npm - hi-secure - Versions diffs - 1.0.15 → 1.0.17 - Mend

hi-secure 1.0.15 → 1.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

package/dist/adapters/ArgonAdapter.d.ts +1 -1
package/dist/adapters/ArgonAdapter.d.ts.map +1 -1
package/dist/adapters/ArgonAdapter.js +7 -5
package/dist/adapters/ArgonAdapter.js.map +1 -1
package/dist/adapters/BcryptAdapter.d.ts.map +1 -1
package/dist/adapters/BcryptAdapter.js +7 -3
package/dist/adapters/BcryptAdapter.js.map +1 -1
package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -1
package/dist/adapters/ExpressRLAdapter.js +10 -6
package/dist/adapters/ExpressRLAdapter.js.map +1 -1
package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -1
package/dist/adapters/ExpressValidatorAdapter.js +14 -10
package/dist/adapters/ExpressValidatorAdapter.js.map +1 -1
package/dist/adapters/GoogleAdapter.d.ts.map +1 -1
package/dist/adapters/GoogleAdapter.js +19 -16
package/dist/adapters/GoogleAdapter.js.map +1 -1
package/dist/adapters/JWTAdapter.d.ts.map +1 -1
package/dist/adapters/JWTAdapter.js +25 -15
package/dist/adapters/JWTAdapter.js.map +1 -1
package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -1
package/dist/adapters/RLFlexibleAdapter.js +23 -12
package/dist/adapters/RLFlexibleAdapter.js.map +1 -1
package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -1
package/dist/adapters/SanitizeHtmlAdapter.js +17 -13
package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -1
package/dist/adapters/XSSAdapter.d.ts +1 -1
package/dist/adapters/XSSAdapter.d.ts.map +1 -1
package/dist/adapters/XSSAdapter.js +21 -20
package/dist/adapters/XSSAdapter.js.map +1 -1
package/dist/adapters/ZodAdapter.d.ts +1 -1
package/dist/adapters/ZodAdapter.d.ts.map +1 -1
package/dist/adapters/ZodAdapter.js +10 -8
package/dist/adapters/ZodAdapter.js.map +1 -1
package/dist/core/HiSecure.d.ts +3 -4
package/dist/core/HiSecure.d.ts.map +1 -1
package/dist/core/HiSecure.js +91 -120
package/dist/core/HiSecure.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +8 -1
package/dist/index.js.map +1 -1
package/dist/logging/morganSetup.d.ts.map +1 -1
package/dist/logging/morganSetup.js +8 -1
package/dist/logging/morganSetup.js.map +1 -1
package/dist/logging/winstonSetup.d.ts.map +1 -1
package/dist/logging/winstonSetup.js +17 -3
package/dist/logging/winstonSetup.js.map +1 -1
package/dist/managers/AuthManager.d.ts +2 -2
package/dist/managers/AuthManager.d.ts.map +1 -1
package/dist/managers/AuthManager.js +59 -31
package/dist/managers/AuthManager.js.map +1 -1
package/dist/managers/CorsManager.d.ts.map +1 -1
package/dist/managers/CorsManager.js +18 -11
package/dist/managers/CorsManager.js.map +1 -1
package/dist/managers/HashManager.d.ts +1 -1
package/dist/managers/HashManager.d.ts.map +1 -1
package/dist/managers/HashManager.js +35 -17
package/dist/managers/HashManager.js.map +1 -1
package/dist/managers/JsonManager.d.ts +1 -1
package/dist/managers/JsonManager.d.ts.map +1 -1
package/dist/managers/JsonManager.js +44 -16
package/dist/managers/JsonManager.js.map +1 -1
package/dist/managers/RateLimitManager.d.ts +1 -1
package/dist/managers/RateLimitManager.d.ts.map +1 -1
package/dist/managers/RateLimitManager.js +43 -22
package/dist/managers/RateLimitManager.js.map +1 -1
package/dist/managers/SanitizerManager.d.ts.map +1 -1
package/dist/managers/SanitizerManager.js +32 -15
package/dist/managers/SanitizerManager.js.map +1 -1
package/dist/managers/ValidatorManager.d.ts.map +1 -1
package/dist/managers/ValidatorManager.js +31 -7
package/dist/managers/ValidatorManager.js.map +1 -1
package/package.json +2 -6
package/readme.md +3 -6
package/src/adapters/ArgonAdapter.ts +10 -6
package/src/adapters/BcryptAdapter.ts +7 -8
package/src/adapters/ExpressRLAdapter.ts +14 -9
package/src/adapters/ExpressValidatorAdapter.ts +17 -11
package/src/adapters/GoogleAdapter.ts +24 -21
package/src/adapters/JWTAdapter.ts +33 -21
package/src/adapters/RLFlexibleAdapter.ts +31 -16
package/src/adapters/SanitizeHtmlAdapter.ts +28 -18
package/src/adapters/XSSAdapter.ts +33 -38
package/src/adapters/ZodAdapter.ts +10 -10
package/src/core/HiSecure.ts +127 -161
package/src/index.ts +4 -0
package/src/logging/morganSetup.ts +11 -1
package/src/logging/winstonSetup.ts +35 -8
package/src/managers/AuthManager.ts +64 -34
package/src/managers/CorsManager.ts +23 -16
package/src/managers/HashManager.ts +48 -19
package/src/managers/JsonManager.ts +57 -15
package/src/managers/RateLimitManager.ts +61 -29
package/src/managers/SanitizerManager.ts +47 -25
package/src/managers/ValidatorManager.ts +40 -15

package/src/managers/SanitizerManager.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { SanitizerError } from "../core/errors/SanitizerError.js";
+import { SanitizerError } from "../core/errors/SanitizerError";
 import { logger } from "../logging";
 interface SanitizerAdapter {
@@ -12,78 +12,97 @@ export class SanitizerManager {
     constructor(primary: SanitizerAdapter, fallback: SanitizerAdapter | null = null) {
         this.primary = primary;
         this.fallback = fallback;
+        logger.info("SanitizerManager initialized", {
+            layer: "sanitizer-manager",
+            fallbackEnabled: !!fallback
+        });
     }
     sanitize(value: string, options?: any): string {
-        if (typeof value !== 'string') {
+        if (typeof value !== "string") {
             return value;
         }
         try {
             return this.primary.sanitize(value, options);
         } catch (err: any) {
-            logger.warn("Primary sanitizer failed", { error: err?.message });
+            logger.warn("Primary sanitizer failed", {
+                layer: "sanitizer-manager",
+                operation: "sanitize",
+                reason: err?.message
+            });
             if (!this.fallback) {
-                throw new SanitizerError("Primary sanitizer failed and no fallback available.");
+                throw new SanitizerError(
+                    "Primary sanitizer failed and no fallback available."
+                );
             }
-            logger.info("Using fallback sanitizer");
+            logger.warn("Sanitizer fallback used", {
+                layer: "sanitizer-manager",
+                operation: "sanitize"
+            });
             return this.fallback.sanitize(value, options);
         }
     }
     middleware(options?: any) {
         return (req: any, _res: any, next: any) => {
             let fallbackTriggered = false;
             const safeSanitize = (value: string): string => {
                 if (fallbackTriggered && this.fallback) {
                     return this.fallback.sanitize(value, options);
                 }
                 try {
                     return this.primary.sanitize(value, options);
                 } catch (err: any) {
                     if (!this.fallback) {
                         throw err;
                     }
                     fallbackTriggered = true;
-                    logger.warn("Switching to fallback sanitizer for this request");
+                    logger.warn("Switching to fallback sanitizer for request", {
+                        layer: "sanitizer-manager",
+                        operation: "middleware"
+                    });
                     return this.fallback.sanitize(value, options);
                 }
             };
             try {
                 if (req.body && typeof req.body === "object") {
                     const originalBody = req.body;
                     const sanitizedBody: any = Array.isArray(originalBody) ? [] : {};
                     for (const key of Object.keys(originalBody)) {
                         const value = originalBody[key];
                         if (typeof value === "string") {
                             sanitizedBody[key] = safeSanitize(value);
                         } else if (Array.isArray(value)) {
-                            sanitizedBody[key] = value.map(item =>
-                                typeof item === "string" ? safeSanitize(item) : item
+                            sanitizedBody[key] = value.map(item =>
+                                typeof item === "string"
+                                    ? safeSanitize(item)
+                                    : item
                             );
-                        } else if (value && typeof value === "object") {
-                            sanitizedBody[key] = value;
                         } else {
                             sanitizedBody[key] = value;
                         }
                     }
                     req.sanitizedBody = sanitizedBody;
-                    logger.debug("Request body sanitized", {
-                        originalKeys: Object.keys(originalBody),
-                        sanitizedKeys: Object.keys(sanitizedBody),
+                    // ✅ visible + safe info
+                    logger.info("Request body sanitized", {
+                        layer: "sanitizer-manager",
+                        operation: "middleware",
+                        fieldCount: Object.keys(sanitizedBody).length,
                         usedFallback: fallbackTriggered
                     });
                 }
@@ -91,10 +110,13 @@ export class SanitizerManager {
                 next();
             } catch (err: any) {
                 logger.error("Sanitizer middleware failed", {
-                    error: err?.message
+                    layer: "sanitizer-manager",
+                    operation: "middleware",
+                    reason: err?.message
                 });
                 next(new SanitizerError("Sanitizer middleware failure"));
             }
         };
     }
-}
+}

package/src/managers/ValidatorManager.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { logger } from "../logging";
-import { ValidationError } from "../core/errors/ValidationError.js";
+import { ValidationError } from "../core/errors/ValidationError";
 interface ValidatorAdapter {
     validate: (schema?: any) => any;
@@ -12,32 +12,44 @@ export class ValidatorManager {
     constructor(zodAdapter: ValidatorAdapter, expressAdapter: ValidatorAdapter) {
         this.zodAdapter = zodAdapter;
         this.expressAdapter = expressAdapter;
+        logger.info("ValidatorManager initialized", {
+            layer: "validator-manager",
+            adapters: ["zod", "express-validator"]
+        });
     }
     validate(schema?: any) {
         const isZod =
-    schema &&
-    typeof schema === "object" &&
-    typeof schema._def === "object" &&
-    typeof schema.safeParse === "function";
+            schema &&
+            typeof schema === "object" &&
+            typeof schema._def === "object" &&
+            typeof schema.safeParse === "function";
         const isExpressValidator = Array.isArray(schema);
         return (req: any, res: any, next: any) => {
             let middleware;
+            let adapterUsed: "zod" | "express-validator" | "none" = "none";
             if (isZod) {
-                logger.debug("Using Zod adapter");
+                adapterUsed = "zod";
                 middleware = this.zodAdapter.validate(schema);
-            }
-            else if (isExpressValidator) {
-                logger.debug(" Using express-validator adapter");
+            } else if (isExpressValidator) {
+                adapterUsed = "express-validator";
                 middleware = this.expressAdapter.validate(schema);
-            }
-            else {
-                return next();
+            } else {
+                return next();
             }
+            logger.info("Validation adapter selected", {
+                layer: "validator-manager",
+                operation: "select",
+                adapter: adapterUsed,
+                path: req.path,
+                method: req.method
+            });
             // CASE 1 — express-validator returns ARRAY
             if (Array.isArray(middleware)) {
                 let idx = 0;
@@ -46,11 +58,18 @@ export class ValidatorManager {
                     if (err) return next(err);
                     const fn = middleware[idx++];
-                    if (!fn) return next(); // done
+                    if (!fn) return next();
                     try {
                         fn(req, res, run);
                     } catch (error: any) {
+                        logger.error("Validation middleware execution failed", {
+                            layer: "validator-manager",
+                            operation: "execute",
+                            adapter: adapterUsed,
+                            reason: error?.message
+                        });
                         next(new ValidationError(error.message));
                     }
                 };
@@ -58,16 +77,22 @@ export class ValidatorManager {
                 return run();
             }
-            // CASE 2 — Zod returns SINGLE MIDDLEWARE
+            // CASE 2 — Zod returns SINGLE middleware
             try {
                 middleware(req, res, (err?: any) => {
                     if (err) return next(err);
                     next();
                 });
             } catch (err: any) {
+                logger.error("Validation middleware execution failed", {
+                    layer: "validator-manager",
+                    operation: "execute",
+                    adapter: adapterUsed,
+                    reason: err?.message
+                });
                 next(new ValidationError(err.message));
             }
         };
     }
 }