@solidstarters/solid-core 1.2.166 → 1.2.168
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/iam.config.d.ts +2 -0
- package/dist/config/iam.config.d.ts.map +1 -1
- package/dist/config/iam.config.js +1 -0
- package/dist/config/iam.config.js.map +1 -1
- package/dist/dtos/post-chatter-message.dto.js.map +1 -1
- package/dist/entities/chatter-message.entity.js.map +1 -1
- package/dist/helpers/security.helper.d.ts +4 -2
- package/dist/helpers/security.helper.d.ts.map +1 -1
- package/dist/helpers/security.helper.js +38 -23
- package/dist/helpers/security.helper.js.map +1 -1
- package/dist/services/authentication.service.js +2 -1
- package/dist/services/authentication.service.js.map +1 -1
- package/dist/services/chatter-message.service.d.ts.map +1 -1
- package/dist/services/chatter-message.service.js.map +1 -1
- package/dist/services/model-metadata.service.js +1 -1
- package/dist/services/model-metadata.service.js.map +1 -1
- package/dist/services/setting.service.d.ts.map +1 -1
- package/dist/services/setting.service.js +2 -1
- package/dist/services/setting.service.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/src/config/iam.config.ts +1 -0
- package/src/dtos/post-chatter-message.dto.ts +1 -1
- package/src/entities/chatter-message.entity.ts +3 -3
- package/src/helpers/security.helper.ts +95 -30
- package/src/services/authentication.service.ts +2 -2
- package/src/services/chatter-message.service.ts +373 -374
- package/src/services/model-metadata.service.ts +1 -1
- package/src/services/setting.service.ts +2 -1
|
@@ -19,6 +19,7 @@ export declare const iamConfig: (() => {
|
|
|
19
19
|
callbackURL: string;
|
|
20
20
|
redirectURL: string;
|
|
21
21
|
};
|
|
22
|
+
iamAutoGeneratedPassword: string | boolean;
|
|
22
23
|
}) & import("@nestjs/config").ConfigFactoryKeyHost<{
|
|
23
24
|
passwordlessRegistration: boolean;
|
|
24
25
|
iamPasswordRegistrationEnabled: boolean;
|
|
@@ -40,6 +41,7 @@ export declare const iamConfig: (() => {
|
|
|
40
41
|
callbackURL: string;
|
|
41
42
|
redirectURL: string;
|
|
42
43
|
};
|
|
44
|
+
iamAutoGeneratedPassword: string | boolean;
|
|
43
45
|
}>;
|
|
44
46
|
export declare const jwtConfig: (() => {
|
|
45
47
|
secret: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.config.d.ts","sourceRoot":"","sources":["../../src/config/iam.config.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,SAAS
|
|
1
|
+
{"version":3,"file":"iam.config.d.ts","sourceRoot":"","sources":["../../src/config/iam.config.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwBpB,CAAA;AAEF,eAAO,MAAM,SAAS;;;;;;;;;;;;EAQpB,CAAC"}
|
|
@@ -24,6 +24,7 @@ exports.iamConfig = (0, config_1.registerAs)('iam', () => {
|
|
|
24
24
|
callbackURL: process.env.IAM_GOOGLE_OAUTH_CALLBACK_URL,
|
|
25
25
|
redirectURL: process.env.IAM_GOOGLE_OAUTH_REDIRECT_URL,
|
|
26
26
|
},
|
|
27
|
+
iamAutoGeneratedPassword: process.env.IAM_AUTOGENERATED_PASSWORD || true
|
|
27
28
|
};
|
|
28
29
|
});
|
|
29
30
|
exports.jwtConfig = (0, config_1.registerAs)('jwt', () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.config.js","sourceRoot":"","sources":["../../src/config/iam.config.ts"],"names":[],"mappings":";;;AAAA,2CAA4C;AAE/B,QAAA,SAAS,GAAG,IAAA,mBAAU,EAAC,KAAK,EAAE,GAAG,EAAE;IAC5C,OAAO;QACH,wBAAwB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,OAAO,CAAC,KAAK,MAAM;QAC5F,8BAA8B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,MAAM,CAAC,KAAK,MAAM;QACpG,oCAAoC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,4CAA4C,IAAI,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACjJ,uBAAuB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,MAAM,CAAC,KAAK,MAAM;QACzF,0BAA0B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,MAAM,CAAC,KAAK,MAAM;QAChG,2BAA2B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,mCAAmC,IAAI,OAAO,CAAC,KAAK,MAAM;QACpG,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC;QACvD,qCAAqC,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,6CAA6C,IAAI,IAAI,CAAC;QAClH,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,QAAQ;QACrD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;QACnC,qCAAqC,EAAE,OAAO,CAAC,GAAG,CAAC,8CAA8C,IAAI,OAAO;QAC5G,+BAA+B,EAAC,IAAI;QACpC,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,0DAA0D;QACxG,wBAAwB,EAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,qGAAqG;QACxK,WAAW,EAAE;YACT,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;YAChD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,8BAA8B;YACxD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;YACtD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;SACzD;
|
|
1
|
+
{"version":3,"file":"iam.config.js","sourceRoot":"","sources":["../../src/config/iam.config.ts"],"names":[],"mappings":";;;AAAA,2CAA4C;AAE/B,QAAA,SAAS,GAAG,IAAA,mBAAU,EAAC,KAAK,EAAE,GAAG,EAAE;IAC5C,OAAO;QACH,wBAAwB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,OAAO,CAAC,KAAK,MAAM;QAC5F,8BAA8B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,MAAM,CAAC,KAAK,MAAM;QACpG,oCAAoC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,4CAA4C,IAAI,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACjJ,uBAAuB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,MAAM,CAAC,KAAK,MAAM;QACzF,0BAA0B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,MAAM,CAAC,KAAK,MAAM;QAChG,2BAA2B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,mCAAmC,IAAI,OAAO,CAAC,KAAK,MAAM;QACpG,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC;QACvD,qCAAqC,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,6CAA6C,IAAI,IAAI,CAAC;QAClH,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,QAAQ;QACrD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;QACnC,qCAAqC,EAAE,OAAO,CAAC,GAAG,CAAC,8CAA8C,IAAI,OAAO;QAC5G,+BAA+B,EAAC,IAAI;QACpC,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,0DAA0D;QACxG,wBAAwB,EAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,qGAAqG;QACxK,WAAW,EAAE;YACT,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;YAChD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,8BAA8B;YACxD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;YACtD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;SACzD;QACD,wBAAwB,EAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,IAAI;KAC1E,CAAC;AACN,CAAC,CAAC,CAAA;AAEW,QAAA,SAAS,GAAG,IAAA,mBAAU,EAAC,KAAK,EAAE,GAAG,EAAE;IAC5C,OAAO;QACH,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc;QAClC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC5C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACxC,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,MAAM,EAAE,EAAE,CAAC;QAC5E,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,OAAO,EAAE,EAAE,CAAC;KAClF,CAAC;AACN,CAAC,CAAC,CAAC","sourcesContent":["import { registerAs } from '@nestjs/config';\n\nexport const iamConfig = registerAs('iam', () => {\n return {\n passwordlessRegistration: (process.env.IAM_PASSWORD_LESS_REGISTRATION ?? 'false') === 'true',\n iamPasswordRegistrationEnabled: (process.env.IAM_PASSWORD_REGISTRATION_ENABLED ?? 'true') === 'true',\n passwordlessRegistrationValidateWhat: (process.env.IAM_PASSWORD_LESS_REGISTRATION_VALIDATE_WHAT ?? 'email').split(',').map((item) => item.trim()),\n allowPublicRegistration: (process.env.IAM_ALLOW_PUBLIC_REGISTRATION ?? 'true') === 'true',\n activateUserOnRegistration: (process.env.IAM_ACTIVATE_USER_ON_REGISTRATION ?? 'true') === 'true',\n autoLoginUserOnRegistration: (process.env.IAM_AUTO_LOGIN_USER_ON_REGISTRATION ?? 'false') === 'true',\n otpExpiry: parseInt(process.env.IAM_OTP_EXPIRY ?? '10'),\n forgotPasswordVerificationTokenExpiry: parseInt(process.env.IAM_FORGOT_PASSWORD_VERIFICATION_TOKEN_EXPIRY ?? '10'),\n defaultRole: process.env.IAM_DEFAULT_ROLE ?? 'Public',\n dummyOtp: process.env.IAM_OTP_DUMMY,\n forgotPasswordSendVerificationTokenOn: process.env.IAM_FORGOT_PASSWORD_SEND_VERIFICATION_TOKEN_ON ?? 'email',\n forceChangePasswordOnFirstLogin:true,\n PASSWORD_REGEX: process.env.PASSWORD_REGEX || '^$|^(?=.*[a-z])(?=.*[A-Z])(?=.*\\\\d)(?=.*[^\\\\da-zA-Z]).*$',\n PASSWORD_COMPLEXITY_DESC : process.env.PASSWORD_COMPLEXITY_DESC || 'Password must contain at least one uppercase, one lowercase, one number, and one special character.',\n googleOauth: {\n clientID: process.env.IAM_GOOGLE_OAUTH_CLIENT_ID,\n clientSecret: process.env.IAM_GOOGLE_OAUTH_CLIENT_SECRET,\n callbackURL: process.env.IAM_GOOGLE_OAUTH_CALLBACK_URL,\n redirectURL: process.env.IAM_GOOGLE_OAUTH_REDIRECT_URL,\n },\n iamAutoGeneratedPassword:process.env.IAM_AUTOGENERATED_PASSWORD || true\n };\n})\n\nexport const jwtConfig = registerAs('jwt', () => {\n return {\n secret: process.env.IAM_JWT_SECRET,\n audience: process.env.IAM_JWT_TOKEN_AUDIENCE,\n issuer: process.env.IAM_JWT_TOKEN_ISSUER,\n accessTokenTtl: parseInt(process.env.IAM_JWT_ACCESS_TOKEN_TTL ?? '3600', 10),\n refreshTokenTtl: parseInt(process.env.IAM_JWT_REFRESH_TOKEN_TTL ?? '86400', 10),\n };\n});\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post-chatter-message.dto.js","sourceRoot":"","sources":["../../src/dtos/post-chatter-message.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,qDAA6E;AAE7E,MAAa,qBAAqB;;;;CAgBjC;AAhBD,sDAgBC;AAbG;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;8DACW;AAIxB;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;0DACO;AAIpB;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;0DACO;AAIpB;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;6DACW","sourcesContent":["import { IsNotEmpty, IsNumber, IsString, IsOptional } from 'class-validator';\n\nexport class PostChatterMessageDto {\n @IsNumber()\n @IsNotEmpty()\n coModelEntityId: number;\n\n @IsString()\n @IsNotEmpty()\n coModelName: string;\n\n @IsString()\n @IsNotEmpty()\n messageBody: string;\n\n @IsString()\n @IsOptional()\n messageSubType?: string;\n}
|
|
1
|
+
{"version":3,"file":"post-chatter-message.dto.js","sourceRoot":"","sources":["../../src/dtos/post-chatter-message.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,qDAA6E;AAE7E,MAAa,qBAAqB;;;;CAgBjC;AAhBD,sDAgBC;AAbG;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;8DACW;AAIxB;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;0DACO;AAIpB;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;0DACO;AAIpB;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;6DACW","sourcesContent":["import { IsNotEmpty, IsNumber, IsString, IsOptional } from 'class-validator';\n\nexport class PostChatterMessageDto {\n @IsNumber()\n @IsNotEmpty()\n coModelEntityId: number;\n\n @IsString()\n @IsNotEmpty()\n coModelName: string;\n\n @IsString()\n @IsNotEmpty()\n messageBody: string;\n\n @IsString()\n @IsOptional()\n messageSubType?: string;\n}"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"chatter-message.entity.js","sourceRoot":"","sources":["../../src/entities/chatter-message.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,mDAAyD;AACzD,
|
|
1
|
+
{"version":3,"file":"chatter-message.entity.js","sourceRoot":"","sources":["../../src/entities/chatter-message.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,mDAAyD;AACzD,qCAAuE;AACvE,+CAA+C;AAGxC,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,4BAAY;;;;CAgB/C,CAAA;AAhBY,wCAAc;AAGvB;IAFC,IAAA,eAAK,GAAE;IACP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;;mDACR;AAEpB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;;sDACL;AAEvB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;;mDACL;AAGpB;IAFC,IAAA,eAAK,GAAE;IACP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;;uDACJ;AAExB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;;mDACR;AAGpB;IAFC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kBAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC9D,IAAA,oBAAU,GAAE;8BACP,kBAAI;4CAAC;yBAfF,cAAc;IAD1B,IAAA,gBAAM,EAAC,oBAAoB,CAAC;GAChB,cAAc,CAgB1B","sourcesContent":["import { CommonEntity } from 'src/entities/common.entity'\nimport { Entity, Column, Index, JoinColumn, ManyToOne } from 'typeorm';\nimport { User } from 'src/entities/user.entity'\n\n@Entity(\"ss_chatter_message\")\nexport class ChatterMessage extends CommonEntity {\n @Index()\n @Column({ type: \"varchar\" })\n messageType: string; // audit | custom \n @Column({ type: \"varchar\" })\n messageSubType: string; // update | insert | delete | post_message\n @Column({ type: \"text\" })\n messageBody: string;\n @Index()\n @Column({ type: \"integer\" })\n coModelEntityId: number;\n @Column({ type: \"varchar\" })\n coModelName: string;\n @ManyToOne(() => User, { onDelete: \"CASCADE\", nullable: true })\n @JoinColumn()\n user: User;\n}"]}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { HelmetOptions } from "helmet";
|
|
2
2
|
export declare function buildDefaultSecurityHeaderOptions(): Readonly<HelmetOptions>;
|
|
3
|
-
type Source =
|
|
4
|
-
type DirectiveConfig =
|
|
3
|
+
type Source = "self" | "none" | string;
|
|
4
|
+
type DirectiveConfig = "self" | "none" | Source[];
|
|
5
5
|
export type PermissionsPolicyConfig = Record<string, DirectiveConfig>;
|
|
6
6
|
export declare const DEFAULT_PERMISSIONS_POLICY: PermissionsPolicyConfig;
|
|
7
7
|
export declare function buildPermissionsPolicyHeader(overrides?: Partial<PermissionsPolicyConfig>): string;
|
|
8
|
+
export declare const DEFAULT_CACHE_CONTROL = "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0";
|
|
9
|
+
export declare function setDefaultCacheControl(): (_req: import("express").Request, _res: import("express").Response, next: import("express").NextFunction) => void;
|
|
8
10
|
export {};
|
|
9
11
|
//# sourceMappingURL=security.helper.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.helper.d.ts","sourceRoot":"","sources":["../../src/helpers/security.helper.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"security.helper.d.ts","sourceRoot":"","sources":["../../src/helpers/security.helper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAUvC,wBAAgB,iCAAiC,IAAI,QAAQ,CAAC,aAAa,CAAC,CAwC3E;AAID,KAAK,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AACvC,KAAK,eAAe,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;AAClD,MAAM,MAAM,uBAAuB,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAEtE,eAAO,MAAM,0BAA0B,EAAE,uBAaxC,CAAC;AAEF,wBAAgB,4BAA4B,CAC1C,SAAS,GAAE,OAAO,CAAC,uBAAuB,CAAM,GAC/C,MAAM,CAKR;AAeD,eAAO,MAAM,qBAAqB,iFAC8C,CAAC;AAEjF,wBAAgB,sBAAsB,WAE5B,OAAO,SAAS,EAAE,OAAO,QACzB,OAAO,SAAS,EAAE,QAAQ,QAC1B,OAAO,SAAS,EAAE,YAAY,UAKvC"}
|
|
@@ -1,46 +1,61 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DEFAULT_PERMISSIONS_POLICY = void 0;
|
|
3
|
+
exports.DEFAULT_CACHE_CONTROL = exports.DEFAULT_PERMISSIONS_POLICY = void 0;
|
|
4
4
|
exports.buildDefaultSecurityHeaderOptions = buildDefaultSecurityHeaderOptions;
|
|
5
5
|
exports.buildPermissionsPolicyHeader = buildPermissionsPolicyHeader;
|
|
6
|
+
exports.setDefaultCacheControl = setDefaultCacheControl;
|
|
6
7
|
const disallow_in_production_decorator_1 = require("../decorators/disallow-in-production.decorator");
|
|
7
8
|
function buildDefaultSecurityHeaderOptions() {
|
|
9
|
+
const isProd = process.env.ENV === disallow_in_production_decorator_1.Environment.Production;
|
|
8
10
|
return {
|
|
9
|
-
|
|
11
|
+
contentSecurityPolicy: {
|
|
12
|
+
useDefaults: true,
|
|
13
|
+
directives: {
|
|
14
|
+
"frame-ancestors": ["'none'"],
|
|
15
|
+
},
|
|
16
|
+
},
|
|
17
|
+
frameguard: { action: "deny" },
|
|
18
|
+
referrerPolicy: { policy: "strict-origin-when-cross-origin" },
|
|
10
19
|
crossOriginEmbedderPolicy: false,
|
|
11
|
-
crossOriginResourcePolicy: { policy:
|
|
12
|
-
|
|
13
|
-
hsts: process.env.NODE_ENV === disallow_in_production_decorator_1.Environment.Production
|
|
20
|
+
crossOriginResourcePolicy: { policy: "same-site" },
|
|
21
|
+
hsts: isProd
|
|
14
22
|
? { maxAge: 31536000, includeSubDomains: true, preload: true }
|
|
15
23
|
: false,
|
|
16
24
|
};
|
|
17
25
|
}
|
|
18
26
|
exports.DEFAULT_PERMISSIONS_POLICY = {
|
|
19
|
-
camera:
|
|
20
|
-
microphone:
|
|
21
|
-
geolocation:
|
|
22
|
-
fullscreen:
|
|
23
|
-
payment:
|
|
24
|
-
accelerometer:
|
|
25
|
-
autoplay:
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
gyroscope:
|
|
29
|
-
magnetometer:
|
|
30
|
-
usb:
|
|
27
|
+
camera: "none",
|
|
28
|
+
microphone: "none",
|
|
29
|
+
geolocation: "none",
|
|
30
|
+
fullscreen: "self",
|
|
31
|
+
payment: "none",
|
|
32
|
+
accelerometer: "none",
|
|
33
|
+
autoplay: "none",
|
|
34
|
+
"clipboard-read": "none",
|
|
35
|
+
"clipboard-write": "none",
|
|
36
|
+
gyroscope: "none",
|
|
37
|
+
magnetometer: "none",
|
|
38
|
+
usb: "none",
|
|
31
39
|
};
|
|
32
40
|
function buildPermissionsPolicyHeader(overrides = {}) {
|
|
33
41
|
const merged = { ...exports.DEFAULT_PERMISSIONS_POLICY, ...overrides };
|
|
34
42
|
return Object.entries(merged)
|
|
35
43
|
.map(([feature, value]) => `${feature}=${serializeValue(value)}`)
|
|
36
|
-
.join(
|
|
44
|
+
.join(", ");
|
|
37
45
|
}
|
|
38
46
|
function serializeValue(v) {
|
|
39
|
-
if (v ===
|
|
40
|
-
return
|
|
41
|
-
if (v ===
|
|
42
|
-
return
|
|
43
|
-
const parts = v.map(src => (src ===
|
|
47
|
+
if (v === "none")
|
|
48
|
+
return "()";
|
|
49
|
+
if (v === "self")
|
|
50
|
+
return "(self)";
|
|
51
|
+
const parts = v.map((src) => (src === "self" ? "self" : src)).join(" ");
|
|
44
52
|
return `(${parts})`;
|
|
45
53
|
}
|
|
54
|
+
exports.DEFAULT_CACHE_CONTROL = "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0";
|
|
55
|
+
function setDefaultCacheControl() {
|
|
56
|
+
return function cacheControlMiddleware(_req, _res, next) {
|
|
57
|
+
_res.setHeader("Cache-Control", exports.DEFAULT_CACHE_CONTROL);
|
|
58
|
+
next();
|
|
59
|
+
};
|
|
60
|
+
}
|
|
46
61
|
//# sourceMappingURL=security.helper.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.helper.js","sourceRoot":"","sources":["../../src/helpers/security.helper.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"security.helper.js","sourceRoot":"","sources":["../../src/helpers/security.helper.ts"],"names":[],"mappings":";;;AAUA,8EAwCC;AAuBD,oEAOC;AAkBD,wDASC;AA1GD,qGAA8E;AAS9E,SAAgB,iCAAiC;IAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,8CAAW,CAAC,UAAU,CAAC;IAE1D,OAAO;QAEL,qBAAqB,EAAE;YACrB,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE;gBAQV,iBAAiB,EAAE,CAAC,QAAQ,CAAC;aAQ9B;SACF;QAID,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;QAG9B,cAAc,EAAE,EAAE,MAAM,EAAE,iCAAiC,EAAE;QAC7D,yBAAyB,EAAE,KAAK;QAChC,yBAAyB,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;QAGlD,IAAI,EAAE,MAAM;YACV,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;YAC9D,CAAC,CAAC,KAAK;KACV,CAAC;AACJ,CAAC;AAQY,QAAA,0BAA0B,GAA4B;IACjE,MAAM,EAAE,MAAM;IACd,UAAU,EAAE,MAAM;IAClB,WAAW,EAAE,MAAM;IACnB,UAAU,EAAE,MAAM;IAClB,OAAO,EAAE,MAAM;IACf,aAAa,EAAE,MAAM;IACrB,QAAQ,EAAE,MAAM;IAChB,gBAAgB,EAAE,MAAM;IACxB,iBAAiB,EAAE,MAAM;IACzB,SAAS,EAAE,MAAM;IACjB,YAAY,EAAE,MAAM;IACpB,GAAG,EAAE,MAAM;CACZ,CAAC;AAEF,SAAgB,4BAA4B,CAC1C,YAA8C,EAAE;IAEhD,MAAM,MAAM,GAA4B,EAAE,GAAG,kCAA0B,EAAE,GAAG,SAAS,EAAE,CAAC;IACxF,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;SAChE,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,CAAkB;IACxC,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAC9B,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,QAAQ,CAAC;IAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxE,OAAO,IAAI,KAAK,GAAG,CAAC;AACtB,CAAC;AAQY,QAAA,qBAAqB,GAChC,8EAA8E,CAAC;AAEjF,SAAgB,sBAAsB;IACpC,OAAO,SAAS,sBAAsB,CACpC,IAA+B,EAC/B,IAAgC,EAChC,IAAoC;QAEpC,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,6BAAqB,CAAC,CAAC;QACvD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import { HelmetOptions } from \"helmet\";\nimport { Environment } from \"src/decorators/disallow-in-production.decorator\";\n\n/**\n * Default security headers for SolidX apps.\n * - HSTS only in prod over HTTPS\n * - CSP with frame-ancestors 'none' (prevents clickjacking)\n * - X-Frame-Options: DENY (legacy fallback)\n * - No X-XSS-Protection (deprecated)\n */\nexport function buildDefaultSecurityHeaderOptions(): Readonly<HelmetOptions> {\n const isProd = process.env.ENV === Environment.Production;\n\n return {\n // Modern CSP. Add more directives as your app needs (script-src, connect-src, etc.)\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n // sensible secure defaults\n // \"default-src\": [\"'self'\"],\n // \"base-uri\": [\"'self'\"],\n // \"object-src\": [\"'none'\"],\n // \"form-action\": [\"'self'\"],\n\n // clickjacking defense (modern)\n \"frame-ancestors\": [\"'none'\"],\n\n // add/adjust as needed for your app:\n // \"script-src\": [\"'self'\"], // add hashes/nonces/CSPRO if needed\n // \"style-src\": [\"'self'\", \"'unsafe-inline'\"],\n // \"img-src\": [\"'self'\", \"data:\"],\n // \"connect-src\": [\"'self'\", \"https://api.example.com\"],\n // \"frame-src\": [\"'none'\"], // iframes you intentionally allow\n },\n },\n\n \n // Legacy clickjacking defense (kept for older UAs)\n frameguard: { action: \"deny\" },\n\n // Referrer/cross-origin policies\n referrerPolicy: { policy: \"strict-origin-when-cross-origin\" },\n crossOriginEmbedderPolicy: false,\n crossOriginResourcePolicy: { policy: \"same-site\" },\n\n // HSTS only when you’re on HTTPS in production\n hsts: isProd\n ? { maxAge: 31536000, includeSubDomains: true, preload: true }\n : false,\n };\n}\n\n/* ---------------- Permissions-Policy (formerly Feature-Policy) ---------------- */\n\ntype Source = \"self\" | \"none\" | string;\ntype DirectiveConfig = \"self\" | \"none\" | Source[];\nexport type PermissionsPolicyConfig = Record<string, DirectiveConfig>;\n\nexport const DEFAULT_PERMISSIONS_POLICY: PermissionsPolicyConfig = {\n camera: \"none\",\n microphone: \"none\",\n geolocation: \"none\",\n fullscreen: \"self\",\n payment: \"none\",\n accelerometer: \"none\",\n autoplay: \"none\",\n \"clipboard-read\": \"none\",\n \"clipboard-write\": \"none\",\n gyroscope: \"none\",\n magnetometer: \"none\",\n usb: \"none\",\n};\n\nexport function buildPermissionsPolicyHeader(\n overrides: Partial<PermissionsPolicyConfig> = {}\n): string {\n const merged: PermissionsPolicyConfig = { ...DEFAULT_PERMISSIONS_POLICY, ...overrides };\n return Object.entries(merged)\n .map(([feature, value]) => `${feature}=${serializeValue(value)}`)\n .join(\", \");\n}\n\nfunction serializeValue(v: DirectiveConfig): string {\n if (v === \"none\") return \"()\";\n if (v === \"self\") return \"(self)\";\n const parts = v.map((src) => (src === \"self\" ? \"self\" : src)).join(\" \");\n return `(${parts})`;\n}\n\n/* ---------------- Cache-Control helpers ---------------- */\n\n/**\n * Default: no-store for HTML/API responses unless you have a reason to cache.\n * Attach as a global middleware or on selected routes.\n */\nexport const DEFAULT_CACHE_CONTROL =\n \"no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0\";\n\nexport function setDefaultCacheControl() {\n return function cacheControlMiddleware(\n _req: import(\"express\").Request,\n _res: import(\"express\").Response,\n next: import(\"express\").NextFunction\n ) {\n _res.setHeader(\"Cache-Control\", DEFAULT_CACHE_CONTROL);\n next();\n };\n}\n\n/* ---------------- Example Express wiring ---------------- */\n// import express from \"express\";\n// const app = express();\n// app.use(helmet(buildDefaultSecurityHeaderOptions()));\n// app.use((req, res, next) => {\n// res.setHeader(\"Permissions-Policy\", buildPermissionsPolicyHeader());\n// next();\n// });\n// app.use(setDefaultCacheControl());"]}
|
|
@@ -149,6 +149,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
149
149
|
}
|
|
150
150
|
}
|
|
151
151
|
async populateForSignup(user, signUpDto, isUserActive = true, onForcePasswordChange) {
|
|
152
|
+
let autoGeneratedPwdPermission = await this.settingService.getConfigValue('iamAutoGeneratedPassword');
|
|
152
153
|
if (signUpDto.roles && signUpDto.roles.length > 0) {
|
|
153
154
|
for (let i = 0; i < signUpDto.roles.length; i++) {
|
|
154
155
|
const roleName = signUpDto.roles[i];
|
|
@@ -168,7 +169,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
168
169
|
if (signUpDto.password) {
|
|
169
170
|
pwd = await this.hashingService.hash(signUpDto.password);
|
|
170
171
|
}
|
|
171
|
-
|
|
172
|
+
if (autoGeneratedPwdPermission?.toString().toLowerCase() === 'true') {
|
|
172
173
|
autoGeneratedPwd = this.generatePassword();
|
|
173
174
|
pwd = await this.hashingService.hash(autoGeneratedPwd);
|
|
174
175
|
user.forcePasswordChange = true;
|