npm - @opensecurity/zonzon-core - Versions diffs - 0.1.1 → 0.1.3 - Mend

@opensecurity/zonzon-core 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/audit.d.ts +10 -0
package/dist/audit.js +39 -0
package/dist/cache-layer.test.d.ts +1 -0
package/dist/cache-layer.test.js +205 -0
package/dist/cache-multi-question.test.d.ts +1 -0
package/dist/cache-multi-question.test.js +187 -0
package/dist/dns-handler.d.ts +27 -0
package/dist/dns-handler.js +323 -0
package/dist/dns-service.d.ts +45 -0
package/dist/dns-service.js +546 -0
package/dist/dns-service.test.d.ts +1 -0
package/dist/dns-service.test.js +306 -0
package/dist/dns-wireformat.test.d.ts +1 -0
package/dist/dns-wireformat.test.js +669 -0
package/dist/firewall.d.ts +9 -0
package/dist/firewall.js +62 -0
package/dist/http-body-forwarding-integration.test.d.ts +1 -0
package/dist/http-body-forwarding-integration.test.js +318 -0
package/dist/http-body-forwarding.test.d.ts +1 -0
package/dist/http-body-forwarding.test.js +84 -0
package/dist/http-handler.d.ts +21 -0
package/dist/http-handler.js +429 -0
package/dist/http-proxy.d.ts +14 -0
package/dist/http-proxy.js +135 -0
package/dist/http-proxy.test.d.ts +1 -0
package/dist/http-proxy.test.js +375 -0
package/{src/index.ts → dist/index.d.ts} +1 -1
package/dist/index.js +10 -0
package/dist/rate-limiter.d.ts +11 -0
package/dist/rate-limiter.js +33 -0
package/dist/rate-limiter.test.d.ts +1 -0
package/dist/rate-limiter.test.js +149 -0
package/dist/schema.d.ts +12 -0
package/dist/schema.js +124 -0
package/dist/schema.test.d.ts +1 -0
package/dist/schema.test.js +586 -0
package/dist/sni-proxy.d.ts +12 -0
package/dist/sni-proxy.js +141 -0
package/dist/srv-record.test.d.ts +1 -0
package/dist/srv-record.test.js +186 -0
package/dist/tcp-connection-limit.test.d.ts +1 -0
package/dist/tcp-connection-limit.test.js +89 -0
package/dist/types.d.ts +145 -0
package/dist/types.js +34 -0
package/dist/wildcard-matching.test.d.ts +1 -0
package/dist/wildcard-matching.test.js +162 -0
package/package.json +4 -1
package/src/audit.ts +0 -43
package/src/cache-layer.test.ts +0 -236
package/src/cache-multi-question.test.ts +0 -263
package/src/dns-handler.ts +0 -355
package/src/dns-service.test.ts +0 -371
package/src/dns-service.ts +0 -655
package/src/dns-wireformat.test.ts +0 -771
package/src/env.d.ts +0 -1
package/src/firewall.ts +0 -66
package/src/http-body-forwarding-integration.test.ts +0 -357
package/src/http-body-forwarding.test.ts +0 -101
package/src/http-handler.ts +0 -489
package/src/http-proxy.test.ts +0 -440
package/src/http-proxy.ts +0 -148
package/src/rate-limiter.test.ts +0 -144
package/src/rate-limiter.ts +0 -50
package/src/schema.test.ts +0 -685
package/src/schema.ts +0 -137
package/src/sni-proxy.ts +0 -164
package/src/srv-record.test.ts +0 -211
package/src/tcp-connection-limit.test.ts +0 -110
package/src/types.ts +0 -168
package/src/wildcard-matching.test.ts +0 -196
package/tsconfig.json +0 -9

package/dist/schema.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { z } from "zod";
+import * as net from "net";
+const CrlfFreeString = z.string().refine((val) => !/[\r\n]/.test(val), "Contains CR/LF");
+const Ipv4Schema = z.string().refine((ip) => net.isIPv4(ip), "Invalid IPv4");
+const Ipv6Schema = z.string().refine((ip) => net.isIPv6(ip), "Invalid IPv6");
+const HostnameSchema = z.string().max(253).refine((hostname) => {
+    const parts = hostname.split(".");
+    const hostPattern = /^[a-zA-Z0-9_]([a-zA-Z0-9_-]{0,61}[a-zA-Z0-9])?$/;
+    return parts.every((part) => part.length > 0 && part.length <= 63 && hostPattern.test(part));
+}, "Invalid hostname");
+const PortSchema = z.number().int().min(1).max(65535);
+const ARecordSchema = z.object({ type: z.literal("A"), address: Ipv4Schema });
+const AAAARecordSchema = z.object({ type: z.literal("AAAA"), address: Ipv6Schema });
+const CNAMERecordSchema = z.object({ type: z.literal("CNAME"), target: HostnameSchema });
+const TXTRecordSchema = z.object({ type: z.literal("TXT"), data: z.array(z.string().max(255).refine((val) => !/[\r\n]/.test(val), "Contains CR/LF")) });
+const MXRecordSchema = z.object({ type: z.literal("MX"), priority: z.number().int().min(0).max(65535), exchange: HostnameSchema });
+const NSRecordSchema = z.object({ type: z.literal("NS"), target: HostnameSchema });
+const SRVRecordSchema = z.object({ type: z.literal("SRV"), priority: z.number().int().min(0).max(65535), weight: z.number().int().min(0).max(65535), port: PortSchema, target: HostnameSchema });
+const PTRRecordSchema = z.object({ type: z.literal("PTR"), target: HostnameSchema });
+const DnsRecordSchema = z.discriminatedUnion("type", [
+    ARecordSchema,
+    AAAARecordSchema,
+    CNAMERecordSchema,
+    TXTRecordSchema,
+    MXRecordSchema,
+    NSRecordSchema,
+    SRVRecordSchema,
+    PTRRecordSchema,
+]);
+const HttpProxySchema = z.object({
+    enabled: z.boolean(),
+    upstream: CrlfFreeString.optional(),
+    headers: z.record(z.string().regex(/^[a-zA-Z0-9\-]+$/), CrlfFreeString).default({}),
+    forwardRequestBody: z.boolean().default(false),
+    maxRequestBodyBytes: z.number().int().min(0).max(10485760).default(5242880),
+}).refine(data => !data.enabled || !!data.upstream, {
+    message: "HTTP proxy requires 'upstream' URL when enabled",
+    path: ["upstream"]
+});
+const RedirectSchema = z.object({
+    enabled: z.boolean().default(true),
+    code: z.union([z.literal(301), z.literal(302), z.literal(303), z.literal(307), z.literal(308)]),
+    target: CrlfFreeString,
+});
+const HostConfigSchema = z.object({
+    records: z.array(DnsRecordSchema).default([]),
+    http_proxy: HttpProxySchema.optional(),
+    redirect: RedirectSchema.optional(),
+});
+const FirewallSchema = z.object({
+    defaultPolicy: z.enum(["allow", "deny"]).default("deny"),
+    allowlist_domains: z.array(z.string().max(253)).default([]),
+    blocklist_domains: z.array(z.string().max(253)).default([]),
+    allowlist_ranges: z.array(z.string().max(40)).default([]),
+    blocklist_ranges: z.array(z.string().max(40)).default([]),
+    allowlist_ips: z.array(z.string().max(40)).default([]),
+    blocklist_ips: z.array(z.string().max(40)).default([]),
+});
+const ControlPlaneSchema = z.object({
+    enabled: z.boolean().default(true).optional(),
+    port: z.coerce.number().int().min(1).max(65535).default(8080).optional(),
+    apiKey: z.string().optional()
+});
+const ServerConfigSchema = z.object({
+    port: z.coerce.number().int().min(1).max(65535).default(53),
+    fallbackDns: Ipv4Schema.optional(),
+    firewall: FirewallSchema.optional(),
+    controlPlane: ControlPlaneSchema.optional(),
+    dnsCacheMaxSize: z.coerce.number().int().min(1).max(100000).default(1024),
+    dnsCacheTtlMs: z.coerce.number().int().min(0).max(3600000).default(0),
+    maxTcpConnections: z.coerce.number().int().min(1).max(10000).default(100),
+    tcpIdleTimeoutMs: z.coerce.number().int().min(1000).max(600000).default(30000),
+    rateLimitMaxRequests: z.coerce.number().int().min(0).max(100000).default(0),
+    rateLimitWindowMs: z.coerce.number().int().min(100).max(60000).default(1000),
+    hosts: z.record(z.string(), HostConfigSchema).default({}),
+}).refine(data => {
+    for (const key of Object.keys(data.hosts)) {
+        const normalized = key.toLowerCase();
+        if (normalized === "*")
+            continue;
+        if (normalized.startsWith("*.")) {
+            HostnameSchema.parse(normalized.slice(2));
+        }
+        else {
+            HostnameSchema.parse(normalized);
+        }
+    }
+    return true;
+}, "Contains invalid hostnames in configuration keys");
+export function validateARecord(record) { return ARecordSchema.parse(record); }
+export function validateAAAARecord(record) { return AAAARecordSchema.parse(record); }
+export function validateCNAME(record) { return CNAMERecordSchema.parse(record); }
+export function validateTXT(record) { return TXTRecordSchema.parse(record); }
+export function validateMX(record) { return MXRecordSchema.parse(record); }
+export function validateNS(record) { return NSRecordSchema.parse(record); }
+export function validateSRV(record) { return SRVRecordSchema.parse(record); }
+export function validatePTR(record) { return PTRRecordSchema.parse(record); }
+export function validateRecord(record) {
+    if (!record || typeof record !== "object" || !("type" in record)) {
+        throw new Error("DNS record must be an object with a 'type' field");
+    }
+    return DnsRecordSchema.parse(record);
+}
+export function validateHostConfig(config) {
+    try {
+        return HostConfigSchema.parse(config);
+    }
+    catch (error) {
+        throw new Error(`Host validation error: ${error}`);
+    }
+}
+export function validateServerConfig(config) {
+    try {
+        const parsed = ServerConfigSchema.parse(config);
+        const lowercaseHosts = {};
+        for (const [key, value] of Object.entries(parsed.hosts)) {
+            lowercaseHosts[key.toLowerCase()] = value;
+        }
+        return { ...parsed, hosts: lowercaseHosts };
+    }
+    catch (error) {
+        throw new Error(`Configuration validation error: ${error}`);
+    }
+}

package/dist/schema.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};