@nest-omni/core 4.1.3-25 → 4.1.3-26

package/http-client/utils/security-validator.util.d.ts

@@ -75,6 +75,25 @@ export declare class SecurityValidator {
         valid: boolean;
         error?: string;
     };
+    /**
+     * 敏感数据检测
+     * 检查数据中是否包含敏感信息（如密码、token等）
+     * @param data 要检查的数据对象
+     * @param additionalPatterns 额外的敏感数据模式
+     * @returns 检测结果
+     */
+    static detectSensitiveData(data: any, additionalPatterns?: RegExp[]): {
+        hasSensitiveData: boolean;
+        fields: string[];
+    };
+    /**
+     * 获取默认SSRF防护配置
+     */
+    static getDefaultSSRFConfig(): SSRFProtectionConfig;
+    /**
+     * 获取默认URL验证配置
+     */
+    static getDefaultURLConfig(): URLValidationConfig;
     /**
      * 从主机名中提取IP地址
      */
@@ -96,23 +115,4 @@ export declare class SecurityValidator {
      * 验证主机名格式
      */
     private static isValidHostname;
-    /**
-     * 敏感数据检测
-     * 检查数据中是否包含敏感信息（如密码、token等）
-     * @param data 要检查的数据对象
-     * @param additionalPatterns 额外的敏感数据模式
-     * @returns 检测结果
-     */
-    static detectSensitiveData(data: any, additionalPatterns?: RegExp[]): {
-        hasSensitiveData: boolean;
-        fields: string[];
-    };
-    /**
-     * 获取默认SSRF防护配置
-     */
-    static getDefaultSSRFConfig(): SSRFProtectionConfig;
-    /**
-     * 获取默认URL验证配置
-     */
-    static getDefaultURLConfig(): URLValidationConfig;
 }

package/http-client/utils/security-validator.util.js

@@ -143,6 +143,69 @@ class SecurityValidator {
         }
         return { url: sanitizedURL, valid: true };
     }
+    /**
+     * 敏感数据检测
+     * 检查数据中是否包含敏感信息（如密码、token等）
+     * @param data 要检查的数据对象
+     * @param additionalPatterns 额外的敏感数据模式
+     * @returns 检测结果
+     */
+    static detectSensitiveData(data, additionalPatterns = []) {
+        const sensitiveFields = [];
+        // 默认敏感字段名模式
+        const defaultPatterns = [
+            /password/i,
+            /secret/i,
+            /token/i,
+            /api[_-]?key/i,
+            /authorization/i,
+            /credential/i,
+            /private[_-]?key/i,
+            /access[_-]?token/i,
+            /refresh[_-]?token/i,
+            /session[_-]?id/i,
+            /csrf/i,
+            /ssn/i,
+            /credit[_-]?card/i,
+        ];
+        const allPatterns = [...defaultPatterns, ...additionalPatterns];
+        const checkObject = (obj, path = '') => {
+            if (!obj || typeof obj !== 'object') {
+                return;
+            }
+            for (const key in obj) {
+                if (!obj.hasOwnProperty(key)) {
+                    continue;
+                }
+                const currentPath = path ? `${path}.${key}` : key;
+                // 检查键名是否匹配敏感模式
+                if (allPatterns.some((pattern) => pattern.test(key))) {
+                    sensitiveFields.push(currentPath);
+                }
+                // 递归检查嵌套对象
+                if (typeof obj[key] === 'object' && obj[key] !== null) {
+                    checkObject(obj[key], currentPath);
+                }
+            }
+        };
+        checkObject(data);
+        return {
+            hasSensitiveData: sensitiveFields.length > 0,
+            fields: sensitiveFields,
+        };
+    }
+    /**
+     * 获取默认SSRF防护配置
+     */
+    static getDefaultSSRFConfig() {
+        return Object.assign({}, this.defaultSSRFConfig);
+    }
+    /**
+     * 获取默认URL验证配置
+     */
+    static getDefaultURLConfig() {
+        return Object.assign({}, this.defaultURLConfig);
+    }
     /**
      * 从主机名中提取IP地址
      */
@@ -165,7 +228,9 @@ class SecurityValidator {
     static validateIPAddress(ipAddress, config) {
         // 检查是否为本地回环地址
         if (!config.allowLoopback) {
-            if (ipAddress === '127.0.0.1' || ipAddress === '::1' || ipAddress.startsWith('127.')) {
+            if (ipAddress === '127.0.0.1' ||
+                ipAddress === '::1' ||
+                ipAddress.startsWith('127.')) {
                 return {
                     valid: false,
                     error: 'Loopback addresses are not allowed',
@@ -251,69 +316,6 @@ class SecurityValidator {
         const hostnameRegex = /^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$/;
         return hostnameRegex.test(hostname);
     }
-    /**
-     * 敏感数据检测
-     * 检查数据中是否包含敏感信息（如密码、token等）
-     * @param data 要检查的数据对象
-     * @param additionalPatterns 额外的敏感数据模式
-     * @returns 检测结果
-     */
-    static detectSensitiveData(data, additionalPatterns = []) {
-        const sensitiveFields = [];
-        // 默认敏感字段名模式
-        const defaultPatterns = [
-            /password/i,
-            /secret/i,
-            /token/i,
-            /api[_-]?key/i,
-            /authorization/i,
-            /credential/i,
-            /private[_-]?key/i,
-            /access[_-]?token/i,
-            /refresh[_-]?token/i,
-            /session[_-]?id/i,
-            /csrf/i,
-            /ssn/i,
-            /credit[_-]?card/i,
-        ];
-        const allPatterns = [...defaultPatterns, ...additionalPatterns];
-        const checkObject = (obj, path = '') => {
-            if (!obj || typeof obj !== 'object') {
-                return;
-            }
-            for (const key in obj) {
-                if (!obj.hasOwnProperty(key)) {
-                    continue;
-                }
-                const currentPath = path ? `${path}.${key}` : key;
-                // 检查键名是否匹配敏感模式
-                if (allPatterns.some((pattern) => pattern.test(key))) {
-                    sensitiveFields.push(currentPath);
-                }
-                // 递归检查嵌套对象
-                if (typeof obj[key] === 'object' && obj[key] !== null) {
-                    checkObject(obj[key], currentPath);
-                }
-            }
-        };
-        checkObject(data);
-        return {
-            hasSensitiveData: sensitiveFields.length > 0,
-            fields: sensitiveFields,
-        };
-    }
-    /**
-     * 获取默认SSRF防护配置
-     */
-    static getDefaultSSRFConfig() {
-        return Object.assign({}, this.defaultSSRFConfig);
-    }
-    /**
-     * 获取默认URL验证配置
-     */
-    static getDefaultURLConfig() {
-        return Object.assign({}, this.defaultURLConfig);
-    }
 }
 exports.SecurityValidator = SecurityValidator;
 SecurityValidator.logger = new common_1.Logger(SecurityValidator.name);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nest-omni/core",
-  "version": "4.1.3-25",
+  "version": "4.1.3-26",
   "description": "A comprehensive NestJS framework for building enterprise-grade applications with best practices",
   "main": "index.js",
   "types": "index.d.ts",

package/vault/vault-config.service.js

@@ -172,7 +172,7 @@ let VaultConfigService = VaultConfigService_1 = class VaultConfigService {
             }
             try {
                 const health = yield this.vaultClient.health();
-                return health && !health.sealed;
+                return !!(health && !health.sealed);
             }
             catch (error) {
                 this.logger.error('Vault health check failed', error.message);