xypriss 3.2.0 → 3.2.2

package/dist/esm/src/middleware/built-in/index.js

@@ -1,323 +0,0 @@
-import helmet from 'helmet';
-import cors from 'cors';
-import rateLimit from 'express-rate-limit';
-import compression from 'compression';
-import hpp from 'hpp';
-import mongoSanitize from 'express-mongo-sanitize';
-import xss from 'xss';
-import morgan from 'morgan';
-import slowDown from 'express-slow-down';
-import ExpressBrute from 'express-brute';
-import multer from 'multer';
-import { doubleCsrf } from 'csrf-csrf';
-
-/**
- * XyPriss Built-in Middleware
- * Wrappers around popular middleware libraries
- */
-class BuiltInMiddleware {
-    /**
-     * Get Helmet middleware for security headers
-     */
-    static helmet(options = {}) {
-        const defaultOptions = {
-            contentSecurityPolicy: {
-                directives: {
-                    defaultSrc: ["'self'"],
-                    scriptSrc: ["'self'"],
-                    styleSrc: ["'self'", "'unsafe-inline'"],
-                    imgSrc: ["'self'", "data:"],
-                    fontSrc: ["'self'"],
-                },
-            },
-            crossOriginEmbedderPolicy: true,
-            crossOriginOpenerPolicy: true,
-            crossOriginResourcePolicy: { policy: "same-origin" },
-            dnsPrefetchControl: { allow: false },
-            frameguard: { action: "deny" },
-            hidePoweredBy: true,
-            hsts: {
-                maxAge: 31536000,
-                includeSubDomains: true,
-                preload: false,
-            },
-            ieNoOpen: true,
-            noSniff: true,
-            originAgentCluster: true,
-            permittedCrossDomainPolicies: false,
-            referrerPolicy: { policy: "strict-origin-when-cross-origin" },
-            xssFilter: true,
-        };
-        const config = { ...defaultOptions, ...options };
-        return helmet(config);
-    }
-    /**
-     * Get CORS middleware
-     */
-    static cors(options = {}) {
-        const defaultOptions = {
-            origin: true,
-            methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"],
-            allowedHeaders: [
-                "Content-Type",
-                "Authorization",
-                "X-Requested-With",
-            ],
-            credentials: false,
-            maxAge: 86400, // 24 hours
-        };
-        const config = { ...defaultOptions, ...options };
-        return cors(config);
-    }
-    /**
-     * Get Rate Limiting middleware
-     */
-    static rateLimit(options = {}) {
-        const defaultOptions = {
-            windowMs: 15 * 60 * 1000, // 15 minutes
-            max: 100, // limit each IP to 100 requests per windowMs
-            message: {
-                error: "Too many requests from this IP, please try again later.",
-                retryAfter: "Please try again later.",
-            },
-            standardHeaders: true,
-            legacyHeaders: false,
-            handler: (_req, res) => {
-                res.status(429).json({
-                    error: "Too many requests",
-                    message: "Rate limit exceeded. Please try again later.",
-                    retryAfter: Math.ceil(options.windowMs / 1000) || 900,
-                });
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        return rateLimit(config);
-    }
-    /**
-     * Get Compression middleware
-     */
-    static compression(options = {}) {
-        const defaultOptions = {
-            level: 6,
-            threshold: 1024, // Only compress responses >= 1KB
-            filter: (req, res) => {
-                // Don't compress responses with this request header
-                if (req.headers["x-no-compression"]) {
-                    return false;
-                }
-                // Fallback to standard filter function
-                return compression.filter(req, res);
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        return compression(config);
-    }
-    /**
-     * CSRF protection middleware using csrf-csrf library
-     */
-    static csrf(options = {}) {
-        const defaultOptions = {
-            getSecret: () => "your-secret-key", // In production, use a proper secret
-            cookieName: "__Host-psifi.x-csrf-token",
-            cookieOptions: {
-                httpOnly: true,
-                sameSite: "strict",
-                secure: process.env.NODE_ENV === "production",
-                maxAge: 3600000, // 1 hour
-            },
-            size: 64,
-            ignoredMethods: ["GET", "HEAD", "OPTIONS"],
-            getTokenFromRequest: (req) => {
-                return (req.headers["x-csrf-token"] ||
-                    req.body?._csrf ||
-                    req.query?._csrf);
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        const { doubleCsrfProtection } = doubleCsrf(config);
-        // Return the protection middleware
-        return doubleCsrfProtection;
-    }
-    /**
-     * Get Express Validator middleware for input validation
-     * Simplified implementation - users should install express-validator separately
-     */
-    static validator(options = {}) {
-        const defaultOptions = {
-            sanitizeBody: true,
-            checkBody: true,
-            checkQuery: true,
-            checkParams: true,
-        };
-        ({ ...defaultOptions, ...options });
-        return (req, res, next) => {
-            // Basic validation middleware - simplified
-            // In production, use express-validator library directly
-            console.log("[Validator] Basic validation middleware active");
-            // Add basic validation helpers to request
-            req.validation = {
-                body: (field) => req.body?.[field],
-                query: (field) => req.query?.[field],
-                params: (field) => req.params?.[field],
-            };
-            next();
-        };
-    }
-    /**
-     * Get HPP (HTTP Parameter Pollution) protection middleware
-     */
-    static hpp(options = {}) {
-        const defaultOptions = {
-            whitelist: ["tags", "categories"], // Allow arrays for these parameters
-        };
-        const config = { ...defaultOptions, ...options };
-        return hpp(config);
-    }
-    /**
-     * Get MongoDB injection protection middleware
-     */
-    static mongoSanitize(options = {}) {
-        const defaultOptions = {
-            replaceWith: "_",
-            onSanitize: (key, value) => {
-                console.warn(`[MongoSanitize] Sanitized key: ${key}, value: ${value}`);
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        return mongoSanitize(config);
-    }
-    /**
-     * Get XSS protection middleware
-     */
-    static xss(options = {}) {
-        const defaultOptions = {
-            whiteList: {
-                a: ["href", "title"],
-                b: [],
-                i: [],
-                strong: [],
-                em: [],
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        return (req, _res, next) => {
-            // Sanitize request body
-            if (req.body) {
-                req.body = this.sanitizeObject(req.body, config);
-            }
-            // Sanitize query parameters
-            if (req.query) {
-                req.query = this.sanitizeObject(req.query, config);
-            }
-            next();
-        };
-    }
-    /**
-     * Get Morgan logging middleware
-     */
-    static morgan(options = {}) {
-        const defaultFormat = options.format || "combined";
-        const defaultOptions = {
-            skip: (_req, res) => res.statusCode < 400, // Only log errors by default
-            stream: process.stdout,
-        };
-        const config = { ...defaultOptions, ...options };
-        return morgan(defaultFormat, config);
-    }
-    /**
-     * Get Slow Down middleware for progressive delays
-     */
-    static slowDown(options = {}) {
-        const defaultOptions = {
-            windowMs: 15 * 60 * 1000, // 15 minutes
-            delayAfter: 2, // Allow 2 requests per windowMs without delay
-            delayMs: 500, // Add 500ms delay per request after delayAfter
-            maxDelayMs: 20000, // Maximum delay of 20 seconds
-            skipFailedRequests: false,
-            skipSuccessfulRequests: false,
-        };
-        const config = { ...defaultOptions, ...options };
-        return slowDown(config);
-    }
-    /**
-     * Get Express Brute middleware for brute force protection
-     */
-    static brute(options = {}) {
-        const store = new ExpressBrute.MemoryStore();
-        const defaultOptions = {
-            freeRetries: 2,
-            minWait: 5 * 60 * 1000, // 5 minutes
-            maxWait: 60 * 60 * 1000, // 1 hour
-            lifetime: 24 * 60 * 60, // 1 day (in seconds)
-            failCallback: (_req, res, _next, nextValidRequestDate) => {
-                res.status(429).json({
-                    error: "Too many failed attempts",
-                    message: "Account temporarily locked due to too many failed attempts",
-                    nextValidRequestDate: nextValidRequestDate,
-                });
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        const bruteforce = new ExpressBrute(store, config);
-        return bruteforce.prevent;
-    }
-    /**
-     * Get Multer middleware for file uploads
-     */
-    static multer(options = {}) {
-        const defaultOptions = {
-            limits: {
-                fileSize: 5 * 1024 * 1024, // 5MB limit
-                files: 5, // Maximum 5 files
-            },
-            fileFilter: (_req, file, cb) => {
-                // Allow only specific file types
-                const allowedTypes = /jpeg|jpg|png|gif|pdf|doc|docx/;
-                const extname = allowedTypes.test(file.originalname.toLowerCase());
-                const mimetype = allowedTypes.test(file.mimetype);
-                if (mimetype && extname) {
-                    return cb(null, true);
-                }
-                else {
-                    cb(new Error("Invalid file type. Only images and documents are allowed."));
-                }
-            },
-        };
-        const config = { ...defaultOptions, ...options };
-        return multer(config);
-    }
-    /**
-     * Get all default security middleware
-     */
-    static security(options = {}) {
-        return {
-            helmet: this.helmet(options.helmet),
-            cors: this.cors(options.cors),
-            rateLimit: this.rateLimit(options.rateLimit),
-            compression: this.compression(options.compression),
-            csrf: this.csrf(options.csrf),
-        };
-    }
-    // Helper method for XSS sanitization
-    static sanitizeObject(obj, config) {
-        if (typeof obj === "string") {
-            return xss(obj, config);
-        }
-        else if (Array.isArray(obj)) {
-            return obj.map((item) => this.sanitizeObject(item, config));
-        }
-        else if (obj && typeof obj === "object") {
-            const sanitized = {};
-            for (const key in obj) {
-                if (obj.hasOwnProperty(key)) {
-                    sanitized[key] = this.sanitizeObject(obj[key], config);
-                }
-            }
-            return sanitized;
-        }
-        return obj;
-    }
-}
-
-export { BuiltInMiddleware };
-//# sourceMappingURL=index.js.map

package/dist/esm/src/middleware/built-in/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sources":["../../../../../src/middleware/built-in/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;AAAA;;;AAGG;MAgCU,iBAAiB,CAAA;AAC1B;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAe,EAAE,EAAA;AAC3B,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,qBAAqB,EAAE;AACnB,gBAAA,UAAU,EAAE;oBACR,UAAU,EAAE,CAAC,QAAQ,CAAC;oBACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;AACrB,oBAAA,QAAQ,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;AACvC,oBAAA,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;oBAC3B,OAAO,EAAE,CAAC,QAAQ,CAAC;AACtB,iBAAA;AACJ,aAAA;AACD,YAAA,yBAAyB,EAAE,IAAI;AAC/B,YAAA,uBAAuB,EAAE,IAAI;AAC7B,YAAA,yBAAyB,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;AACpD,YAAA,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;AACpC,YAAA,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;AAC9B,YAAA,aAAa,EAAE,IAAI;AACnB,YAAA,IAAI,EAAE;AACF,gBAAA,MAAM,EAAE,QAAQ;AAChB,gBAAA,iBAAiB,EAAE,IAAI;AACvB,gBAAA,OAAO,EAAE,KAAK;AACjB,aAAA;AACD,YAAA,QAAQ,EAAE,IAAI;AACd,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,kBAAkB,EAAE,IAAI;AACxB,YAAA,4BAA4B,EAAE,KAAK;AACnC,YAAA,cAAc,EAAE,EAAE,MAAM,EAAE,iCAAiC,EAAE;AAC7D,YAAA,SAAS,EAAE,IAAI;SAClB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;KACzB;AAED;;AAEG;AACH,IAAA,OAAO,IAAI,CAAC,OAAA,GAAe,EAAE,EAAA;AACzB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC;AAC1D,YAAA,cAAc,EAAE;gBACZ,cAAc;gBACd,eAAe;gBACf,kBAAkB;AACrB,aAAA;AACD,YAAA,WAAW,EAAE,KAAK;YAClB,MAAM,EAAE,KAAK;SAChB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;KACvB;AAED;;AAEG;AACH,IAAA,OAAO,SAAS,CAAC,OAAA,GAAe,EAAE,EAAA;AAC9B,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;YACxB,GAAG,EAAE,GAAG;AACR,YAAA,OAAO,EAAE;AACL,gBAAA,KAAK,EAAE,yDAAyD;AAChE,gBAAA,UAAU,EAAE,yBAAyB;AACxC,aAAA;AACD,YAAA,eAAe,EAAE,IAAI;AACrB,YAAA,aAAa,EAAE,KAAK;AACpB,YAAA,OAAO,EAAE,CAAC,IAAS,EAAE,GAAQ,KAAI;AAC7B,gBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACjB,oBAAA,KAAK,EAAE,mBAAmB;AAC1B,oBAAA,OAAO,EAAE,8CAA8C;AACvD,oBAAA,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,GAAG;AACxD,iBAAA,CAAC,CAAC;aACN;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;KAC5B;AAED;;AAEG;AACH,IAAA,OAAO,WAAW,CAAC,OAAA,GAAe,EAAE,EAAA;AAChC,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI;AACf,YAAA,MAAM,EAAE,CAAC,GAAQ,EAAE,GAAQ,KAAI;;AAE3B,gBAAA,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;AACjC,oBAAA,OAAO,KAAK,CAAC;iBAChB;;gBAGD,OAAO,WAAW,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;aACvC;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;KAC9B;AAED;;AAEG;AACH,IAAA,OAAO,IAAI,CAAC,OAAA,GAAe,EAAE,EAAA;AACzB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE,MAAM,iBAAiB;AAClC,YAAA,UAAU,EAAE,2BAA2B;AACvC,YAAA,aAAa,EAAE;AACX,gBAAA,QAAQ,EAAE,IAAI;AACd,gBAAA,QAAQ,EAAE,QAAQ;AAClB,gBAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;gBAC7C,MAAM,EAAE,OAAO;AAClB,aAAA;AACD,YAAA,IAAI,EAAE,EAAE;AACR,YAAA,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;AAC1C,YAAA,mBAAmB,EAAE,CAAC,GAAQ,KAAI;AAC9B,gBAAA,QACI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;oBAC3B,GAAG,CAAC,IAAI,EAAE,KAAK;AACf,oBAAA,GAAG,CAAC,KAAK,EAAE,KAAK,EAClB;aACL;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;QAEjD,MAAM,EAAE,oBAAoB,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;;AAGpD,QAAA,OAAO,oBAAoB,CAAC;KAC/B;AAED;;;AAGG;AACH,IAAA,OAAO,SAAS,CAAC,OAAA,GAAe,EAAE,EAAA;AAC9B,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,YAAY,EAAE,IAAI;AAClB,YAAA,SAAS,EAAE,IAAI;AACf,YAAA,UAAU,EAAE,IAAI;AAChB,YAAA,WAAW,EAAE,IAAI;SACpB,CAAC;SAEa,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,IAAG;AAEjD,QAAA,OAAO,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,KAAI;;;AAGrC,YAAA,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;;YAG9D,GAAG,CAAC,UAAU,GAAG;AACb,gBAAA,IAAI,EAAE,CAAC,KAAa,KAAK,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC;AAC1C,gBAAA,KAAK,EAAE,CAAC,KAAa,KAAK,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;AAC5C,gBAAA,MAAM,EAAE,CAAC,KAAa,KAAK,GAAG,CAAC,MAAM,GAAG,KAAK,CAAC;aACjD,CAAC;AAEF,YAAA,IAAI,EAAE,CAAC;AACX,SAAC,CAAC;KACL;AAED;;AAEG;AACH,IAAA,OAAO,GAAG,CAAC,OAAA,GAAe,EAAE,EAAA;AACxB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;SACpC,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;KACtB;AAED;;AAEG;AACH,IAAA,OAAO,aAAa,CAAC,OAAA,GAAe,EAAE,EAAA;AAClC,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,WAAW,EAAE,GAAG;AAChB,YAAA,UAAU,EAAE,CAAC,GAAW,EAAE,KAAU,KAAI;gBACpC,OAAO,CAAC,IAAI,CACR,CAAA,+BAAA,EAAkC,GAAG,CAAY,SAAA,EAAA,KAAK,CAAE,CAAA,CAC3D,CAAC;aACL;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;KAChC;AAED;;AAEG;AACH,IAAA,OAAO,GAAG,CAAC,OAAA,GAAe,EAAE,EAAA;AACxB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE;AACP,gBAAA,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;AACpB,gBAAA,CAAC,EAAE,EAAE;AACL,gBAAA,CAAC,EAAE,EAAE;AACL,gBAAA,MAAM,EAAE,EAAE;AACV,gBAAA,EAAE,EAAE,EAAE;AACT,aAAA;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AAEjD,QAAA,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,KAAI;;AAEtC,YAAA,IAAI,GAAG,CAAC,IAAI,EAAE;AACV,gBAAA,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;aACpD;;AAGD,YAAA,IAAI,GAAG,CAAC,KAAK,EAAE;AACX,gBAAA,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;aACtD;AAED,YAAA,IAAI,EAAE,CAAC;AACX,SAAC,CAAC;KACL;AAED;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAe,EAAE,EAAA;AAC3B,QAAA,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;AACnD,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,IAAI,EAAE,CAAC,IAAS,EAAE,GAAQ,KAAK,GAAG,CAAC,UAAU,GAAG,GAAG;YACnD,MAAM,EAAE,OAAO,CAAC,MAAM;SACzB,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;KACxC;AAED;;AAEG;AACH,IAAA,OAAO,QAAQ,CAAC,OAAA,GAAe,EAAE,EAAA;AAC7B,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;YACxB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,GAAG;YACZ,UAAU,EAAE,KAAK;AACjB,YAAA,kBAAkB,EAAE,KAAK;AACzB,YAAA,sBAAsB,EAAE,KAAK;SAChC,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;KAC3B;AAED;;AAEG;AACH,IAAA,OAAO,KAAK,CAAC,OAAA,GAAe,EAAE,EAAA;AAC1B,QAAA,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;AAC7C,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,WAAW,EAAE,CAAC;AACd,YAAA,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;AACtB,YAAA,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;AACvB,YAAA,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;YACtB,YAAY,EAAE,CACV,IAAS,EACT,GAAQ,EACR,KAAU,EACV,oBAA0B,KAC1B;AACA,gBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACjB,oBAAA,KAAK,EAAE,0BAA0B;AACjC,oBAAA,OAAO,EACH,4DAA4D;AAChE,oBAAA,oBAAoB,EAAE,oBAAoB;AAC7C,iBAAA,CAAC,CAAC;aACN;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;QACjD,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAEnD,OAAO,UAAU,CAAC,OAAO,CAAC;KAC7B;AAED;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAe,EAAE,EAAA;AAC3B,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,MAAM,EAAE;AACJ,gBAAA,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI;gBACzB,KAAK,EAAE,CAAC;AACX,aAAA;YACD,UAAU,EAAE,CAAC,IAAS,EAAE,IAAS,EAAE,EAAO,KAAI;;gBAE1C,MAAM,YAAY,GAAG,+BAA+B,CAAC;AACrD,gBAAA,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAC7B,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAClC,CAAC;gBACF,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAElD,gBAAA,IAAI,QAAQ,IAAI,OAAO,EAAE;AACrB,oBAAA,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;iBACzB;qBAAM;AACH,oBAAA,EAAE,CACE,IAAI,KAAK,CACL,2DAA2D,CAC9D,CACJ,CAAC;iBACL;aACJ;SACJ,CAAC;QAEF,MAAM,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;AACjD,QAAA,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;KACzB;AAED;;AAEG;AACH,IAAA,OAAO,QAAQ,CAAC,OAAA,GAAmC,EAAE,EAAA;QACjD,OAAO;YACH,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;YAC5C,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC;YAClD,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;SAChC,CAAC;KACL;;AAGO,IAAA,OAAO,cAAc,CAAC,GAAQ,EAAE,MAAW,EAAA;AAC/C,QAAA,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;AACzB,YAAA,OAAO,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;SAC3B;AAAM,aAAA,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;SAC/D;AAAM,aAAA,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YACvC,MAAM,SAAS,GAAQ,EAAE,CAAC;AAC1B,YAAA,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE;AACnB,gBAAA,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;AACzB,oBAAA,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;iBAC1D;aACJ;AACD,YAAA,OAAO,SAAS,CAAC;SACpB;AACD,QAAA,OAAO,GAAG,CAAC;KACd;AACJ;;;;"}

package/dist/esm/src/middleware/built-in/sqlInjection.js

@@ -1,333 +0,0 @@
-class SQLInjectionDetector {
-    constructor(config = {}) {
-        // High-confidence SQL injection patterns (more specific to reduce false positives)
-        this.highRiskPatterns = [
-            // Union attacks with SELECT
-            /(\s|^)(union|UNION)(\s)+(all\s+)?(select|SELECT)/gi,
-            // SQL comments at end of input or before SQL keywords
-            /(--|#|\/\*).*?(select|union|drop|delete|insert|update|create|alter)/gi,
-            /;(\s)*--.*/gi,
-            // Enhanced boolean injections (more comprehensive)
-            /(\s|^)(or|OR)(\s)+('?\d+'?\s*=\s*'?\d+'?|'[^']*'\s*=\s*'[^']*'|true|false)/gi,
-            /(\s|^)(and|AND)(\s)+('?\d+'?\s*=\s*'?\d+'?|'[^']*'\s*=\s*'[^']*'|true|false)/gi,
-            // Quote-based boolean injections
-            /'(\s)+(or|OR|and|AND)(\s)+'/gi,
-            // Comment-obfuscated patterns
-            /\/\*.*?\*\/(or|OR|and|AND)\/\*.*?\*\//gi,
-            // Time-based with specific syntax (enhanced)
-            /(sleep|SLEEP|waitfor|WAITFOR|delay|DELAY)\s*\(.*?\)/gi,
-            /(waitfor|WAITFOR)\s+(delay|DELAY)\s+'/gi,
-            // System stored procedures
-            /(exec|EXEC|execute|EXECUTE)\s+(sp_|xp_)\w+/gi,
-            // Information schema with specific queries
-            /(information_schema|INFORMATION_SCHEMA)\.(tables|columns|schemata)/gi,
-            // Dangerous DDL operations with semicolons
-            /;(\s)*(drop|DROP|delete|DELETE|truncate|TRUNCATE)\s+(table|database)/gi,
-            // Hex encoding of common injection strings
-            /0x(27|22|5C|2D|2D)/gi, // ', ", \, --
-            // Multiple quotes for quote breaking
-            /('{3,}|"{3,})/g,
-            // Stacked queries with dangerous operations
-            /;(\s)*(drop|delete|insert|update|create|alter)(\s)+/gi,
-        ];
-        // Medium risk patterns (require context analysis)
-        this.mediumRiskPatterns = [
-            // Single SQL keywords (common in legitimate text)
-            /\b(select|union|drop|delete|insert|update|create|alter)\b/gi,
-            // Simple OR/AND conditions
-            /\b(or|and)\s+\w+\s*=\s*\w+/gi,
-            // Single quotes or double quotes
-            /'/g,
-            /"/g,
-            // Basic SQL comments
-            /(--|#)/g,
-            // Wildcards
-            /[%_]/g,
-        ];
-        // Characters that are suspicious in certain contexts
-        this.contextSensitiveChars = /[';\"\\%_]/g;
-        this.config = {
-            strictMode: config.strictMode ?? false,
-            allowedChars: config.allowedChars ?? /^[a-zA-Z0-9\s\-@.!?,()]+$/,
-            maxLength: config.maxLength ?? 1000,
-            logAttempts: config.logAttempts ?? true,
-            contextualAnalysis: config.contextualAnalysis ?? true,
-            falsePositiveThreshold: config.falsePositiveThreshold ?? 0.6,
-        };
-    }
-    /**
-     * Main detection method with improved false positive handling
-     */
-    detect(input, context) {
-        if (!input || typeof input !== "string") {
-            return {
-                isMalicious: false,
-                confidence: 0,
-                detectedPatterns: [],
-                riskLevel: "LOW",
-            };
-        }
-        const result = {
-            isMalicious: false,
-            confidence: 0,
-            detectedPatterns: [],
-            sanitizedInput: input,
-            riskLevel: "LOW",
-        };
-        // Check input length (very long inputs are suspicious)
-        if (input.length > this.config.maxLength) {
-            result.confidence += 0.2; // Reduced penalty for length
-            result.detectedPatterns.push("Excessive length");
-        }
-        // High-risk pattern analysis (strong indicators)
-        let highRiskScore = 0;
-        this.highRiskPatterns.forEach((pattern, index) => {
-            const matches = input.match(pattern);
-            if (matches) {
-                const patternName = this.getHighRiskPatternName(index);
-                result.detectedPatterns.push(`${patternName}: ${matches.join(", ")}`);
-                highRiskScore += this.getHighRiskPatternWeight(index);
-            }
-        });
-        // Medium-risk pattern analysis (context-dependent)
-        let mediumRiskScore = 0;
-        if (this.config.contextualAnalysis) {
-            mediumRiskScore = this.analyzeContext(input, context || "");
-        }
-        else {
-            // Basic medium risk analysis without context
-            this.mediumRiskPatterns.forEach((pattern, index) => {
-                const matches = input.match(pattern);
-                if (matches) {
-                    mediumRiskScore += 0.1 * matches.length; // Lower weight for medium risk
-                }
-            });
-        }
-        // Contextual analysis for legitimate use cases
-        const legitimacyScore = this.calculateLegitimacyScore(input);
-        // Calculate confidence with false positive mitigation
-        const rawScore = highRiskScore + mediumRiskScore * 0.3;
-        result.confidence = Math.max(0, rawScore - legitimacyScore);
-        result.confidence = Math.min(result.confidence, 1.0);
-        // Determine risk level and malicious status
-        if (result.confidence >= 0.8) {
-            result.riskLevel = "CRITICAL";
-            result.isMalicious = true;
-        }
-        else if (result.confidence >= this.config.falsePositiveThreshold) {
-            result.riskLevel = "HIGH";
-            result.isMalicious = true;
-        }
-        else if (result.confidence >= 0.3) {
-            result.riskLevel = "MEDIUM";
-            result.isMalicious = false; // Don't block medium risk by default
-        }
-        else {
-            result.riskLevel = "LOW";
-            result.isMalicious = false;
-        }
-        // Log only high confidence attempts
-        if (this.config.logAttempts && result.confidence >= 0.7) {
-            this.logAttempt(input, result);
-        }
-        // Provide sanitized version only for high-risk inputs
-        if (result.confidence >= 0.4) {
-            result.sanitizedInput = this.smartSanitize(input);
-        }
-        return result;
-    }
-    /**
-     * Analyze context to reduce false positives
-     */
-    analyzeContext(input, context) {
-        let score = 0;
-        // Check for legitimate business contexts
-        const businessContexts = [
-            "search",
-            "filter",
-            "name",
-            "description",
-            "comment",
-            "review",
-            "address",
-            "title",
-            "content",
-            "message",
-            "email",
-        ];
-        const isBusinessContext = businessContexts.some((ctx) => context.toLowerCase().includes(ctx));
-        this.mediumRiskPatterns.forEach((pattern, index) => {
-            const matches = input.match(pattern);
-            if (matches) {
-                let patternScore = 0.1 * matches.length;
-                // Reduce score for legitimate contexts
-                if (isBusinessContext) {
-                    patternScore *= 0.3; // Reduce by 70%
-                }
-                // Special handling for common false positives
-                if (index === 0 && isBusinessContext) {
-                    // SQL keywords in business text
-                    patternScore *= 0.1; // Very low weight for SQL keywords in business context
-                }
-                if (index === 2 || index === 3) {
-                    // Single quotes in names, descriptions
-                    if (context.includes("name") ||
-                        context.includes("description")) {
-                        patternScore *= 0.2;
-                    }
-                }
-                score += patternScore;
-            }
-        });
-        return score;
-    }
-    /**
-     * Calculate legitimacy score to offset false positives
-     */
-    calculateLegitimacyScore(input) {
-        let legitimacyScore = 0;
-        // Natural language indicators
-        const naturalWords = input.match(/\b[a-zA-Z]{3,}\b/g);
-        if (naturalWords && naturalWords.length > 2) {
-            legitimacyScore += 0.2; // Looks like natural text
-        }
-        // Check for common legitimate patterns
-        const legitimatePatterns = [
-            /^[A-Z][a-z]+\s[A-Z][a-z]+$/, // First Last name
-            /^[\w\.-]+@[\w\.-]+\.\w+$/, // Email
-            /^\d{1,5}\s\w+(\s\w+)*$/, // Address format
-            /^[A-Za-z0-9\s\-.,!?()]+$/, // Normal text with punctuation
-        ];
-        legitimatePatterns.forEach((pattern) => {
-            if (pattern.test(input)) {
-                legitimacyScore += 0.15;
-            }
-        });
-        // Length-based legitimacy (very short or very specific lengths are more suspicious)
-        if (input.length > 10 && input.length < 200) {
-            legitimacyScore += 0.1;
-        }
-        // Check for balanced quotes (legitimate text often has balanced quotes)
-        const singleQuotes = (input.match(/'/g) || []).length;
-        const doubleQuotes = (input.match(/"/g) || []).length;
-        if (singleQuotes % 2 === 0 && doubleQuotes % 2 === 0) {
-            legitimacyScore += 0.1;
-        }
-        return Math.min(legitimacyScore, 0.5); // Cap legitimacy score
-    }
-    /**
-     * Smart sanitization that preserves legitimate content
-     */
-    smartSanitize(input) {
-        if (!input)
-            return input;
-        let sanitized = input;
-        // Only remove obvious SQL injection patterns, not all SQL keywords
-        sanitized = sanitized.replace(/(--|#).*$/gm, ""); // Remove comment tails
-        sanitized = sanitized.replace(/\/\*.*?\*\//g, ""); // Remove /* */ comments
-        // Only escape quotes if they appear to be part of injection attempts
-        const suspiciousQuotes = /'(\s*(or|and|union|select)\s|;|\s*--)/gi;
-        sanitized = sanitized.replace(suspiciousQuotes, "''$1");
-        // Remove only dangerous control characters
-        sanitized = sanitized.replace(/[\x00\x1a]/g, "");
-        // Only remove semicolons if followed by SQL keywords
-        sanitized = sanitized.replace(/;(\s)*(drop|delete|insert|update|create|alter|union|select)/gi, " $2");
-        return sanitized.trim();
-    }
-    /**
-     * Validate and sanitize input, throwing error if malicious
-     */
-    validateAndSanitize(input, throwOnDetection = false) {
-        const result = this.detect(input);
-        if (result.isMalicious && throwOnDetection) {
-            throw new Error(`SQL injection attempt detected. Confidence: ${(result.confidence * 100).toFixed(1)}%. ` +
-                `Patterns: ${result.detectedPatterns.join(", ")}`);
-        }
-        return result.sanitizedInput || "";
-    }
-    /**
-     * Create parameterized query helper
-     */
-    createParameterizedQuery(query, params) {
-        // Simple parameterization helper
-        let parameterizedQuery = query;
-        const safeParams = [];
-        params.forEach((param, index) => {
-            if (typeof param === "string") {
-                const result = this.detect(param);
-                if (result.isMalicious) {
-                    throw new Error(`Parameter ${index} contains potential SQL injection`);
-                }
-                safeParams.push(result.sanitizedInput);
-            }
-            else {
-                safeParams.push(param);
-            }
-        });
-        return { query: parameterizedQuery, params: safeParams };
-    }
-    getHighRiskPatternName(index) {
-        const names = [
-            "Union-Select attack",
-            "Commented injection",
-            "Comment with semicolon",
-            "Enhanced boolean OR",
-            "Enhanced boolean AND",
-            "Quote-based boolean",
-            "Comment-obfuscated injection",
-            "Time-based delay",
-            "WAITFOR delay attack",
-            "System procedure call",
-            "Information schema query",
-            "DDL with semicolon",
-            "Hex-encoded injection",
-            "Quote sequence attack",
-            "Stacked query attack",
-        ];
-        return names[index] || `High-risk pattern ${index}`;
-    }
-    getHighRiskPatternWeight(index) {
-        // Higher weights for more definitive attack patterns
-        const weights = [
-            0.9, // Union-Select attack
-            0.8, // Commented injection
-            0.7, // Comment with semicolon
-            0.8, // Enhanced boolean OR
-            0.8, // Enhanced boolean AND
-            0.7, // Quote-based boolean
-            0.8, // Comment-obfuscated injection
-            0.9, // Time-based delay
-            0.8, // WAITFOR delay attack
-            0.8, // System procedure call
-            0.7, // Information schema query
-            0.9, // DDL with semicolon
-            0.6, // Hex-encoded injection
-            0.5, // Quote sequence attack
-            0.8, // Stacked query attack
-        ];
-        return weights[index] || 0.7;
-    }
-    logAttempt(input, result) {
-        console.warn(`SQL Injection Attempt Detected:`, {
-            timestamp: new Date().toISOString(),
-            input: input.substring(0, 100) + (input.length > 100 ? "..." : ""),
-            confidence: result.confidence,
-            patterns: result.detectedPatterns,
-        });
-    }
-    /**
-     * Update configuration
-     */
-    updateConfig(newConfig) {
-        this.config = { ...this.config, ...newConfig };
-    }
-    /**
-     * Get current configuration
-     */
-    getConfig() {
-        return { ...this.config };
-    }
-}
-
-export { SQLInjectionDetector as default };
-//# sourceMappingURL=sqlInjection.js.map