npm - quantum-flow - Versions diffs - 1.4.0 → 1.7.0 - Mend

quantum-flow 1.4.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.md +20 -11
package/dist/app/aws/lambda.d.ts +0 -3
package/dist/app/aws/lambda.js +16 -119
package/dist/app/aws/utils/helpers.d.ts +4 -0
package/dist/app/aws/utils/helpers.js +83 -0
package/dist/app/aws/utils/index.d.ts +3 -0
package/dist/app/aws/utils/index.js +19 -0
package/dist/app/aws/utils/request.d.ts +23 -0
package/dist/app/aws/utils/request.js +96 -0
package/dist/app/aws/utils/response.d.ts +13 -6
package/dist/app/aws/utils/response.js +32 -8
package/dist/app/http/Application.d.ts +1 -1
package/dist/app/http/Application.js +29 -24
package/dist/constants.d.ts +1 -0
package/dist/constants.js +2 -1
package/dist/core/Controller.d.ts +6 -17
package/dist/core/Controller.js +80 -80
package/dist/core/Endpoint.js +1 -2
package/dist/core/index.d.ts +1 -1
package/dist/core/utils/index.d.ts +0 -3
package/dist/core/utils/index.js +0 -3
package/dist/examples/app.d.ts +0 -1
package/dist/examples/app.js +69 -10
package/dist/examples/controllers/user.js +43 -8
package/dist/examples/controllers/userMetadata.js +54 -12
package/dist/middlewares/catch.d.ts +2 -0
package/dist/middlewares/catch.js +10 -0
package/dist/middlewares/cors.d.ts +2 -0
package/dist/{core/utils → middlewares}/cors.js +4 -4
package/dist/middlewares/index.d.ts +5 -0
package/dist/middlewares/index.js +21 -0
package/dist/middlewares/sanitize.d.ts +2 -0
package/dist/middlewares/sanitize.js +15 -0
package/dist/{core/utils/helpers.js → middlewares/status.js} +1 -1
package/dist/middlewares/use.d.ts +2 -0
package/dist/middlewares/use.js +11 -0
package/dist/types/common.d.ts +15 -19
package/dist/types/controller.d.ts +4 -5
package/dist/types/http.d.ts +2 -0
package/dist/types/index.d.ts +2 -0
package/dist/types/index.js +2 -0
package/dist/types/lambda.d.ts +7 -22
package/dist/types/multipart.d.ts +8 -0
package/dist/types/multipart.js +2 -0
package/dist/types/sanitize.d.ts +8 -0
package/dist/types/sanitize.js +2 -0
package/dist/utils/controller.d.ts +20 -4
package/dist/utils/controller.js +64 -22
package/dist/utils/cors.d.ts +2 -2
package/dist/utils/cors.js +2 -1
package/dist/utils/headers.d.ts +2 -0
package/dist/utils/headers.js +9 -0
package/dist/utils/index.d.ts +2 -0
package/dist/utils/index.js +2 -0
package/dist/utils/multipart.d.ts +1 -8
package/dist/utils/multipart.js +0 -1
package/dist/utils/sanitize.d.ts +30 -0
package/dist/utils/sanitize.js +134 -0
package/dist/utils/server.js +4 -0
package/package.json +9 -2
package/dist/app/aws/helpers.d.ts +0 -25
package/dist/app/aws/helpers.js +0 -46
package/dist/core/utils/cors.d.ts +0 -2
package/dist/core/utils/middlewares.d.ts +0 -3
package/dist/core/utils/middlewares.js +0 -22
/package/dist/{core/utils/helpers.d.ts → middlewares/status.d.ts} +0 -0

package/dist/utils/multipart.d.ts CHANGED Viewed

@@ -1,11 +1,4 @@
-export interface MultipartFile {
-    fieldname: string;
-    filename: string;
-    contentType: string;
-    data: Buffer;
-    size: number;
-    encoding?: string;
-}
+import { MultipartFile } from '../types/index.js';
 export declare class MultipartProcessor {
     static parse(request: any): {
         fields: Record<string, any>;

package/dist/utils/multipart.js CHANGED Viewed

@@ -34,7 +34,6 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MultipartProcessor = void 0;
-// utils/MultipartProcessor.ts
 const multipart = __importStar(require("parse-multipart-data"));
 class MultipartProcessor {
     static parse(request) {

package/dist/utils/sanitize.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { AppRequest, SanitizerConfig } from '../types/index.js';
+import * as Joi from 'joi';
+export declare const SanitizeSchemas: {
+    string: {
+        trim: () => Joi.StringSchema<string>;
+        email: () => Joi.StringSchema<string>;
+        name: () => Joi.StringSchema<string>;
+        slug: () => Joi.StringSchema<string>;
+        phone: () => Joi.StringSchema<string>;
+    };
+    number: {
+        integer: () => Joi.NumberSchema<number>;
+        positive: () => Joi.NumberSchema<number>;
+        range: (min: number, max: number) => Joi.NumberSchema<number>;
+    };
+    object: {
+        stripUnknown: (schema: Joi.Schema) => Joi.ObjectSchema<any>;
+        withDefaults: (schema: Joi.Schema) => Joi.ObjectSchema<any>;
+    };
+    date: {
+        iso: () => Joi.DateSchema<Date>;
+        timestamp: () => Joi.DateSchema<Date>;
+    };
+    xss: () => Joi.StringSchema<string>;
+};
+export declare function applyJoiSanitization(value: any, config: SanitizerConfig): {
+    value: any;
+    error?: Joi.ValidationError;
+};
+export declare const sanitizeRequest: (request: AppRequest, config: SanitizerConfig[]) => void;

package/dist/utils/sanitize.js ADDED Viewed

@@ -0,0 +1,134 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeRequest = exports.SanitizeSchemas = void 0;
+exports.applyJoiSanitization = applyJoiSanitization;
+const Joi = __importStar(require("joi"));
+exports.SanitizeSchemas = {
+    string: {
+        trim: () => Joi.string().trim(),
+        email: () => Joi.string().email().trim().lowercase(),
+        name: () => Joi.string()
+            .trim()
+            .min(2)
+            .max(50)
+            .pattern(/^[a-zA-Z\s-]+$/),
+        slug: () => Joi.string()
+            .trim()
+            .lowercase()
+            .pattern(/^[a-z0-9-]+$/),
+        phone: () => Joi.string()
+            .trim()
+            .pattern(/^[\d\s\+\-\(\)]+$/),
+    },
+    number: {
+        integer: () => Joi.number().integer(),
+        positive: () => Joi.number().positive(),
+        range: (min, max) => Joi.number().min(min).max(max),
+    },
+    object: {
+        stripUnknown: (schema) => Joi.object(schema).unknown(false),
+        withDefaults: (schema) => Joi.object(schema).options({ stripUnknown: true }),
+    },
+    date: {
+        iso: () => Joi.date().iso(),
+        timestamp: () => Joi.date().timestamp(),
+    },
+    xss: () => Joi.string().custom((value, helpers) => {
+        if (typeof value !== 'string')
+            return value;
+        const sanitized = value
+            .replace(/javascript:/gi, '')
+            .replace(/on\w+=/gi, '')
+            .replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '')
+            .replace(/data:/gi, '');
+        return sanitized;
+    }, 'XSS sanitization'),
+};
+function applyJoiSanitization(value, config) {
+    if (!['headers', 'body', 'params', 'query'].includes(config.type)) {
+        return { value };
+    }
+    if (value === null || value === undefined) {
+        return { value };
+    }
+    const action = config.action || 'both';
+    const options = {
+        convert: true,
+        stripUnknown: config.stripUnknown ?? true,
+        abortEarly: false,
+        ...config.options,
+    };
+    try {
+        let result;
+        switch (action) {
+            case 'validate':
+                result = config.schema.validate(value, { ...options, convert: false, noDefaults: true });
+                break;
+            case 'sanitize':
+                result = config.schema.validate(value, {
+                    ...options,
+                    convert: true,
+                    presence: 'optional',
+                    noDefaults: false,
+                });
+                break;
+            case 'both':
+            default:
+                result = config.schema.validate(value, options);
+                break;
+        }
+        return {
+            value: result.value,
+            error: result.error,
+        };
+    }
+    catch (error) {
+        return {
+            value,
+            error: error,
+        };
+    }
+}
+const sanitizeRequest = (request, config) => {
+    config.forEach((conf) => {
+        const { value, error } = applyJoiSanitization(request[conf.type], conf);
+        if (error) {
+            throw { error, status: 400 };
+        }
+        request[conf.type] = value;
+    });
+};
+exports.sanitizeRequest = sanitizeRequest;

package/dist/utils/server.js CHANGED Viewed

@@ -9,14 +9,18 @@ const resolveConfig = (configOrClass) => {
         const controllers = Reflect.getMetadata(_constants_1.SERVER_MODULES_KEY, configOrClass) || [];
         const errorHandler = Reflect.getMetadata(_constants_1.CATCH, configOrClass);
         const interceptors = Reflect.getMetadata(_constants_1.INTECEPT, configOrClass);
+        const middlewares = Reflect.getMetadata(_constants_1.USE_MIDDLEWARE, configOrClass);
+        const sanitizers = Reflect.getMetadata(_constants_1.SANITIZE, configOrClass.prototype) || [];
         config = {
             port: 3000,
             host: 'localhost',
             ...decoratorConfig,
             errorHandler: decoratorConfig.errorHandler ?? errorHandler,
             interceptors,
+            middlewares: decoratorConfig.middlewares.concat(middlewares),
             cors: decoratorConfig.cors,
             controllers: [...controllers, ...(decoratorConfig.controllers || [])],
+            sanitizers,
         };
     }
     else if (configOrClass && typeof configOrClass === 'object') {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "quantum-flow",
-  "version": "1.4.0",
+  "version": "1.7.0",
   "description": "Decorator-based API framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -30,6 +30,11 @@
       "import": "./dist/app/aws/index.js",
       "require": "./dist/app/aws/index.js",
       "types": "./dist/app/aws/index.d.ts"
+    },
+    "./middlewares": {
+      "import": "./dist/middlewares/index.js",
+      "require": "./dist/middlewares/index.js",
+      "types": "./dist/middlewares/index.d.ts"
     }
   },
   "repository": {
@@ -54,12 +59,14 @@
     "aws-lambda": "^1.0.7",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.15.1",
+    "joi": "^18.0.2",
     "parse-multipart-data": "^1.5.0",
     "reflect-metadata": "^0.2.2",
     "tsconfig-paths": "^4.2.0",
     "typescript": ">=4.0.0",
     "uuid": "^13.0.0",
-    "ws": "^8.19.0"
+    "ws": "^8.19.0",
+    "xss": "^1.0.15"
   },
   "peerDependencies": {
     "ts-node": ">=10.9.2",

package/dist/app/aws/helpers.d.ts DELETED Viewed

@@ -1,25 +0,0 @@
-import { AppRequest, HTTP_METHODS } from '../../types/index.js';
-import { IncomingHttpHeaders } from 'http';
-export declare class LResponse {
-    headers: IncomingHttpHeaders;
-    constructor();
-    setHeader(header: string, value: string): void;
-}
-export declare class LRequest {
-    headers: IncomingHttpHeaders;
-    url: URL;
-    method: HTTP_METHODS;
-    path?: string;
-    query?: any;
-    params?: any;
-    body: any;
-    cookies: Record<string, string>;
-    _startTime: number;
-    event?: any;
-    context?: any;
-    requestId?: string;
-    stage?: string;
-    sourceIp?: string;
-    userAgent?: string;
-    constructor(request: AppRequest);
-}

package/dist/app/aws/helpers.js DELETED Viewed

@@ -1,46 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.LRequest = exports.LResponse = void 0;
-class LResponse {
-    headers = {};
-    constructor() { }
-    setHeader(header, value) {
-        this.headers[header] = value;
-    }
-}
-exports.LResponse = LResponse;
-class LRequest {
-    headers;
-    url;
-    method;
-    path;
-    query;
-    params;
-    body;
-    cookies;
-    _startTime;
-    event;
-    context;
-    requestId;
-    stage;
-    sourceIp;
-    userAgent;
-    constructor(request) {
-        this.headers = { ...request.headers };
-        this.url = request.url;
-        this.method = request.method;
-        this.path = request.path;
-        this.query = request.query;
-        this.params = request.params;
-        this.body = request.body;
-        this.cookies = request.cookies;
-        this._startTime = request._startTime;
-        this.event = request.event;
-        this.context = request.context;
-        this.requestId = request.requestId;
-        this.stage = request.stage;
-        this.sourceIp = request.sourceIp;
-        this.userAgent = request.userAgent;
-    }
-}
-exports.LRequest = LRequest;

package/dist/core/utils/cors.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import { CORSConfig } from '../../types/index.js';
2	- export declare function CORS(config?: CORSConfig): (target: any, propertyKey?: string, descriptor?: PropertyDescriptor) => void;

package/dist/core/utils/middlewares.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import { ErrorCB, MiddlewareCB } from '../../types/index.js';
-export declare function Use(middleware: MiddlewareCB): (target: any) => any;
-export declare function Catch(handler: ErrorCB): (target: any) => any;

package/dist/core/utils/middlewares.js DELETED Viewed

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Use = Use;
-exports.Catch = Catch;
-const _constants_1 = require("../../constants.js");
-function Use(middleware) {
-    return function (target) {
-        const config = Reflect.getMetadata(_constants_1.SERVER_CONFIG_KEY, target) || {};
-        const mergedConfig = {
-            ...config,
-            middlewares: [...(config?.middlewares ?? []), middleware].filter((el) => !!el),
-        };
-        Reflect.defineMetadata(_constants_1.SERVER_CONFIG_KEY, mergedConfig, target);
-        return target;
-    };
-}
-function Catch(handler) {
-    return function (target) {
-        Reflect.defineMetadata(_constants_1.CATCH, handler, target);
-        return target;
-    };
-}

/package/dist/{core/utils/helpers.d.ts → middlewares/status.d.ts} RENAMED Viewed

File without changes