npm - @midwayjs/security - Versions diffs - 3.19.2 → 4.0.0-alpha.1 - Mend

@midwayjs/security 3.19.2 → 4.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/configuration.js +9 -10
package/dist/middleware/base.js +4 -5
package/dist/middleware/csp.middleware.js +2 -2
package/dist/middleware/csrf.middleware.js +6 -9
package/dist/middleware/helper.js +3 -3
package/dist/middleware/hsts.middleware.js +2 -2
package/dist/middleware/noopen.middleware.js +2 -2
package/dist/middleware/nosniff.middleware.js +2 -2
package/dist/middleware/xframe.middleware.js +3 -4
package/dist/middleware/xssProtection.middleware.js +2 -2
package/package.json +10 -11

package/dist/configuration.js CHANGED Viewed

@@ -25,32 +25,32 @@ let SecurityConfiguration = class SecurityConfiguration {
         this.applicationManager
             .getApplications(['koa', 'faas', 'express', 'egg'])
             .forEach(app => {
-            var _a, _b, _c, _d, _e, _f, _g;
             app.useMiddleware(helper_1.SecurityHelper);
-            if ((_a = this.security.csrf) === null || _a === void 0 ? void 0 : _a.enable) {
+            if (this.security.csrf?.enable) {
                 app.useMiddleware(csrf_middleware_1.CsrfMiddleware);
             }
-            if ((_b = this.security.csp) === null || _b === void 0 ? void 0 : _b.enable) {
+            if (this.security.csp?.enable) {
                 app.useMiddleware(csp_middleware_1.CSPMiddleware);
             }
-            if ((_c = this.security.xframe) === null || _c === void 0 ? void 0 : _c.enable) {
+            if (this.security.xframe?.enable) {
                 app.useMiddleware(xframe_middleware_1.XFrameMiddleware);
             }
-            if ((_d = this.security.hsts) === null || _d === void 0 ? void 0 : _d.enable) {
+            if (this.security.hsts?.enable) {
                 app.useMiddleware(hsts_middleware_1.HSTSMiddleware);
             }
-            if ((_e = this.security.noopen) === null || _e === void 0 ? void 0 : _e.enable) {
+            if (this.security.noopen?.enable) {
                 app.useMiddleware(noopen_middleware_1.NoOpenMiddleware);
             }
-            if ((_f = this.security.nosniff) === null || _f === void 0 ? void 0 : _f.enable) {
+            if (this.security.nosniff?.enable) {
                 app.useMiddleware(_1.NoSniffMiddleware);
             }
-            if ((_g = this.security.xssProtection) === null || _g === void 0 ? void 0 : _g.enable) {
+            if (this.security.xssProtection?.enable) {
                 app.useMiddleware(xssProtection_middleware_1.XSSProtectionMiddleware);
             }
         });
     }
 };
+exports.SecurityConfiguration = SecurityConfiguration;
 __decorate([
     (0, core_1.Inject)(),
     __metadata("design:type", core_1.MidwayApplicationManager)
@@ -59,7 +59,7 @@ __decorate([
     (0, core_1.Config)('security'),
     __metadata("design:type", Object)
 ], SecurityConfiguration.prototype, "security", void 0);
-SecurityConfiguration = __decorate([
+exports.SecurityConfiguration = SecurityConfiguration = __decorate([
     (0, core_1.Configuration)({
         namespace: 'security',
         importConfigs: [
@@ -69,5 +69,4 @@ SecurityConfiguration = __decorate([
         ],
     })
 ], SecurityConfiguration);
-exports.SecurityConfiguration = SecurityConfiguration;
 //# sourceMappingURL=configuration.js.map

package/dist/middleware/base.js CHANGED Viewed

@@ -13,17 +13,16 @@ exports.BaseMiddleware = void 0;
 const core_1 = require("@midwayjs/core");
 class BaseMiddleware {
     async init() {
-        var _a, _b, _c, _d;
         // 动态合并一些规则
-        if ((_b = (_a = this.security) === null || _a === void 0 ? void 0 : _a[this.securityName()]) === null || _b === void 0 ? void 0 : _b.match) {
+        if (this.security?.[this.securityName()]?.match) {
             this.match = this.security[this.securityName()].match;
         }
-        else if ((_d = (_c = this.security) === null || _c === void 0 ? void 0 : _c[this.securityName()]) === null || _d === void 0 ? void 0 : _d.ignore) {
+        else if (this.security?.[this.securityName()]?.ignore) {
             this.ignore = this.security[this.securityName()].ignore;
         }
     }
     resolve(app) {
-        if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
+        if ('express' === app.getNamespace()) {
             return async (req, res, next) => {
                 return this.compatibleMiddleware(req, req, res, next);
             };
@@ -35,6 +34,7 @@ class BaseMiddleware {
         }
     }
 }
+exports.BaseMiddleware = BaseMiddleware;
 __decorate([
     (0, core_1.Config)('security'),
     __metadata("design:type", Object)
@@ -45,5 +45,4 @@ __decorate([
     __metadata("design:paramtypes", []),
     __metadata("design:returntype", Promise)
 ], BaseMiddleware.prototype, "init", null);
-exports.BaseMiddleware = BaseMiddleware;
 //# sourceMappingURL=base.js.map

package/dist/middleware/csp.middleware.js CHANGED Viewed

@@ -77,8 +77,8 @@ let CSPMiddleware = class CSPMiddleware extends base_1.BaseMiddleware {
         return 'csp';
     }
 };
-CSPMiddleware = __decorate([
+exports.CSPMiddleware = CSPMiddleware;
+exports.CSPMiddleware = CSPMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], CSPMiddleware);
-exports.CSPMiddleware = CSPMiddleware;
 //# sourceMappingURL=csp.middleware.js.map

package/dist/middleware/csrf.middleware.js CHANGED Viewed

@@ -63,7 +63,6 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         }
     }
     getCSRFSecret(context) {
-        var _a, _b;
         if (context[_CSRF_SECRET]) {
             return context[_CSRF_SECRET];
         }
@@ -80,7 +79,7 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
             }
             for (const name of cookieName) {
                 context[_CSRF_SECRET] =
-                    ((_b = (_a = context.cookies).get) === null || _b === void 0 ? void 0 : _b.call(_a, name, { signed: false })) ||
+                    context.cookies.get?.(name, { signed: false }) ||
                         context.cookies[name] ||
                         '';
                 if (context[_CSRF_SECRET]) {
@@ -91,10 +90,9 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         return context[_CSRF_SECRET];
     }
     getInputToken(context, request) {
-        var _a, _b;
         const { headerName, bodyName, queryName } = this.security.csrf;
-        return (((_a = context.query) === null || _a === void 0 ? void 0 : _a[queryName]) ||
-            ((_b = request.body) === null || _b === void 0 ? void 0 : _b[bodyName]) ||
+        return (context.query?.[queryName] ||
+            request.body?.[bodyName] ||
             (headerName && context.get(headerName)));
     }
     checkCSRFToken(context, request) {
@@ -120,7 +118,6 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         }
     }
     ensureCsrfSecret(context, request, response, rotate) {
-        var _a;
         const tokenSecret = this.getCSRFSecret(context);
         if (tokenSecret && !rotate) {
             return;
@@ -144,7 +141,7 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
                 cookieName = [cookieName];
             }
             for (const name of cookieName) {
-                if ((_a = response.cookies) === null || _a === void 0 ? void 0 : _a.set) {
+                if (response.cookies?.set) {
                     response.cookies.set(name, secret, cookieOpts);
                 }
                 else {
@@ -157,8 +154,8 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         return 'csrf';
     }
 };
-CsrfMiddleware = __decorate([
+exports.CsrfMiddleware = CsrfMiddleware;
+exports.CsrfMiddleware = CsrfMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], CsrfMiddleware);
-exports.CsrfMiddleware = CsrfMiddleware;
 //# sourceMappingURL=csrf.middleware.js.map

package/dist/middleware/helper.js CHANGED Viewed

@@ -12,7 +12,7 @@ const escape = require("escape-html");
 const xss_1 = require("xss");
 let SecurityHelper = class SecurityHelper {
     resolve(app) {
-        if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
+        if ('express' === app.getNamespace()) {
             return async (req, res, next) => {
                 return this.compatibleMiddleware(req, req, res, next);
             };
@@ -33,10 +33,10 @@ let SecurityHelper = class SecurityHelper {
         return next();
     }
 };
-SecurityHelper = __decorate([
+exports.SecurityHelper = SecurityHelper;
+exports.SecurityHelper = SecurityHelper = __decorate([
     (0, core_1.Middleware)()
 ], SecurityHelper);
-exports.SecurityHelper = SecurityHelper;
 const MATCH_VULNERABLE_REGEXP = /[\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]/;
 const BASIC_ALPHABETS = new Set('abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ'.split(''));
 const map = {

package/dist/middleware/hsts.middleware.js CHANGED Viewed

@@ -23,8 +23,8 @@ let HSTSMiddleware = class HSTSMiddleware extends base_1.BaseMiddleware {
         return 'hsts';
     }
 };
-HSTSMiddleware = __decorate([
+exports.HSTSMiddleware = HSTSMiddleware;
+exports.HSTSMiddleware = HSTSMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], HSTSMiddleware);
-exports.HSTSMiddleware = HSTSMiddleware;
 //# sourceMappingURL=hsts.middleware.js.map

package/dist/middleware/noopen.middleware.js CHANGED Viewed

@@ -19,8 +19,8 @@ let NoOpenMiddleware = class NoOpenMiddleware extends base_1.BaseMiddleware {
         return 'noopen';
     }
 };
-NoOpenMiddleware = __decorate([
+exports.NoOpenMiddleware = NoOpenMiddleware;
+exports.NoOpenMiddleware = NoOpenMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], NoOpenMiddleware);
-exports.NoOpenMiddleware = NoOpenMiddleware;
 //# sourceMappingURL=noopen.middleware.js.map

package/dist/middleware/nosniff.middleware.js CHANGED Viewed

@@ -22,8 +22,8 @@ let NoSniffMiddleware = class NoSniffMiddleware extends base_1.BaseMiddleware {
         return 'nosniff';
     }
 };
-NoSniffMiddleware = __decorate([
+exports.NoSniffMiddleware = NoSniffMiddleware;
+exports.NoSniffMiddleware = NoSniffMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], NoSniffMiddleware);
-exports.NoSniffMiddleware = NoSniffMiddleware;
 //# sourceMappingURL=nosniff.middleware.js.map

package/dist/middleware/xframe.middleware.js CHANGED Viewed

@@ -11,9 +11,8 @@ const core_1 = require("@midwayjs/core");
 const base_1 = require("./base");
 let XFrameMiddleware = class XFrameMiddleware extends base_1.BaseMiddleware {
     async compatibleMiddleware(context, req, res, next) {
-        var _a;
         const result = await next();
-        const value = ((_a = this.security.xframe) === null || _a === void 0 ? void 0 : _a.value) || 'SAMEORIGIN';
+        const value = this.security.xframe?.value || 'SAMEORIGIN';
         res.set('x-frame-options', value);
         return result;
     }
@@ -21,8 +20,8 @@ let XFrameMiddleware = class XFrameMiddleware extends base_1.BaseMiddleware {
         return 'xframe';
     }
 };
-XFrameMiddleware = __decorate([
+exports.XFrameMiddleware = XFrameMiddleware;
+exports.XFrameMiddleware = XFrameMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], XFrameMiddleware);
-exports.XFrameMiddleware = XFrameMiddleware;
 //# sourceMappingURL=xframe.middleware.js.map

package/dist/middleware/xssProtection.middleware.js CHANGED Viewed

@@ -19,8 +19,8 @@ let XSSProtectionMiddleware = class XSSProtectionMiddleware extends base_1.BaseM
         return 'xssProtection';
     }
 };
-XSSProtectionMiddleware = __decorate([
+exports.XSSProtectionMiddleware = XSSProtectionMiddleware;
+exports.XSSProtectionMiddleware = XSSProtectionMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], XSSProtectionMiddleware);
-exports.XSSProtectionMiddleware = XSSProtectionMiddleware;
 //# sourceMappingURL=xssProtection.middleware.js.map

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "@midwayjs/security",
-  "version": "3.19.2",
+  "version": "4.0.0-alpha.1",
   "description": "Midway Security Component",
   "main": "dist/index.js",
   "typings": "index.d.ts",
   "scripts": {
     "build": "tsc",
-    "test": "node --require=ts-node/register ../../node_modules/.bin/jest --runInBand",
-    "cov": "node --require=ts-node/register ../../node_modules/.bin/jest --runInBand --coverage --forceExit",
+    "test": "node -r ts-node/register ../../node_modules/jest/bin/jest.js --runInBand",
+    "cov": "node -r ts-node/register ../../node_modules/jest/bin/jest.js --runInBand --coverage --forceExit",
     "ci": "npm run test"
   },
   "keywords": [],
@@ -30,13 +30,12 @@
     "xss": "1.0.15"
   },
   "devDependencies": {
-    "@midwayjs/core": "^3.19.0",
-    "@midwayjs/express": "^3.19.2",
-    "@midwayjs/faas": "^3.19.2",
-    "@midwayjs/koa": "^3.19.2",
-    "@midwayjs/mock": "^3.19.2",
-    "@midwayjs/serverless-app": "^3.19.2",
-    "@midwayjs/web": "^3.19.2"
+    "@midwayjs/core": "^4.0.0-alpha.1",
+    "@midwayjs/express": "^4.0.0-alpha.1",
+    "@midwayjs/faas": "^4.0.0-alpha.1",
+    "@midwayjs/koa": "^4.0.0-alpha.1",
+    "@midwayjs/mock": "^4.0.0-alpha.1",
+    "@midwayjs/web": "^4.0.0-alpha.1"
   },
-  "gitHead": "57fd034be94897fb819b0d9ef776de0b9923ab0f"
+  "gitHead": "14bb4da91805a1cf52f190c0d37a74b395dd6372"
 }