@ladjs/web 18.0.9 → 19.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +4 -33
- package/package.json +1 -3
package/index.js
CHANGED
|
@@ -5,8 +5,6 @@ const path = require('node:path');
|
|
|
5
5
|
const util = require('node:util');
|
|
6
6
|
const zlib = require('node:zlib');
|
|
7
7
|
|
|
8
|
-
const Boom = require('@hapi/boom');
|
|
9
|
-
const CSRF = require('koa-csrf');
|
|
10
8
|
const Cabin = require('cabin');
|
|
11
9
|
const CacheResponses = require('@ladjs/koa-cache-responses');
|
|
12
10
|
const I18N = require('@ladjs/i18n');
|
|
@@ -65,8 +63,6 @@ const reportUri = isSANB(process.env.WEB_URL)
|
|
|
65
63
|
? `${process.env.WEB_URL}/report`
|
|
66
64
|
: null;
|
|
67
65
|
|
|
68
|
-
const INVALID_TOKEN_MESSAGE = 'Invalid CSRF token.';
|
|
69
|
-
|
|
70
66
|
class Web {
|
|
71
67
|
// eslint-disable-next-line complexity
|
|
72
68
|
constructor(config, Users) {
|
|
@@ -81,19 +77,6 @@ class Web {
|
|
|
81
77
|
extension: 'pug'
|
|
82
78
|
}
|
|
83
79
|
},
|
|
84
|
-
csrf: {
|
|
85
|
-
...sharedWebConfig.csrf,
|
|
86
|
-
ignoredPathGlobs: ['/report'],
|
|
87
|
-
errorHandler(ctx) {
|
|
88
|
-
return ctx.throw(
|
|
89
|
-
Boom.forbidden(
|
|
90
|
-
typeof ctx.request.t === 'function'
|
|
91
|
-
? ctx.request.t(INVALID_TOKEN_MESSAGE)
|
|
92
|
-
: INVALID_TOKEN_MESSAGE
|
|
93
|
-
)
|
|
94
|
-
);
|
|
95
|
-
}
|
|
96
|
-
},
|
|
97
80
|
rateLimit: {
|
|
98
81
|
...sharedWebConfig.rateLimit,
|
|
99
82
|
ignoredPathGlobs: ['/report']
|
|
@@ -145,12 +128,16 @@ class Web {
|
|
|
145
128
|
}
|
|
146
129
|
}
|
|
147
130
|
: null,
|
|
131
|
+
// Expect-CT header is deprecated
|
|
132
|
+
expectCt: false,
|
|
133
|
+
/*
|
|
148
134
|
expectCt: {
|
|
149
135
|
enforce: true,
|
|
150
136
|
// https://httpwg.org/http-extensions/expect-ct.html#maximum-max-age
|
|
151
137
|
maxAge: ms('30d') / 1000,
|
|
152
138
|
reportUri
|
|
153
139
|
},
|
|
140
|
+
*/
|
|
154
141
|
// <https://hstspreload.org/>
|
|
155
142
|
// <https://helmetjs.github.io/docs/hsts/#preloading-hsts-in-chrome>
|
|
156
143
|
hsts: {
|
|
@@ -368,22 +355,6 @@ class Web {
|
|
|
368
355
|
if (this.config.methodOverride)
|
|
369
356
|
app.use(methodOverride(...this.config.methodOverride));
|
|
370
357
|
|
|
371
|
-
// csrf (with added localization support)
|
|
372
|
-
if (this.config.csrf && process.env.NODE_ENV !== 'test') {
|
|
373
|
-
const csrf = new CSRF(this.config.csrf);
|
|
374
|
-
app.use(async (ctx, next) => {
|
|
375
|
-
try {
|
|
376
|
-
await csrf(ctx, next);
|
|
377
|
-
} catch (err) {
|
|
378
|
-
let error = err;
|
|
379
|
-
if (err.name && err.name === 'ForbiddenError')
|
|
380
|
-
error = Boom.forbidden(err.message);
|
|
381
|
-
|
|
382
|
-
ctx.throw(error);
|
|
383
|
-
}
|
|
384
|
-
});
|
|
385
|
-
}
|
|
386
|
-
|
|
387
358
|
// passport
|
|
388
359
|
if (this.passport) {
|
|
389
360
|
app.use(this.passport.initialize());
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ladjs/web",
|
|
3
3
|
"description": "Web server for Lad",
|
|
4
|
-
"version": "
|
|
4
|
+
"version": "19.0.1",
|
|
5
5
|
"author": "Nick Baugh <niftylettuce@gmail.com> (http://niftylettuce.com/)",
|
|
6
6
|
"bugs": {
|
|
7
7
|
"url": "https://github.com/ladjs/web/issues",
|
|
@@ -11,7 +11,6 @@
|
|
|
11
11
|
"Nick Baugh <niftylettuce@gmail.com> (http://niftylettuce.com/)"
|
|
12
12
|
],
|
|
13
13
|
"dependencies": {
|
|
14
|
-
"@hapi/boom": "^10.0.0",
|
|
15
14
|
"@koa/router": "^12.0.0",
|
|
16
15
|
"@ladjs/i18n": "^8.0.1",
|
|
17
16
|
"@ladjs/koa-better-static": "^2.0.1",
|
|
@@ -38,7 +37,6 @@
|
|
|
38
37
|
"koa-compress": "^5.1.0",
|
|
39
38
|
"koa-conditional-get": "^3.0.0",
|
|
40
39
|
"koa-connect": "^2.1.0",
|
|
41
|
-
"koa-csrf": "^5.0.1",
|
|
42
40
|
"koa-etag": "^4.0.0",
|
|
43
41
|
"koa-favicon": "^2.1.0",
|
|
44
42
|
"koa-generic-session": "^2.3.0",
|