xypriss 2.3.7 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -19
- package/dist/cjs/mods/security/src/index.js +1 -1
- package/dist/cjs/src/cluster/modules/CrossPlatformMemory.js +2 -2
- package/dist/cjs/src/cluster/modules/CrossPlatformMemory.js.map +1 -1
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js +51 -2
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/cjs/src/middleware/built-in/security/BrowserOnlyProtector.js +550 -0
- package/dist/cjs/src/middleware/built-in/security/BrowserOnlyProtector.js.map +1 -0
- package/dist/cjs/src/middleware/built-in/security/TerminalOnlyProtector.js +477 -0
- package/dist/cjs/src/middleware/built-in/security/TerminalOnlyProtector.js.map +1 -0
- package/dist/cjs/src/middleware/security-middleware.js +221 -80
- package/dist/cjs/src/middleware/security-middleware.js.map +1 -1
- package/dist/cjs/src/server/components/fastapi/templates/redirectTemp.js +1 -1
- package/dist/cjs/src/server/const/default.js +1 -1
- package/dist/cjs/src/server/const/default.js.map +1 -1
- package/dist/esm/mods/security/src/index.js +1 -1
- package/dist/esm/src/cluster/modules/CrossPlatformMemory.js +2 -2
- package/dist/esm/src/cluster/modules/CrossPlatformMemory.js.map +1 -1
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js +51 -2
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/esm/src/middleware/built-in/security/BrowserOnlyProtector.js +548 -0
- package/dist/esm/src/middleware/built-in/security/BrowserOnlyProtector.js.map +1 -0
- package/dist/esm/src/middleware/built-in/security/TerminalOnlyProtector.js +475 -0
- package/dist/esm/src/middleware/built-in/security/TerminalOnlyProtector.js.map +1 -0
- package/dist/esm/src/middleware/security-middleware.js +221 -80
- package/dist/esm/src/middleware/security-middleware.js.map +1 -1
- package/dist/esm/src/server/components/fastapi/templates/redirectTemp.js +1 -1
- package/dist/esm/src/server/const/default.js +1 -1
- package/dist/esm/src/server/const/default.js.map +1 -1
- package/dist/index.d.ts +187 -6
- package/package.json +6 -5
- package/scripts/install-memory-cli.js +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default.js","sources":["../../../../../src/server/const/default.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAAA;;;;AAIG;AAOU,MAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,YAAY;AACrD,MAAM,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAY;AAEjE;AACa,MAAA,eAAe,GAAkB;AAC1C,IAAA,WAAW,EAAE;AACT,QAAA,WAAW,EAAE,IAAI;AACjB,QAAA,SAAS,EAAE,GAAG;AACd,QAAA,iBAAiB,EAAE,IAAI;AACvB,QAAA,UAAU,EAAE,IAAI;AAChB,QAAA,QAAQ,EAAE,IAAI;;AAEd,QAAA,mBAAmB,EAAE,IAAI;AACzB,QAAA,qBAAqB,EAAE,IAAI;AAC3B,QAAA,oBAAoB,EAAE,IAAI;AAC1B,QAAA,iBAAiB,EAAE,IAAI;AACvB,QAAA,kBAAkB,EAAE,IAAI;;AAExB,QAAA,kBAAkB,EAAE,IAAI;QACxB,cAAc,EAAE,KAAK;QACrB,qBAAqB,EAAE,CAAC;QACxB,sBAAsB,EAAE,IAAI;AAC5B,QAAA,iBAAiB,EAAE,IAAI;;AAEvB,QAAA,qBAAqB,EAAE,IAAI;AAC3B,QAAA,uBAAuB,EAAE,IAAI;AAC7B,QAAA,yBAAyB,EAAE,IAAI;;AAE/B,QAAA,kBAAkB,EAAE,IAAI;AACxB,QAAA,eAAe,EAAE,IAAI;AACrB,QAAA,yBAAyB,EAAE,IAAI;AAClC,KAAA;AACD,IAAA,UAAU,EAAE;AACR,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,YAAY,EAAE,IAAI;AAClB,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,QAAQ,EAAE,KAAK;AACf,QAAA,eAAe,EAAE;AACb,YAAA,WAAW,EAAE,EAAE;AACf,YAAA,OAAO,EAAE,GAAG;AACZ,YAAA,SAAS,EAAE,IAAI;AACf,YAAA,OAAO,EAAE,EAAE;AACd,SAAA;AACJ,KAAA;AACD,IAAA,MAAM,EAAE;AACJ,QAAA,gBAAgB,EAAE,IAAI;QACtB,IAAI,EAAE,YAAY;AAClB,QAAA,UAAU,EAAE,KAAK;AACjB,QAAA,SAAS,EAAE,MAAM;AACjB,QAAA,eAAe,EAAE,MAAM;AACvB,QAAA,IAAI,EAAE,YAAY;AAClB,QAAA,cAAc,EAAE;AACZ,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,WAAW,EAAE,EAAE;AACf,YAAA,QAAQ,EAAE,QAAQ;AACrB,SAAA;AACJ,KAAA;AACD,IAAA,WAAW,EAAE;AACT,QAAA,GAAG,iBAAiB;QACpB,OAAO,EAAE,KAAK;AACjB,KAAA;AACD,IAAA,OAAO,EAAE;AACL,QAAA,KAAK,EAAE,MAAM;AACb,QAAA,UAAU,EAAE;AACR,YAAA,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,KAAK;AACZ,YAAA,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,KAAK;AAClB,YAAA,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,KAAK;AACf,YAAA,UAAU,EAAE,KAAK;AACjB,YAAA,MAAM,EAAE,KAAK;AACb,YAAA,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;AACjB,SAAA;AACD,QAAA,KAAK,EAAE;AACH,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,QAAQ,EAAE,IAAI;AACd,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,WAAW,EAAE,IAAI;AACjB,YAAA,KAAK,EAAE,IAAI;AACX,YAAA,SAAS,EAAE,IAAI;AACf,YAAA,aAAa,EAAE,IAAI;AACtB,SAAA;AACD,QAAA,MAAM,EAAE;AACJ,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,UAAU,EAAE,KAAK;AACpB,SAAA;;AAED,QAAA,mBAAmB,EAAE;AACjB,YAAA,GAAG,sBAAsB;YACzB,OAAO,EAAE,KAAK;AACd,YAAA,gBAAgB,EAAE,IAAI;AACzB,SAAA;AACJ,KAAA;AACD,IAAA,QAAQ,EAAE;AACN,QAAA,KAAK,EAAE,MAAM;AACb,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,cAAc,EAAE,KAAK;AACrB,QAAA,eAAe,EAAE,KAAK;AACzB,KAAA;AACD,IAAA,OAAO,EAAE;QACL,OAAO,EAAE,KAAK;AACd,QAAA,MAAM,EAAE,uBAAuB;AAClC,KAAA;AACD,IAAA,KAAK,EAAE;QACH,QAAQ,EAAE,QAAQ;AAClB,QAAA,OAAO,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI;QAC1B,GAAG,EAAE,MAAM;AACX,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,MAAM,EAAE;YACJ,OAAO,EAAE,GAAG;YACZ,SAAS,EAAE,KAAK;AACnB,SAAA;AACJ,KAAA;AACD,IAAA,QAAQ,EAAE;AACN,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"default.js","sources":["../../../../../src/server/const/default.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAAA;;;;AAIG;AAOU,MAAA,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,YAAY;AACrD,MAAM,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAY;AAEjE;AACa,MAAA,eAAe,GAAkB;AAC1C,IAAA,WAAW,EAAE;AACT,QAAA,WAAW,EAAE,IAAI;AACjB,QAAA,SAAS,EAAE,GAAG;AACd,QAAA,iBAAiB,EAAE,IAAI;AACvB,QAAA,UAAU,EAAE,IAAI;AAChB,QAAA,QAAQ,EAAE,IAAI;;AAEd,QAAA,mBAAmB,EAAE,IAAI;AACzB,QAAA,qBAAqB,EAAE,IAAI;AAC3B,QAAA,oBAAoB,EAAE,IAAI;AAC1B,QAAA,iBAAiB,EAAE,IAAI;AACvB,QAAA,kBAAkB,EAAE,IAAI;;AAExB,QAAA,kBAAkB,EAAE,IAAI;QACxB,cAAc,EAAE,KAAK;QACrB,qBAAqB,EAAE,CAAC;QACxB,sBAAsB,EAAE,IAAI;AAC5B,QAAA,iBAAiB,EAAE,IAAI;;AAEvB,QAAA,qBAAqB,EAAE,IAAI;AAC3B,QAAA,uBAAuB,EAAE,IAAI;AAC7B,QAAA,yBAAyB,EAAE,IAAI;;AAE/B,QAAA,kBAAkB,EAAE,IAAI;AACxB,QAAA,eAAe,EAAE,IAAI;AACrB,QAAA,yBAAyB,EAAE,IAAI;AAClC,KAAA;AACD,IAAA,UAAU,EAAE;AACR,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,YAAY,EAAE,IAAI;AAClB,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,QAAQ,EAAE,KAAK;AACf,QAAA,eAAe,EAAE;AACb,YAAA,WAAW,EAAE,EAAE;AACf,YAAA,OAAO,EAAE,GAAG;AACZ,YAAA,SAAS,EAAE,IAAI;AACf,YAAA,OAAO,EAAE,EAAE;AACd,SAAA;AACJ,KAAA;AACD,IAAA,MAAM,EAAE;AACJ,QAAA,gBAAgB,EAAE,IAAI;QACtB,IAAI,EAAE,YAAY;AAClB,QAAA,UAAU,EAAE,KAAK;AACjB,QAAA,SAAS,EAAE,MAAM;AACjB,QAAA,eAAe,EAAE,MAAM;AACvB,QAAA,IAAI,EAAE,YAAY;AAClB,QAAA,cAAc,EAAE;AACZ,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,WAAW,EAAE,EAAE;AACf,YAAA,QAAQ,EAAE,QAAQ;AACrB,SAAA;AACJ,KAAA;AACD,IAAA,WAAW,EAAE;AACT,QAAA,GAAG,iBAAiB;QACpB,OAAO,EAAE,KAAK;AACjB,KAAA;AACD,IAAA,OAAO,EAAE;AACL,QAAA,KAAK,EAAE,MAAM;AACb,QAAA,UAAU,EAAE;AACR,YAAA,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,KAAK;AACZ,YAAA,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,KAAK;AAClB,YAAA,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,KAAK;AACf,YAAA,UAAU,EAAE,KAAK;AACjB,YAAA,MAAM,EAAE,KAAK;AACb,YAAA,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;AACjB,SAAA;AACD,QAAA,KAAK,EAAE;AACH,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,QAAQ,EAAE,IAAI;AACd,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,WAAW,EAAE,IAAI;AACjB,YAAA,KAAK,EAAE,IAAI;AACX,YAAA,SAAS,EAAE,IAAI;AACf,YAAA,aAAa,EAAE,IAAI;AACtB,SAAA;AACD,QAAA,MAAM,EAAE;AACJ,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,UAAU,EAAE,KAAK;AACpB,SAAA;;AAED,QAAA,mBAAmB,EAAE;AACjB,YAAA,GAAG,sBAAsB;YACzB,OAAO,EAAE,KAAK;AACd,YAAA,gBAAgB,EAAE,IAAI;AACzB,SAAA;AACJ,KAAA;AACD,IAAA,QAAQ,EAAE;AACN,QAAA,KAAK,EAAE,MAAM;AACb,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,cAAc,EAAE,KAAK;AACrB,QAAA,eAAe,EAAE,KAAK;AACzB,KAAA;AACD,IAAA,OAAO,EAAE;QACL,OAAO,EAAE,KAAK;AACd,QAAA,MAAM,EAAE,uBAAuB;AAClC,KAAA;AACD,IAAA,KAAK,EAAE;QACH,QAAQ,EAAE,QAAQ;AAClB,QAAA,OAAO,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI;QAC1B,GAAG,EAAE,MAAM;AACX,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,MAAM,EAAE;YACJ,OAAO,EAAE,GAAG;YACZ,SAAS,EAAE,KAAK;AACnB,SAAA;AACJ,KAAA;AACD,IAAA,QAAQ,EAAE;AACN,QAAA,OAAO,EAAE,IAAI;AACb,QAAA,KAAK,EAAE,UAAU;AACjB,QAAA,IAAI,EAAE,IAAI;AACV,QAAA,MAAM,EAAE,IAAI;AACZ,QAAA,YAAY,EAAE,IAAI;AAClB,QAAA,UAAU,EAAE,KAAK;AACjB,QAAA,gBAAgB,EAAE,IAAI;AACtB,QAAA,aAAa,EAAE,KAAK;AACpB,QAAA,GAAG,EAAE,IAAI;AACT,QAAA,WAAW,EAAE,IAAI;AACjB,QAAA,aAAa,EAAE,KAAK;AACpB,QAAA,GAAG,EAAE,IAAI;AACT,QAAA,SAAS,EAAE;AACP,YAAA,GAAG,EAAE,GAAG;AACR,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;AACxB,YAAA,OAAO,EACH,yHAAyH;AAChI,SAAA;AACD,QAAA,MAAM,EAAE,KAAK;AACb,QAAA,GAAG,EAAE,IAAI;AACT,QAAA,aAAa,EAAE,IAAI;AACnB,QAAA,QAAQ,EAAE,IAAI;AACd,QAAA,UAAU,EAAE;AACR,YAAA,SAAS,EAAE,aAAa;AACxB,YAAA,OAAO,EAAE,EAAE;AACd,SAAA;AACJ,KAAA;AACD,IAAA,UAAU,EAAE;QACR,OAAO,EAAE,KAAK;AACd,QAAA,WAAW,EAAE,IAAI,GAAG,IAAI,GAAG,CAAC;AAC5B,QAAA,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ;AACjB,QAAA,gBAAgB,EAAE;YACd,YAAY;YACZ,WAAW;YACX,WAAW;YACX,YAAY;YACZ,iBAAiB;YACjB,YAAY;YACZ,UAAU;YACV,WAAW;AACd,SAAA;AACD,QAAA,iBAAiB,EAAE;YACf,MAAM;YACN,OAAO;YACP,MAAM;YACN,MAAM;YACN,OAAO;YACP,MAAM;YACN,MAAM;YACN,MAAM;YACN,MAAM;AACT,SAAA;AACD,QAAA,gBAAgB,EAAE,IAAI;AACtB,QAAA,YAAY,EAAE,KAAK;AACnB,QAAA,MAAM,EAAE;AACJ,YAAA,aAAa,EAAE,GAAG;AAClB,YAAA,SAAS,EAAE,IAAI,GAAG,IAAI;AACtB,YAAA,MAAM,EAAE,EAAE;AACV,YAAA,WAAW,EAAE,EAAE;AAClB,SAAA;AACJ,KAAA;;;;;"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1722,6 +1722,88 @@ interface CSRFConfig {
|
|
|
1722
1722
|
secure?: boolean;
|
|
1723
1723
|
};
|
|
1724
1724
|
}
|
|
1725
|
+
/**
|
|
1726
|
+
* Browser-Only Protection Configuration
|
|
1727
|
+
*
|
|
1728
|
+
* Blocks non-browser requests (cURL, Postman, scripts) while allowing legitimate browser access.
|
|
1729
|
+
* Useful for APIs that should only be accessed through web browsers.
|
|
1730
|
+
*
|
|
1731
|
+
* @example Enable with defaults:
|
|
1732
|
+
* ```typescript
|
|
1733
|
+
* browserOnly: true
|
|
1734
|
+
* ```
|
|
1735
|
+
*
|
|
1736
|
+
* @example Custom configuration:
|
|
1737
|
+
* ```typescript
|
|
1738
|
+
* browserOnly: {
|
|
1739
|
+
* requireSecFetch: true,
|
|
1740
|
+
* blockAutomationTools: true,
|
|
1741
|
+
* allowOriginRequests: true,
|
|
1742
|
+
* errorMessage: "Browser access required"
|
|
1743
|
+
* }
|
|
1744
|
+
* ```
|
|
1745
|
+
*/
|
|
1746
|
+
interface BrowserOnlyConfig {
|
|
1747
|
+
/** Enable browser-only protection (default: true when config provided) */
|
|
1748
|
+
enable?: boolean;
|
|
1749
|
+
/** Block requests without Sec-Fetch headers */
|
|
1750
|
+
requireSecFetch?: boolean;
|
|
1751
|
+
/** Block requests with curl/wget user agents */
|
|
1752
|
+
blockAutomationTools?: boolean;
|
|
1753
|
+
/** Require complex Accept header */
|
|
1754
|
+
requireComplexAccept?: boolean;
|
|
1755
|
+
/** Allow requests with Origin header (CORS) */
|
|
1756
|
+
allowOriginRequests?: boolean;
|
|
1757
|
+
/** Custom error message */
|
|
1758
|
+
errorMessage?: string;
|
|
1759
|
+
/** HTTP status code for blocked requests */
|
|
1760
|
+
statusCode?: number;
|
|
1761
|
+
/** Custom validation function */
|
|
1762
|
+
customValidator?: (req: any) => boolean;
|
|
1763
|
+
/** Enable debug logging */
|
|
1764
|
+
debug?: boolean;
|
|
1765
|
+
}
|
|
1766
|
+
/**
|
|
1767
|
+
* Terminal-Only Protection Configuration
|
|
1768
|
+
*
|
|
1769
|
+
* Blocks browser requests while allowing terminal/API tools.
|
|
1770
|
+
* Perfect for API-only endpoints or development tools.
|
|
1771
|
+
*
|
|
1772
|
+
* @example Enable with defaults:
|
|
1773
|
+
* ```typescript
|
|
1774
|
+
* terminalOnly: true
|
|
1775
|
+
* ```
|
|
1776
|
+
*
|
|
1777
|
+
* @example Custom configuration:
|
|
1778
|
+
* ```typescript
|
|
1779
|
+
* terminalOnly: {
|
|
1780
|
+
* blockSecFetch: true,
|
|
1781
|
+
* allowedTools: ["curl", "wget"],
|
|
1782
|
+
* blockBrowserIndicators: true,
|
|
1783
|
+
* debug: true
|
|
1784
|
+
* }
|
|
1785
|
+
* ```
|
|
1786
|
+
*/
|
|
1787
|
+
interface TerminalOnlyConfig {
|
|
1788
|
+
/** Enable terminal-only protection (default: true when config provided) */
|
|
1789
|
+
enable?: boolean;
|
|
1790
|
+
/** Block requests with Sec-Fetch headers (browsers) */
|
|
1791
|
+
blockSecFetch?: boolean;
|
|
1792
|
+
/** Allow specific automation tools (whitelist approach) */
|
|
1793
|
+
allowedTools?: string[];
|
|
1794
|
+
/** Block requests with complex browser headers */
|
|
1795
|
+
blockBrowserIndicators?: boolean;
|
|
1796
|
+
/** Require simple Accept header */
|
|
1797
|
+
requireSimpleAccept?: boolean;
|
|
1798
|
+
/** Custom error message */
|
|
1799
|
+
errorMessage?: string;
|
|
1800
|
+
/** HTTP status code for blocked requests */
|
|
1801
|
+
statusCode?: number;
|
|
1802
|
+
/** Custom validation function */
|
|
1803
|
+
customValidator?: (req: any) => boolean;
|
|
1804
|
+
/** Enable debug logging */
|
|
1805
|
+
debug?: boolean;
|
|
1806
|
+
}
|
|
1725
1807
|
/**
|
|
1726
1808
|
* Helmet Security Headers Configuration
|
|
1727
1809
|
*
|
|
@@ -1749,15 +1831,56 @@ interface CSRFConfig {
|
|
|
1749
1831
|
interface HelmetConfig {
|
|
1750
1832
|
/** Content Security Policy configuration */
|
|
1751
1833
|
contentSecurityPolicy?: {
|
|
1752
|
-
directives
|
|
1753
|
-
|
|
1754
|
-
|
|
1755
|
-
};
|
|
1756
|
-
};
|
|
1834
|
+
/** CSP directives - flexible configuration allowing any CSP directive */
|
|
1835
|
+
directives?: Record<string, string | string[]>;
|
|
1836
|
+
} | boolean;
|
|
1757
1837
|
/** HTTP Strict Transport Security configuration */
|
|
1758
1838
|
hsts?: {
|
|
1759
1839
|
maxAge: number;
|
|
1840
|
+
includeSubDomains?: boolean;
|
|
1841
|
+
preload?: boolean;
|
|
1842
|
+
};
|
|
1843
|
+
/** Cross-Origin Embedder Policy */
|
|
1844
|
+
crossOriginEmbedderPolicy?: boolean | {
|
|
1845
|
+
policy: "require-corp" | "credentialless";
|
|
1846
|
+
};
|
|
1847
|
+
/** Cross-Origin Opener Policy */
|
|
1848
|
+
crossOriginOpenerPolicy?: boolean | {
|
|
1849
|
+
policy: "same-origin" | "same-origin-allow-popups" | "unsafe-none";
|
|
1760
1850
|
};
|
|
1851
|
+
/** Cross-Origin Resource Policy */
|
|
1852
|
+
crossOriginResourcePolicy?: boolean | {
|
|
1853
|
+
policy: "same-origin" | "same-site" | "cross-origin";
|
|
1854
|
+
};
|
|
1855
|
+
/** DNS Prefetch Control */
|
|
1856
|
+
dnsPrefetchControl?: boolean | {
|
|
1857
|
+
allow: boolean;
|
|
1858
|
+
};
|
|
1859
|
+
/** Frameguard (X-Frame-Options) */
|
|
1860
|
+
frameguard?: boolean | {
|
|
1861
|
+
action: "deny" | "sameorigin" | "allow-from";
|
|
1862
|
+
domain?: string;
|
|
1863
|
+
};
|
|
1864
|
+
/** Hide Powered By header */
|
|
1865
|
+
hidePoweredBy?: boolean | {
|
|
1866
|
+
setTo?: string;
|
|
1867
|
+
};
|
|
1868
|
+
/** IE No Open */
|
|
1869
|
+
ieNoOpen?: boolean;
|
|
1870
|
+
/** No Sniff */
|
|
1871
|
+
noSniff?: boolean;
|
|
1872
|
+
/** Origin Agent Cluster */
|
|
1873
|
+
originAgentCluster?: boolean;
|
|
1874
|
+
/** Permitted Cross Domain Policies */
|
|
1875
|
+
permittedCrossDomainPolicies?: boolean | {
|
|
1876
|
+
permittedPolicies: "none" | "master-only" | "by-content-type" | "all";
|
|
1877
|
+
};
|
|
1878
|
+
/** Referrer Policy */
|
|
1879
|
+
referrerPolicy?: boolean | {
|
|
1880
|
+
policy: string | string[];
|
|
1881
|
+
};
|
|
1882
|
+
/** XSS Filter */
|
|
1883
|
+
xssFilter?: boolean;
|
|
1761
1884
|
}
|
|
1762
1885
|
/**
|
|
1763
1886
|
* XSS Protection Configuration
|
|
@@ -2547,6 +2670,50 @@ interface SecurityConfig {
|
|
|
2547
2670
|
encryption?: EncryptionConfig;
|
|
2548
2671
|
/** Authentication configuration */
|
|
2549
2672
|
authentication?: AuthenticationConfig;
|
|
2673
|
+
/**
|
|
2674
|
+
* Browser-Only Protection Configuration
|
|
2675
|
+
*
|
|
2676
|
+
* Blocks non-browser requests (cURL, Postman, scripts) while allowing legitimate browser access.
|
|
2677
|
+
* Useful for APIs that should only be accessed through web browsers.
|
|
2678
|
+
*
|
|
2679
|
+
* @example Enable with defaults:
|
|
2680
|
+
* ```typescript
|
|
2681
|
+
* browserOnly: true
|
|
2682
|
+
* ```
|
|
2683
|
+
*
|
|
2684
|
+
* @example Custom configuration:
|
|
2685
|
+
* ```typescript
|
|
2686
|
+
* browserOnly: {
|
|
2687
|
+
* requireSecFetch: true,
|
|
2688
|
+
* blockAutomationTools: true,
|
|
2689
|
+
* allowOriginRequests: true,
|
|
2690
|
+
* errorMessage: "Browser access required"
|
|
2691
|
+
* }
|
|
2692
|
+
* ```
|
|
2693
|
+
*/
|
|
2694
|
+
browserOnly?: boolean | BrowserOnlyConfig;
|
|
2695
|
+
/**
|
|
2696
|
+
* Terminal-Only Protection Configuration
|
|
2697
|
+
*
|
|
2698
|
+
* Blocks browser requests while allowing terminal/API tools.
|
|
2699
|
+
* Perfect for API-only endpoints or development tools.
|
|
2700
|
+
*
|
|
2701
|
+
* @example Enable with defaults:
|
|
2702
|
+
* ```typescript
|
|
2703
|
+
* terminalOnly: true
|
|
2704
|
+
* ```
|
|
2705
|
+
*
|
|
2706
|
+
* @example Custom configuration:
|
|
2707
|
+
* ```typescript
|
|
2708
|
+
* terminalOnly: {
|
|
2709
|
+
* blockSecFetch: true,
|
|
2710
|
+
* allowedTools: ["curl", "wget"],
|
|
2711
|
+
* blockBrowserIndicators: true,
|
|
2712
|
+
* debug: true
|
|
2713
|
+
* }
|
|
2714
|
+
* ```
|
|
2715
|
+
*/
|
|
2716
|
+
terminalOnly?: boolean | TerminalOnlyConfig;
|
|
2550
2717
|
}
|
|
2551
2718
|
/**
|
|
2552
2719
|
* Encryption configuration interface.
|
|
@@ -4384,6 +4551,8 @@ declare class SecurityMiddleware {
|
|
|
4384
4551
|
mongoSanitize: boolean | MongoSanitizeConfig;
|
|
4385
4552
|
morgan: boolean | MorganConfig;
|
|
4386
4553
|
slowDown: boolean | SlowDownConfig;
|
|
4554
|
+
browserOnly: boolean | BrowserOnlyConfig;
|
|
4555
|
+
terminalOnly: boolean | TerminalOnlyConfig;
|
|
4387
4556
|
encryption: Required<SecurityConfig>["encryption"];
|
|
4388
4557
|
authentication: Required<SecurityConfig>["authentication"];
|
|
4389
4558
|
routeConfig?: SecurityConfig["routeConfig"];
|
|
@@ -4392,6 +4561,8 @@ declare class SecurityMiddleware {
|
|
|
4392
4561
|
private rateLimitMiddleware;
|
|
4393
4562
|
private bruteForceMiddleware;
|
|
4394
4563
|
private csrfMiddleware;
|
|
4564
|
+
private browserOnlyMiddleware;
|
|
4565
|
+
private terminalOnlyMiddleware;
|
|
4395
4566
|
private mongoSanitizeMiddleware;
|
|
4396
4567
|
private hppMiddleware;
|
|
4397
4568
|
private compressionMiddleware;
|
|
@@ -4402,6 +4573,8 @@ declare class SecurityMiddleware {
|
|
|
4402
4573
|
private commandInjectionDetector;
|
|
4403
4574
|
private xxeProtector;
|
|
4404
4575
|
private ldapInjectionDetector;
|
|
4576
|
+
private browserOnlyProtector?;
|
|
4577
|
+
private terminalOnlyProtector?;
|
|
4405
4578
|
private logger;
|
|
4406
4579
|
constructor(config?: SecurityConfig, logger?: Logger);
|
|
4407
4580
|
/**
|
|
@@ -4438,6 +4611,14 @@ declare class SecurityMiddleware {
|
|
|
4438
4611
|
* Get CSRF token for client-side usage
|
|
4439
4612
|
*/
|
|
4440
4613
|
generateCsrfToken(req: XyPrisRequest): string | null;
|
|
4614
|
+
/**
|
|
4615
|
+
* Check if browser-only protection is enabled
|
|
4616
|
+
*/
|
|
4617
|
+
private isBrowserOnlyEnabled;
|
|
4618
|
+
/**
|
|
4619
|
+
* Check if terminal-only protection is enabled
|
|
4620
|
+
*/
|
|
4621
|
+
private isTerminalOnlyEnabled;
|
|
4441
4622
|
/**
|
|
4442
4623
|
* Get security configuration
|
|
4443
4624
|
*/
|
|
@@ -7986,7 +8167,7 @@ interface SecureObjectOptions {
|
|
|
7986
8167
|
***************************************************************************** */
|
|
7987
8168
|
/**
|
|
7988
8169
|
* @license MIT
|
|
7989
|
-
* @see https://lab.nehonix.
|
|
8170
|
+
* @see https://lab.nehonix.com
|
|
7990
8171
|
* @description SecureObject Core Module
|
|
7991
8172
|
*
|
|
7992
8173
|
* Main SecureObject class
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "xypriss",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "3.0.0",
|
|
4
4
|
"description": "XyPriss is a lightweight, TypeScript-first, open-source Node.js web framework crafted for developers seeking a familiar Express-like API without Express dependencies. It features built-in security middleware, a robust routing system, and performance optimizations to build scalable, secure web applications effortlessly. Join our community and contribute on GitHub!",
|
|
5
5
|
"main": "dist/cjs/index.js",
|
|
6
6
|
"module": "dist/esm/index.js",
|
|
@@ -113,8 +113,8 @@
|
|
|
113
113
|
],
|
|
114
114
|
"author": {
|
|
115
115
|
"name": "Nehonix",
|
|
116
|
-
"whatsapp": "https://s.nehonix.
|
|
117
|
-
"url": "https://nehonix.
|
|
116
|
+
"whatsapp": "https://s.nehonix.com/QBo0KpCl",
|
|
117
|
+
"url": "https://nehonix.com"
|
|
118
118
|
},
|
|
119
119
|
"contributors": [
|
|
120
120
|
{
|
|
@@ -123,7 +123,7 @@
|
|
|
123
123
|
},
|
|
124
124
|
{
|
|
125
125
|
"name": "Nehonix",
|
|
126
|
-
"url": "https://nehonix.
|
|
126
|
+
"url": "https://nehonix.com"
|
|
127
127
|
}
|
|
128
128
|
],
|
|
129
129
|
"license": "MIT",
|
|
@@ -131,7 +131,7 @@
|
|
|
131
131
|
"type": "git",
|
|
132
132
|
"url": "https://github.com/Nehonix-Team/XyPriss.git"
|
|
133
133
|
},
|
|
134
|
-
"documentation": "https://lab.nehonix.
|
|
134
|
+
"documentation": "https://lab.nehonix.com/nehonix_viewer/_doc/Nehonix%20xypriss/readme.md",
|
|
135
135
|
"changelog": "https://github.com/Nehonix-Team/XyPriss/blob/main/CHANGELOG.md",
|
|
136
136
|
"support": "https://github.com/Nehonix-Team/XyPriss/issues",
|
|
137
137
|
"bugs": {
|
|
@@ -270,3 +270,4 @@
|
|
|
270
270
|
"xypriss-security": "^1.1.10"
|
|
271
271
|
}
|
|
272
272
|
}
|
|
273
|
+
|
|
@@ -14,7 +14,7 @@ import { fileURLToPath } from "url";
|
|
|
14
14
|
const __filename = fileURLToPath(import.meta.url);
|
|
15
15
|
const __dirname = path.dirname(__filename);
|
|
16
16
|
|
|
17
|
-
const CDN_BASE_URL = "https://
|
|
17
|
+
const CDN_BASE_URL = "https://dll.nehonix.com/dl/mds/xypriss/bin";
|
|
18
18
|
// Install binary in the package's own bin directory, not user's project
|
|
19
19
|
const BIN_DIR = path.join(__dirname, "..", "bin");
|
|
20
20
|
const TIMEOUT = 40000; // 40 seconds
|