@midwayjs/security 3.11.5 → 3.11.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/config/config.default.d.ts +1 -1
  2. package/dist/configuration.js +11 -11
  3. package/dist/index.d.ts +6 -6
  4. package/dist/index.js +6 -6
  5. package/dist/interface.d.ts +49 -1
  6. package/dist/middleware/base.d.ts +5 -1
  7. package/dist/middleware/base.js +16 -0
  8. package/dist/middleware/{csp.d.ts → csp.middleware.d.ts} +2 -1
  9. package/dist/middleware/{csp.js → csp.middleware.js} +4 -1
  10. package/dist/middleware/csrf.middleware.d.ts +2 -1
  11. package/dist/middleware/csrf.middleware.js +8 -5
  12. package/dist/middleware/helper.d.ts +3 -2
  13. package/dist/middleware/helper.js +14 -3
  14. package/dist/middleware/{hsts.d.ts → hsts.middleware.d.ts} +2 -1
  15. package/dist/middleware/{hsts.js → hsts.middleware.js} +4 -1
  16. package/dist/middleware/{noopen.d.ts → noopen.middleware.d.ts} +2 -1
  17. package/dist/middleware/{noopen.js → noopen.middleware.js} +4 -1
  18. package/dist/middleware/{nosniff.d.ts → nosniff.middleware.d.ts} +2 -1
  19. package/dist/middleware/{nosniff.js → nosniff.middleware.js} +4 -1
  20. package/dist/middleware/{xframe.d.ts → xframe.middleware.d.ts} +2 -1
  21. package/dist/middleware/{xframe.js → xframe.middleware.js} +4 -1
  22. package/dist/middleware/{xssProtection.d.ts → xssProtection.middleware.d.ts} +2 -1
  23. package/dist/middleware/{xssProtection.js → xssProtection.middleware.js} +4 -1
  24. package/index.d.ts +44 -0
  25. package/package.json +11 -11
package/dist/config/config.default.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- import { SecurityOptions } from '../interface';
1
+ import type { SecurityOptions } from '../interface';
2
2
  export declare const security: Partial<SecurityOptions>;
3
3
  //# sourceMappingURL=config.default.d.ts.map
package/dist/configuration.js CHANGED
@@ -13,12 +13,12 @@ exports.SecurityConfiguration = void 0;
13
13
  const core_1 = require("@midwayjs/core");
14
14
  const DefaultConfig = require("./config/config.default");
15
15
  const csrf_middleware_1 = require("./middleware/csrf.middleware");
16
- const xframe_1 = require("./middleware/xframe");
17
- const hsts_1 = require("./middleware/hsts");
18
- const noopen_1 = require("./middleware/noopen");
16
+ const xframe_middleware_1 = require("./middleware/xframe.middleware");
17
+ const hsts_middleware_1 = require("./middleware/hsts.middleware");
18
+ const noopen_middleware_1 = require("./middleware/noopen.middleware");
19
19
  const _1 = require(".");
20
- const xssProtection_1 = require("./middleware/xssProtection");
21
- const csp_1 = require("./middleware/csp");
20
+ const xssProtection_middleware_1 = require("./middleware/xssProtection.middleware");
21
+ const csp_middleware_1 = require("./middleware/csp.middleware");
22
22
  const helper_1 = require("./middleware/helper");
23
23
  let SecurityConfiguration = class SecurityConfiguration {
24
24
  async onReady() {
@@ -28,25 +28,25 @@ let SecurityConfiguration = class SecurityConfiguration {
28
28
  var _a, _b, _c, _d, _e, _f, _g;
29
29
  app.useMiddleware(helper_1.SecurityHelper);
30
30
  if ((_a = this.security.csrf) === null || _a === void 0 ? void 0 : _a.enable) {
31
- app.useMiddleware(csrf_middleware_1.CSRFMiddleware);
31
+ app.useMiddleware(csrf_middleware_1.CsrfMiddleware);
32
32
  }
33
33
  if ((_b = this.security.csp) === null || _b === void 0 ? void 0 : _b.enable) {
34
- app.useMiddleware(csp_1.CSPMiddleware);
34
+ app.useMiddleware(csp_middleware_1.CSPMiddleware);
35
35
  }
36
36
  if ((_c = this.security.xframe) === null || _c === void 0 ? void 0 : _c.enable) {
37
- app.useMiddleware(xframe_1.XFrameMiddleware);
37
+ app.useMiddleware(xframe_middleware_1.XFrameMiddleware);
38
38
  }
39
39
  if ((_d = this.security.hsts) === null || _d === void 0 ? void 0 : _d.enable) {
40
- app.useMiddleware(hsts_1.HSTSMiddleware);
40
+ app.useMiddleware(hsts_middleware_1.HSTSMiddleware);
41
41
  }
42
42
  if ((_e = this.security.noopen) === null || _e === void 0 ? void 0 : _e.enable) {
43
- app.useMiddleware(noopen_1.NoOpenMiddleware);
43
+ app.useMiddleware(noopen_middleware_1.NoOpenMiddleware);
44
44
  }
45
45
  if ((_f = this.security.nosniff) === null || _f === void 0 ? void 0 : _f.enable) {
46
46
  app.useMiddleware(_1.NoSniffMiddleware);
47
47
  }
48
48
  if ((_g = this.security.xssProtection) === null || _g === void 0 ? void 0 : _g.enable) {
49
- app.useMiddleware(xssProtection_1.XSSProtectionMiddleware);
49
+ app.useMiddleware(xssProtection_middleware_1.XSSProtectionMiddleware);
50
50
  }
51
51
  });
52
52
  }
package/dist/index.d.ts CHANGED
@@ -1,11 +1,11 @@
1
1
  export { SecurityConfiguration as Configuration } from './configuration';
2
2
  export * from './interface';
3
3
  export * from './middleware/csrf.middleware';
4
- export * from './middleware/xframe';
5
- export * from './middleware/hsts';
6
- export * from './middleware/noopen';
7
- export * from './middleware/nosniff';
8
- export * from './middleware/xssProtection';
9
- export * from './middleware/csp';
4
+ export * from './middleware/xframe.middleware';
5
+ export * from './middleware/hsts.middleware';
6
+ export * from './middleware/noopen.middleware';
7
+ export * from './middleware/nosniff.middleware';
8
+ export * from './middleware/xssProtection.middleware';
9
+ export * from './middleware/csp.middleware';
10
10
  export * from './middleware/helper';
11
11
  //# sourceMappingURL=index.d.ts.map
package/dist/index.js CHANGED
@@ -19,11 +19,11 @@ var configuration_1 = require("./configuration");
19
19
  Object.defineProperty(exports, "Configuration", { enumerable: true, get: function () { return configuration_1.SecurityConfiguration; } });
20
20
  __exportStar(require("./interface"), exports);
21
21
  __exportStar(require("./middleware/csrf.middleware"), exports);
22
- __exportStar(require("./middleware/xframe"), exports);
23
- __exportStar(require("./middleware/hsts"), exports);
24
- __exportStar(require("./middleware/noopen"), exports);
25
- __exportStar(require("./middleware/nosniff"), exports);
26
- __exportStar(require("./middleware/xssProtection"), exports);
27
- __exportStar(require("./middleware/csp"), exports);
22
+ __exportStar(require("./middleware/xframe.middleware"), exports);
23
+ __exportStar(require("./middleware/hsts.middleware"), exports);
24
+ __exportStar(require("./middleware/noopen.middleware"), exports);
25
+ __exportStar(require("./middleware/nosniff.middleware"), exports);
26
+ __exportStar(require("./middleware/xssProtection.middleware"), exports);
27
+ __exportStar(require("./middleware/csp.middleware"), exports);
28
28
  __exportStar(require("./middleware/helper"), exports);
29
29
  //# sourceMappingURL=index.js.map
package/dist/interface.d.ts CHANGED
@@ -1,23 +1,69 @@
1
+ import { IgnoreMatcher } from '@midwayjs/core';
1
2
  export interface SecurityOptions {
3
+ /**
4
+ * whether defend csrf attack
5
+ * default enable and use cookie
6
+ */
2
7
  csrf: Partial<SecurityCSRFOptions>;
8
+ /**
9
+ * content security policy config
10
+ * default not enable
11
+ */
3
12
  csp: Partial<SecurityCSPOptions>;
13
+ /**
14
+ * whether enable X-Frame-Options response header
15
+ * default enable and value equals SAMEORIGIN
16
+ */
4
17
  xframe: Partial<SecurityXFrameOptions>;
18
+ /**
19
+ * whether enable Strict-Transport-Security response header
20
+ * default not enable and maxAge equals one year
21
+ */
5
22
  hsts: Partial<SecurityHSTSOptions>;
23
+ /**
24
+ * whether enable IE automaticlly download open
25
+ * default not enable
26
+ */
6
27
  noopen: Partial<SecurityEnableOptions>;
28
+ /**
29
+ * whether enable IE8 automaticlly dedect mime
30
+ * default not enable
31
+ */
7
32
  nosniff: Partial<SecurityEnableOptions>;
33
+ /**
34
+ * whether enable IE8 XSS Filter, default is open
35
+ * default enable
36
+ */
8
37
  xssProtection: Partial<SecurityXSSProtectionOptions>;
9
38
  }
10
39
  export interface SecurityCSRFOptions extends SecurityEnableOptions {
11
40
  type: SecurityCSRFType;
41
+ /**
42
+ * If set to true, the secret will be stored in the session instead of the cookie.
43
+ */
12
44
  useSession: boolean;
45
+ /**
46
+ * The key name stored in the cookie by the token of csrf
47
+ */
13
48
  cookieName: string | string[];
49
+ /**
50
+ * The key name of the CSRF token stored in the session.
51
+ */
14
52
  sessionName: string;
53
+ /**
54
+ * The name of the csrf token in the header
55
+ */
15
56
  headerName: string;
57
+ /**
58
+ * The name of the csrf token in the body.
59
+ */
16
60
  bodyName: string;
61
+ /**
62
+ * The name of the csrf token in the query.
63
+ */
17
64
  queryName: string;
18
65
  refererWhiteList: string[];
19
66
  cookieDomain: (context: any) => string;
20
- matching: (context: any) => boolean;
21
67
  }
22
68
  export interface SecurityXFrameOptions extends SecurityEnableOptions {
23
69
  value: string;
@@ -38,6 +84,8 @@ export interface SecurityCSPOptions extends SecurityEnableOptions {
38
84
  }
39
85
  export interface SecurityEnableOptions {
40
86
  enable: boolean;
87
+ match?: IgnoreMatcher<any> | IgnoreMatcher<any>[];
88
+ ignore?: IgnoreMatcher<any> | IgnoreMatcher<any>[];
41
89
  }
42
90
  export type SecurityCSRFType = 'all' | 'any' | 'ctoken' | 'referer';
43
91
  //# sourceMappingURL=interface.d.ts.map
package/dist/middleware/base.d.ts CHANGED
@@ -1,8 +1,12 @@
1
- import { IMiddleware } from '@midwayjs/core';
1
+ import { IMiddleware, IgnoreMatcher } from '@midwayjs/core';
2
2
  import { SecurityOptions } from '../interface';
3
3
  export declare abstract class BaseMiddleware implements IMiddleware<any, any> {
4
4
  security: SecurityOptions;
5
+ match: IgnoreMatcher<any>[];
6
+ ignore: IgnoreMatcher<any>[];
7
+ init(): Promise<void>;
5
8
  resolve(app: any): (req: any, res: any, next: any) => Promise<any>;
6
9
  abstract compatibleMiddleware(context: any, req: any, res: any, next: any): any;
10
+ abstract securityName(): string;
7
11
  }
8
12
  //# sourceMappingURL=base.d.ts.map
package/dist/middleware/base.js CHANGED
@@ -12,6 +12,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.BaseMiddleware = void 0;
13
13
  const core_1 = require("@midwayjs/core");
14
14
  class BaseMiddleware {
15
+ async init() {
16
+ var _a, _b, _c, _d;
17
+ // 动态合并一些规则
18
+ if ((_b = (_a = this.security) === null || _a === void 0 ? void 0 : _a[this.securityName()]) === null || _b === void 0 ? void 0 : _b.match) {
19
+ this.match = this.security[this.securityName()].match;
20
+ }
21
+ else if ((_d = (_c = this.security) === null || _c === void 0 ? void 0 : _c[this.securityName()]) === null || _d === void 0 ? void 0 : _d.ignore) {
22
+ this.ignore = this.security[this.securityName()].ignore;
23
+ }
24
+ }
15
25
  resolve(app) {
16
26
  if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
17
27
  return async (req, res, next) => {
@@ -29,5 +39,11 @@ __decorate([
29
39
  (0, core_1.Config)('security'),
30
40
  __metadata("design:type", Object)
31
41
  ], BaseMiddleware.prototype, "security", void 0);
42
+ __decorate([
43
+ (0, core_1.Init)(),
44
+ __metadata("design:type", Function),
45
+ __metadata("design:paramtypes", []),
46
+ __metadata("design:returntype", Promise)
47
+ ], BaseMiddleware.prototype, "init", null);
32
48
  exports.BaseMiddleware = BaseMiddleware;
33
49
  //# sourceMappingURL=base.js.map
package/dist/middleware/{csp.d.ts → csp.middleware.d.ts} RENAMED
@@ -1,5 +1,6 @@
1
1
  import { BaseMiddleware } from './base';
2
2
  export declare class CSPMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
+ securityName(): string;
4
5
  }
5
- //# sourceMappingURL=csp.d.ts.map
6
+ //# sourceMappingURL=csp.middleware.d.ts.map
package/dist/middleware/{csp.js → csp.middleware.js} RENAMED
@@ -73,9 +73,12 @@ let CSPMiddleware = class CSPMiddleware extends base_1.BaseMiddleware {
73
73
  res.set('x-csp-nonce', context.nonce);
74
74
  return result;
75
75
  }
76
+ securityName() {
77
+ return 'csp';
78
+ }
76
79
  };
77
80
  CSPMiddleware = __decorate([
78
81
  (0, core_1.Middleware)()
79
82
  ], CSPMiddleware);
80
83
  exports.CSPMiddleware = CSPMiddleware;
81
- //# sourceMappingURL=csp.js.map
84
+ //# sourceMappingURL=csp.middleware.js.map
package/dist/middleware/csrf.middleware.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { BaseMiddleware } from './base';
2
- export declare class CSRFMiddleware extends BaseMiddleware {
2
+ export declare class CsrfMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
4
  assertCsrf(context: any, request: any): void;
5
5
  getCSRFSecret(context: any): any;
@@ -7,5 +7,6 @@ export declare class CSRFMiddleware extends BaseMiddleware {
7
7
  private checkCSRFToken;
8
8
  private checkCSRFReferer;
9
9
  private ensureCsrfSecret;
10
+ securityName(): string;
10
11
  }
11
12
  //# sourceMappingURL=csrf.middleware.d.ts.map
package/dist/middleware/csrf.middleware.js CHANGED
@@ -6,7 +6,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
6
6
  return c > 3 && r && Object.defineProperty(target, key, r), r;
7
7
  };
8
8
  Object.defineProperty(exports, "__esModule", { value: true });
9
- exports.CSRFMiddleware = void 0;
9
+ exports.CsrfMiddleware = void 0;
10
10
  const core_1 = require("@midwayjs/core");
11
11
  const error_1 = require("../error");
12
12
  const CsrfTokens = require("csrf");
@@ -15,7 +15,7 @@ const base_1 = require("./base");
15
15
  const _CSRF_SECRET = Symbol('midway-security#_CSRF_SECRET');
16
16
  const NEW_CSRF_SECRET = Symbol('midway-security#NEW_CSRF_SECRET');
17
17
  const tokens = new CsrfTokens();
18
- let CSRFMiddleware = class CSRFMiddleware extends base_1.BaseMiddleware {
18
+ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
19
19
  async compatibleMiddleware(context, req, res, next) {
20
20
  context.assertCsrf = () => {
21
21
  this.assertCsrf(context, req);
@@ -153,9 +153,12 @@ let CSRFMiddleware = class CSRFMiddleware extends base_1.BaseMiddleware {
153
153
  }
154
154
  }
155
155
  }
156
+ securityName() {
157
+ return 'csrf';
158
+ }
156
159
  };
157
- CSRFMiddleware = __decorate([
160
+ CsrfMiddleware = __decorate([
158
161
  (0, core_1.Middleware)()
159
- ], CSRFMiddleware);
160
- exports.CSRFMiddleware = CSRFMiddleware;
162
+ ], CsrfMiddleware);
163
+ exports.CsrfMiddleware = CsrfMiddleware;
161
164
  //# sourceMappingURL=csrf.middleware.js.map
package/dist/middleware/helper.d.ts CHANGED
@@ -1,5 +1,6 @@
1
- import { BaseMiddleware } from './base';
2
- export declare class SecurityHelper extends BaseMiddleware {
1
+ import { IMiddleware } from '@midwayjs/core';
2
+ export declare class SecurityHelper implements IMiddleware<any, any> {
3
+ resolve(app: any): (req: any, res: any, next: any) => Promise<any>;
3
4
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
5
  }
5
6
  //# sourceMappingURL=helper.d.ts.map
package/dist/middleware/helper.js CHANGED
@@ -8,14 +8,25 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
8
8
  Object.defineProperty(exports, "__esModule", { value: true });
9
9
  exports.SecurityHelper = void 0;
10
10
  const core_1 = require("@midwayjs/core");
11
- const base_1 = require("./base");
12
11
  const escape = require("escape-html");
13
12
  const xss_1 = require("xss");
14
- let SecurityHelper = class SecurityHelper extends base_1.BaseMiddleware {
13
+ let SecurityHelper = class SecurityHelper {
14
+ resolve(app) {
15
+ if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
16
+ return async (req, res, next) => {
17
+ return this.compatibleMiddleware(req, req, res, next);
18
+ };
19
+ }
20
+ else {
21
+ return async (ctx, next) => {
22
+ return this.compatibleMiddleware(ctx, ctx.request, ctx, next);
23
+ };
24
+ }
25
+ }
15
26
  async compatibleMiddleware(context, req, res, next) {
16
27
  context.security = {
17
28
  escape,
18
- html: (htmlCode) => (0, xss_1.default)(htmlCode),
29
+ html: (htmlCode) => (0, xss_1.filterXSS)(htmlCode),
19
30
  js: safeJS,
20
31
  json: safeJSON,
21
32
  };
package/dist/middleware/{hsts.d.ts → hsts.middleware.d.ts} RENAMED
@@ -1,5 +1,6 @@
1
1
  import { BaseMiddleware } from './base';
2
2
  export declare class HSTSMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
+ securityName(): string;
4
5
  }
5
- //# sourceMappingURL=hsts.d.ts.map
6
+ //# sourceMappingURL=hsts.middleware.d.ts.map
package/dist/middleware/{hsts.js → hsts.middleware.js} RENAMED
@@ -19,9 +19,12 @@ let HSTSMiddleware = class HSTSMiddleware extends base_1.BaseMiddleware {
19
19
  res.set('strict-transport-security', val);
20
20
  return result;
21
21
  }
22
+ securityName() {
23
+ return 'hsts';
24
+ }
22
25
  };
23
26
  HSTSMiddleware = __decorate([
24
27
  (0, core_1.Middleware)()
25
28
  ], HSTSMiddleware);
26
29
  exports.HSTSMiddleware = HSTSMiddleware;
27
- //# sourceMappingURL=hsts.js.map
30
+ //# sourceMappingURL=hsts.middleware.js.map
package/dist/middleware/{noopen.d.ts → noopen.middleware.d.ts} RENAMED
@@ -1,5 +1,6 @@
1
1
  import { BaseMiddleware } from './base';
2
2
  export declare class NoOpenMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
+ securityName(): string;
4
5
  }
5
- //# sourceMappingURL=noopen.d.ts.map
6
+ //# sourceMappingURL=noopen.middleware.d.ts.map
package/dist/middleware/{noopen.js → noopen.middleware.js} RENAMED
@@ -15,9 +15,12 @@ let NoOpenMiddleware = class NoOpenMiddleware extends base_1.BaseMiddleware {
15
15
  res.set('x-download-options', 'noopen');
16
16
  return result;
17
17
  }
18
+ securityName() {
19
+ return 'noopen';
20
+ }
18
21
  };
19
22
  NoOpenMiddleware = __decorate([
20
23
  (0, core_1.Middleware)()
21
24
  ], NoOpenMiddleware);
22
25
  exports.NoOpenMiddleware = NoOpenMiddleware;
23
- //# sourceMappingURL=noopen.js.map
26
+ //# sourceMappingURL=noopen.middleware.js.map
package/dist/middleware/{nosniff.d.ts → nosniff.middleware.d.ts} RENAMED
@@ -1,5 +1,6 @@
1
1
  import { BaseMiddleware } from './base';
2
2
  export declare class NoSniffMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
+ securityName(): string;
4
5
  }
5
- //# sourceMappingURL=nosniff.d.ts.map
6
+ //# sourceMappingURL=nosniff.middleware.d.ts.map
package/dist/middleware/{nosniff.js → nosniff.middleware.js} RENAMED
@@ -18,9 +18,12 @@ let NoSniffMiddleware = class NoSniffMiddleware extends base_1.BaseMiddleware {
18
18
  res.set('x-content-type-options', 'nosniff');
19
19
  return result;
20
20
  }
21
+ securityName() {
22
+ return 'nosniff';
23
+ }
21
24
  };
22
25
  NoSniffMiddleware = __decorate([
23
26
  (0, core_1.Middleware)()
24
27
  ], NoSniffMiddleware);
25
28
  exports.NoSniffMiddleware = NoSniffMiddleware;
26
- //# sourceMappingURL=nosniff.js.map
29
+ //# sourceMappingURL=nosniff.middleware.js.map
package/dist/middleware/{xframe.d.ts → xframe.middleware.d.ts} RENAMED
@@ -1,5 +1,6 @@
1
1
  import { BaseMiddleware } from './base';
2
2
  export declare class XFrameMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
+ securityName(): string;
4
5
  }
5
- //# sourceMappingURL=xframe.d.ts.map
6
+ //# sourceMappingURL=xframe.middleware.d.ts.map
package/dist/middleware/{xframe.js → xframe.middleware.js} RENAMED
@@ -17,9 +17,12 @@ let XFrameMiddleware = class XFrameMiddleware extends base_1.BaseMiddleware {
17
17
  res.set('x-frame-options', value);
18
18
  return result;
19
19
  }
20
+ securityName() {
21
+ return 'xframe';
22
+ }
20
23
  };
21
24
  XFrameMiddleware = __decorate([
22
25
  (0, core_1.Middleware)()
23
26
  ], XFrameMiddleware);
24
27
  exports.XFrameMiddleware = XFrameMiddleware;
25
- //# sourceMappingURL=xframe.js.map
28
+ //# sourceMappingURL=xframe.middleware.js.map
package/dist/middleware/{xssProtection.d.ts → xssProtection.middleware.d.ts} RENAMED
@@ -1,5 +1,6 @@
1
1
  import { BaseMiddleware } from './base';
2
2
  export declare class XSSProtectionMiddleware extends BaseMiddleware {
3
3
  compatibleMiddleware(context: any, req: any, res: any, next: any): Promise<any>;
4
+ securityName(): string;
4
5
  }
5
- //# sourceMappingURL=xssProtection.d.ts.map
6
+ //# sourceMappingURL=xssProtection.middleware.d.ts.map
package/dist/middleware/{xssProtection.js → xssProtection.middleware.js} RENAMED
@@ -15,9 +15,12 @@ let XSSProtectionMiddleware = class XSSProtectionMiddleware extends base_1.BaseM
15
15
  res.set('x-xss-protection', this.security.xssProtection.value);
16
16
  return result;
17
17
  }
18
+ securityName() {
19
+ return 'xssProtection';
20
+ }
18
21
  };
19
22
  XSSProtectionMiddleware = __decorate([
20
23
  (0, core_1.Middleware)()
21
24
  ], XSSProtectionMiddleware);
22
25
  exports.XSSProtectionMiddleware = XSSProtectionMiddleware;
23
- //# sourceMappingURL=xssProtection.js.map
26
+ //# sourceMappingURL=xssProtection.middleware.js.map
package/index.d.ts CHANGED
@@ -6,3 +6,47 @@ declare module '@midwayjs/core/dist/interface' {
6
6
  security?: Partial<SecurityOptions>;
7
7
  }
8
8
  }
9
+
10
+ declare module '@midwayjs/koa/dist/interface' {
11
+ interface Context {
12
+ security: {
13
+ escape: (content: string) => string;
14
+ html: (htmlCode: string) => string;
15
+ js: (jsCode: string) => string;
16
+ json: (obj: any) => string;
17
+ };
18
+ }
19
+ }
20
+
21
+ declare module '@midwayjs/web/dist/interface' {
22
+ interface Context {
23
+ security: {
24
+ escape: (content: string) => string;
25
+ html: (htmlCode: string) => string;
26
+ js: (jsCode: string) => string;
27
+ json: (obj: any) => string;
28
+ };
29
+ }
30
+ }
31
+
32
+ declare module '@midwayjs/faas/dist/interface' {
33
+ interface Context {
34
+ security: {
35
+ escape: (content: string) => string;
36
+ html: (htmlCode: string) => string;
37
+ js: (jsCode: string) => string;
38
+ json: (obj: any) => string;
39
+ };
40
+ }
41
+ }
42
+
43
+ declare module '@midwayjs/express/dist/interface' {
44
+ interface Context {
45
+ security: {
46
+ escape: (content: string) => string;
47
+ html: (htmlCode: string) => string;
48
+ js: (jsCode: string) => string;
49
+ json: (obj: any) => string;
50
+ };
51
+ }
52
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@midwayjs/security",
3
- "version": "3.11.5",
3
+ "version": "3.11.7",
4
4
  "description": "Midway Security Component",
5
5
  "main": "dist/index.js",
6
6
  "typings": "index.d.ts",
@@ -23,20 +23,20 @@
23
23
  "license": "MIT",
24
24
  "dependencies": {
25
25
  "csrf": "3.1.0",
26
- "escape-html": "^1.0.3",
26
+ "escape-html": "1.0.3",
27
27
  "nanoid": "3.3.6",
28
28
  "picomatch": "2.3.1",
29
29
  "platform": "1.3.6",
30
- "xss": "^1.0.11"
30
+ "xss": "1.0.14"
31
31
  },
32
32
  "devDependencies": {
33
- "@midwayjs/core": "^3.11.4",
34
- "@midwayjs/express": "^3.11.5",
35
- "@midwayjs/faas": "^3.11.5",
36
- "@midwayjs/koa": "^3.11.5",
37
- "@midwayjs/mock": "^3.11.5",
38
- "@midwayjs/serverless-app": "^3.11.5",
39
- "@midwayjs/web": "^3.11.5"
33
+ "@midwayjs/core": "^3.11.6",
34
+ "@midwayjs/express": "^3.11.6",
35
+ "@midwayjs/faas": "^3.11.6",
36
+ "@midwayjs/koa": "^3.11.6",
37
+ "@midwayjs/mock": "^3.11.6",
38
+ "@midwayjs/serverless-app": "^3.11.6",
39
+ "@midwayjs/web": "^3.11.6"
40
40
  },
41
- "gitHead": "a2c3b25f840a2e9dc01bfb7ef4bef82c3a4b0dcf"
41
+ "gitHead": "1a67449223f9cf513dafda6319989e67a338f122"
42
42
  }