@midwayjs/security 3.20.5 → 4.0.0-beta.1

package/dist/configuration.js

@@ -25,32 +25,32 @@ let SecurityConfiguration = class SecurityConfiguration {
         this.applicationManager
             .getApplications(['koa', 'faas', 'express', 'egg'])
             .forEach(app => {
-            var _a, _b, _c, _d, _e, _f, _g;
             app.useMiddleware(helper_1.SecurityHelper);
-            if ((_a = this.security.csrf) === null || _a === void 0 ? void 0 : _a.enable) {
+            if (this.security.csrf?.enable) {
                 app.useMiddleware(csrf_middleware_1.CsrfMiddleware);
             }
-            if ((_b = this.security.csp) === null || _b === void 0 ? void 0 : _b.enable) {
+            if (this.security.csp?.enable) {
                 app.useMiddleware(csp_middleware_1.CSPMiddleware);
             }
-            if ((_c = this.security.xframe) === null || _c === void 0 ? void 0 : _c.enable) {
+            if (this.security.xframe?.enable) {
                 app.useMiddleware(xframe_middleware_1.XFrameMiddleware);
             }
-            if ((_d = this.security.hsts) === null || _d === void 0 ? void 0 : _d.enable) {
+            if (this.security.hsts?.enable) {
                 app.useMiddleware(hsts_middleware_1.HSTSMiddleware);
             }
-            if ((_e = this.security.noopen) === null || _e === void 0 ? void 0 : _e.enable) {
+            if (this.security.noopen?.enable) {
                 app.useMiddleware(noopen_middleware_1.NoOpenMiddleware);
             }
-            if ((_f = this.security.nosniff) === null || _f === void 0 ? void 0 : _f.enable) {
+            if (this.security.nosniff?.enable) {
                 app.useMiddleware(_1.NoSniffMiddleware);
             }
-            if ((_g = this.security.xssProtection) === null || _g === void 0 ? void 0 : _g.enable) {
+            if (this.security.xssProtection?.enable) {
                 app.useMiddleware(xssProtection_middleware_1.XSSProtectionMiddleware);
             }
         });
     }
 };
+exports.SecurityConfiguration = SecurityConfiguration;
 __decorate([
     (0, core_1.Inject)(),
     __metadata("design:type", core_1.MidwayApplicationManager)
@@ -59,7 +59,7 @@ __decorate([
     (0, core_1.Config)('security'),
     __metadata("design:type", Object)
 ], SecurityConfiguration.prototype, "security", void 0);
-SecurityConfiguration = __decorate([
+exports.SecurityConfiguration = SecurityConfiguration = __decorate([
     (0, core_1.Configuration)({
         namespace: 'security',
         importConfigs: [
@@ -69,5 +69,4 @@ SecurityConfiguration = __decorate([
         ],
     })
 ], SecurityConfiguration);
-exports.SecurityConfiguration = SecurityConfiguration;
 //# sourceMappingURL=configuration.js.map

package/dist/middleware/base.js

@@ -13,17 +13,16 @@ exports.BaseMiddleware = void 0;
 const core_1 = require("@midwayjs/core");
 class BaseMiddleware {
     async init() {
-        var _a, _b, _c, _d;
         // 动态合并一些规则
-        if ((_b = (_a = this.security) === null || _a === void 0 ? void 0 : _a[this.securityName()]) === null || _b === void 0 ? void 0 : _b.match) {
+        if (this.security?.[this.securityName()]?.match) {
             this.match = this.security[this.securityName()].match;
         }
-        else if ((_d = (_c = this.security) === null || _c === void 0 ? void 0 : _c[this.securityName()]) === null || _d === void 0 ? void 0 : _d.ignore) {
+        else if (this.security?.[this.securityName()]?.ignore) {
             this.ignore = this.security[this.securityName()].ignore;
         }
     }
     resolve(app) {
-        if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
+        if ('express' === app.getNamespace()) {
             return async (req, res, next) => {
                 return this.compatibleMiddleware(req, req, res, next);
             };
@@ -35,6 +34,7 @@ class BaseMiddleware {
         }
     }
 }
+exports.BaseMiddleware = BaseMiddleware;
 __decorate([
     (0, core_1.Config)('security'),
     __metadata("design:type", Object)
@@ -45,5 +45,4 @@ __decorate([
     __metadata("design:paramtypes", []),
     __metadata("design:returntype", Promise)
 ], BaseMiddleware.prototype, "init", null);
-exports.BaseMiddleware = BaseMiddleware;
 //# sourceMappingURL=base.js.map

package/dist/middleware/csp.middleware.js

@@ -77,8 +77,8 @@ let CSPMiddleware = class CSPMiddleware extends base_1.BaseMiddleware {
         return 'csp';
     }
 };
-CSPMiddleware = __decorate([
+exports.CSPMiddleware = CSPMiddleware;
+exports.CSPMiddleware = CSPMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], CSPMiddleware);
-exports.CSPMiddleware = CSPMiddleware;
 //# sourceMappingURL=csp.middleware.js.map

package/dist/middleware/csrf.middleware.js

@@ -63,7 +63,6 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         }
     }
     getCSRFSecret(context) {
-        var _a, _b;
         if (context[_CSRF_SECRET]) {
             return context[_CSRF_SECRET];
         }
@@ -80,7 +79,7 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
             }
             for (const name of cookieName) {
                 context[_CSRF_SECRET] =
-                    ((_b = (_a = context.cookies).get) === null || _b === void 0 ? void 0 : _b.call(_a, name, { signed: false })) ||
+                    context.cookies.get?.(name, { signed: false }) ||
                         context.cookies[name] ||
                         '';
                 if (context[_CSRF_SECRET]) {
@@ -91,10 +90,9 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         return context[_CSRF_SECRET];
     }
     getInputToken(context, request) {
-        var _a, _b;
         const { headerName, bodyName, queryName } = this.security.csrf;
-        return (((_a = context.query) === null || _a === void 0 ? void 0 : _a[queryName]) ||
-            ((_b = request.body) === null || _b === void 0 ? void 0 : _b[bodyName]) ||
+        return (context.query?.[queryName] ||
+            request.body?.[bodyName] ||
             (headerName && context.get(headerName)));
     }
     checkCSRFToken(context, request) {
@@ -120,7 +118,6 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         }
     }
     ensureCsrfSecret(context, request, response, rotate) {
-        var _a;
         const tokenSecret = this.getCSRFSecret(context);
         if (tokenSecret && !rotate) {
             return;
@@ -144,7 +141,7 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
                 cookieName = [cookieName];
             }
             for (const name of cookieName) {
-                if ((_a = response.cookies) === null || _a === void 0 ? void 0 : _a.set) {
+                if (response.cookies?.set) {
                     response.cookies.set(name, secret, cookieOpts);
                 }
                 else {
@@ -157,8 +154,8 @@ let CsrfMiddleware = class CsrfMiddleware extends base_1.BaseMiddleware {
         return 'csrf';
     }
 };
-CsrfMiddleware = __decorate([
+exports.CsrfMiddleware = CsrfMiddleware;
+exports.CsrfMiddleware = CsrfMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], CsrfMiddleware);
-exports.CsrfMiddleware = CsrfMiddleware;
 //# sourceMappingURL=csrf.middleware.js.map

package/dist/middleware/helper.js

@@ -12,7 +12,7 @@ const escape = require("escape-html");
 const xss_1 = require("xss");
 let SecurityHelper = class SecurityHelper {
     resolve(app) {
-        if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
+        if ('express' === app.getNamespace()) {
             return async (req, res, next) => {
                 return this.compatibleMiddleware(req, req, res, next);
             };
@@ -33,10 +33,10 @@ let SecurityHelper = class SecurityHelper {
         return next();
     }
 };
-SecurityHelper = __decorate([
+exports.SecurityHelper = SecurityHelper;
+exports.SecurityHelper = SecurityHelper = __decorate([
     (0, core_1.Middleware)()
 ], SecurityHelper);
-exports.SecurityHelper = SecurityHelper;
 const MATCH_VULNERABLE_REGEXP = /[\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]/;
 const BASIC_ALPHABETS = new Set('abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ'.split(''));
 const map = {

package/dist/middleware/hsts.middleware.js

@@ -23,8 +23,8 @@ let HSTSMiddleware = class HSTSMiddleware extends base_1.BaseMiddleware {
         return 'hsts';
     }
 };
-HSTSMiddleware = __decorate([
+exports.HSTSMiddleware = HSTSMiddleware;
+exports.HSTSMiddleware = HSTSMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], HSTSMiddleware);
-exports.HSTSMiddleware = HSTSMiddleware;
 //# sourceMappingURL=hsts.middleware.js.map

package/dist/middleware/noopen.middleware.js

@@ -19,8 +19,8 @@ let NoOpenMiddleware = class NoOpenMiddleware extends base_1.BaseMiddleware {
         return 'noopen';
     }
 };
-NoOpenMiddleware = __decorate([
+exports.NoOpenMiddleware = NoOpenMiddleware;
+exports.NoOpenMiddleware = NoOpenMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], NoOpenMiddleware);
-exports.NoOpenMiddleware = NoOpenMiddleware;
 //# sourceMappingURL=noopen.middleware.js.map

package/dist/middleware/nosniff.middleware.js

@@ -22,8 +22,8 @@ let NoSniffMiddleware = class NoSniffMiddleware extends base_1.BaseMiddleware {
         return 'nosniff';
     }
 };
-NoSniffMiddleware = __decorate([
+exports.NoSniffMiddleware = NoSniffMiddleware;
+exports.NoSniffMiddleware = NoSniffMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], NoSniffMiddleware);
-exports.NoSniffMiddleware = NoSniffMiddleware;
 //# sourceMappingURL=nosniff.middleware.js.map

package/dist/middleware/xframe.middleware.js

@@ -11,9 +11,8 @@ const core_1 = require("@midwayjs/core");
 const base_1 = require("./base");
 let XFrameMiddleware = class XFrameMiddleware extends base_1.BaseMiddleware {
     async compatibleMiddleware(context, req, res, next) {
-        var _a;
         const result = await next();
-        const value = ((_a = this.security.xframe) === null || _a === void 0 ? void 0 : _a.value) || 'SAMEORIGIN';
+        const value = this.security.xframe?.value || 'SAMEORIGIN';
         res.set('x-frame-options', value);
         return result;
     }
@@ -21,8 +20,8 @@ let XFrameMiddleware = class XFrameMiddleware extends base_1.BaseMiddleware {
         return 'xframe';
     }
 };
-XFrameMiddleware = __decorate([
+exports.XFrameMiddleware = XFrameMiddleware;
+exports.XFrameMiddleware = XFrameMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], XFrameMiddleware);
-exports.XFrameMiddleware = XFrameMiddleware;
 //# sourceMappingURL=xframe.middleware.js.map

package/dist/middleware/xssProtection.middleware.js

@@ -19,8 +19,8 @@ let XSSProtectionMiddleware = class XSSProtectionMiddleware extends base_1.BaseM
         return 'xssProtection';
     }
 };
-XSSProtectionMiddleware = __decorate([
+exports.XSSProtectionMiddleware = XSSProtectionMiddleware;
+exports.XSSProtectionMiddleware = XSSProtectionMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], XSSProtectionMiddleware);
-exports.XSSProtectionMiddleware = XSSProtectionMiddleware;
 //# sourceMappingURL=xssProtection.middleware.js.map

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@midwayjs/security",
-  "version": "3.20.5",
+  "version": "4.0.0-beta.1",
   "description": "Midway Security Component",
   "main": "dist/index.js",
   "typings": "index.d.ts",
   "scripts": {
     "build": "tsc",
-    "test": "node --require=ts-node/register ../../node_modules/.bin/jest --runInBand",
-    "cov": "node --require=ts-node/register ../../node_modules/.bin/jest --runInBand --coverage --forceExit",
+    "test": "node -r ts-node/register ../../node_modules/jest/bin/jest.js --runInBand",
+    "cov": "node -r ts-node/register ../../node_modules/jest/bin/jest.js --runInBand --coverage --forceExit",
     "ci": "npm run test"
   },
   "keywords": [],
@@ -30,13 +30,12 @@
     "xss": "1.0.15"
   },
   "devDependencies": {
-    "@midwayjs/core": "^3.20.4",
-    "@midwayjs/express": "^3.20.4",
-    "@midwayjs/faas": "^3.20.4",
-    "@midwayjs/koa": "^3.20.5",
-    "@midwayjs/mock": "^3.20.4",
-    "@midwayjs/serverless-app": "^3.20.4",
-    "@midwayjs/web": "^3.20.4"
+    "@midwayjs/core": "^4.0.0-beta.1",
+    "@midwayjs/express": "^4.0.0-beta.1",
+    "@midwayjs/faas": "^4.0.0-beta.1",
+    "@midwayjs/koa": "^4.0.0-beta.1",
+    "@midwayjs/mock": "^4.0.0-beta.1",
+    "@midwayjs/web": "^4.0.0-beta.1"
   },
-  "gitHead": "7ce57281bd3ef5d18dc50b47ff9bffb8a27c071e"
+  "gitHead": "832961ec3aff123c033197d8c00cb2bc9bad7ff8"
 }

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2013 - Now midwayjs
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.