xypriss 9.10.22 → 9.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +42 -37
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js +5 -4
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/cjs/src/middleware/security-middleware.js +95 -79
- package/dist/cjs/src/middleware/security-middleware.js.map +1 -1
- package/dist/cjs/src/server/components/static/XStatic.js +51 -13
- package/dist/cjs/src/server/components/static/XStatic.js.map +1 -1
- package/dist/cjs/src/server/const/default.js +15 -6
- package/dist/cjs/src/server/const/default.js.map +1 -1
- package/dist/cjs/src/server/const/internalFlags.js +8 -4
- package/dist/cjs/src/server/const/internalFlags.js.map +1 -1
- package/dist/cjs/src/server/core/ResponseEnhancer.js +1 -1
- package/dist/cjs/src/server/core/ResponseEnhancer.js.map +1 -1
- package/dist/cjs/src/server/core/SendFileHandler.js +5 -1
- package/dist/cjs/src/server/core/SendFileHandler.js.map +1 -1
- package/dist/cjs/src/server/core/XHSCBridge/cmd/buildPerformanceArgs.js +13 -10
- package/dist/cjs/src/server/core/XHSCBridge/cmd/buildPerformanceArgs.js.map +1 -1
- package/dist/cjs/src/server/core/XHSCBridge/cmd/buildWorkerPoolArgs.js +20 -10
- package/dist/cjs/src/server/core/XHSCBridge/cmd/buildWorkerPoolArgs.js.map +1 -1
- package/dist/cjs/src/server/core/XHSCProtocol.js +12 -4
- package/dist/cjs/src/server/core/XHSCProtocol.js.map +1 -1
- package/dist/cjs/src/server/middleware/MiddlewareManager.js +25 -11
- package/dist/cjs/src/server/middleware/MiddlewareManager.js.map +1 -1
- package/dist/cjs/src/utils/Send.js +491 -38
- package/dist/cjs/src/utils/Send.js.map +1 -1
- package/dist/cjs/src/xhsc/cluster/XHSCWorker.js +99 -37
- package/dist/cjs/src/xhsc/cluster/XHSCWorker.js.map +1 -1
- package/dist/cjs/src/xhsc/cluster/xbp.js +210 -0
- package/dist/cjs/src/xhsc/cluster/xbp.js.map +1 -0
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js +5 -4
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/esm/src/middleware/security-middleware.js +95 -79
- package/dist/esm/src/middleware/security-middleware.js.map +1 -1
- package/dist/esm/src/server/components/static/XStatic.js +51 -13
- package/dist/esm/src/server/components/static/XStatic.js.map +1 -1
- package/dist/esm/src/server/const/default.js +15 -6
- package/dist/esm/src/server/const/default.js.map +1 -1
- package/dist/esm/src/server/const/internalFlags.js +8 -4
- package/dist/esm/src/server/const/internalFlags.js.map +1 -1
- package/dist/esm/src/server/core/ResponseEnhancer.js +1 -1
- package/dist/esm/src/server/core/ResponseEnhancer.js.map +1 -1
- package/dist/esm/src/server/core/SendFileHandler.js +5 -1
- package/dist/esm/src/server/core/SendFileHandler.js.map +1 -1
- package/dist/esm/src/server/core/XHSCBridge/cmd/buildPerformanceArgs.js +13 -10
- package/dist/esm/src/server/core/XHSCBridge/cmd/buildPerformanceArgs.js.map +1 -1
- package/dist/esm/src/server/core/XHSCBridge/cmd/buildWorkerPoolArgs.js +20 -10
- package/dist/esm/src/server/core/XHSCBridge/cmd/buildWorkerPoolArgs.js.map +1 -1
- package/dist/esm/src/server/core/XHSCProtocol.js +12 -4
- package/dist/esm/src/server/core/XHSCProtocol.js.map +1 -1
- package/dist/esm/src/server/middleware/MiddlewareManager.js +25 -11
- package/dist/esm/src/server/middleware/MiddlewareManager.js.map +1 -1
- package/dist/esm/src/utils/Send.js +491 -38
- package/dist/esm/src/utils/Send.js.map +1 -1
- package/dist/esm/src/xhsc/cluster/XHSCWorker.js +99 -37
- package/dist/esm/src/xhsc/cluster/XHSCWorker.js.map +1 -1
- package/dist/esm/src/xhsc/cluster/xbp.js +207 -0
- package/dist/esm/src/xhsc/cluster/xbp.js.map +1 -0
- package/dist/index.d.ts +435 -205
- package/package.json +42 -38
package/README.md
CHANGED
|
@@ -11,7 +11,7 @@ _Stop Coding Backends. Start Deploying Fortresses._
|
|
|
11
11
|
[](https://dll.nehonix.com/licenses/NOSL/v2)
|
|
12
12
|
[](https://nehonix.com)
|
|
13
13
|
|
|
14
|
-
[Quick Start](https://xypriss.nehonix.com/docs/
|
|
14
|
+
[Quick Start](https://xypriss.nehonix.com/docs/quick-start) • [Documentation](https://xypriss.nehonix.com/docs/) • [Examples](https://xypriss.nehonix.com/docs/EXAMPLES) • [API Reference](https://xypriss.nehonix.com/docs/api-reference)
|
|
15
15
|
|
|
16
16
|
</div>
|
|
17
17
|
|
|
@@ -21,7 +21,7 @@ _Stop Coding Backends. Start Deploying Fortresses._
|
|
|
21
21
|
[**XyPriss**](https://xypriss.nehonix.com) is an **Enterprise-Grade Hybrid Web Framework** that combines the raw performance of compiled native binaries with the productivity and flexibility of **TypeScript**. It is designed for teams that require both operational speed and developer velocity, without compromise.
|
|
22
22
|
|
|
23
23
|
> [!NOTE]
|
|
24
|
-
> **Security Briefing:** XyPriss enforces a "Secure by Default" architecture. Core variables are protected by a native **[Environment Security Shield](
|
|
24
|
+
> **Security Briefing:** XyPriss enforces a "Secure by Default" architecture. Core variables are protected by a native **[Environment Security Shield](https://xypriss.nehonix.com/docs/security/environment-shield)** that blocks direct `process.env` access to prevent leakage. This is complemented by a built-in, zero-dependency storage system (**XEMS**), high-speed Go-powered networking (**XHSC**), and a **Zero-Trust Plugin Security** layer.
|
|
25
25
|
|
|
26
26
|
### Cross-Platform Foundation
|
|
27
27
|
|
|
@@ -44,7 +44,7 @@ The framework operates on a layered architecture:
|
|
|
44
44
|
|
|
45
45
|
1. **XHSC (Native Engine):** Handles the HTTP/S stack, advanced radix routing, filesystem I/O, process monitoring, and real-time hardware telemetry. It acts as the high-speed gateway for all incoming traffic and system operations.
|
|
46
46
|
2. **Node.js Runtime:** Provides the enterprise-ready application layer where developers define business logic, security middleware, and data processing pipelines using TypeScript.
|
|
47
|
-
3. **XFPM (XyPriss Fast Package Manager):** A high-performance, Go-powered package manager optimized for the XyPriss ecosystem. Provides ultra-fast dependency resolution, extraction, and caching. [Learn more about XFPM](https://
|
|
47
|
+
3. **XFPM (XyPriss Fast Package Manager):** A high-performance, Go-powered package manager optimized for the XyPriss ecosystem. Provides ultra-fast dependency resolution, extraction, and caching. [Learn more about XFPM](https://xypriss.nehonix.com/docs/xfpm).
|
|
48
48
|
|
|
49
49
|
This separation allows each layer to operate in its optimal domain: compiled native code for performance-critical paths, TypeScript for rapid application development.
|
|
50
50
|
|
|
@@ -62,16 +62,17 @@ This separation allows each layer to operate in its optimal domain: compiled nat
|
|
|
62
62
|
- **Environment Security Shield** — Military-grade protection for sensitive variables. Direct `process.env` access is masked via a native Proxy to prevent accidental leakage, forcing the use of secure, typed APIs.
|
|
63
63
|
- **Built-in DotEnv Loader** — Zero-dependency, ultra-fast `.env` parser with automatic support for `.env`, `.env.local`.
|
|
64
64
|
- **Extensible Plugin System** — Permission-based plugin architecture with lifecycle hooks and strict security controls (sandboxed restricted instances).
|
|
65
|
+
- **XInS (XyPriss Intelligent Scaling)** — Native Auto-Scaling engine powered by AIMD congestion control. Dynamically adjusts Node.js concurrency based on real-time event loop latency to prevent starvation and ensure zero-downtime stability under extreme load (5000+ concurrent connections). [Read the XInS Guide](https://xypriss.nehonix.com/docs/XInS.md).
|
|
65
66
|
- **Application Immutability** — Global protection against runtime hijacking. The `App` instance is locked via Proxy after creation to prevent unauthorized property mutations or deletions.
|
|
66
|
-
- **Native Production Integration** — Built for automated deployments and SSL management via [XyNginC](https://
|
|
67
|
-
- **Multi-Server Support (XMS)** — Run multiple server instances with isolated configurations from a single process. Features a **Global Merge Rule** where root options are automatically inherited by all server instances. [Learn more](docs/config/multi-server
|
|
67
|
+
- **Native Production Integration** — Built for automated deployments and SSL management via [XyNginC](https://xypriss.nehonix.com/docs/plugins/official/xynginc).
|
|
68
|
+
- **Multi-Server Support (XMS)** — Run multiple server instances with isolated configurations from a single process. Features a **Global Merge Rule** where root options are automatically inherited by all server instances. [Learn more](https://xypriss.nehonix.com/docs/config/multi-server).
|
|
68
69
|
- **Advanced Response Control** — Granular control over unknown routes, status codes, and custom response payloads. [Behavioral Guide](docs/config/notfound-vs-responsecontrol.md).
|
|
69
70
|
|
|
70
71
|
---
|
|
71
72
|
|
|
72
73
|
We strongly recommend using the **XyPriss CLI (`xfpm`)** for the fastest and most reliable developer experience.
|
|
73
74
|
|
|
74
|
-
Refer to the [**Installation Guide**](https://xypriss.nehonix.com/docs/installation
|
|
75
|
+
Refer to the [**Installation Guide**](https://xypriss.nehonix.com/docs/installation) for detailed platform-specific instructions.
|
|
75
76
|
|
|
76
77
|
### Quick Install (Unix)
|
|
77
78
|
|
|
@@ -153,7 +154,7 @@ app.version("v1", (v1) => {
|
|
|
153
154
|
app.start();
|
|
154
155
|
```
|
|
155
156
|
|
|
156
|
-
**[Complete Quick Start Guide](https://xypriss.nehonix.com/docs/
|
|
157
|
+
**[Complete Quick Start Guide](https://xypriss.nehonix.com/docs/quick-start)**
|
|
157
158
|
|
|
158
159
|
---
|
|
159
160
|
|
|
@@ -161,39 +162,38 @@ app.start();
|
|
|
161
162
|
|
|
162
163
|
### Getting Started
|
|
163
164
|
|
|
164
|
-
- [Quick Start Guide](https://xypriss.nehonix.com/docs/
|
|
165
|
+
- [Quick Start Guide](https://xypriss.nehonix.com/docs/quick-start) - Installation and basic setup
|
|
165
166
|
- [XFPM Guide](https://xypriss.nehonix.com/docs/xfpm) - Using the XyPriss Fast Package Manager
|
|
166
|
-
- [
|
|
167
|
-
- [
|
|
168
|
-
- [
|
|
169
|
-
- [
|
|
170
|
-
- [
|
|
171
|
-
- [Native Binary Streaming](./docs/core/response-sendfile.md) - res.sendFile() technical guide
|
|
167
|
+
- [Features Overview](https://xypriss.nehonix.com/docs) - Comprehensive feature list
|
|
168
|
+
- [XyPriss Router](https://xypriss.nehonix.com/docs/routing) - Rich modular routing
|
|
169
|
+
- [Advanced Routing & XyGuard API](https://xypriss.nehonix.com/docs/routing/groups-versioning) - Declarative guards and modularity
|
|
170
|
+
- [XStatic Native Serving](https://xypriss.nehonix.com/docs/server/static-files#xstatic-high-performance-delegation) - Zero-Copy static file delegation
|
|
171
|
+
- [Native Binary Streaming](https://xypriss.nehonix.com/docs/server/send-file) - res.sendFile() technical guide
|
|
172
172
|
|
|
173
173
|
### Security
|
|
174
174
|
|
|
175
|
-
- [Security Overview](
|
|
176
|
-
- [**XEMS — Modular Technical Suite**](
|
|
177
|
-
- [**XEMS — Basic Tutorial**](
|
|
175
|
+
- [Security Overview](https://xypriss.nehonix.com/docs/security/overview) - Security features and best practices
|
|
176
|
+
- [**XEMS — Modular Technical Suite**](https://xypriss.nehonix.com/docs/security/xems) - Deep dive into sidecar architecture, encryption, and configuration
|
|
177
|
+
- [**XEMS — Basic Tutorial**](https://xypriss.nehonix.com/docs/security/xems/tutorial) - High-level introduction to sessions and OTP flows
|
|
178
178
|
- [Route-Based Security](./docs/security/ROUTE_BASED_SECURITY.md) - Per-route security policies
|
|
179
|
-
- [Request Signature Auth](
|
|
179
|
+
- [Request Signature Auth](https://xypriss.nehonix.com/docs/security/signatures) - API key authentication
|
|
180
180
|
- [CORS Configuration](./docs/security/advanced-cors-regexp.md) - Advanced CORS with RegExp patterns
|
|
181
|
-
|
|
181
|
+
|
|
182
182
|
### Plugin System
|
|
183
183
|
|
|
184
|
-
- [Plugin Development Guide](
|
|
185
|
-
- [Plugin API Reference](
|
|
186
|
-
- [Plugin Permissions](
|
|
187
|
-
- [Built-in Plugins](
|
|
188
|
-
- [Console Intercept Hook](
|
|
184
|
+
- [Plugin Development Guide](https://xypriss.nehonix.com/docs/plugins) - Recommended: Comprehensive guide to the modular architecture.
|
|
185
|
+
- [Plugin API Reference](https://xypriss.nehonix.com/docs/plugins/api-reference) - Detailed interface and hook reference.
|
|
186
|
+
- [Plugin Permissions](https://xypriss.nehonix.com/docs/plugins/permissions) - Security and permissions (Capability-Based).
|
|
187
|
+
- [Built-in Plugins](https://xypriss.nehonix.com/docs/plugins/built-in) - Official XEMS, Route Optimization, and Maintenance plugins.
|
|
188
|
+
- [Console Intercept Hook](https://xypriss.nehonix.com/docs/plugins/api-reference/logging-ops#console-intercept) - Console monitoring.
|
|
189
189
|
|
|
190
190
|
### Request Logging
|
|
191
191
|
|
|
192
192
|
> [!NOTE]
|
|
193
193
|
> **`morgan` is not recommended in XyPriss applications.**
|
|
194
|
-
> While morgan will not break your application, it is not the right fit for the XyPriss security model. To get the best out of the framework with accurate request tracing, IP anonymization, and full compliance with the Zero-Trust architecture, use **[Xyphra](https://
|
|
194
|
+
> While morgan will not break your application, it is not the right fit for the XyPriss security model. To get the best out of the framework with accurate request tracing, IP anonymization, and full compliance with the Zero-Trust architecture, use **[Xyphra](https://xypriss.nehonix.com/docs/plugins/official/xyphra)** instead.
|
|
195
195
|
|
|
196
|
-
The official logging solution for XyPriss is **[Xyphra](https://
|
|
196
|
+
The official logging solution for XyPriss is **[Xyphra](https://xypriss.nehonix.com/docs/plugins/official/xyphra)** — a native plugin built for the XHSC engine. It integrates seamlessly into the plugin system, respects the Zero-Trust security model, and provides IP anonymization, header redaction, and structured output.
|
|
197
197
|
|
|
198
198
|
```typescript
|
|
199
199
|
import { createServer } from "xypriss";
|
|
@@ -211,13 +211,17 @@ const app = createServer({
|
|
|
211
211
|
});
|
|
212
212
|
```
|
|
213
213
|
|
|
214
|
+
### Response Utilities
|
|
215
|
+
|
|
216
|
+
- [**Send — Structured HTTP Response Helper**](./docs/utils/SEND.md) - Unified JSON response API covering all 2xx, 3xx, 4xx, and 5xx status codes with a consistent response body contract.
|
|
217
|
+
|
|
214
218
|
### Advanced Topics
|
|
215
219
|
|
|
216
|
-
- [XJson API](
|
|
217
|
-
- [Clustering](
|
|
218
|
-
- [Performance Tuning](
|
|
220
|
+
- [XJson API](https://xypriss.nehonix.com/docs/features/xjson?h=#xypriss-json-xjson-api) - Advanced JSON serialization
|
|
221
|
+
- [Clustering](https://xypriss.nehonix.com/docs/cluster) - Multi-worker scaling
|
|
222
|
+
- [Performance Tuning](https://xypriss.nehonix.com/docs/cluster) - Optimization strategies
|
|
219
223
|
|
|
220
|
-
**[View All Documentation](
|
|
224
|
+
**[View All Documentation](https://xypriss.nehonix.com/docs)**
|
|
221
225
|
|
|
222
226
|
---
|
|
223
227
|
|
|
@@ -251,11 +255,11 @@ const app = createServer({
|
|
|
251
255
|
});
|
|
252
256
|
```
|
|
253
257
|
|
|
254
|
-
**[Read the Honeypot Tarpit documentation for detailed internal logic and capabilities →](
|
|
258
|
+
**[Read the Honeypot Tarpit documentation for detailed internal logic and capabilities →](https://xypriss.nehonix.com/docs/security/honeypot)**
|
|
255
259
|
|
|
256
260
|
### XEMS — Encrypted Memory Store
|
|
257
261
|
|
|
258
|
-
[XEMS](https://
|
|
262
|
+
[XEMS](https://xypriss.nehonix.com/docs/security/xems/configuration) is the built-in session security layer. Unlike cookie-based JWT, XEMS stores all session data **server-side inside a native Go sidecar process**, encrypted with AES-256-GCM. The client only ever holds a random opaque token.
|
|
259
263
|
|
|
260
264
|
```typescript
|
|
261
265
|
import { createServer, xems } from "xypriss";
|
|
@@ -285,7 +289,7 @@ app.get("/profile", (req, res) => {
|
|
|
285
289
|
});
|
|
286
290
|
```
|
|
287
291
|
|
|
288
|
-
**[Full XEMS Technical Guide →](
|
|
292
|
+
**[Full XEMS Technical Guide →](https://xypriss.nehonix.com/docs/security/xems)** | **[Tutorial →](https://xypriss.nehonix.com/docs/security/xems/tutorial)**
|
|
289
293
|
|
|
290
294
|
### Application Immutability
|
|
291
295
|
|
|
@@ -302,7 +306,7 @@ To prevent runtime hijacking and ensure system-wide stability, XyPriss implement
|
|
|
302
306
|
- **Deep Audit Engine**: The XHSC core performs a mandatory, high-performance security audit upon engine startup, verifying every plugin against pinned author keys.
|
|
303
307
|
- **Author Key Pinning**: Trusted authors are pinned within the project configuration (`xypriss.config.jsonc`), preventing unauthorized plugin execution or "Evil Upgrades."
|
|
304
308
|
|
|
305
|
-
**[Read the Plugin Signature Specification for detailed security mechanics →](
|
|
309
|
+
**[Read the Plugin Signature Specification for detailed security mechanics →](https://xypriss.nehonix.com/docs/plugins/system-guide)**
|
|
306
310
|
|
|
307
311
|
### Plugin Permissions
|
|
308
312
|
|
|
@@ -311,7 +315,7 @@ XyPriss uses a Capability-Based Security Model for plugins. Each plugin operates
|
|
|
311
315
|
- **Zero-Trust Configs**: By default, plugins cannot access `server.app.configs`. Accessing this property will return `undefined`.
|
|
312
316
|
- **Explicit Permissions**: Privileged access to the full server configuration must be explicitly granted via the `XHS.PERM.SECURITY.CONFIGS` permission.
|
|
313
317
|
|
|
314
|
-
**[Learn more about Plugin Permissions →](
|
|
318
|
+
**[Learn more about Plugin Permissions →](https://xypriss.nehonix.com/docs/plugins/permissions)**
|
|
315
319
|
|
|
316
320
|
### Environment Security Shield
|
|
317
321
|
|
|
@@ -344,7 +348,7 @@ For project configuration, use the `XYPRISS_` prefix to bypass the shield for in
|
|
|
344
348
|
- `XYPRISS_HOST`
|
|
345
349
|
- `XYPRISS_REDIS_URL`
|
|
346
350
|
|
|
347
|
-
**[Learn more about Environment Security →](
|
|
351
|
+
**[Learn more about Environment Security →](https://xypriss.nehonix.com/docs/system/environment)**
|
|
348
352
|
|
|
349
353
|
### Security Disclosure Policy
|
|
350
354
|
|
|
@@ -363,6 +367,7 @@ We are committed to:
|
|
|
363
367
|
- Crediting researchers who responsibly disclose vulnerabilities
|
|
364
368
|
|
|
365
369
|
Your assistance in maintaining the security of XyPriss is greatly appreciated.
|
|
370
|
+
**[Learn more →](https://xypriss.nehonix.com/docs/contributing#disclosure-policy)**
|
|
366
371
|
|
|
367
372
|
### Multi-Server Security Isolation
|
|
368
373
|
|
|
@@ -395,7 +400,7 @@ XyPriss is an open-source project that welcomes contributions from the community
|
|
|
395
400
|
- Ensure all tests pass before submitting
|
|
396
401
|
- Write clear commit messages
|
|
397
402
|
|
|
398
|
-
**[Read the Complete Contributing Guide](
|
|
403
|
+
**[Read the Complete Contributing Guide](https://xypriss.nehonix.com/docs/contributing)**
|
|
399
404
|
|
|
400
405
|
---
|
|
401
406
|
|
|
@@ -279,10 +279,7 @@ class BuiltInMiddleware {
|
|
|
279
279
|
/**
|
|
280
280
|
* CSRF protection middleware using csrf-csrf library
|
|
281
281
|
*/
|
|
282
|
-
static csrf(options = {
|
|
283
|
-
getSecret: () => "e6ac40fffc5e9399eab10f5b84fcba2c923e7f74a73b76b56c11b722671eea5e",
|
|
284
|
-
getSessionIdentifier: (req) => req.session.id,
|
|
285
|
-
}) {
|
|
282
|
+
static csrf(options = {}) {
|
|
286
283
|
const defaultOptions = {
|
|
287
284
|
cookieName: "__Host-psifi.x-csrf-token",
|
|
288
285
|
cookieOptions: {
|
|
@@ -298,6 +295,10 @@ class BuiltInMiddleware {
|
|
|
298
295
|
req.body?._csrf ||
|
|
299
296
|
req.query?._csrf);
|
|
300
297
|
},
|
|
298
|
+
getSecret: () => {
|
|
299
|
+
throw new Error("[XyPriss] CSRF protection requires a secret.");
|
|
300
|
+
},
|
|
301
|
+
getSessionIdentifier: (req) => req.session?.id || "anonymous",
|
|
301
302
|
};
|
|
302
303
|
const config = mergeWithDefaults.mergeWithDefaults(defaultOptions, options);
|
|
303
304
|
const { doubleCsrfProtection } = csrfCsrf.doubleCsrf(config);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BuiltInMiddleware.js","sources":["../../../../../src/middleware/built-in/BuiltInMiddleware.ts"],"sourcesContent":[null],"names":["mergeWithDefaults","cors","shouldCompress","Logger","doubleCsrf","hpp","BrowserOnlyProtector","TerminalOnlyProtector","MobileOnlyProtector","RequestSignatureProtector"],"mappings":";;;;;;;;;;;;;;;AAAA;;;AAGG;MA4BU,iBAAiB,CAAA;AAC1B;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAwC,EAAE,EAAA;AACpD,QAAA,MAAM,cAAc,GAAiC;AACjD,YAAA,qBAAqB,EAAE;AACnB,gBAAA,UAAU,EAAE;oBACR,UAAU,EAAE,CAAC,QAAQ,CAAC;oBACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;AACrB,oBAAA,QAAQ,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;AACvC,oBAAA,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;oBAC3B,OAAO,EAAE,CAAC,QAAQ,CAAC;AACtB,iBAAA;AACJ,aAAA;AACD,YAAA,yBAAyB,EAAE,IAAI;AAC/B,YAAA,uBAAuB,EAAE,IAAI;AAC7B,YAAA,yBAAyB,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;AACpD,YAAA,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;AACpC,YAAA,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;AAC9B,YAAA,aAAa,EAAE,IAAI;AACnB,YAAA,IAAI,EAAE;AACF,gBAAA,MAAM,EAAE,QAAQ;AAChB,gBAAA,iBAAiB,EAAE,IAAI;AACvB,gBAAA,OAAO,EAAE,KAAK;AACjB,aAAA;AACD,YAAA,QAAQ,EAAE,IAAI;AACd,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,kBAAkB,EAAE,IAAI;AACxB,YAAA,4BAA4B,EAAE,KAAK;AACnC,YAAA,cAAc,EAAE,EAAE,MAAM,EAAE,iCAAiC,EAAE;AAC7D,YAAA,SAAS,EAAE,IAAI;SAClB;;AAGD,QAAA,IAAI,YAAY,GAAQ,EAAE,GAAG,cAAc,EAAE;;AAG7C,QAAA,IAAI,OAAO,CAAC,qBAAqB,KAAK,SAAS,EAAE;AAC7C,YAAA,IAAI,OAAO,CAAC,qBAAqB,KAAK,KAAK,EAAE;;AAEzC,gBAAA,YAAY,CAAC,qBAAqB,GAAG,KAAK;YAC9C;AAAO,iBAAA,IACH,OAAO,OAAO,CAAC,qBAAqB,KAAK,QAAQ;AACjD,gBAAA,OAAO,CAAC,qBAAqB,KAAK,IAAI,EACxC;gBACE,YAAY,CAAC,qBAAqB,GAAG;oBACjC,GAAI,cAAc,CAAC,qBAA6B;oBAChD,GAAG,OAAO,CAAC,qBAAqB;iBACnC;;AAGD,gBAAA,IAAI,OAAO,CAAC,qBAAqB,CAAC,UAAU,EAAE;;oBAE1C,MAAM,wBAAwB,GAAQ,EAAE;AACxC,oBAAA,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CACrC,OAAO,CAAC,qBAAqB,CAAC,UAAU,CAC3C,EAAE;;wBAEC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAChD,MAAM,CAAC,WAAW,EAAE,CACvB;AACD,wBAAA,wBAAwB,CAAC,QAAQ,CAAC,GAAG,KAAK;oBAC9C;AAEA,oBAAA,YAAY,CAAC,qBAAqB,CAAC,UAAU,GAAG;;wBAE5C,GAAI,cAAc,CAAC;AACf,8BAAE,UAAU;;AAEhB,wBAAA,GAAG,wBAAwB;qBAC9B;gBACL;YACJ;QACJ;;QAGA,MAAM,EAAE,qBAAqB,EAAE,GAAG,YAAY,EAAE,GAAG,OAAO;QAC1D,YAAY,GAAG,EAAE,GAAG,YAAY,EAAE,GAAG,YAAY,EAAE;AAEnD,QAAA,OAAO,MAAM,CAAC,YAAmB,CAAC;IACtC;AAEA;;;;;;;;;;AAUG;AACH,IAAA,OAAO,IAAI,CAAC,OAAA,GAAsC,EAAE,EAAA;AAChD,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC;;;AAG1D,YAAA,WAAW,EAAE,KAAK;YAClB,MAAM,EAAE,KAAK;SAChB;;;;;;;QAQD,MAAM,MAAM,GAAQA,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;;;;;;QAOrE,MAAM,kBAAkB,GACpB,OAAO,IAAI,IAAI,IAAI,QAAQ,IAAK,OAAkB;QACtD,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,IAAI,CAAC,kBAAkB,EAAE;YACpD,MAAM,CAAC,MAAM,GAAG,CACZ,aAAiC,EACjC,QAA+D,KAC/D;AACA,gBAAA,QAAQ,CAAC,IAAI,EAAE,aAAa,IAAI,KAAK,CAAC;AAC1C,YAAA,CAAC;QACL;;;;AAMA,QAAA,MAAM,iBAAiB,GAAG,CAAC,KAAU,KAAwB;AACzD,YAAA,IAAI,CAAC,KAAK;AAAE,gBAAA,OAAO,SAAS;;YAG5B,IAAI,OAAO,KAAK,KAAK,QAAQ;AAAE,gBAAA,OAAO,KAAK;;AAG3C,YAAA,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;AACtB,gBAAA,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3B;;AAGA,YAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;gBAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;AACxC,gBAAA,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YACjC;AAEA,YAAA,OAAO,SAAS;AACpB,QAAA,CAAC;;AAGD,QAAA,IAAI,MAAM,CAAC,OAAO,EAAE;YAChB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC;YACpD,IAAI,UAAU,EAAE;AACZ,gBAAA,MAAM,CAAC,OAAO,GAAG,UAAU;YAC/B;QACJ;;AAGA,QAAA,IAAI,MAAM,CAAC,cAAc,EAAE;YACvB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,cAAc,CAAC;YAC3D,IAAI,UAAU,EAAE;AACZ,gBAAA,MAAM,CAAC,cAAc,GAAG,UAAU;YACtC;QACJ;;AAGA,QAAA,IAAI,MAAM,CAAC,cAAc,EAAE;YACvB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,cAAc,CAAC;YAC3D,IAAI,UAAU,EAAE;AACZ,gBAAA,MAAM,CAAC,cAAc,GAAG,UAAU;YACtC;QACJ;;QAGA,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YAC9B,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CACrC,CAAC,MAAW,KACR,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,YAAY,MAAM,CAC7D;AAED,YAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;gBACzB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,4BAA4B,CAAC,YAAY,CAAC;YACnE;QACJ;AAEA,QAAA,OAAOC,uBAAI,CAAC,MAAM,CAAC;IACvB;AAEA;;AAEG;IACK,OAAO,4BAA4B,CAAC,OAA4B,EAAA;AAOpE,QAAA,OAAO,CACH,MAA0B,EAC1B,QAA+D,KAC/D;AACA,YAAA,IAAI;;gBAEA,IAAI,CAAC,MAAM,EAAE;AACT,oBAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;gBAChC;;AAGA,gBAAA,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE;AAC3B,oBAAA,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;;wBAE7B,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE;;AAE3C,4BAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;wBACjC;oBACJ;AAAO,yBAAA,IAAI,OAAO,YAAY,MAAM,EAAE;;AAElC,wBAAA,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;AACtB,4BAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;wBACjC;oBACJ;gBACJ;;AAGA,gBAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;YAChC;YAAE,OAAO,KAAK,EAAE;;AAEZ,gBAAA,OAAO,QAAQ,CAAC,KAAc,EAAE,KAAK,CAAC;YAC1C;AACJ,QAAA,CAAC;IACL;AAEA;;AAEG;AACK,IAAA,OAAO,mBAAmB,CAC9B,MAAc,EACd,OAAe,EAAA;;AAGf,QAAA,IAAI,OAAO,KAAK,MAAM,EAAE;AACpB,YAAA,OAAO,IAAI;QACf;;AAGA,QAAA,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;;YAEvB,MAAM,YAAY,GAAG;AAChB,iBAAA,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC;AACrC,iBAAA,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAE1B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA,CAAG,CAAC;AAC7C,YAAA,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;QAC7B;AAEA,QAAA,OAAO,KAAK;IAChB;AAEA;;;AAGG;AACH;;AAEG;AACH,IAAA,OAAO,SAAS,CAAC,OAAA,GAAe,EAAE,EAAA;;;;AAI9B,QAAA,OAAO,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,KAAI;;;AAGrC,YAAA,IAAI,EAAE;AACV,QAAA,CAAC;IACL;AAEA;;AAEG;AACH,IAAA,OAAO,WAAW,CAAC,OAAA,GAAe,EAAE,EAAA;AAChC,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI;YACf,MAAM,EACF,OAAO,CAAC,MAAM;AACd,iBAAC,CAAC,GAAQ,EAAE,GAAQ,KAAI;;AAEpB,oBAAA,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;AACjC,wBAAA,OAAO,KAAK;oBAChB;;AAEA,oBAAA,OAAOC,0BAAc,CAAC,GAAG,EAAE,GAAG,CAAC;AACnC,gBAAA,CAAC,CAAC;SACT;QAED,MAAM,MAAM,GAAQF,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;;AAGrE,QAAA,MAAM,aAAa,GACf,OAAO,WAAW,KAAK;AACnB,cAAE;AACF,cAAG,WAAmB,CAAC,OAAO;AAEtC,QAAA,IAAI,OAAO,aAAa,KAAK,UAAU,EAAE;AACrC,YAAA,MAAM,MAAM,GAAGG,aAAM,CAAC,WAAW,EAAE;AACnC,YAAA,MAAM,CAAC,KAAK,CACR,YAAY,EACZ,6DAA6D,CAChE;YACD,OAAO,CAAC,IAAS,EAAE,IAAS,EAAE,IAAS,KAAK,IAAI,EAAE;QACtD;AAEA,QAAA,OAAO,aAAa,CAAC,MAAM,CAAC;IAChC;AAEA;;AAEG;
|
|
1
|
+
{"version":3,"file":"BuiltInMiddleware.js","sources":["../../../../../src/middleware/built-in/BuiltInMiddleware.ts"],"sourcesContent":[null],"names":["mergeWithDefaults","cors","shouldCompress","Logger","doubleCsrf","hpp","BrowserOnlyProtector","TerminalOnlyProtector","MobileOnlyProtector","RequestSignatureProtector"],"mappings":";;;;;;;;;;;;;;;AAAA;;;AAGG;MA4BU,iBAAiB,CAAA;AAC1B;;AAEG;AACH,IAAA,OAAO,MAAM,CAAC,OAAA,GAAwC,EAAE,EAAA;AACpD,QAAA,MAAM,cAAc,GAAiC;AACjD,YAAA,qBAAqB,EAAE;AACnB,gBAAA,UAAU,EAAE;oBACR,UAAU,EAAE,CAAC,QAAQ,CAAC;oBACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;AACrB,oBAAA,QAAQ,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;AACvC,oBAAA,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;oBAC3B,OAAO,EAAE,CAAC,QAAQ,CAAC;AACtB,iBAAA;AACJ,aAAA;AACD,YAAA,yBAAyB,EAAE,IAAI;AAC/B,YAAA,uBAAuB,EAAE,IAAI;AAC7B,YAAA,yBAAyB,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;AACpD,YAAA,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;AACpC,YAAA,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;AAC9B,YAAA,aAAa,EAAE,IAAI;AACnB,YAAA,IAAI,EAAE;AACF,gBAAA,MAAM,EAAE,QAAQ;AAChB,gBAAA,iBAAiB,EAAE,IAAI;AACvB,gBAAA,OAAO,EAAE,KAAK;AACjB,aAAA;AACD,YAAA,QAAQ,EAAE,IAAI;AACd,YAAA,OAAO,EAAE,IAAI;AACb,YAAA,kBAAkB,EAAE,IAAI;AACxB,YAAA,4BAA4B,EAAE,KAAK;AACnC,YAAA,cAAc,EAAE,EAAE,MAAM,EAAE,iCAAiC,EAAE;AAC7D,YAAA,SAAS,EAAE,IAAI;SAClB;;AAGD,QAAA,IAAI,YAAY,GAAQ,EAAE,GAAG,cAAc,EAAE;;AAG7C,QAAA,IAAI,OAAO,CAAC,qBAAqB,KAAK,SAAS,EAAE;AAC7C,YAAA,IAAI,OAAO,CAAC,qBAAqB,KAAK,KAAK,EAAE;;AAEzC,gBAAA,YAAY,CAAC,qBAAqB,GAAG,KAAK;YAC9C;AAAO,iBAAA,IACH,OAAO,OAAO,CAAC,qBAAqB,KAAK,QAAQ;AACjD,gBAAA,OAAO,CAAC,qBAAqB,KAAK,IAAI,EACxC;gBACE,YAAY,CAAC,qBAAqB,GAAG;oBACjC,GAAI,cAAc,CAAC,qBAA6B;oBAChD,GAAG,OAAO,CAAC,qBAAqB;iBACnC;;AAGD,gBAAA,IAAI,OAAO,CAAC,qBAAqB,CAAC,UAAU,EAAE;;oBAE1C,MAAM,wBAAwB,GAAQ,EAAE;AACxC,oBAAA,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CACrC,OAAO,CAAC,qBAAqB,CAAC,UAAU,CAC3C,EAAE;;wBAEC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAChD,MAAM,CAAC,WAAW,EAAE,CACvB;AACD,wBAAA,wBAAwB,CAAC,QAAQ,CAAC,GAAG,KAAK;oBAC9C;AAEA,oBAAA,YAAY,CAAC,qBAAqB,CAAC,UAAU,GAAG;;wBAE5C,GAAI,cAAc,CAAC;AACf,8BAAE,UAAU;;AAEhB,wBAAA,GAAG,wBAAwB;qBAC9B;gBACL;YACJ;QACJ;;QAGA,MAAM,EAAE,qBAAqB,EAAE,GAAG,YAAY,EAAE,GAAG,OAAO;QAC1D,YAAY,GAAG,EAAE,GAAG,YAAY,EAAE,GAAG,YAAY,EAAE;AAEnD,QAAA,OAAO,MAAM,CAAC,YAAmB,CAAC;IACtC;AAEA;;;;;;;;;;AAUG;AACH,IAAA,OAAO,IAAI,CAAC,OAAA,GAAsC,EAAE,EAAA;AAChD,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,MAAM,EAAE,IAAI;AACZ,YAAA,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC;;;AAG1D,YAAA,WAAW,EAAE,KAAK;YAClB,MAAM,EAAE,KAAK;SAChB;;;;;;;QAQD,MAAM,MAAM,GAAQA,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;;;;;;QAOrE,MAAM,kBAAkB,GACpB,OAAO,IAAI,IAAI,IAAI,QAAQ,IAAK,OAAkB;QACtD,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,IAAI,CAAC,kBAAkB,EAAE;YACpD,MAAM,CAAC,MAAM,GAAG,CACZ,aAAiC,EACjC,QAA+D,KAC/D;AACA,gBAAA,QAAQ,CAAC,IAAI,EAAE,aAAa,IAAI,KAAK,CAAC;AAC1C,YAAA,CAAC;QACL;;;;AAMA,QAAA,MAAM,iBAAiB,GAAG,CAAC,KAAU,KAAwB;AACzD,YAAA,IAAI,CAAC,KAAK;AAAE,gBAAA,OAAO,SAAS;;YAG5B,IAAI,OAAO,KAAK,KAAK,QAAQ;AAAE,gBAAA,OAAO,KAAK;;AAG3C,YAAA,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;AACtB,gBAAA,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3B;;AAGA,YAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;gBAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;AACxC,gBAAA,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YACjC;AAEA,YAAA,OAAO,SAAS;AACpB,QAAA,CAAC;;AAGD,QAAA,IAAI,MAAM,CAAC,OAAO,EAAE;YAChB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC;YACpD,IAAI,UAAU,EAAE;AACZ,gBAAA,MAAM,CAAC,OAAO,GAAG,UAAU;YAC/B;QACJ;;AAGA,QAAA,IAAI,MAAM,CAAC,cAAc,EAAE;YACvB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,cAAc,CAAC;YAC3D,IAAI,UAAU,EAAE;AACZ,gBAAA,MAAM,CAAC,cAAc,GAAG,UAAU;YACtC;QACJ;;AAGA,QAAA,IAAI,MAAM,CAAC,cAAc,EAAE;YACvB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,cAAc,CAAC;YAC3D,IAAI,UAAU,EAAE;AACZ,gBAAA,MAAM,CAAC,cAAc,GAAG,UAAU;YACtC;QACJ;;QAGA,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YAC9B,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CACrC,CAAC,MAAW,KACR,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,YAAY,MAAM,CAC7D;AAED,YAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;gBACzB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,4BAA4B,CAAC,YAAY,CAAC;YACnE;QACJ;AAEA,QAAA,OAAOC,uBAAI,CAAC,MAAM,CAAC;IACvB;AAEA;;AAEG;IACK,OAAO,4BAA4B,CAAC,OAA4B,EAAA;AAOpE,QAAA,OAAO,CACH,MAA0B,EAC1B,QAA+D,KAC/D;AACA,YAAA,IAAI;;gBAEA,IAAI,CAAC,MAAM,EAAE;AACT,oBAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;gBAChC;;AAGA,gBAAA,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE;AAC3B,oBAAA,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;;wBAE7B,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE;;AAE3C,4BAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;wBACjC;oBACJ;AAAO,yBAAA,IAAI,OAAO,YAAY,MAAM,EAAE;;AAElC,wBAAA,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;AACtB,4BAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;wBACjC;oBACJ;gBACJ;;AAGA,gBAAA,OAAO,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;YAChC;YAAE,OAAO,KAAK,EAAE;;AAEZ,gBAAA,OAAO,QAAQ,CAAC,KAAc,EAAE,KAAK,CAAC;YAC1C;AACJ,QAAA,CAAC;IACL;AAEA;;AAEG;AACK,IAAA,OAAO,mBAAmB,CAC9B,MAAc,EACd,OAAe,EAAA;;AAGf,QAAA,IAAI,OAAO,KAAK,MAAM,EAAE;AACpB,YAAA,OAAO,IAAI;QACf;;AAGA,QAAA,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;;YAEvB,MAAM,YAAY,GAAG;AAChB,iBAAA,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC;AACrC,iBAAA,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAE1B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA,CAAG,CAAC;AAC7C,YAAA,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;QAC7B;AAEA,QAAA,OAAO,KAAK;IAChB;AAEA;;;AAGG;AACH;;AAEG;AACH,IAAA,OAAO,SAAS,CAAC,OAAA,GAAe,EAAE,EAAA;;;;AAI9B,QAAA,OAAO,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,KAAI;;;AAGrC,YAAA,IAAI,EAAE;AACV,QAAA,CAAC;IACL;AAEA;;AAEG;AACH,IAAA,OAAO,WAAW,CAAC,OAAA,GAAe,EAAE,EAAA;AAChC,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI;YACf,MAAM,EACF,OAAO,CAAC,MAAM;AACd,iBAAC,CAAC,GAAQ,EAAE,GAAQ,KAAI;;AAEpB,oBAAA,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;AACjC,wBAAA,OAAO,KAAK;oBAChB;;AAEA,oBAAA,OAAOC,0BAAc,CAAC,GAAG,EAAE,GAAG,CAAC;AACnC,gBAAA,CAAC,CAAC;SACT;QAED,MAAM,MAAM,GAAQF,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;;AAGrE,QAAA,MAAM,aAAa,GACf,OAAO,WAAW,KAAK;AACnB,cAAE;AACF,cAAG,WAAmB,CAAC,OAAO;AAEtC,QAAA,IAAI,OAAO,aAAa,KAAK,UAAU,EAAE;AACrC,YAAA,MAAM,MAAM,GAAGG,aAAM,CAAC,WAAW,EAAE;AACnC,YAAA,MAAM,CAAC,KAAK,CACR,YAAY,EACZ,6DAA6D,CAChE;YACD,OAAO,CAAC,IAAS,EAAE,IAAS,EAAE,IAAS,KAAK,IAAI,EAAE;QACtD;AAEA,QAAA,OAAO,aAAa,CAAC,MAAM,CAAC;IAChC;AAEA;;AAEG;AACH,IAAA,OAAO,IAAI,CAAC,OAAA,GAAe,EAAE,EAAA;AACzB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,UAAU,EAAE,2BAA2B;AACvC,YAAA,aAAa,EAAE;AACX,gBAAA,QAAQ,EAAE,IAAI;AACd,gBAAA,QAAQ,EAAE,QAAQ;AAClB,gBAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;gBAC7C,MAAM,EAAE,OAAO;AAClB,aAAA;AACD,YAAA,IAAI,EAAE,EAAE;AACR,YAAA,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;AAC1C,YAAA,mBAAmB,EAAE,CAAC,GAAQ,KAAI;AAC9B,gBAAA,QACI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;oBAC3B,GAAG,CAAC,IAAI,EAAE,KAAK;AACf,oBAAA,GAAG,CAAC,KAAK,EAAE,KAAK;YAExB,CAAC;YACD,SAAS,EAAE,MAAK;AACZ,gBAAA,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC;YACnE,CAAC;AACD,YAAA,oBAAoB,EAAE,CAAC,GAAQ,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,IAAI,WAAW;SACrE;QAED,MAAM,MAAM,GAAQH,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;QAErE,MAAM,EAAE,oBAAoB,EAAE,GAAGI,mBAAU,CAAC,MAAa,CAAC;;AAG1D,QAAA,OAAO,oBAAoB;IAC/B;AAEA;;AAEG;AACH,IAAA,OAAO,GAAG,CAAC,OAAA,GAAqC,EAAE,EAAA;AAC9C,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;SACpC;QAED,MAAM,MAAM,GAAQJ,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;AACrE,QAAA,OAAOK,qBAAG,CAAC,MAAM,CAAC;IACtB;AAEA;;AAEG;AACH,IAAA,OAAO,GAAG,CAAC,OAAA,GAAe,EAAE,EAAA;AACxB,QAAA,MAAM,cAAc,GAAG;AACnB,YAAA,SAAS,EAAE;AACP,gBAAA,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;AACpB,gBAAA,CAAC,EAAE,EAAE;AACL,gBAAA,CAAC,EAAE,EAAE;AACL,gBAAA,MAAM,EAAE,EAAE;AACV,gBAAA,EAAE,EAAE,EAAE;AACT,aAAA;SACJ;QAED,MAAM,MAAM,GAAQL,mCAAiB,CAAC,cAAc,EAAE,OAAc,CAAC;AAErE,QAAA,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,KAAI;;AAEtC,YAAA,IAAI,GAAG,CAAC,IAAI,EAAE;AACV,gBAAA,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC;YACpD;;AAGA,YAAA,IAAI,GAAG,CAAC,KAAK,EAAE;AACX,gBAAA,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC;YACtD;AAEA,YAAA,IAAI,EAAE;AACV,QAAA,CAAC;IACL;;IAGA,OAAO,MAAM,CAAC,QAAc,EAAA;AACxB,QAAA,MAAM,IAAI,KAAK,CACX,sHAAsH,CACzH;IACL;AAEA;;AAEG;AACH,IAAA,OAAO,WAAW,CAAC,OAAA,GAAe,EAAE,EAAA;;QAEhC,OAAO,IAAIM,yCAAoB,CAAC,OAAc,CAAC,CAAC,aAAa,EAAE;IACnE;AAEA;;AAEG;AACH,IAAA,OAAO,YAAY,CAAC,OAAA,GAAe,EAAE,EAAA;;QAEjC,OAAO,IAAIC,2CAAqB,CAAC,OAAc,CAAC,CAAC,aAAa,EAAE;IACpE;AAEA;;AAEG;AACH,IAAA,OAAO,UAAU,CAAC,OAAA,GAAe,EAAE,EAAA;;QAE/B,OAAO,IAAIC,uCAAmB,CAAC,OAAc,CAAC,CAAC,UAAU,EAAE;IAC/D;AAEA;;AAEG;IACH,OAAO,gBAAgB,CAAC,OAA+B,EAAA;AACnD,QAAA,MAAM,SAAS,GAAG,IAAIC,mDAAyB,CAAC,OAAc,CAAC;AAC/D,QAAA,OAAO,SAAS,CAAC,aAAa,EAAE;IACpC;AAEA;;AAEG;AACH,IAAA,OAAO,QAAQ,CAAC,OAAA,GAAmC,EAAE,EAAA;QACjD,OAAO;YACH,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAC7B,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC;YAClD,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAC7B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,gBAAgB,CAAC;SACpE;IACL;;AAGQ,IAAA,OAAO,cAAc,CAAC,GAAQ,EAAE,MAAW,EAAA;AAC/C,QAAA,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;AACzB,YAAA,OAAO,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC;QAC3B;AAAO,aAAA,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;AAC3B,YAAA,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/D;AAAO,aAAA,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YACvC,MAAM,SAAS,GAAQ,EAAE;AACzB,YAAA,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE;AACnB,gBAAA,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;AACzB,oBAAA,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;gBAC1D;YACJ;AACA,YAAA,OAAO,SAAS;QACpB;AACA,QAAA,OAAO,GAAG;IACd;AACH;;;;"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var xyprissSecurity = require('xypriss-security');
|
|
4
3
|
var SQLInjectionDetector = require('./built-in/security/SQLInjectionDetector.js');
|
|
5
4
|
var PathTraversalDetector = require('./built-in/security/PathTraversalDetector.js');
|
|
6
5
|
var CommandInjectionDetector = require('./built-in/security/CommandInjectionDetector.js');
|
|
@@ -33,7 +32,11 @@ class SecurityMiddleware {
|
|
|
33
32
|
this.level = config.level || "enhanced";
|
|
34
33
|
this._ignore = config._ignore || [];
|
|
35
34
|
this._ignoreAll = config._ignoreAll || [];
|
|
36
|
-
|
|
35
|
+
// console.log("config.csrf: ", config.csrf);
|
|
36
|
+
this.csrf =
|
|
37
|
+
typeof config.csrf === "boolean"
|
|
38
|
+
? config.csrf
|
|
39
|
+
: (config.csrf ?? { enabled: true, secret: "" });
|
|
37
40
|
this.helmet = config.helmet !== false ? config.helmet || true : false;
|
|
38
41
|
this.xss = config.xss !== false ? config.xss || true : false;
|
|
39
42
|
this.sqlInjection =
|
|
@@ -85,28 +88,6 @@ class SecurityMiddleware {
|
|
|
85
88
|
keySize: 32,
|
|
86
89
|
...config.encryption,
|
|
87
90
|
};
|
|
88
|
-
this.authentication = {
|
|
89
|
-
jwt: {
|
|
90
|
-
secret: config.authentication?.jwt?.secret ||
|
|
91
|
-
xyprissSecurity.Random.generateSecureToken(32).toString("hex"),
|
|
92
|
-
expiresIn: config.authentication?.jwt?.expiresIn || "1h",
|
|
93
|
-
algorithm: config.authentication?.jwt?.algorithm || "HS256",
|
|
94
|
-
},
|
|
95
|
-
session: {
|
|
96
|
-
secret: config.authentication?.session?.secret ||
|
|
97
|
-
xyprissSecurity.Random.generateSecureToken(32).toString("hex"),
|
|
98
|
-
name: config.authentication?.session?.name ||
|
|
99
|
-
"xypriss.nehonix.sid",
|
|
100
|
-
cookie: {
|
|
101
|
-
maxAge: 24 * 60 * 60 * 1000, // 24 hours
|
|
102
|
-
secure: true,
|
|
103
|
-
httpOnly: true,
|
|
104
|
-
sameSite: "strict",
|
|
105
|
-
...config.authentication?.session?.cookie,
|
|
106
|
-
},
|
|
107
|
-
},
|
|
108
|
-
...config.authentication,
|
|
109
|
-
};
|
|
110
91
|
// Store route configuration
|
|
111
92
|
this.routeConfig = config.routeConfig;
|
|
112
93
|
// Initialize security detectors
|
|
@@ -283,11 +264,17 @@ class SecurityMiddleware {
|
|
|
283
264
|
// CSRF protection using BuiltInMiddleware
|
|
284
265
|
if (this.csrf) {
|
|
285
266
|
this.logger.debug("security", "Initializing CSRF protection");
|
|
286
|
-
const csrfConfig = typeof this.csrf === "object" ? this.csrf : {};
|
|
267
|
+
const csrfConfig = typeof this.csrf === "object" ? this.csrf : { secret: "" };
|
|
268
|
+
// Secret must be provided directly in the csrf config
|
|
269
|
+
const secret = csrfConfig.secret;
|
|
270
|
+
if (!secret) {
|
|
271
|
+
throw new Error("[XyPriss Security] CSRF protection is enabled but no secret was provided. Set 'security.csrf.secret' in your server config.");
|
|
272
|
+
}
|
|
287
273
|
this.csrfMiddleware = BuiltInMiddleware.BuiltInMiddleware.csrf({
|
|
288
|
-
getSecret: (
|
|
289
|
-
|
|
290
|
-
|
|
274
|
+
getSecret: () => secret,
|
|
275
|
+
getSessionIdentifier: (req) => req.session?.id ||
|
|
276
|
+
req.headers["x-session-id"] ||
|
|
277
|
+
"anonymous",
|
|
291
278
|
cookieName: csrfConfig.cookieName || "__Host-csrf-token",
|
|
292
279
|
cookieOptions: {
|
|
293
280
|
httpOnly: true,
|
|
@@ -453,6 +440,21 @@ class SecurityMiddleware {
|
|
|
453
440
|
if (timeoutId) {
|
|
454
441
|
clearTimeout(timeoutId);
|
|
455
442
|
}
|
|
443
|
+
// Intercept HTTP/CSRF errors passed via next(err)
|
|
444
|
+
if (err &&
|
|
445
|
+
(err.statusCode ||
|
|
446
|
+
err.status ||
|
|
447
|
+
err.code === "EBADCSRFTOKEN")) {
|
|
448
|
+
const statusCode = err.statusCode || err.status || 403;
|
|
449
|
+
this.logger.debug("security", `Security middleware rejected request (${statusCode}): ${err.message}`);
|
|
450
|
+
if (!res.headersSent) {
|
|
451
|
+
res.status(statusCode).json({
|
|
452
|
+
error: err.message || "Forbidden",
|
|
453
|
+
code: err.code || "SECURITY_BLOCKED",
|
|
454
|
+
});
|
|
455
|
+
}
|
|
456
|
+
return;
|
|
457
|
+
}
|
|
456
458
|
this.logger.debug("security", `Middleware ${currentIndex + 1} completed`);
|
|
457
459
|
next(err);
|
|
458
460
|
};
|
|
@@ -475,6 +477,20 @@ class SecurityMiddleware {
|
|
|
475
477
|
middleware(req, res, middlewareNext);
|
|
476
478
|
}
|
|
477
479
|
catch (error) {
|
|
480
|
+
// CSRF and other HTTP errors: respond directly instead of crashing
|
|
481
|
+
if (error?.statusCode ||
|
|
482
|
+
error?.status ||
|
|
483
|
+
error?.code === "EBADCSRFTOKEN") {
|
|
484
|
+
const statusCode = error.statusCode || error.status || 403;
|
|
485
|
+
this.logger.debug("security", `Security middleware rejected request (${statusCode}): ${error.message}`);
|
|
486
|
+
if (!res.headersSent) {
|
|
487
|
+
res.status(statusCode).json({
|
|
488
|
+
error: error.message || "Forbidden",
|
|
489
|
+
code: error.code || "SECURITY_BLOCKED",
|
|
490
|
+
});
|
|
491
|
+
}
|
|
492
|
+
return;
|
|
493
|
+
}
|
|
478
494
|
this.logger.debug("security", `Exception in middleware at index ${currentIndex}:`, error);
|
|
479
495
|
finalNext(error);
|
|
480
496
|
}
|
|
@@ -751,56 +767,57 @@ class SecurityMiddleware {
|
|
|
751
767
|
}
|
|
752
768
|
return null;
|
|
753
769
|
}
|
|
754
|
-
/**
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
isBrowserOnlyEnabled() {
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
}
|
|
777
|
-
/**
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
isMobileOnlyEnabled() {
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
|
|
799
|
-
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
|
|
803
|
-
|
|
770
|
+
// /**
|
|
771
|
+
// * Check if browser-only protection is enabled
|
|
772
|
+
// */
|
|
773
|
+
// private isBrowserOnlyEnabled(): boolean {
|
|
774
|
+
// if (this.browserOnly === true) return true;
|
|
775
|
+
// if (typeof this.browserOnly === "object" && this.browserOnly !== null) {
|
|
776
|
+
// return this.browserOnly.enable !== false; // Default to true when config provided
|
|
777
|
+
// }
|
|
778
|
+
// return false;
|
|
779
|
+
// }
|
|
780
|
+
// /**
|
|
781
|
+
// * Check if terminal-only protection is enabled
|
|
782
|
+
// */
|
|
783
|
+
// private isTerminalOnlyEnabled(): boolean {
|
|
784
|
+
// if (this.terminalOnly === true) return true;
|
|
785
|
+
// if (
|
|
786
|
+
// typeof this.terminalOnly === "object" &&
|
|
787
|
+
// this.terminalOnly !== null
|
|
788
|
+
// ) {
|
|
789
|
+
// return this.terminalOnly.enable !== false; // Default to true when config provided
|
|
790
|
+
// }
|
|
791
|
+
// return false;
|
|
792
|
+
// }
|
|
793
|
+
// /**
|
|
794
|
+
// * Check if mobile-only protection is enabled
|
|
795
|
+
// */
|
|
796
|
+
// private isMobileOnlyEnabled(): boolean {
|
|
797
|
+
// if (this.mobileOnly === true) return true;
|
|
798
|
+
// if (typeof this.mobileOnly === "object" && this.mobileOnly !== null) {
|
|
799
|
+
// return this.mobileOnly.enable !== false; // Check enable property, default to true when config provided
|
|
800
|
+
// }
|
|
801
|
+
// return false;
|
|
802
|
+
// }
|
|
803
|
+
// /**
|
|
804
|
+
// * Validate device access configuration
|
|
805
|
+
// */
|
|
806
|
+
// private validateDeviceAccessConfig(): void {
|
|
807
|
+
// // Check enabled device access controls
|
|
808
|
+
// const browserEnabled = this.isBrowserOnlyEnabled();
|
|
809
|
+
// const terminalEnabled = this.isTerminalOnlyEnabled();
|
|
810
|
+
// const mobileEnabled = this.isMobileOnlyEnabled();
|
|
811
|
+
// // Terminal-only cannot be combined with browser-only or mobile-only
|
|
812
|
+
// if (terminalEnabled && (browserEnabled || mobileEnabled)) {
|
|
813
|
+
// throw new Error(
|
|
814
|
+
// "Security configuration error: terminalOnly cannot be enabled simultaneously with browserOnly or mobileOnly. " +
|
|
815
|
+
// "Choose terminalOnly alone, or browserOnly and/or mobileOnly.",
|
|
816
|
+
// );
|
|
817
|
+
// }
|
|
818
|
+
// // Browser-only and mobile-only can be enabled together (they will be applied based on request characteristics)
|
|
819
|
+
// // No other restrictions needed
|
|
820
|
+
// }
|
|
804
821
|
/**
|
|
805
822
|
* Get security configuration
|
|
806
823
|
*/
|
|
@@ -826,7 +843,6 @@ class SecurityMiddleware {
|
|
|
826
843
|
mongoSanitize: this.mongoSanitize,
|
|
827
844
|
slowDown: this.slowDown,
|
|
828
845
|
encryption: this.encryption,
|
|
829
|
-
authentication: this.authentication,
|
|
830
846
|
routeConfig: this.routeConfig,
|
|
831
847
|
_ignore: this._ignore,
|
|
832
848
|
_ignoreAll: this._ignoreAll,
|