)) {
|
|
248
249
|
baseHTMLPathToFetch = customDefaultBaseHTMLPathForEmail;
|
package/package.json
CHANGED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
var sanitizeQueryParameters_default = (req, res, next) => {
|
|
2
|
-
const queryParameters = Object.entries(req?.query);
|
|
3
|
-
const htmlRegex = new RegExp(/<(?:"[^"]*"['"]*|'[^']*'['"]*|[^'">])+>/g);
|
|
4
|
-
for (let i = 0; i < queryParameters?.length; i += 1) {
|
|
5
|
-
const [key, value] = queryParameters[i];
|
|
6
|
-
const keyHTMLMatches = key?.match(htmlRegex);
|
|
7
|
-
const valueHTMLMatches = value?.match(htmlRegex);
|
|
8
|
-
if (keyHTMLMatches?.length > 0 || valueHTMLMatches?.length > 0) {
|
|
9
|
-
delete req.query[key];
|
|
10
|
-
}
|
|
11
|
-
}
|
|
12
|
-
next();
|
|
13
|
-
};
|
|
14
|
-
export {
|
|
15
|
-
sanitizeQueryParameters_default as default
|
|
16
|
-
};
|