xypriss 2.3.3 → 2.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +28 -1
- package/dist/cjs/mods/security/src/algorithms/hash-algorithms.js +1 -1
- package/dist/cjs/mods/security/src/components/attestation.js +1 -1
- package/dist/cjs/mods/security/src/components/cache/UFSIMC.js +1 -1
- package/dist/cjs/mods/security/src/components/cache/cacheSys.utils.js +1 -1
- package/dist/cjs/mods/security/src/components/cache/index.js +1 -1
- package/dist/cjs/mods/security/src/components/canary-tokens.js +1 -1
- package/dist/cjs/mods/security/src/components/fortified-function/index.js +1 -1
- package/dist/cjs/mods/security/src/components/fortified-function/security/security-handler.js +1 -1
- package/dist/cjs/mods/security/src/components/memory-hard.js +1 -1
- package/dist/cjs/mods/security/src/components/post-quantum.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-array/crypto/ArrayCryptoHandler.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-array/index.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-array/types/index.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-object/encryption/crypto-handler.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-object/index.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-serialization.js +1 -1
- package/dist/cjs/mods/security/src/components/secure-string/advanced/quantum-safe.js +1 -1
- package/dist/cjs/mods/security/src/components/tamper-evident-logging.js +1 -1
- package/dist/cjs/mods/security/src/core/crypto.js +1 -1
- package/dist/cjs/mods/security/src/core/hash/hash-core.js +1 -1
- package/dist/cjs/mods/security/src/core/hash/hash-security.js +1 -1
- package/dist/cjs/mods/security/src/core/keys/keys-core.js +1 -1
- package/dist/cjs/mods/security/src/core/password/index.js +1 -1
- package/dist/cjs/mods/security/src/core/password/password-algorithms.js +1 -1
- package/dist/cjs/mods/security/src/core/password/password-core.js +1 -1
- package/dist/cjs/mods/security/src/core/password/password-generator.js +1 -1
- package/dist/cjs/mods/security/src/core/password/password-utils.js +1 -1
- package/dist/cjs/mods/security/src/helpers/Uint8Array.js +2 -2
- package/dist/cjs/mods/security/src/helpers/Uint8Array.js.map +1 -1
- package/dist/cjs/mods/security/src/index.js +1 -1
- package/dist/cjs/mods/security/src/utils/dataConverter.js +2 -2
- package/dist/cjs/mods/security/src/utils/dataConverter.js.map +1 -1
- package/dist/cjs/src/cluster/modules/CrossPlatformMemory.js +11 -9
- package/dist/cjs/src/cluster/modules/CrossPlatformMemory.js.map +1 -1
- package/dist/cjs/src/encryption/EncryptionService.js +1 -1
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js +16 -0
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/cjs/src/plugins/modules/index.js +1 -1
- package/dist/cjs/src/server/FastServer.js +1 -1
- package/dist/cjs/src/server/handlers/templates/notFoundTemp.js +1 -1
- package/dist/cjs/src/server/utils/wildcardMatcher.js +92 -0
- package/dist/cjs/src/server/utils/wildcardMatcher.js.map +1 -0
- package/dist/esm/mods/security/src/algorithms/hash-algorithms.js +1 -1
- package/dist/esm/mods/security/src/components/attestation.js +1 -1
- package/dist/esm/mods/security/src/components/cache/UFSIMC.js +1 -1
- package/dist/esm/mods/security/src/components/cache/cacheSys.utils.js +1 -1
- package/dist/esm/mods/security/src/components/cache/index.js +1 -1
- package/dist/esm/mods/security/src/components/canary-tokens.js +1 -1
- package/dist/esm/mods/security/src/components/fortified-function/index.js +1 -1
- package/dist/esm/mods/security/src/components/fortified-function/security/security-handler.js +1 -1
- package/dist/esm/mods/security/src/components/memory-hard.js +1 -1
- package/dist/esm/mods/security/src/components/post-quantum.js +1 -1
- package/dist/esm/mods/security/src/components/secure-array/crypto/ArrayCryptoHandler.js +1 -1
- package/dist/esm/mods/security/src/components/secure-array/index.js +1 -1
- package/dist/esm/mods/security/src/components/secure-array/types/index.js +1 -1
- package/dist/esm/mods/security/src/components/secure-object/encryption/crypto-handler.js +1 -1
- package/dist/esm/mods/security/src/components/secure-object/index.js +1 -1
- package/dist/esm/mods/security/src/components/secure-serialization.js +1 -1
- package/dist/esm/mods/security/src/components/secure-string/advanced/quantum-safe.js +1 -1
- package/dist/esm/mods/security/src/components/tamper-evident-logging.js +1 -1
- package/dist/esm/mods/security/src/core/crypto.js +1 -1
- package/dist/esm/mods/security/src/core/hash/hash-core.js +1 -1
- package/dist/esm/mods/security/src/core/hash/hash-security.js +1 -1
- package/dist/esm/mods/security/src/core/keys/keys-core.js +1 -1
- package/dist/esm/mods/security/src/core/password/index.js +1 -1
- package/dist/esm/mods/security/src/core/password/password-algorithms.js +1 -1
- package/dist/esm/mods/security/src/core/password/password-core.js +1 -1
- package/dist/esm/mods/security/src/core/password/password-generator.js +1 -1
- package/dist/esm/mods/security/src/core/password/password-utils.js +1 -1
- package/dist/esm/mods/security/src/helpers/Uint8Array.js +2 -2
- package/dist/esm/mods/security/src/helpers/Uint8Array.js.map +1 -1
- package/dist/esm/mods/security/src/index.js +1 -1
- package/dist/esm/mods/security/src/utils/dataConverter.js +2 -2
- package/dist/esm/mods/security/src/utils/dataConverter.js.map +1 -1
- package/dist/esm/src/cluster/modules/CrossPlatformMemory.js +11 -9
- package/dist/esm/src/cluster/modules/CrossPlatformMemory.js.map +1 -1
- package/dist/esm/src/encryption/EncryptionService.js +1 -1
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js +16 -0
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/esm/src/plugins/modules/index.js +1 -1
- package/dist/esm/src/server/FastServer.js +1 -1
- package/dist/esm/src/server/handlers/templates/notFoundTemp.js +1 -1
- package/dist/esm/src/server/utils/wildcardMatcher.js +88 -0
- package/dist/esm/src/server/utils/wildcardMatcher.js.map +1 -0
- package/package.json +3 -3
|
@@ -10,6 +10,7 @@ import slowDown from 'express-slow-down';
|
|
|
10
10
|
import ExpressBrute from 'express-brute';
|
|
11
11
|
import multer from 'multer';
|
|
12
12
|
import { doubleCsrf } from 'csrf-csrf';
|
|
13
|
+
import { createWildcardOriginFunction } from '../../server/utils/wildcardMatcher.js';
|
|
13
14
|
|
|
14
15
|
/**
|
|
15
16
|
* XyPriss Built-in Middleware
|
|
@@ -56,6 +57,11 @@ class BuiltInMiddleware {
|
|
|
56
57
|
*
|
|
57
58
|
* By default, allows all headers to be developer-friendly.
|
|
58
59
|
* Developers can restrict headers via config if needed for production.
|
|
60
|
+
*
|
|
61
|
+
* Supports wildcard patterns in origin arrays:
|
|
62
|
+
* - "localhost:*" matches any port on localhost
|
|
63
|
+
* - "*.example.com" matches any subdomain of example.com
|
|
64
|
+
* - "127.0.0.1:*" matches any port on 127.0.0.1
|
|
59
65
|
*/
|
|
60
66
|
static cors(options = {}) {
|
|
61
67
|
const defaultOptions = {
|
|
@@ -67,6 +73,16 @@ class BuiltInMiddleware {
|
|
|
67
73
|
maxAge: 86400, // 24 hours
|
|
68
74
|
};
|
|
69
75
|
const config = { ...defaultOptions, ...options };
|
|
76
|
+
// Handle wildcard patterns in origin array
|
|
77
|
+
if (Array.isArray(config.origin)) {
|
|
78
|
+
// Filter to only string origins and check for wildcards
|
|
79
|
+
const stringOrigins = config.origin.filter((origin) => typeof origin === 'string');
|
|
80
|
+
const hasWildcards = stringOrigins.some((origin) => origin.includes('*'));
|
|
81
|
+
if (hasWildcards) {
|
|
82
|
+
// Use our custom wildcard origin function with only string origins
|
|
83
|
+
config.origin = createWildcardOriginFunction(stringOrigins);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
70
86
|
return cors(config);
|
|
71
87
|
}
|
|
72
88
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BuiltInMiddleware.js","sources":["../../../../../src/middleware/built-in/BuiltInMiddleware.ts"],"sourcesContent":[null],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"BuiltInMiddleware.js","sources":["../../../../../src/middleware/built-in/BuiltInMiddleware.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;;AAAA;;;AAGG;MAiCU,iBAAiB,CAAA;AAC1B;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAwC,EAAE,EAAA;AACpD,QAAA,MAAM,cAAc,GAAiC;AACjD,YAAA,qBAAqB,EAAE;AACnB,gBAAA,UAAU,EAAE;oBACR,UAAU,EAAE,CAAC,QAAQ,CAAC;oBACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;AACrB,oBAAA,QAAQ,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;AACvC,oBAAA,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;oBAC3B,OAAO,EAAE,CAAC,QAAQ,CAAC;AACtB,iBAAA;AACJ,aAAA;AACD,YAAA,yBAAyB,EAAE,IAAI;AAC/B,YAAA,uBAAuB,EAAE,IAAI;AAC7B,YAAA,yBAAyB,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;AACpD,YAAA,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;AACpC,YAAA,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;AAC9B,YAAA,aAAa,EAAE,IAAI;AACnB,YAAA,IAAI,EAAE;AACF,gBAAA,MAAM,EAAE,QAAQ;AAChB,gBAAA,iBAAiB,EAAE,IAAI;AACvB,gBAAA,OAAO,EAAE,KAAK;AACjB,aAAA;AACD,YAAA,QAAQ,EAAE,IAAI;AACd,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,kBAAkB,EAAE,IAAI;AACxB,YAAA,4BAA4B,EAAE,KAAK;AACnC,YAAA,cAAc,EAAE,EAAE,MAAM,EAAE,iCAAiC,EAAE;AAC7D,YAAA,SAAS,EAAE,IAAI;SAClB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,MAAM,CAAC,MAAa,CAAC,CAAC;KAChC;AAED;;;;;;;;;;AAUG;AACH,IAAA,OAAO,IAAI,CAAC,OAAA,GAAsC,EAAE,EAAA;AAChD,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC;;;AAG1D,YAAA,WAAW,EAAE,KAAK;YAClB,MAAM,EAAE,KAAK;SAChB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;;QAGjD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;;AAE9B,YAAA,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,KAC9C,OAAO,MAAM,KAAK,QAAQ,CAC7B,CAAC;AAEF,YAAA,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,MAAc,KACnD,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CACvB,CAAC;YAEF,IAAI,YAAY,EAAE;;AAEd,gBAAA,MAAM,CAAC,MAAM,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;aAC/D;SACJ;AAED,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;KACvB;AAED;;AAEG;AACH,IAAA,OAAO,SAAS,CAAC,OAAA,GAA2C,EAAE,EAAA;AAC1D,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;YACxB,GAAG,EAAE,GAAG;AACR,YAAA,OAAO,EAAE;AACL,gBAAA,KAAK,EAAE,yDAAyD;AAChE,gBAAA,UAAU,EAAE,yBAAyB;AACxC,aAAA;AACD,YAAA,eAAe,EAAE,IAAI;AACrB,YAAA,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,OAAY,KAAI;AACrD,gBAAA,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;AACjC,gBAAA,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;AAC7B,oBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACjB,wBAAA,KAAK,EAAE,qBAAqB;AAC5B,wBAAA,OAAO,EAAE,OAAO;AAChB,wBAAA,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,IAAI,GAAG;AACpE,qBAAA,CAAC,CAAC;iBACN;qBAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE;AACxD,oBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACjB,wBAAA,GAAG,OAAO;AACV,wBAAA,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,IAAI,GAAG;AACpE,qBAAA,CAAC,CAAC;iBACN;qBAAM;AACH,oBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACjB,wBAAA,KAAK,EAAE,mBAAmB;AAC1B,wBAAA,OAAO,EAAE,8CAA8C;AACvD,wBAAA,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,IAAI,GAAG;AACpE,qBAAA,CAAC,CAAC;iBACN;aACJ;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;KAC5B;AAED;;AAEG;AACH,IAAA,OAAO,WAAW,CAAC,OAAA,GAA6C,EAAE,EAAA;AAC9D,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI;AACf,YAAA,MAAM,EAAE,CAAC,GAAQ,EAAE,GAAQ,KAAI;;AAE3B,gBAAA,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;AACjC,oBAAA,OAAO,KAAK,CAAC;iBAChB;;gBAGD,OAAO,WAAW,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;aACvC;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;KAC9B;AAED;;AAEG;IACH,OAAO,IAAI,CACP,OAA4C,GAAA;AACxC,QAAA,SAAS,EAAE,MACP,kEAAkE;QACtE,oBAAoB,EAAE,CAAC,GAAQ,KAAK,GAAG,CAAC,OAAO,CAAC,EAAE;AACrD,KAAA,EAAA;AAED,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,UAAU,EAAE,2BAA2B;AACvC,YAAA,aAAa,EAAE;AACX,gBAAA,QAAQ,EAAE,IAAI;AACd,gBAAA,QAAQ,EAAE,QAAQ;AAClB,gBAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;gBAC7C,MAAM,EAAE,OAAO;AAClB,aAAA;AACD,YAAA,IAAI,EAAE,EAAE;AACR,YAAA,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;AAC1C,YAAA,mBAAmB,EAAE,CAAC,GAAQ,KAAI;AAC9B,gBAAA,QACI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;oBAC3B,GAAG,CAAC,IAAI,EAAE,KAAK;AACf,oBAAA,GAAG,CAAC,KAAK,EAAE,KAAK,EAClB;aACL;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;QAEjD,MAAM,EAAE,oBAAoB,EAAE,GAAG,UAAU,CAAC,MAAa,CAAC,CAAC;;AAG3D,QAAA,OAAO,oBAAoB,CAAC;KAC/B;AAED;;AAEG;AACH,IAAA,OAAO,GAAG,CAAC,OAAA,GAAqC,EAAE,EAAA;AAC9C,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;SACpC,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;KACtB;AAED;;AAEG;AACH,IAAA,OAAO,aAAa,CAAC,OAAA,GAA+C,EAAE,EAAA;AAClE,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,WAAW,EAAE,GAAG;AAChB,YAAA,UAAU,EAAE,CAAC,GAAW,EAAE,KAAU,KAAI;gBACpC,OAAO,CAAC,IAAI,CACR,CAAA,+BAAA,EAAkC,GAAG,CAAY,SAAA,EAAA,KAAK,CAAE,CAAA,CAC3D,CAAC;aACL;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,aAAa,CAAC,MAAa,CAAC,CAAC;KACvC;AAED;;AAEG;AACH,IAAA,OAAO,GAAG,CAAC,OAAA,GAAe,EAAE,EAAA;AACxB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE;AACP,gBAAA,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;AACpB,gBAAA,CAAC,EAAE,EAAE;AACL,gBAAA,CAAC,EAAE,EAAE;AACL,gBAAA,MAAM,EAAE,EAAE;AACV,gBAAA,EAAE,EAAE,EAAE;AACT,aAAA;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AAEjD,QAAA,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,KAAI;;AAEtC,YAAA,IAAI,GAAG,CAAC,IAAI,EAAE;AACV,gBAAA,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;aACpD;;AAGD,YAAA,IAAI,GAAG,CAAC,KAAK,EAAE;AACX,gBAAA,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;aACtD;AAED,YAAA,IAAI,EAAE,CAAC;AACX,SAAC,CAAC;KACL;AAED;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAwC,EAAE,EAAA;AACpD,QAAA,MAAM,aAAa,GAAI,OAAe,CAAC,MAAM,IAAI,UAAU,CAAC;AAC5D,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,IAAI,EAAE,CAAC,IAAS,EAAE,GAAQ,KAAK,GAAG,CAAC,UAAU,GAAG,GAAG;YACnD,MAAM,EAAE,OAAO,CAAC,MAAM;SACzB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;KACxC;AAED;;AAEG;AACH,IAAA,OAAO,QAAQ,CAAC,OAAA,GAA0C,EAAE,EAAA;AACxD,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;YACxB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,GAAG;YACZ,UAAU,EAAE,KAAK;AACjB,YAAA,kBAAkB,EAAE,KAAK;AACzB,YAAA,sBAAsB,EAAE,KAAK;SAChC,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;KAC3B;AAED;;AAEG;IACH,OAAO,KAAK,CACR,OAAqE,GAAA;AACjE,QAAA,MAAM,EAAE,uBAAuB;AAClC,KAAA,EAAA;AAED,QAAA,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;AAC7C,QAAA,MAAM,cAAc,GAAkD;AAClE,YAAA,WAAW,EAAE,CAAC;AACd,YAAA,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;AACtB,YAAA,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;AACvB,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;YACtB,YAAY,EAAE,CACV,IAAS,EACT,GAAQ,EACR,KAAU,EACV,oBAA0B,KAC1B;AACA,gBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACjB,oBAAA,KAAK,EAAE,0BAA0B;AACjC,oBAAA,OAAO,EACH,4DAA4D;AAChE,oBAAA,oBAAoB,EAAE,oBAAoB;AAC7C,iBAAA,CAAC,CAAC;aACN;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;QACjD,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAEnD,OAAO,UAAU,CAAC,OAAO,CAAC;KAC7B;AAED;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAwC,EAAE,EAAA;AACpD,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,MAAM,EAAE;AACJ,gBAAA,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI;gBACzB,KAAK,EAAE,CAAC;AACX,aAAA;YACD,UAAU,EAAE,CAAC,IAAS,EAAE,IAAS,EAAE,EAAO,KAAI;;gBAE1C,MAAM,YAAY,GAAG,+BAA+B,CAAC;AACrD,gBAAA,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAC7B,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAClC,CAAC;gBACF,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAElD,gBAAA,IAAI,QAAQ,IAAI,OAAO,EAAE;AACrB,oBAAA,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;iBACzB;qBAAM;AACH,oBAAA,EAAE,CACE,IAAI,KAAK,CACL,2DAA2D,CAC9D,CACJ,CAAC;iBACL;aACJ;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;KACzB;AAED;;AAEG;AACH,IAAA,OAAO,QAAQ,CAAC,OAAA,GAAmC,EAAE,EAAA;QACjD,OAAO;YACH,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC;YAClD,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;SAChC,CAAC;KACL;;AAGO,IAAA,OAAO,cAAc,CAAC,GAAQ,EAAE,MAAW,EAAA;AAC/C,QAAA,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;AACzB,YAAA,OAAO,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;SAC3B;AAAM,aAAA,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;SAC/D;AAAM,aAAA,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YACvC,MAAM,SAAS,GAAQ,EAAE,CAAC;AAC1B,YAAA,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE;AACnB,gBAAA,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;AACzB,oBAAA,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;iBAC1D;aACJ;AACD,YAAA,OAAO,SAAS,CAAC;SACpB;AACD,QAAA,OAAO,GAAG,CAAC;KACd;AACJ;;;;"}
|
|
@@ -25,7 +25,7 @@ import '../../../mods/security/src/core/hash/hash-advanced.js';
|
|
|
25
25
|
import '../../../mods/security/src/algorithms/hash-algorithms.js';
|
|
26
26
|
import '../../../mods/security/src/core/random/random-types.js';
|
|
27
27
|
import '../../../mods/security/src/core/random/random-sources.js';
|
|
28
|
-
import '
|
|
28
|
+
import 'strulink';
|
|
29
29
|
import '../../../mods/security/src/types.js';
|
|
30
30
|
import '../../../mods/security/src/components/secure-array/utils/id-generator.js';
|
|
31
31
|
import '../../../mods/security/src/index.js';
|
|
@@ -20,7 +20,7 @@ import '../../mods/security/src/core/hash/hash-advanced.js';
|
|
|
20
20
|
import '../../mods/security/src/algorithms/hash-algorithms.js';
|
|
21
21
|
import '../../mods/security/src/core/random/random-types.js';
|
|
22
22
|
import '../../mods/security/src/core/random/random-sources.js';
|
|
23
|
-
import '
|
|
23
|
+
import 'strulink';
|
|
24
24
|
import '../../mods/security/src/types.js';
|
|
25
25
|
import '../../mods/security/src/components/secure-array/utils/id-generator.js';
|
|
26
26
|
import '../../mods/security/src/index.js';
|
|
@@ -136,7 +136,7 @@ const notFoundTempHtml = (data) => {
|
|
|
136
136
|
${data.customContentSection}
|
|
137
137
|
${data.contactSection}
|
|
138
138
|
<div class="branding">
|
|
139
|
-
Powered by <a href="https://nehonix.
|
|
139
|
+
Powered by <a href="https://nehonix.com" target="_blank">Nehonix</a> •
|
|
140
140
|
Built with <a href="https://github.com/Nehonix-Team/XyPriss" target="_blank">XyPriss</a>
|
|
141
141
|
</div>
|
|
142
142
|
</div>
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Wildcard pattern matching utility for CORS origins
|
|
3
|
+
*
|
|
4
|
+
* Supports patterns like:
|
|
5
|
+
* - "localhost:*" matches "localhost:3000", "localhost:8080", etc.
|
|
6
|
+
* - "*.example.com" matches "api.example.com", "app.example.com", etc.
|
|
7
|
+
* - "127.0.0.1:*" matches "127.0.0.1:3000", "127.0.0.1:8080", etc.
|
|
8
|
+
* - "::1:*" matches "::1:3000", "::1:8080", etc.
|
|
9
|
+
*/
|
|
10
|
+
/**
|
|
11
|
+
* Converts a wildcard pattern to a regular expression
|
|
12
|
+
* @param pattern - The wildcard pattern (e.g., "localhost:*", "*.example.com")
|
|
13
|
+
* @returns RegExp object for matching
|
|
14
|
+
*/
|
|
15
|
+
function patternToRegex(pattern) {
|
|
16
|
+
// Escape special regex characters except for *
|
|
17
|
+
const escaped = pattern
|
|
18
|
+
.replace(/[.+?^${}()|[\]\\]/g, '\\$&') // Escape special chars
|
|
19
|
+
.replace(/\*/g, '.*'); // Replace * with .*
|
|
20
|
+
// Ensure exact match with ^ and $
|
|
21
|
+
return new RegExp(`^${escaped}$`, 'i'); // Case insensitive
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Checks if an origin matches a wildcard pattern
|
|
25
|
+
* @param origin - The origin to check (e.g., "http://localhost:3000")
|
|
26
|
+
* @param pattern - The wildcard pattern (e.g., "localhost:*")
|
|
27
|
+
* @returns true if the origin matches the pattern
|
|
28
|
+
*/
|
|
29
|
+
function matchesWildcardPattern(origin, pattern) {
|
|
30
|
+
// Handle exact matches first (no wildcards)
|
|
31
|
+
if (!pattern.includes('*')) {
|
|
32
|
+
return origin === pattern || origin.includes(pattern);
|
|
33
|
+
}
|
|
34
|
+
// Extract the host:port part from the origin URL
|
|
35
|
+
let originHost;
|
|
36
|
+
try {
|
|
37
|
+
const url = new URL(origin);
|
|
38
|
+
originHost = url.host; // This includes both hostname and port
|
|
39
|
+
// Special handling for default ports
|
|
40
|
+
if (url.protocol === 'https:' && url.port === '' && url.hostname === 'localhost') {
|
|
41
|
+
originHost = 'localhost:443';
|
|
42
|
+
}
|
|
43
|
+
else if (url.protocol === 'http:' && url.port === '' && url.hostname === 'localhost') {
|
|
44
|
+
originHost = 'localhost:80';
|
|
45
|
+
}
|
|
46
|
+
// Handle IPv6 addresses - remove brackets for pattern matching
|
|
47
|
+
if (url.hostname.startsWith('[') && url.hostname.endsWith(']')) {
|
|
48
|
+
const ipv6Host = url.hostname.slice(1, -1); // Remove brackets
|
|
49
|
+
originHost = url.port ? `${ipv6Host}:${url.port}` : ipv6Host;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
catch {
|
|
53
|
+
// If it's not a valid URL, treat it as a host:port string
|
|
54
|
+
originHost = origin;
|
|
55
|
+
}
|
|
56
|
+
const regex = patternToRegex(pattern);
|
|
57
|
+
return regex.test(originHost);
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Checks if an origin is allowed based on an array of patterns
|
|
61
|
+
* @param origin - The origin to check
|
|
62
|
+
* @param allowedOrigins - Array of allowed origins (can include wildcards)
|
|
63
|
+
* @returns true if the origin is allowed
|
|
64
|
+
*/
|
|
65
|
+
function isOriginAllowed(origin, allowedOrigins) {
|
|
66
|
+
if (!origin || !allowedOrigins || allowedOrigins.length === 0) {
|
|
67
|
+
return false;
|
|
68
|
+
}
|
|
69
|
+
return allowedOrigins.some(pattern => matchesWildcardPattern(origin, pattern));
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Creates a CORS origin function that supports wildcard patterns
|
|
73
|
+
* @param allowedOrigins - Array of allowed origins (can include wildcards)
|
|
74
|
+
* @returns Function compatible with cors middleware
|
|
75
|
+
*/
|
|
76
|
+
function createWildcardOriginFunction(allowedOrigins) {
|
|
77
|
+
return (origin, callback) => {
|
|
78
|
+
// Allow requests with no origin (like mobile apps or curl requests)
|
|
79
|
+
if (!origin) {
|
|
80
|
+
return callback(null, true);
|
|
81
|
+
}
|
|
82
|
+
const allowed = isOriginAllowed(origin, allowedOrigins);
|
|
83
|
+
callback(null, allowed);
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
export { createWildcardOriginFunction, isOriginAllowed, matchesWildcardPattern };
|
|
88
|
+
//# sourceMappingURL=wildcardMatcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"wildcardMatcher.js","sources":["../../../../../src/server/utils/wildcardMatcher.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA;;;;;;;;AAQG;AAEH;;;;AAIG;AACH,SAAS,cAAc,CAAC,OAAe,EAAA;;IAEnC,MAAM,OAAO,GAAG,OAAO;AAClB,SAAA,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC;AACrC,SAAA,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;;IAG1B,OAAO,IAAI,MAAM,CAAC,CAAI,CAAA,EAAA,OAAO,CAAG,CAAA,CAAA,EAAE,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;AAKG;AACa,SAAA,sBAAsB,CAAC,MAAc,EAAE,OAAe,EAAA;;IAElE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACxB,OAAO,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;KACzD;;AAGD,IAAA,IAAI,UAAkB,CAAC;AACvB,IAAA,IAAI;AACA,QAAA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;AAC5B,QAAA,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;;AAGtB,QAAA,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE;YAC9E,UAAU,GAAG,eAAe,CAAC;SAChC;AAAM,aAAA,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE;YACpF,UAAU,GAAG,cAAc,CAAC;SAC/B;;AAGD,QAAA,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;AAC5D,YAAA,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC3C,YAAA,UAAU,GAAG,GAAG,CAAC,IAAI,GAAG,CAAG,EAAA,QAAQ,CAAI,CAAA,EAAA,GAAG,CAAC,IAAI,CAAA,CAAE,GAAG,QAAQ,CAAC;SAChE;KACJ;AAAC,IAAA,MAAM;;QAEJ,UAAU,GAAG,MAAM,CAAC;KACvB;AAED,IAAA,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,IAAA,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClC,CAAC;AAED;;;;;AAKG;AACa,SAAA,eAAe,CAAC,MAAc,EAAE,cAAwB,EAAA;AACpE,IAAA,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;AAC3D,QAAA,OAAO,KAAK,CAAC;KAChB;AAED,IAAA,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,IAAI,sBAAsB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AACnF,CAAC;AAED;;;;AAIG;AACG,SAAU,4BAA4B,CAAC,cAAwB,EAAA;AACjE,IAAA,OAAO,CAAC,MAA0B,EAAE,QAAsD,KAAI;;QAE1F,IAAI,CAAC,MAAM,EAAE;AACT,YAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;SAC/B;QAED,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACxD,QAAA,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,KAAC,CAAC;AACN;;;;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "xypriss",
|
|
3
|
-
"version": "2.3.
|
|
3
|
+
"version": "2.3.4",
|
|
4
4
|
"description": "XyPriss is a lightweight, TypeScript-first, open-source Node.js web framework crafted for developers seeking a familiar Express-like API without Express dependencies. It features built-in security middleware, a robust routing system, and performance optimizations to build scalable, secure web applications effortlessly. Join our community and contribute on GitHub!",
|
|
5
5
|
"main": "dist/cjs/index.js",
|
|
6
6
|
"module": "dist/esm/index.js",
|
|
@@ -174,7 +174,6 @@
|
|
|
174
174
|
"axios": "^1.13.1",
|
|
175
175
|
"eslint": "^8.37.0",
|
|
176
176
|
"jest": "^29.5.0",
|
|
177
|
-
"nehonix-uri-processor": "^2.3.19",
|
|
178
177
|
"rimraf": "^4.4.0",
|
|
179
178
|
"rollup": "^3.29.4",
|
|
180
179
|
"rollup-plugin-dts": "^6.2.1",
|
|
@@ -267,6 +266,7 @@
|
|
|
267
266
|
"tweetnacl": "^1.0.3",
|
|
268
267
|
"ws": "^8.18.2",
|
|
269
268
|
"xss": "^1.0.15",
|
|
270
|
-
"xypriss
|
|
269
|
+
"xypriss": "^2.3.3",
|
|
270
|
+
"xypriss-security": "^1.1.10"
|
|
271
271
|
}
|
|
272
272
|
}
|