npm - @midwayjs/security - Versions diffs - 3.0.3 → 3.0.4-beta.1 - Mend

@midwayjs/security 3.0.3 → 3.0.4-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/package.json +11 -12
package/dist/config/config.default.js.map +0 -1
package/dist/configuration.js.map +0 -1
package/dist/error.js.map +0 -1
package/dist/index.js.map +0 -1
package/dist/interface.js.map +0 -1
package/dist/middleware/base.js.map +0 -1
package/dist/middleware/csp.js.map +0 -1
package/dist/middleware/csrf.js.map +0 -1
package/dist/middleware/hsts.js.map +0 -1
package/dist/middleware/noopen.js.map +0 -1
package/dist/middleware/nosniff.js.map +0 -1
package/dist/middleware/xframe.js.map +0 -1
package/dist/middleware/xssProtection.js.map +0 -1
package/dist/utils.js.map +0 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@midwayjs/security",
-  "version": "3.0.3",
+  "version": "3.0.4-beta.1",
   "description": "Midway Security Component",
   "main": "dist/index.js",
   "typings": "index.d.ts",
@@ -15,8 +15,7 @@
   "files": [
     "dist/**/*.js",
     "dist/**/*.d.ts",
-    "index.d.ts",
-    "dist/**/*.js.map"
+    "index.d.ts"
   ],
   "engines": {
     "node": ">=12"
@@ -29,14 +28,14 @@
     "platform": "1.3.6"
   },
   "devDependencies": {
-    "@midwayjs/core": "^3.0.2",
-    "@midwayjs/decorator": "^3.0.2",
-    "@midwayjs/express": "^3.0.2",
-    "@midwayjs/faas": "^3.0.2",
-    "@midwayjs/koa": "^3.0.3",
-    "@midwayjs/mock": "^3.0.2",
-    "@midwayjs/serverless-app": "^3.0.2",
-    "@midwayjs/web": "^3.0.2"
+    "@midwayjs/core": "^3.0.4-beta.1",
+    "@midwayjs/decorator": "^3.0.4-beta.1",
+    "@midwayjs/express": "^3.0.4-beta.1",
+    "@midwayjs/faas": "^3.0.4-beta.1",
+    "@midwayjs/koa": "^3.0.4-beta.1",
+    "@midwayjs/mock": "^3.0.4-beta.1",
+    "@midwayjs/serverless-app": "^3.0.4-beta.1",
+    "@midwayjs/web": "^3.0.4-beta.1"
   },
-  "gitHead": "43a5971b284aa918d22d191236c5664b011f8d87"
+  "gitHead": "52bc37e7a570806c121b33a0e8ac1cd084445f5d"
 }

package/dist/config/config.default.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"config.default.js","sourceRoot":"","sources":["../../src/config/config.default.ts"],"names":[],"mappings":";;;AAEa,QAAA,QAAQ,GAA6B;IAChD,IAAI,EAAE;QACJ,MAAM,EAAE,IAAI;QACZ,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,WAAW;QACxB,UAAU,EAAE,cAAc;QAC1B,QAAQ,EAAE,OAAO;QACjB,SAAS,EAAE,OAAO;QAClB,gBAAgB,EAAE,EAAE;KACrB;IACD,MAAM,EAAE;QACN,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,YAAY;KACpB;IACD,GAAG,EAAE;QACH,MAAM,EAAE,KAAK;KACd;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,GAAG,GAAG,EAAE,GAAG,IAAI;QACvB,iBAAiB,EAAE,KAAK;KACzB;IACD,MAAM,EAAE;QACN,MAAM,EAAE,KAAK;KACd;IACD,OAAO,EAAE;QACP,MAAM,EAAE,KAAK;KACd;IACD,aAAa,EAAE;QACb,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,eAAe;KACvB;CACF,CAAC","sourcesContent":["import { SecurityOptions } from '../interface';\n\nexport const security: Partial<SecurityOptions> = {\n csrf: {\n enable: true,\n type: 'ctoken',\n useSession: false,\n cookieName: 'csrfToken',\n sessionName: 'csrfToken',\n headerName: 'x-csrf-token',\n bodyName: '_csrf',\n queryName: '_csrf',\n refererWhiteList: [],\n },\n xframe: {\n enable: true,\n value: 'SAMEORIGIN',\n },\n csp: {\n enable: false,\n },\n hsts: {\n enable: false,\n maxAge: 365 * 24 * 3600,\n includeSubdomains: false,\n },\n noopen: {\n enable: false,\n },\n nosniff: {\n enable: false,\n },\n xssProtection: {\n enable: true,\n value: '1; mode=block',\n },\n};\n"]}

package/dist/configuration.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"configuration.js","sourceRoot":"","sources":["../src/configuration.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,mDAAoE;AACpE,yDAAyD;AACzD,yCAA0D;AAC1D,4CAAmD;AAEnD,gDAAuD;AACvD,4CAAmD;AACnD,gDAAuD;AACvD,wBAAsC;AACtC,8DAAqE;AACrE,0CAAiD;AASjD,IAAa,qBAAqB,GAAlC,MAAa,qBAAqB;IAOhC,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,kBAAkB;aACpB,eAAe,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;aAClD,OAAO,CAAC,GAAG,CAAC,EAAE;;YACb,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,IAAI,0CAAE,MAAM,EAAE;gBAC9B,GAAG,CAAC,aAAa,CAAC,qBAAc,CAAC,CAAC;aACnC;YAED,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,GAAG,0CAAE,MAAM,EAAE;gBAC7B,GAAG,CAAC,aAAa,CAAC,mBAAa,CAAC,CAAC;aAClC;YACD,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,MAAM,0CAAE,MAAM,EAAE;gBAChC,GAAG,CAAC,aAAa,CAAC,yBAAgB,CAAC,CAAC;aACrC;YACD,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,IAAI,0CAAE,MAAM,EAAE;gBAC9B,GAAG,CAAC,aAAa,CAAC,qBAAc,CAAC,CAAC;aACnC;YACD,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,MAAM,0CAAE,MAAM,EAAE;gBAChC,GAAG,CAAC,aAAa,CAAC,yBAAgB,CAAC,CAAC;aACrC;YACD,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,OAAO,0CAAE,MAAM,EAAE;gBACjC,GAAG,CAAC,aAAa,CAAC,oBAAiB,CAAC,CAAC;aACtC;YACD,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,aAAa,0CAAE,MAAM,EAAE;gBACvC,GAAG,CAAC,aAAa,CAAC,uCAAuB,CAAC,CAAC;aAC5C;QACH,CAAC,CAAC,CAAC;IACP,CAAC;CACF,CAAA;AAjCC;IADC,IAAA,kBAAM,GAAE;8BACW,+BAAwB;iEAAC;AAG7C;IADC,IAAA,kBAAM,EAAC,UAAU,CAAC;;uDACO;AALf,qBAAqB;IARjC,IAAA,yBAAa,EAAC;QACb,SAAS,EAAE,UAAU;QACrB,aAAa,EAAE;YACb;gBACE,OAAO,EAAE,aAAa;aACvB;SACF;KACF,CAAC;GACW,qBAAqB,CAmCjC;AAnCY,sDAAqB","sourcesContent":["import { Configuration, Inject, Config } from '@midwayjs/decorator';\nimport * as DefaultConfig from './config/config.default';\nimport { MidwayApplicationManager } from '@midwayjs/core';\nimport { CSRFMiddleware } from './middleware/csrf';\nimport { SecurityOptions } from './interface';\nimport { XFrameMiddleware } from './middleware/xframe';\nimport { HSTSMiddleware } from './middleware/hsts';\nimport { NoOpenMiddleware } from './middleware/noopen';\nimport { NoSniffMiddleware } from '.';\nimport { XSSProtectionMiddleware } from './middleware/xssProtection';\nimport { CSPMiddleware } from './middleware/csp';\n@Configuration({\n namespace: 'security',\n importConfigs: [\n {\n default: DefaultConfig,\n },\n ],\n})\nexport class SecurityConfiguration {\n @Inject()\n applicationManager: MidwayApplicationManager;\n\n @Config('security')\n security: SecurityOptions;\n\n async onReady() {\n this.applicationManager\n .getApplications(['koa', 'faas', 'express', 'egg'])\n .forEach(app => {\n if (this.security.csrf?.enable) {\n app.useMiddleware(CSRFMiddleware);\n }\n\n if (this.security.csp?.enable) {\n app.useMiddleware(CSPMiddleware);\n }\n if (this.security.xframe?.enable) {\n app.useMiddleware(XFrameMiddleware);\n }\n if (this.security.hsts?.enable) {\n app.useMiddleware(HSTSMiddleware);\n }\n if (this.security.noopen?.enable) {\n app.useMiddleware(NoOpenMiddleware);\n }\n if (this.security.nosniff?.enable) {\n app.useMiddleware(NoSniffMiddleware);\n }\n if (this.security.xssProtection?.enable) {\n app.useMiddleware(XSSProtectionMiddleware);\n }\n });\n }\n}\n"]}

package/dist/error.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"error.js","sourceRoot":"","sources":["../src/error.ts"],"names":[],"mappings":";;;AAAA,yCAA2C;AAE3C,WAAW;AACX,MAAa,SAAU,SAAQ,gBAAS,CAAC,cAAc;IACrD,YAAY,OAAQ;QAClB,KAAK,CAAC,OAAO,IAAI,YAAY,CAAC,CAAC;IACjC,CAAC;CACF;AAJD,8BAIC","sourcesContent":["import { httpError } from '@midwayjs/core';\n\n// csrf 403\nexport class CSRFError extends httpError.ForbiddenError {\n constructor(message?) {\n super(message || 'csrf error');\n }\n}\n"]}

package/dist/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,iDAAyE;AAAhE,8GAAA,qBAAqB,OAAiB;AAC/C,8CAA4B;AAC5B,oDAAkC;AAClC,sDAAoC;AACpC,oDAAkC;AAClC,sDAAoC;AACpC,uDAAqC;AACrC,6DAA2C;AAC3C,mDAAiC","sourcesContent":["export { SecurityConfiguration as Configuration } from './configuration';\nexport * from './interface';\nexport * from './middleware/csrf';\nexport * from './middleware/xframe';\nexport * from './middleware/hsts';\nexport * from './middleware/noopen';\nexport * from './middleware/nosniff';\nexport * from './middleware/xssProtection';\nexport * from './middleware/csp';\n"]}

package/dist/interface.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"interface.js","sourceRoot":"","sources":["../src/interface.ts"],"names":[],"mappings":"","sourcesContent":["export interface SecurityOptions {\n csrf: Partial<SecurityCSRFOptions>;\n csp: Partial<SecurityCSPOptions>;\n xframe: Partial<SecurityXFrameOptions>;\n hsts: Partial<SecurityHSTSOptions>;\n noopen: Partial<SecurityEnableOptions>;\n nosniff: Partial<SecurityEnableOptions>;\n xssProtection: Partial<SecurityXSSProtectionOptions>;\n}\n\nexport interface SecurityCSRFOptions extends SecurityEnableOptions {\n type: SecurityCSRFType;\n useSession: boolean;\n cookieName: string | string[];\n sessionName: string;\n headerName: string;\n bodyName: string;\n queryName: string;\n refererWhiteList: string[];\n cookieDomain: (context: any) => string;\n matching: (context: any) => boolean;\n}\n\nexport interface SecurityXFrameOptions extends SecurityEnableOptions {\n value: string;\n}\n\nexport interface SecurityHSTSOptions extends SecurityEnableOptions {\n maxAge: number;\n includeSubdomains: boolean;\n}\n\nexport interface SecurityXSSProtectionOptions extends SecurityEnableOptions {\n value: string;\n}\n\nexport interface SecurityCSPOptions extends SecurityEnableOptions {\n policy: {\n [otherPolicy: string]: string | string[] | boolean;\n };\n reportOnly: boolean;\n supportIE: boolean;\n}\nexport interface SecurityEnableOptions {\n enable: boolean;\n}\n\n\n\nexport type SecurityCSRFType = 'all' | 'any' | 'ctoken' | 'referer';"]}

package/dist/middleware/base.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"base.js","sourceRoot":"","sources":["../../src/middleware/base.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,mDAAkE;AAIlE,MAAsB,cAAc;IAIlC,OAAO,CAAC,GAAG;QACT,IAAI,GAAG,CAAC,gBAAgB,EAAE,KAAK,+BAAmB,CAAC,WAAW,EAAE;YAC9D,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;gBACnC,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACxD,CAAC,CAAC;SACH;aAAM;YACL,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;gBACzB,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAChE,CAAC,CAAC;SACH;IACH,CAAC;CAGF;AAfC;IADC,IAAA,kBAAM,EAAC,UAAU,CAAC;;gDACO;AAF5B,wCAiBC","sourcesContent":["import { Config, MidwayFrameworkType } from '@midwayjs/decorator';\nimport { IMiddleware } from '@midwayjs/core';\nimport { SecurityOptions } from '../interface';\n\nexport abstract class BaseMiddleware implements IMiddleware<any, any> {\n @Config('security')\n security: SecurityOptions;\n\n resolve(app) {\n if (app.getFrameworkType() === MidwayFrameworkType.WEB_EXPRESS) {\n return async (req: any, res, next) => {\n return this.compatibleMiddleware(req, req, res, next);\n };\n } else {\n return async (ctx, next) => {\n return this.compatibleMiddleware(ctx, ctx.request, ctx, next);\n };\n }\n }\n\n abstract compatibleMiddleware(context, req, res, next);\n}\n"]}

package/dist/middleware/csp.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"csp.js","sourceRoot":"","sources":["../../src/middleware/csp.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,iCAAwC;AACxC,uCAAiC;AACjC,kDAA2C;AAC3C,MAAM,MAAM,GAAG,CAAC,2BAA2B,EAAE,yBAAyB,CAAC,CAAC;AACxE,MAAM,kBAAkB,GAAG;IACzB,uCAAuC;IACvC,qCAAqC;CACtC,CAAC;AAEF,MAAM,KAAK,GAAG,MAAM,CAAC,uBAAuB,CAAC,CAAC;AAG9C,IAAa,aAAa,GAA1B,MAAa,aAAc,SAAQ,qBAAc;IAC/C,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE;YACtC,GAAG,EAAE,GAAG,EAAE;gBACR,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBACnB,OAAO,CAAC,KAAK,CAAC,GAAI,mBAAc,CAAC,EAAE,CAAC,CAAC;iBACtC;gBACD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC;SACF,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,IAAI,WAAW,CAAC;QAChB,IAAI,KAAK,CAAC;QACV,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;QACjE,MAAM,IAAI,GAAG,IAAA,gBAAK,EAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC;QAC3D,MAAM,QAAQ,GAAG,EAAE,CAAC;QAEpB,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,CAAC;QACzD,IAAI,IAAI,IAAI,SAAS,EAAE;YACrB,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;SAC1B;aAAM;YACL,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;SAC1B;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE;YACxB,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAE/C,QAAQ,GAAG,EAAE;gBACX,KAAK,SAAS;oBACZ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE;wBACrB,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBACpB;oBACD,MAAM;gBAER;oBACE,IAAI,GAAG,KAAK,YAAY,EAAE;wBACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;4BAChC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;wBAChC,CAAC,CAAC,CAAC;wBACH,IAAI,CAAC,QAAQ,EAAE;4BACb,KAAK,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC;yBACxC;qBACF;oBACD,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;wBACpB,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE;4BACrB,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;yBACb;wBACD,OAAO,CAAC,CAAC;oBACX,CAAC,CAAC,CAAC;oBACH,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC3C,MAAM;aACT;SACF;QACD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QACnC,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AA3DY,aAAa;IADzB,IAAA,sBAAU,GAAE;GACA,aAAa,CA2DzB;AA3DY,sCAAa","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { BaseMiddleware } from './base';\nimport { parse } from 'platform';\nimport { nanoid } from 'nanoid/non-secure';\nconst HEADER = ['x-content-security-policy', 'content-security-policy'];\nconst REPORT_ONLY_HEADER = [\n 'x-content-security-policy-report-only',\n 'content-security-policy-report-only',\n];\n\nconst NONCE = Symbol('midway-security#NONCE');\n\n@Middleware()\nexport class CSPMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n Object.defineProperty(context, 'nonce', {\n get: () => {\n if (!context[NONCE]) {\n context[NONCE] = (nanoid as any)(16);\n }\n return context[NONCE];\n },\n });\n const result = await next();\n let finalHeader;\n let value;\n const { policy = {}, reportOnly, supportIE } = this.security.csp;\n const isIE = parse(req.header['user-agent']).name === 'IE';\n const bufArray = [];\n\n const headers = reportOnly ? REPORT_ONLY_HEADER : HEADER;\n if (isIE && supportIE) {\n finalHeader = headers[0];\n } else {\n finalHeader = headers[1];\n }\n\n for (const key in policy) {\n value = policy[key];\n value = Array.isArray(value) ? value : [value];\n\n switch (key) {\n case 'sandbox':\n if (value[0] === true) {\n bufArray.push(key);\n }\n break;\n\n default:\n if (key === 'script-src') {\n const hasNonce = value.find(val => {\n return val.includes('nonce-');\n });\n if (!hasNonce) {\n value.push(`'nonce-${context.nonce}'`);\n }\n }\n value = value.map(d => {\n if (d.startsWith('.')) {\n d = '*' + d;\n }\n return d;\n });\n bufArray.push(key + ' ' + value.join(' '));\n break;\n }\n }\n const headerString = bufArray.join(';');\n res.set(finalHeader, headerString);\n res.set('x-csp-nonce', context.nonce);\n return result;\n }\n}\n"]}

package/dist/middleware/csrf.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../src/middleware/csrf.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,oCAAqC;AACrC,mCAAmC;AACnC,oCAAkD;AAClD,iCAAwC;AAExC,MAAM,YAAY,GAAG,MAAM,CAAC,8BAA8B,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,MAAM,CAAC,iCAAiC,CAAC,CAAC;AAClE,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;AAEhC,IAAa,cAAc,GAA3B,MAAa,cAAe,SAAQ,qBAAc;IAChD,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,OAAO,CAAC,UAAU,GAAG,GAAG,EAAE;YACxB,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAChC,CAAC,CAAC;QAEF,oFAAoF;QACpF,OAAO,CAAC,gBAAgB,GAAG,GAAG,EAAE;YAC9B,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE;gBAC5D,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;aAChD;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE;YACrC,GAAG,EAAE,GAAG,EAAE;gBACR,MAAM,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACvE,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,CAAC;SACF,CAAC,CAAC;QACH,2BAA2B;QAC3B,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC9D,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;SAC1C;QAED,gDAAgD;QAChD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACnC,OAAO,CAAC,UAAU,EAAE,CAAC;SACtB;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAED,UAAU,CAAC,OAAO,EAAE,OAAO;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACpC,QAAQ,IAAI,EAAE;YACZ,KAAK,QAAQ;gBACX,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACtC,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACxC,MAAM;YACR,KAAK,KAAK,CAAC;YACX,KAAK,KAAK;gBACR,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACxC,MAAM;YACR;gBACE,MAAM,IAAI,iBAAS,EAAE,CAAC;SACzB;IACH,CAAC;IAED,aAAa,CAAC,OAAO;;QACnB,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE;YACzB,OAAO,OAAO,CAAC,YAAY,CAAC,CAAC;SAC9B;QACD,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACvD,IAAI,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACxC,uCAAuC;QACvC,IAAI,UAAU,EAAE;YACd,OAAO,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;SAC5D;aAAM;YACL,uEAAuE;YACvE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;gBAC9B,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;aAC3B;YACD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE;gBAC7B,OAAO,CAAC,YAAY,CAAC;oBACnB,CAAA,MAAA,MAAA,OAAO,CAAC,OAAO,EAAC,GAAG,mDAAG,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;wBAC9C,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;wBACrB,EAAE,CAAC;gBACL,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE;oBACzB,MAAM;iBACP;aACF;SACF;QACD,OAAO,OAAO,CAAC,YAAY,CAAC,CAAC;IAC/B,CAAC;IAED,aAAa,CAAC,OAAO,EAAE,OAAO;;QAC5B,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC/D,OAAO,CACL,CAAA,MAAA,OAAO,CAAC,KAAK,0CAAG,SAAS,CAAC;aAC1B,MAAA,OAAO,CAAC,IAAI,0CAAG,QAAQ,CAAC,CAAA;YACxB,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CACxC,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,OAAO,EAAE,OAAO;QACrC,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW,EAAE;YAChB,MAAM,IAAI,iBAAS,CAAC,oBAAoB,CAAC,CAAC;SAC3C;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACnD,IAAI,KAAK,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE;YAC/D,MAAM,IAAI,iBAAS,CAAC,oBAAoB,CAAC,CAAC;SAC3C;IACH,CAAC;IAEO,gBAAgB,CAAC,OAAO,EAAE,OAAO;QACvC,MAAM,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAChD,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,iBAAS,CAAC,sBAAsB,CAAC,CAAC;SAC7C;QAED,MAAM,IAAI,GAAG,IAAA,gBAAQ,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAA,oBAAY,EAAC,IAAI,EAAE,UAAU,CAAC,EAAE;YAC5C,MAAM,IAAI,iBAAS,CAAC,sBAAsB,CAAC,CAAC;SAC7C;IACH,CAAC;IAEO,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAO;;QAC1D,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,WAAW,IAAI,CAAC,MAAM,EAAE;YAC1B,OAAO;SACR;QACD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACnC,OAAO,CAAC,eAAe,CAAC,GAAG,MAAM,CAAC;QAClC,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACrE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAExC,IAAI,UAAU,EAAE;YACd,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,MAAM,CAAC;SACvC;aAAM;YACL,MAAM,UAAU,GAAG;gBACjB,MAAM,EAAE,YAAY,IAAI,YAAY,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,KAAK;gBACb,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI;aAChB,CAAC;YACF,uEAAuE;YACvE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;gBAC9B,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;aAC3B;YACD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE;gBAC7B,IAAI,MAAA,QAAQ,CAAC,OAAO,0CAAE,GAAG,EAAE;oBACzB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;iBAChD;qBAAM;oBACL,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;iBAC3C;aACF;SACF;IACH,CAAC;CACF,CAAA;AAlJY,cAAc;IAD1B,IAAA,sBAAU,GAAE;GACA,cAAc,CAkJ1B;AAlJY,wCAAc","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { CSRFError } from '../error';\nimport * as CsrfTokens from 'csrf';\nimport { isSafeDomain, parseUrl } from '../utils';\nimport { BaseMiddleware } from './base';\n\nconst _CSRF_SECRET = Symbol('midway-security#_CSRF_SECRET');\nconst NEW_CSRF_SECRET = Symbol('midway-security#NEW_CSRF_SECRET');\nconst tokens = new CsrfTokens();\n@Middleware()\nexport class CSRFMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n context.assertCsrf = () => {\n this.assertCsrf(context, req);\n };\n\n // Must call this method when user login to ensure each user has independent secret.\n context.rotateCsrfSecret = () => {\n if (!context[NEW_CSRF_SECRET] && this.getCSRFSecret(context)) {\n this.ensureCsrfSecret(context, req, res, true);\n }\n };\n\n Object.defineProperty(context, 'csrf', {\n get: () => {\n const secret = context[NEW_CSRF_SECRET] || this.getCSRFSecret(context);\n return secret ? tokens.create(secret) : '';\n },\n });\n // ensure csrf token exists\n if (['any', 'all', 'ctoken'].includes(this.security.csrf.type)) {\n this.ensureCsrfSecret(context, req, res);\n }\n\n // ignore requests: get, head, options and trace\n const method = req.method.toUpperCase();\n const ignoreMethods = ['GET', 'HEAD', 'OPTIONS', 'TRACE'];\n if (!ignoreMethods.includes(method)) {\n context.assertCsrf();\n }\n\n return next();\n }\n\n assertCsrf(context, request) {\n const { type } = this.security.csrf;\n switch (type) {\n case 'ctoken':\n this.checkCSRFToken(context, request);\n break;\n case 'referer':\n this.checkCSRFReferer(context, request);\n break;\n case 'all':\n case 'any':\n this.checkCSRFToken(context, request);\n this.checkCSRFReferer(context, request);\n break;\n default:\n throw new CSRFError();\n }\n }\n\n getCSRFSecret(context) {\n if (context[_CSRF_SECRET]) {\n return context[_CSRF_SECRET];\n }\n const { useSession, sessionName } = this.security.csrf;\n let { cookieName } = this.security.csrf;\n // // get secret from session or cookie\n if (useSession) {\n context[_CSRF_SECRET] = context.session[sessionName] || '';\n } else {\n // cookieName support array. so we can change csrf cookie name smoothly\n if (!Array.isArray(cookieName)) {\n cookieName = [cookieName];\n }\n for (const name of cookieName) {\n context[_CSRF_SECRET] =\n context.cookies.get?.(name, { signed: false }) ||\n context.cookies[name] ||\n '';\n if (context[_CSRF_SECRET]) {\n break;\n }\n }\n }\n return context[_CSRF_SECRET];\n }\n\n getInputToken(context, request) {\n const { headerName, bodyName, queryName } = this.security.csrf;\n return (\n context.query?.[queryName] ||\n request.body?.[bodyName] ||\n (headerName && context.get(headerName))\n );\n }\n\n private checkCSRFToken(context, request) {\n const tokenSecret = this.getCSRFSecret(context);\n if (!tokenSecret) {\n throw new CSRFError('missing csrf token');\n }\n const token = this.getInputToken(context, request);\n if (token !== tokenSecret && !tokens.verify(tokenSecret, token)) {\n throw new CSRFError('invalid csrf token');\n }\n }\n\n private checkCSRFReferer(context, request) {\n const { refererWhiteList } = this.security.csrf;\n const referer = (context.get('referer') || '').toLowerCase();\n if (!referer) {\n throw new CSRFError('missing csrf referer');\n }\n\n const host = parseUrl(referer, 'host');\n const domainList = refererWhiteList.concat(request.host);\n if (!host || !isSafeDomain(host, domainList)) {\n throw new CSRFError('invalid csrf referer');\n }\n }\n\n private ensureCsrfSecret(context, request, response, rotate?) {\n const tokenSecret = this.getCSRFSecret(context);\n if (tokenSecret && !rotate) {\n return;\n }\n const secret = tokens.secretSync();\n context[NEW_CSRF_SECRET] = secret;\n const { useSession, sessionName, cookieDomain } = this.security.csrf;\n let { cookieName } = this.security.csrf;\n\n if (useSession) {\n context.session[sessionName] = secret;\n } else {\n const cookieOpts = {\n domain: cookieDomain && cookieDomain(request),\n signed: false,\n httpOnly: false,\n overwrite: true,\n };\n // cookieName support array. so we can change csrf cookie name smoothly\n if (!Array.isArray(cookieName)) {\n cookieName = [cookieName];\n }\n for (const name of cookieName) {\n if (response.cookies?.set) {\n response.cookies.set(name, secret, cookieOpts);\n } else {\n response.cookie(name, secret, cookieOpts);\n }\n }\n }\n }\n}\n"]}

package/dist/middleware/hsts.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"hsts.js","sourceRoot":"","sources":["../../src/middleware/hsts.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,iCAAwC;AAGxC,IAAa,cAAc,GAA3B,MAAa,cAAe,SAAQ,qBAAc;IAChD,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,IAAI,GAAG,GAAG,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;QACjD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,EAAE;YACxC,GAAG,IAAI,qBAAqB,CAAC;SAC9B;QACD,GAAG,CAAC,GAAG,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AAVY,cAAc;IAD1B,IAAA,sBAAU,GAAE;GACA,cAAc,CAU1B;AAVY,wCAAc","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { BaseMiddleware } from './base';\n\n@Middleware()\nexport class HSTSMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n const result = await next();\n let val = 'max-age=' + this.security.hsts.maxAge;\n if (this.security.hsts.includeSubdomains) {\n val += '; includeSubdomains';\n }\n res.set('strict-transport-security', val);\n return result;\n }\n}\n"]}

package/dist/middleware/noopen.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"noopen.js","sourceRoot":"","sources":["../../src/middleware/noopen.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,iCAAwC;AAGxC,IAAa,gBAAgB,GAA7B,MAAa,gBAAiB,SAAQ,qBAAc;IAClD,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAC;QACxC,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AANY,gBAAgB;IAD5B,IAAA,sBAAU,GAAE;GACA,gBAAgB,CAM5B;AANY,4CAAgB","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { BaseMiddleware } from './base';\n\n@Middleware()\nexport class NoOpenMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n const result = await next();\n res.set('x-download-options', 'noopen');\n return result;\n }\n}\n"]}

package/dist/middleware/nosniff.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"nosniff.js","sourceRoot":"","sources":["../../src/middleware/nosniff.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,iCAAwC;AAGxC,IAAa,iBAAiB,GAA9B,MAAa,iBAAkB,SAAQ,qBAAc;IACnD,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE;YAC1C,OAAO,MAAM,CAAC;SACf;QACD,GAAG,CAAC,GAAG,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AATY,iBAAiB;IAD7B,IAAA,sBAAU,GAAE;GACA,iBAAiB,CAS7B;AATY,8CAAiB","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { BaseMiddleware } from './base';\n\n@Middleware()\nexport class NoSniffMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n const result = await next();\n if (res.status >= 300 && res.status <= 308) {\n return result;\n }\n res.set('x-content-type-options', 'nosniff');\n return result;\n }\n}\n"]}

package/dist/middleware/xframe.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"xframe.js","sourceRoot":"","sources":["../../src/middleware/xframe.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,iCAAwC;AAGxC,IAAa,gBAAgB,GAA7B,MAAa,gBAAiB,SAAQ,qBAAc;IAClD,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,CAAA,MAAA,IAAI,CAAC,QAAQ,CAAC,MAAM,0CAAE,KAAK,KAAI,YAAY,CAAC;QAC1D,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AAPY,gBAAgB;IAD5B,IAAA,sBAAU,GAAE;GACA,gBAAgB,CAO5B;AAPY,4CAAgB","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { BaseMiddleware } from './base';\n\n@Middleware()\nexport class XFrameMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n const result = await next();\n const value = this.security.xframe?.value || 'SAMEORIGIN';\n res.set('x-frame-options', value);\n return result;\n }\n}\n"]}

package/dist/middleware/xssProtection.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"xssProtection.js","sourceRoot":"","sources":["../../src/middleware/xssProtection.ts"],"names":[],"mappings":";;;;;;;;;AAAA,mDAAiD;AACjD,iCAAwC;AAGxC,IAAa,uBAAuB,GAApC,MAAa,uBAAwB,SAAQ,qBAAc;IACzD,KAAK,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC/D,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AANY,uBAAuB;IADnC,IAAA,sBAAU,GAAE;GACA,uBAAuB,CAMnC;AANY,0DAAuB","sourcesContent":["import { Middleware } from '@midwayjs/decorator';\nimport { BaseMiddleware } from './base';\n\n@Middleware()\nexport class XSSProtectionMiddleware extends BaseMiddleware {\n async compatibleMiddleware(context, req, res, next) {\n const result = await next();\n res.set('x-xss-protection', this.security.xssProtection.value);\n return result;\n }\n}\n"]}

package/dist/utils.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;AAAA,6BAA0B;AAC1B,gCAAgC;AACzB,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,IAAa,EAAE,EAAE;IACrD,IAAI;QACF,MAAM,MAAM,GAAG,IAAI,SAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;KACrC;IAAC,OAAO,GAAG,EAAE;QACZ,OAAO,IAAI,CAAC;KACb;AACH,CAAC,CAAC;AAPW,QAAA,QAAQ,YAOnB;AAEK,MAAM,YAAY,GAAG,CAAC,MAAc,EAAE,SAAmB,EAAE,EAAE;IAClE,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;QAC9B,OAAO,KAAK,CAAC;KACd;IACD,MAAM,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,GAAG,GAAG,MAAM,CAAC;IAE9B,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3B,2DAA2D;QAC3D,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACtB,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC;SACzB;QACD,IAAI,MAAM,KAAK,IAAI,EAAE;YACnB,OAAO,IAAI,CAAC;SACb;QACD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACrB,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;SACnB;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AApBW,QAAA,YAAY,gBAoBvB","sourcesContent":["import { URL } from 'url';\nimport * as pm from 'picomatch';\nexport const parseUrl = (url: string, prop?: string) => {\n try {\n const parsed = new URL(url);\n return prop ? parsed[prop] : parsed;\n } catch (err) {\n return null;\n }\n};\n\nexport const isSafeDomain = (domain: string, whiteList: string[]) => {\n if (typeof domain !== 'string') {\n return false;\n }\n domain = domain.toLowerCase();\n const hostname = '.' + domain;\n\n return whiteList.some(rule => {\n // Check whether we've got '*' as a wild character symbol()\n if (rule.includes('*')) {\n return pm(rule)(domain);\n }\n if (domain === rule) {\n return true;\n }\n if (!/^\\./.test(rule)) {\n rule = `.${rule}`;\n }\n return hostname.endsWith(rule);\n });\n};\n"]}