xypriss 3.2.1 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js +51 -8
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js +51 -8
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/package.json +1 -1
- package/dist/cjs/mods/security/src/core/crypt.js +0 -56
- package/dist/cjs/mods/security/src/core/crypt.js.map +0 -1
- package/dist/cjs/src/middleware/built-in/index.js +0 -325
- package/dist/cjs/src/middleware/built-in/index.js.map +0 -1
- package/dist/cjs/src/middleware/built-in/sqlInjection.js +0 -335
- package/dist/cjs/src/middleware/built-in/sqlInjection.js.map +0 -1
- package/dist/cjs/src/server/conf/rateLimitConfig.js +0 -35
- package/dist/cjs/src/server/conf/rateLimitConfig.js.map +0 -1
- package/dist/cjs/src/server/utils/wildcardMatcher.js +0 -92
- package/dist/cjs/src/server/utils/wildcardMatcher.js.map +0 -1
- package/dist/esm/mods/security/src/core/crypt.js +0 -54
- package/dist/esm/mods/security/src/core/crypt.js.map +0 -1
- package/dist/esm/src/middleware/built-in/index.js +0 -323
- package/dist/esm/src/middleware/built-in/index.js.map +0 -1
- package/dist/esm/src/middleware/built-in/sqlInjection.js +0 -333
- package/dist/esm/src/middleware/built-in/sqlInjection.js.map +0 -1
- package/dist/esm/src/server/conf/rateLimitConfig.js +0 -33
- package/dist/esm/src/server/conf/rateLimitConfig.js.map +0 -1
- package/dist/esm/src/server/utils/wildcardMatcher.js +0 -88
- package/dist/esm/src/server/utils/wildcardMatcher.js.map +0 -1
|
@@ -1,333 +0,0 @@
|
|
|
1
|
-
class SQLInjectionDetector {
|
|
2
|
-
constructor(config = {}) {
|
|
3
|
-
// High-confidence SQL injection patterns (more specific to reduce false positives)
|
|
4
|
-
this.highRiskPatterns = [
|
|
5
|
-
// Union attacks with SELECT
|
|
6
|
-
/(\s|^)(union|UNION)(\s)+(all\s+)?(select|SELECT)/gi,
|
|
7
|
-
// SQL comments at end of input or before SQL keywords
|
|
8
|
-
/(--|#|\/\*).*?(select|union|drop|delete|insert|update|create|alter)/gi,
|
|
9
|
-
/;(\s)*--.*/gi,
|
|
10
|
-
// Enhanced boolean injections (more comprehensive)
|
|
11
|
-
/(\s|^)(or|OR)(\s)+('?\d+'?\s*=\s*'?\d+'?|'[^']*'\s*=\s*'[^']*'|true|false)/gi,
|
|
12
|
-
/(\s|^)(and|AND)(\s)+('?\d+'?\s*=\s*'?\d+'?|'[^']*'\s*=\s*'[^']*'|true|false)/gi,
|
|
13
|
-
// Quote-based boolean injections
|
|
14
|
-
/'(\s)+(or|OR|and|AND)(\s)+'/gi,
|
|
15
|
-
// Comment-obfuscated patterns
|
|
16
|
-
/\/\*.*?\*\/(or|OR|and|AND)\/\*.*?\*\//gi,
|
|
17
|
-
// Time-based with specific syntax (enhanced)
|
|
18
|
-
/(sleep|SLEEP|waitfor|WAITFOR|delay|DELAY)\s*\(.*?\)/gi,
|
|
19
|
-
/(waitfor|WAITFOR)\s+(delay|DELAY)\s+'/gi,
|
|
20
|
-
// System stored procedures
|
|
21
|
-
/(exec|EXEC|execute|EXECUTE)\s+(sp_|xp_)\w+/gi,
|
|
22
|
-
// Information schema with specific queries
|
|
23
|
-
/(information_schema|INFORMATION_SCHEMA)\.(tables|columns|schemata)/gi,
|
|
24
|
-
// Dangerous DDL operations with semicolons
|
|
25
|
-
/;(\s)*(drop|DROP|delete|DELETE|truncate|TRUNCATE)\s+(table|database)/gi,
|
|
26
|
-
// Hex encoding of common injection strings
|
|
27
|
-
/0x(27|22|5C|2D|2D)/gi, // ', ", \, --
|
|
28
|
-
// Multiple quotes for quote breaking
|
|
29
|
-
/('{3,}|"{3,})/g,
|
|
30
|
-
// Stacked queries with dangerous operations
|
|
31
|
-
/;(\s)*(drop|delete|insert|update|create|alter)(\s)+/gi,
|
|
32
|
-
];
|
|
33
|
-
// Medium risk patterns (require context analysis)
|
|
34
|
-
this.mediumRiskPatterns = [
|
|
35
|
-
// Single SQL keywords (common in legitimate text)
|
|
36
|
-
/\b(select|union|drop|delete|insert|update|create|alter)\b/gi,
|
|
37
|
-
// Simple OR/AND conditions
|
|
38
|
-
/\b(or|and)\s+\w+\s*=\s*\w+/gi,
|
|
39
|
-
// Single quotes or double quotes
|
|
40
|
-
/'/g,
|
|
41
|
-
/"/g,
|
|
42
|
-
// Basic SQL comments
|
|
43
|
-
/(--|#)/g,
|
|
44
|
-
// Wildcards
|
|
45
|
-
/[%_]/g,
|
|
46
|
-
];
|
|
47
|
-
// Characters that are suspicious in certain contexts
|
|
48
|
-
this.contextSensitiveChars = /[';\"\\%_]/g;
|
|
49
|
-
this.config = {
|
|
50
|
-
strictMode: config.strictMode ?? false,
|
|
51
|
-
allowedChars: config.allowedChars ?? /^[a-zA-Z0-9\s\-@.!?,()]+$/,
|
|
52
|
-
maxLength: config.maxLength ?? 1000,
|
|
53
|
-
logAttempts: config.logAttempts ?? true,
|
|
54
|
-
contextualAnalysis: config.contextualAnalysis ?? true,
|
|
55
|
-
falsePositiveThreshold: config.falsePositiveThreshold ?? 0.6,
|
|
56
|
-
};
|
|
57
|
-
}
|
|
58
|
-
/**
|
|
59
|
-
* Main detection method with improved false positive handling
|
|
60
|
-
*/
|
|
61
|
-
detect(input, context) {
|
|
62
|
-
if (!input || typeof input !== "string") {
|
|
63
|
-
return {
|
|
64
|
-
isMalicious: false,
|
|
65
|
-
confidence: 0,
|
|
66
|
-
detectedPatterns: [],
|
|
67
|
-
riskLevel: "LOW",
|
|
68
|
-
};
|
|
69
|
-
}
|
|
70
|
-
const result = {
|
|
71
|
-
isMalicious: false,
|
|
72
|
-
confidence: 0,
|
|
73
|
-
detectedPatterns: [],
|
|
74
|
-
sanitizedInput: input,
|
|
75
|
-
riskLevel: "LOW",
|
|
76
|
-
};
|
|
77
|
-
// Check input length (very long inputs are suspicious)
|
|
78
|
-
if (input.length > this.config.maxLength) {
|
|
79
|
-
result.confidence += 0.2; // Reduced penalty for length
|
|
80
|
-
result.detectedPatterns.push("Excessive length");
|
|
81
|
-
}
|
|
82
|
-
// High-risk pattern analysis (strong indicators)
|
|
83
|
-
let highRiskScore = 0;
|
|
84
|
-
this.highRiskPatterns.forEach((pattern, index) => {
|
|
85
|
-
const matches = input.match(pattern);
|
|
86
|
-
if (matches) {
|
|
87
|
-
const patternName = this.getHighRiskPatternName(index);
|
|
88
|
-
result.detectedPatterns.push(`${patternName}: ${matches.join(", ")}`);
|
|
89
|
-
highRiskScore += this.getHighRiskPatternWeight(index);
|
|
90
|
-
}
|
|
91
|
-
});
|
|
92
|
-
// Medium-risk pattern analysis (context-dependent)
|
|
93
|
-
let mediumRiskScore = 0;
|
|
94
|
-
if (this.config.contextualAnalysis) {
|
|
95
|
-
mediumRiskScore = this.analyzeContext(input, context || "");
|
|
96
|
-
}
|
|
97
|
-
else {
|
|
98
|
-
// Basic medium risk analysis without context
|
|
99
|
-
this.mediumRiskPatterns.forEach((pattern, index) => {
|
|
100
|
-
const matches = input.match(pattern);
|
|
101
|
-
if (matches) {
|
|
102
|
-
mediumRiskScore += 0.1 * matches.length; // Lower weight for medium risk
|
|
103
|
-
}
|
|
104
|
-
});
|
|
105
|
-
}
|
|
106
|
-
// Contextual analysis for legitimate use cases
|
|
107
|
-
const legitimacyScore = this.calculateLegitimacyScore(input);
|
|
108
|
-
// Calculate confidence with false positive mitigation
|
|
109
|
-
const rawScore = highRiskScore + mediumRiskScore * 0.3;
|
|
110
|
-
result.confidence = Math.max(0, rawScore - legitimacyScore);
|
|
111
|
-
result.confidence = Math.min(result.confidence, 1.0);
|
|
112
|
-
// Determine risk level and malicious status
|
|
113
|
-
if (result.confidence >= 0.8) {
|
|
114
|
-
result.riskLevel = "CRITICAL";
|
|
115
|
-
result.isMalicious = true;
|
|
116
|
-
}
|
|
117
|
-
else if (result.confidence >= this.config.falsePositiveThreshold) {
|
|
118
|
-
result.riskLevel = "HIGH";
|
|
119
|
-
result.isMalicious = true;
|
|
120
|
-
}
|
|
121
|
-
else if (result.confidence >= 0.3) {
|
|
122
|
-
result.riskLevel = "MEDIUM";
|
|
123
|
-
result.isMalicious = false; // Don't block medium risk by default
|
|
124
|
-
}
|
|
125
|
-
else {
|
|
126
|
-
result.riskLevel = "LOW";
|
|
127
|
-
result.isMalicious = false;
|
|
128
|
-
}
|
|
129
|
-
// Log only high confidence attempts
|
|
130
|
-
if (this.config.logAttempts && result.confidence >= 0.7) {
|
|
131
|
-
this.logAttempt(input, result);
|
|
132
|
-
}
|
|
133
|
-
// Provide sanitized version only for high-risk inputs
|
|
134
|
-
if (result.confidence >= 0.4) {
|
|
135
|
-
result.sanitizedInput = this.smartSanitize(input);
|
|
136
|
-
}
|
|
137
|
-
return result;
|
|
138
|
-
}
|
|
139
|
-
/**
|
|
140
|
-
* Analyze context to reduce false positives
|
|
141
|
-
*/
|
|
142
|
-
analyzeContext(input, context) {
|
|
143
|
-
let score = 0;
|
|
144
|
-
// Check for legitimate business contexts
|
|
145
|
-
const businessContexts = [
|
|
146
|
-
"search",
|
|
147
|
-
"filter",
|
|
148
|
-
"name",
|
|
149
|
-
"description",
|
|
150
|
-
"comment",
|
|
151
|
-
"review",
|
|
152
|
-
"address",
|
|
153
|
-
"title",
|
|
154
|
-
"content",
|
|
155
|
-
"message",
|
|
156
|
-
"email",
|
|
157
|
-
];
|
|
158
|
-
const isBusinessContext = businessContexts.some((ctx) => context.toLowerCase().includes(ctx));
|
|
159
|
-
this.mediumRiskPatterns.forEach((pattern, index) => {
|
|
160
|
-
const matches = input.match(pattern);
|
|
161
|
-
if (matches) {
|
|
162
|
-
let patternScore = 0.1 * matches.length;
|
|
163
|
-
// Reduce score for legitimate contexts
|
|
164
|
-
if (isBusinessContext) {
|
|
165
|
-
patternScore *= 0.3; // Reduce by 70%
|
|
166
|
-
}
|
|
167
|
-
// Special handling for common false positives
|
|
168
|
-
if (index === 0 && isBusinessContext) {
|
|
169
|
-
// SQL keywords in business text
|
|
170
|
-
patternScore *= 0.1; // Very low weight for SQL keywords in business context
|
|
171
|
-
}
|
|
172
|
-
if (index === 2 || index === 3) {
|
|
173
|
-
// Single quotes in names, descriptions
|
|
174
|
-
if (context.includes("name") ||
|
|
175
|
-
context.includes("description")) {
|
|
176
|
-
patternScore *= 0.2;
|
|
177
|
-
}
|
|
178
|
-
}
|
|
179
|
-
score += patternScore;
|
|
180
|
-
}
|
|
181
|
-
});
|
|
182
|
-
return score;
|
|
183
|
-
}
|
|
184
|
-
/**
|
|
185
|
-
* Calculate legitimacy score to offset false positives
|
|
186
|
-
*/
|
|
187
|
-
calculateLegitimacyScore(input) {
|
|
188
|
-
let legitimacyScore = 0;
|
|
189
|
-
// Natural language indicators
|
|
190
|
-
const naturalWords = input.match(/\b[a-zA-Z]{3,}\b/g);
|
|
191
|
-
if (naturalWords && naturalWords.length > 2) {
|
|
192
|
-
legitimacyScore += 0.2; // Looks like natural text
|
|
193
|
-
}
|
|
194
|
-
// Check for common legitimate patterns
|
|
195
|
-
const legitimatePatterns = [
|
|
196
|
-
/^[A-Z][a-z]+\s[A-Z][a-z]+$/, // First Last name
|
|
197
|
-
/^[\w\.-]+@[\w\.-]+\.\w+$/, // Email
|
|
198
|
-
/^\d{1,5}\s\w+(\s\w+)*$/, // Address format
|
|
199
|
-
/^[A-Za-z0-9\s\-.,!?()]+$/, // Normal text with punctuation
|
|
200
|
-
];
|
|
201
|
-
legitimatePatterns.forEach((pattern) => {
|
|
202
|
-
if (pattern.test(input)) {
|
|
203
|
-
legitimacyScore += 0.15;
|
|
204
|
-
}
|
|
205
|
-
});
|
|
206
|
-
// Length-based legitimacy (very short or very specific lengths are more suspicious)
|
|
207
|
-
if (input.length > 10 && input.length < 200) {
|
|
208
|
-
legitimacyScore += 0.1;
|
|
209
|
-
}
|
|
210
|
-
// Check for balanced quotes (legitimate text often has balanced quotes)
|
|
211
|
-
const singleQuotes = (input.match(/'/g) || []).length;
|
|
212
|
-
const doubleQuotes = (input.match(/"/g) || []).length;
|
|
213
|
-
if (singleQuotes % 2 === 0 && doubleQuotes % 2 === 0) {
|
|
214
|
-
legitimacyScore += 0.1;
|
|
215
|
-
}
|
|
216
|
-
return Math.min(legitimacyScore, 0.5); // Cap legitimacy score
|
|
217
|
-
}
|
|
218
|
-
/**
|
|
219
|
-
* Smart sanitization that preserves legitimate content
|
|
220
|
-
*/
|
|
221
|
-
smartSanitize(input) {
|
|
222
|
-
if (!input)
|
|
223
|
-
return input;
|
|
224
|
-
let sanitized = input;
|
|
225
|
-
// Only remove obvious SQL injection patterns, not all SQL keywords
|
|
226
|
-
sanitized = sanitized.replace(/(--|#).*$/gm, ""); // Remove comment tails
|
|
227
|
-
sanitized = sanitized.replace(/\/\*.*?\*\//g, ""); // Remove /* */ comments
|
|
228
|
-
// Only escape quotes if they appear to be part of injection attempts
|
|
229
|
-
const suspiciousQuotes = /'(\s*(or|and|union|select)\s|;|\s*--)/gi;
|
|
230
|
-
sanitized = sanitized.replace(suspiciousQuotes, "''$1");
|
|
231
|
-
// Remove only dangerous control characters
|
|
232
|
-
sanitized = sanitized.replace(/[\x00\x1a]/g, "");
|
|
233
|
-
// Only remove semicolons if followed by SQL keywords
|
|
234
|
-
sanitized = sanitized.replace(/;(\s)*(drop|delete|insert|update|create|alter|union|select)/gi, " $2");
|
|
235
|
-
return sanitized.trim();
|
|
236
|
-
}
|
|
237
|
-
/**
|
|
238
|
-
* Validate and sanitize input, throwing error if malicious
|
|
239
|
-
*/
|
|
240
|
-
validateAndSanitize(input, throwOnDetection = false) {
|
|
241
|
-
const result = this.detect(input);
|
|
242
|
-
if (result.isMalicious && throwOnDetection) {
|
|
243
|
-
throw new Error(`SQL injection attempt detected. Confidence: ${(result.confidence * 100).toFixed(1)}%. ` +
|
|
244
|
-
`Patterns: ${result.detectedPatterns.join(", ")}`);
|
|
245
|
-
}
|
|
246
|
-
return result.sanitizedInput || "";
|
|
247
|
-
}
|
|
248
|
-
/**
|
|
249
|
-
* Create parameterized query helper
|
|
250
|
-
*/
|
|
251
|
-
createParameterizedQuery(query, params) {
|
|
252
|
-
// Simple parameterization helper
|
|
253
|
-
let parameterizedQuery = query;
|
|
254
|
-
const safeParams = [];
|
|
255
|
-
params.forEach((param, index) => {
|
|
256
|
-
if (typeof param === "string") {
|
|
257
|
-
const result = this.detect(param);
|
|
258
|
-
if (result.isMalicious) {
|
|
259
|
-
throw new Error(`Parameter ${index} contains potential SQL injection`);
|
|
260
|
-
}
|
|
261
|
-
safeParams.push(result.sanitizedInput);
|
|
262
|
-
}
|
|
263
|
-
else {
|
|
264
|
-
safeParams.push(param);
|
|
265
|
-
}
|
|
266
|
-
});
|
|
267
|
-
return { query: parameterizedQuery, params: safeParams };
|
|
268
|
-
}
|
|
269
|
-
getHighRiskPatternName(index) {
|
|
270
|
-
const names = [
|
|
271
|
-
"Union-Select attack",
|
|
272
|
-
"Commented injection",
|
|
273
|
-
"Comment with semicolon",
|
|
274
|
-
"Enhanced boolean OR",
|
|
275
|
-
"Enhanced boolean AND",
|
|
276
|
-
"Quote-based boolean",
|
|
277
|
-
"Comment-obfuscated injection",
|
|
278
|
-
"Time-based delay",
|
|
279
|
-
"WAITFOR delay attack",
|
|
280
|
-
"System procedure call",
|
|
281
|
-
"Information schema query",
|
|
282
|
-
"DDL with semicolon",
|
|
283
|
-
"Hex-encoded injection",
|
|
284
|
-
"Quote sequence attack",
|
|
285
|
-
"Stacked query attack",
|
|
286
|
-
];
|
|
287
|
-
return names[index] || `High-risk pattern ${index}`;
|
|
288
|
-
}
|
|
289
|
-
getHighRiskPatternWeight(index) {
|
|
290
|
-
// Higher weights for more definitive attack patterns
|
|
291
|
-
const weights = [
|
|
292
|
-
0.9, // Union-Select attack
|
|
293
|
-
0.8, // Commented injection
|
|
294
|
-
0.7, // Comment with semicolon
|
|
295
|
-
0.8, // Enhanced boolean OR
|
|
296
|
-
0.8, // Enhanced boolean AND
|
|
297
|
-
0.7, // Quote-based boolean
|
|
298
|
-
0.8, // Comment-obfuscated injection
|
|
299
|
-
0.9, // Time-based delay
|
|
300
|
-
0.8, // WAITFOR delay attack
|
|
301
|
-
0.8, // System procedure call
|
|
302
|
-
0.7, // Information schema query
|
|
303
|
-
0.9, // DDL with semicolon
|
|
304
|
-
0.6, // Hex-encoded injection
|
|
305
|
-
0.5, // Quote sequence attack
|
|
306
|
-
0.8, // Stacked query attack
|
|
307
|
-
];
|
|
308
|
-
return weights[index] || 0.7;
|
|
309
|
-
}
|
|
310
|
-
logAttempt(input, result) {
|
|
311
|
-
console.warn(`SQL Injection Attempt Detected:`, {
|
|
312
|
-
timestamp: new Date().toISOString(),
|
|
313
|
-
input: input.substring(0, 100) + (input.length > 100 ? "..." : ""),
|
|
314
|
-
confidence: result.confidence,
|
|
315
|
-
patterns: result.detectedPatterns,
|
|
316
|
-
});
|
|
317
|
-
}
|
|
318
|
-
/**
|
|
319
|
-
* Update configuration
|
|
320
|
-
*/
|
|
321
|
-
updateConfig(newConfig) {
|
|
322
|
-
this.config = { ...this.config, ...newConfig };
|
|
323
|
-
}
|
|
324
|
-
/**
|
|
325
|
-
* Get current configuration
|
|
326
|
-
*/
|
|
327
|
-
getConfig() {
|
|
328
|
-
return { ...this.config };
|
|
329
|
-
}
|
|
330
|
-
}
|
|
331
|
-
|
|
332
|
-
export { SQLInjectionDetector as default };
|
|
333
|
-
//# sourceMappingURL=sqlInjection.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sqlInjection.js","sources":["../../../../../src/middleware/built-in/sqlInjection.ts"],"sourcesContent":[null],"names":[],"mappings":"AAiBA,MAAM,oBAAoB,CAAA;AAmEtB,IAAA,WAAA,CAAY,SAA6B,EAAE,EAAA;;AA/D1B,QAAA,IAAA,CAAA,gBAAgB,GAAG;;YAEhC,oDAAoD;;YAGpD,uEAAuE;YACvE,cAAc;;YAGd,8EAA8E;YAC9E,gFAAgF;;YAGhF,+BAA+B;;YAG/B,yCAAyC;;YAGzC,uDAAuD;YACvD,yCAAyC;;YAGzC,8CAA8C;;YAG9C,sEAAsE;;YAGtE,wEAAwE;;AAGxE,YAAA,sBAAsB;;YAGtB,gBAAgB;;YAGhB,uDAAuD;SAC1D,CAAC;;AAGe,QAAA,IAAA,CAAA,kBAAkB,GAAG;;YAElC,6DAA6D;;YAG7D,8BAA8B;;YAG9B,IAAI;YACJ,IAAI;;YAGJ,SAAS;;YAGT,OAAO;SACV,CAAC;;QAGe,IAAqB,CAAA,qBAAA,GAAG,aAAa,CAAC;QAGnD,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;AACtC,YAAA,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,2BAA2B;AAChE,YAAA,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;AACnC,YAAA,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;AACvC,YAAA,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,IAAI;AACrD,YAAA,sBAAsB,EAAE,MAAM,CAAC,sBAAsB,IAAI,GAAG;SAC/D,CAAC;KACL;AAED;;AAEG;IACH,MAAM,CACF,KAAgC,EAChC,OAAgB,EAAA;QAEhB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YACrC,OAAO;AACH,gBAAA,WAAW,EAAE,KAAK;AAClB,gBAAA,UAAU,EAAE,CAAC;AACb,gBAAA,gBAAgB,EAAE,EAAE;AACpB,gBAAA,SAAS,EAAE,KAAK;aACnB,CAAC;SACL;AAED,QAAA,MAAM,MAAM,GAAoB;AAC5B,YAAA,WAAW,EAAE,KAAK;AAClB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,gBAAgB,EAAE,EAAE;AACpB,YAAA,cAAc,EAAE,KAAK;AACrB,YAAA,SAAS,EAAE,KAAK;SACnB,CAAC;;QAGF,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;AACtC,YAAA,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;AACzB,YAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;SACpD;;QAGD,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;gBACT,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvD,gBAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CACxB,GAAG,WAAW,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAC1C,CAAC;AACF,gBAAA,aAAa,IAAI,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;aACzD;AACL,SAAC,CAAC,CAAC;;QAGH,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE;YAChC,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC;SAC/D;aAAM;;YAEH,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;gBAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACrC,IAAI,OAAO,EAAE;oBACT,eAAe,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;iBAC3C;AACL,aAAC,CAAC,CAAC;SACN;;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;;AAG7D,QAAA,MAAM,QAAQ,GAAG,aAAa,GAAG,eAAe,GAAG,GAAG,CAAC;AACvD,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,GAAG,eAAe,CAAC,CAAC;AAC5D,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;;AAGrD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AAC1B,YAAA,MAAM,CAAC,SAAS,GAAG,UAAU,CAAC;AAC9B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;aAAM,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;AAChE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;AAC1B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;AAAM,aAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACjC,YAAA,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;AAC5B,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;aAAM;AACH,YAAA,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;AACzB,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACrD,YAAA,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;SAClC;;AAGD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;SACrD;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAED;;AAEG;IACK,cAAc,CAAC,KAAa,EAAE,OAAe,EAAA;QACjD,IAAI,KAAK,GAAG,CAAC,CAAC;;AAGd,QAAA,MAAM,gBAAgB,GAAG;YACrB,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,aAAa;YACb,SAAS;YACT,QAAQ;YACR,SAAS;YACT,OAAO;YACP,SAAS;YACT,SAAS;YACT,OAAO;SACV,CAAC;QAEF,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,KAChD,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;AACT,gBAAA,IAAI,YAAY,GAAG,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;;gBAGxC,IAAI,iBAAiB,EAAE;AACnB,oBAAA,YAAY,IAAI,GAAG,CAAC;iBACvB;;AAGD,gBAAA,IAAI,KAAK,KAAK,CAAC,IAAI,iBAAiB,EAAE;;AAElC,oBAAA,YAAY,IAAI,GAAG,CAAC;iBACvB;gBAED,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,EAAE;;AAE5B,oBAAA,IACI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;AACxB,wBAAA,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EACjC;wBACE,YAAY,IAAI,GAAG,CAAC;qBACvB;iBACJ;gBAED,KAAK,IAAI,YAAY,CAAC;aACzB;AACL,SAAC,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAAa,EAAA;QAC1C,IAAI,eAAe,GAAG,CAAC,CAAC;;QAGxB,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACtD,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AACzC,YAAA,eAAe,IAAI,GAAG,CAAC;SAC1B;;AAGD,QAAA,MAAM,kBAAkB,GAAG;AACvB,YAAA,4BAA4B;AAC5B,YAAA,0BAA0B;AAC1B,YAAA,wBAAwB;AACxB,YAAA,0BAA0B;SAC7B,CAAC;AAEF,QAAA,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,KAAI;AACnC,YAAA,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;gBACrB,eAAe,IAAI,IAAI,CAAC;aAC3B;AACL,SAAC,CAAC,CAAC;;AAGH,QAAA,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE;YACzC,eAAe,IAAI,GAAG,CAAC;SAC1B;;AAGD,QAAA,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC;AACtD,QAAA,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC;AACtD,QAAA,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC,EAAE;YAClD,eAAe,IAAI,GAAG,CAAC;SAC1B;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;KACzC;AAED;;AAEG;AACH,IAAA,aAAa,CAAC,KAAa,EAAA;AACvB,QAAA,IAAI,CAAC,KAAK;AAAE,YAAA,OAAO,KAAK,CAAC;QAEzB,IAAI,SAAS,GAAG,KAAK,CAAC;;QAGtB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;;QAGlD,MAAM,gBAAgB,GAAG,yCAAyC,CAAC;QACnE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;;QAGxD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;;QAGjD,SAAS,GAAG,SAAS,CAAC,OAAO,CACzB,+DAA+D,EAC/D,KAAK,CACR,CAAC;AAEF,QAAA,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;KAC3B;AAED;;AAEG;AACH,IAAA,mBAAmB,CACf,KAAa,EACb,gBAAA,GAA4B,KAAK,EAAA;QAEjC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAElC,QAAA,IAAI,MAAM,CAAC,WAAW,IAAI,gBAAgB,EAAE;AACxC,YAAA,MAAM,IAAI,KAAK,CACX,CAA+C,4CAAA,EAAA,CAC3C,MAAM,CAAC,UAAU,GAAG,GAAG,EACzB,OAAO,CAAC,CAAC,CAAC,CAAK,GAAA,CAAA;gBACb,CAAa,UAAA,EAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,CAAA,CACxD,CAAC;SACL;AAED,QAAA,OAAO,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC;KACtC;AAED;;AAEG;IACH,wBAAwB,CACpB,KAAa,EACb,MAAa,EAAA;;QAGb,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,MAAM,UAAU,GAAU,EAAE,CAAC;QAE7B,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,KAAK,KAAI;AAC5B,YAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;gBAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClC,gBAAA,IAAI,MAAM,CAAC,WAAW,EAAE;AACpB,oBAAA,MAAM,IAAI,KAAK,CACX,aAAa,KAAK,CAAA,iCAAA,CAAmC,CACxD,CAAC;iBACL;AACD,gBAAA,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;aAC1C;iBAAM;AACH,gBAAA,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aAC1B;AACL,SAAC,CAAC,CAAC;QAEH,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;KAC5D;AAEO,IAAA,sBAAsB,CAAC,KAAa,EAAA;AACxC,QAAA,MAAM,KAAK,GAAG;YACV,qBAAqB;YACrB,qBAAqB;YACrB,wBAAwB;YACxB,qBAAqB;YACrB,sBAAsB;YACtB,qBAAqB;YACrB,8BAA8B;YAC9B,kBAAkB;YAClB,sBAAsB;YACtB,uBAAuB;YACvB,0BAA0B;YAC1B,oBAAoB;YACpB,uBAAuB;YACvB,uBAAuB;YACvB,sBAAsB;SACzB,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAqB,kBAAA,EAAA,KAAK,EAAE,CAAC;KACvD;AAEO,IAAA,wBAAwB,CAAC,KAAa,EAAA;;AAE1C,QAAA,MAAM,OAAO,GAAG;AACZ,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;SACN,CAAC;AACF,QAAA,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC;KAChC;IAEO,UAAU,CAAC,KAAa,EAAE,MAAuB,EAAA;AACrD,QAAA,OAAO,CAAC,IAAI,CAAC,CAAA,+BAAA,CAAiC,EAAE;AAC5C,YAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,GAAG,KAAK,GAAG,EAAE,CAAC;YAClE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,gBAAgB;AACpC,SAAA,CAAC,CAAC;KACN;AAED;;AAEG;AACH,IAAA,YAAY,CAAC,SAAsC,EAAA;AAC/C,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;AAED;;AAEG;IACH,SAAS,GAAA;AACL,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
const rateLimitConfig = (cf) => {
|
|
2
|
-
return {
|
|
3
|
-
enabled: cf?.rateLimit?.enabled ?? true,
|
|
4
|
-
strategy: cf?.rateLimit?.strategy ?? "sliding-window",
|
|
5
|
-
global: {
|
|
6
|
-
requests: cf?.rateLimit?.global?.requests ?? 1000,
|
|
7
|
-
window: cf?.rateLimit?.global?.window ?? "1h",
|
|
8
|
-
},
|
|
9
|
-
perIP: {
|
|
10
|
-
requests: cf?.rateLimit?.perIP?.requests ?? 100,
|
|
11
|
-
window: cf?.rateLimit?.perIP?.window ?? "1m",
|
|
12
|
-
},
|
|
13
|
-
perUser: cf?.rateLimit?.perUser
|
|
14
|
-
? {
|
|
15
|
-
requests: cf?.rateLimit.perUser.requests ?? 50,
|
|
16
|
-
window: cf?.rateLimit.perUser.window ?? "1m",
|
|
17
|
-
}
|
|
18
|
-
: undefined,
|
|
19
|
-
headers: cf?.rateLimit?.headers,
|
|
20
|
-
redis: cf?.rateLimit?.redis
|
|
21
|
-
? {
|
|
22
|
-
host: cf?.rateLimit.redis.host ?? "localhost",
|
|
23
|
-
port: cf?.rateLimit.redis.port ?? 6379,
|
|
24
|
-
password: cf?.rateLimit.redis.password,
|
|
25
|
-
db: cf?.rateLimit.redis.db ?? 0,
|
|
26
|
-
keyPrefix: cf?.rateLimit.redis.keyPrefix ?? "xypriss:ratelimit:",
|
|
27
|
-
}
|
|
28
|
-
: undefined,
|
|
29
|
-
};
|
|
30
|
-
};
|
|
31
|
-
|
|
32
|
-
export { rateLimitConfig };
|
|
33
|
-
//# sourceMappingURL=rateLimitConfig.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rateLimitConfig.js","sources":["../../../../../src/server/conf/rateLimitConfig.ts"],"sourcesContent":[null],"names":[],"mappings":"AAEa,MAAA,eAAe,GAAG,CAAC,EAA4B,KAAI;IAC5D,OAAO;AACH,QAAA,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,IAAI,IAAI;AACvC,QAAA,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,QAAQ,IAAI,gBAAgB;AACrD,QAAA,MAAM,EAAE;YACJ,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,IAAI,IAAI;YACjD,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,IAAI,IAAI;AAChD,SAAA;AACD,QAAA,KAAK,EAAE;YACH,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,IAAI,GAAG;YAC/C,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,IAAI,IAAI;AAC/C,SAAA;AACD,QAAA,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO;AAC3B,cAAE;gBACI,QAAQ,EAAE,EAAE,EAAE,SAAS,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAC9C,MAAM,EAAE,EAAE,EAAE,SAAS,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI;AAC/C,aAAA;AACH,cAAE,SAAS;AACf,QAAA,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO;AAC/B,QAAA,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK;AACvB,cAAE;gBACI,IAAI,EAAE,EAAE,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,IAAI,WAAW;gBAC7C,IAAI,EAAE,EAAE,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI;AACtC,gBAAA,QAAQ,EAAE,EAAE,EAAE,SAAS,CAAC,KAAK,CAAC,QAAQ;gBACtC,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC;gBAC/B,SAAS,EACL,EAAE,EAAE,SAAS,CAAC,KAAK,CAAC,SAAS,IAAI,oBAAoB;AAC5D,aAAA;AACH,cAAE,SAAS;KAClB,CAAC;AACN;;;;"}
|
|
@@ -1,88 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Wildcard pattern matching utility for CORS origins
|
|
3
|
-
*
|
|
4
|
-
* Supports patterns like:
|
|
5
|
-
* - "localhost:*" matches "localhost:3000", "localhost:8080", etc.
|
|
6
|
-
* - "*.example.com" matches "api.example.com", "app.example.com", etc.
|
|
7
|
-
* - "127.0.0.1:*" matches "127.0.0.1:3000", "127.0.0.1:8080", etc.
|
|
8
|
-
* - "::1:*" matches "::1:3000", "::1:8080", etc.
|
|
9
|
-
*/
|
|
10
|
-
/**
|
|
11
|
-
* Converts a wildcard pattern to a regular expression
|
|
12
|
-
* @param pattern - The wildcard pattern (e.g., "localhost:*", "*.example.com")
|
|
13
|
-
* @returns RegExp object for matching
|
|
14
|
-
*/
|
|
15
|
-
function patternToRegex(pattern) {
|
|
16
|
-
// Escape special regex characters except for *
|
|
17
|
-
const escaped = pattern
|
|
18
|
-
.replace(/[.+?^${}()|[\]\\]/g, '\\$&') // Escape special chars
|
|
19
|
-
.replace(/\*/g, '.*'); // Replace * with .*
|
|
20
|
-
// Ensure exact match with ^ and $
|
|
21
|
-
return new RegExp(`^${escaped}$`, 'i'); // Case insensitive
|
|
22
|
-
}
|
|
23
|
-
/**
|
|
24
|
-
* Checks if an origin matches a wildcard pattern
|
|
25
|
-
* @param origin - The origin to check (e.g., "http://localhost:3000")
|
|
26
|
-
* @param pattern - The wildcard pattern (e.g., "localhost:*")
|
|
27
|
-
* @returns true if the origin matches the pattern
|
|
28
|
-
*/
|
|
29
|
-
function matchesWildcardPattern(origin, pattern) {
|
|
30
|
-
// Handle exact matches first (no wildcards)
|
|
31
|
-
if (!pattern.includes('*')) {
|
|
32
|
-
return origin === pattern || origin.includes(pattern);
|
|
33
|
-
}
|
|
34
|
-
// Extract the host:port part from the origin URL
|
|
35
|
-
let originHost;
|
|
36
|
-
try {
|
|
37
|
-
const url = new URL(origin);
|
|
38
|
-
originHost = url.host; // This includes both hostname and port
|
|
39
|
-
// Special handling for default ports
|
|
40
|
-
if (url.protocol === 'https:' && url.port === '' && url.hostname === 'localhost') {
|
|
41
|
-
originHost = 'localhost:443';
|
|
42
|
-
}
|
|
43
|
-
else if (url.protocol === 'http:' && url.port === '' && url.hostname === 'localhost') {
|
|
44
|
-
originHost = 'localhost:80';
|
|
45
|
-
}
|
|
46
|
-
// Handle IPv6 addresses - remove brackets for pattern matching
|
|
47
|
-
if (url.hostname.startsWith('[') && url.hostname.endsWith(']')) {
|
|
48
|
-
const ipv6Host = url.hostname.slice(1, -1); // Remove brackets
|
|
49
|
-
originHost = url.port ? `${ipv6Host}:${url.port}` : ipv6Host;
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
catch {
|
|
53
|
-
// If it's not a valid URL, treat it as a host:port string
|
|
54
|
-
originHost = origin;
|
|
55
|
-
}
|
|
56
|
-
const regex = patternToRegex(pattern);
|
|
57
|
-
return regex.test(originHost);
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Checks if an origin is allowed based on an array of patterns
|
|
61
|
-
* @param origin - The origin to check
|
|
62
|
-
* @param allowedOrigins - Array of allowed origins (can include wildcards)
|
|
63
|
-
* @returns true if the origin is allowed
|
|
64
|
-
*/
|
|
65
|
-
function isOriginAllowed(origin, allowedOrigins) {
|
|
66
|
-
if (!origin || !allowedOrigins || allowedOrigins.length === 0) {
|
|
67
|
-
return false;
|
|
68
|
-
}
|
|
69
|
-
return allowedOrigins.some(pattern => matchesWildcardPattern(origin, pattern));
|
|
70
|
-
}
|
|
71
|
-
/**
|
|
72
|
-
* Creates a CORS origin function that supports wildcard patterns
|
|
73
|
-
* @param allowedOrigins - Array of allowed origins (can include wildcards)
|
|
74
|
-
* @returns Function compatible with cors middleware
|
|
75
|
-
*/
|
|
76
|
-
function createWildcardOriginFunction(allowedOrigins) {
|
|
77
|
-
return (origin, callback) => {
|
|
78
|
-
// Allow requests with no origin (like mobile apps or curl requests)
|
|
79
|
-
if (!origin) {
|
|
80
|
-
return callback(null, true);
|
|
81
|
-
}
|
|
82
|
-
const allowed = isOriginAllowed(origin, allowedOrigins);
|
|
83
|
-
callback(null, allowed);
|
|
84
|
-
};
|
|
85
|
-
}
|
|
86
|
-
|
|
87
|
-
export { createWildcardOriginFunction, isOriginAllowed, matchesWildcardPattern };
|
|
88
|
-
//# sourceMappingURL=wildcardMatcher.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"wildcardMatcher.js","sources":["../../../../../src/server/utils/wildcardMatcher.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA;;;;;;;;AAQG;AAEH;;;;AAIG;AACH,SAAS,cAAc,CAAC,OAAe,EAAA;;IAEnC,MAAM,OAAO,GAAG,OAAO;AAClB,SAAA,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC;AACrC,SAAA,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;;IAG1B,OAAO,IAAI,MAAM,CAAC,CAAI,CAAA,EAAA,OAAO,CAAG,CAAA,CAAA,EAAE,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;AAKG;AACa,SAAA,sBAAsB,CAAC,MAAc,EAAE,OAAe,EAAA;;IAElE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACxB,OAAO,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;KACzD;;AAGD,IAAA,IAAI,UAAkB,CAAC;AACvB,IAAA,IAAI;AACA,QAAA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;AAC5B,QAAA,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;;AAGtB,QAAA,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE;YAC9E,UAAU,GAAG,eAAe,CAAC;SAChC;AAAM,aAAA,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE;YACpF,UAAU,GAAG,cAAc,CAAC;SAC/B;;AAGD,QAAA,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;AAC5D,YAAA,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC3C,YAAA,UAAU,GAAG,GAAG,CAAC,IAAI,GAAG,CAAG,EAAA,QAAQ,CAAI,CAAA,EAAA,GAAG,CAAC,IAAI,CAAA,CAAE,GAAG,QAAQ,CAAC;SAChE;KACJ;AAAC,IAAA,MAAM;;QAEJ,UAAU,GAAG,MAAM,CAAC;KACvB;AAED,IAAA,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,IAAA,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClC,CAAC;AAED;;;;;AAKG;AACa,SAAA,eAAe,CAAC,MAAc,EAAE,cAAwB,EAAA;AACpE,IAAA,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;AAC3D,QAAA,OAAO,KAAK,CAAC;KAChB;AAED,IAAA,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,IAAI,sBAAsB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AACnF,CAAC;AAED;;;;AAIG;AACG,SAAU,4BAA4B,CAAC,cAAwB,EAAA;AACjE,IAAA,OAAO,CAAC,MAA0B,EAAE,QAAsD,KAAI;;QAE1F,IAAI,CAAC,MAAM,EAAE;AACT,YAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;SAC/B;QAED,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACxD,QAAA,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,KAAC,CAAC;AACN;;;;"}
|