1 | "use strict"
|
2 | var __importDefault =
|
3 | (this && this.__importDefault) ||
|
4 | function (mod) {
|
5 | return mod && mod.__esModule ? mod : { default: mod }
|
6 | }
|
7 | const content_security_policy_1 = __importDefault(require("./middlewares/content-security-policy"))
|
8 | const cross_origin_embedder_policy_1 = __importDefault(require("./middlewares/cross-origin-embedder-policy"))
|
9 | const cross_origin_opener_policy_1 = __importDefault(require("./middlewares/cross-origin-opener-policy"))
|
10 | const cross_origin_resource_policy_1 = __importDefault(require("./middlewares/cross-origin-resource-policy"))
|
11 | const expect_ct_1 = __importDefault(require("./middlewares/expect-ct"))
|
12 | const origin_agent_cluster_1 = __importDefault(require("./middlewares/origin-agent-cluster"))
|
13 | const referrer_policy_1 = __importDefault(require("./middlewares/referrer-policy"))
|
14 | const strict_transport_security_1 = __importDefault(require("./middlewares/strict-transport-security"))
|
15 | const x_content_type_options_1 = __importDefault(require("./middlewares/x-content-type-options"))
|
16 | const x_dns_prefetch_control_1 = __importDefault(require("./middlewares/x-dns-prefetch-control"))
|
17 | const x_download_options_1 = __importDefault(require("./middlewares/x-download-options"))
|
18 | const x_frame_options_1 = __importDefault(require("./middlewares/x-frame-options"))
|
19 | const x_permitted_cross_domain_policies_1 = __importDefault(require("./middlewares/x-permitted-cross-domain-policies"))
|
20 | const x_powered_by_1 = __importDefault(require("./middlewares/x-powered-by"))
|
21 | const x_xss_protection_1 = __importDefault(require("./middlewares/x-xss-protection"))
|
22 | function getArgs(option, middlewareConfig = {}) {
|
23 | const { enabledByDefault = true } = middlewareConfig
|
24 | switch (option) {
|
25 | case undefined:
|
26 | return enabledByDefault ? [] : null
|
27 | case false:
|
28 | return null
|
29 | case true:
|
30 | return []
|
31 | default:
|
32 | if (middlewareConfig.takesOptions === false) {
|
33 | console.warn(`${middlewareConfig.name} does not take options. ${enabledByDefault ? "Remove the property" : "Set the property to `true`"} to silence this warning.`)
|
34 | return []
|
35 | } else {
|
36 | return [option]
|
37 | }
|
38 | }
|
39 | }
|
40 | function getMiddlewareFunctionsFromOptions(options) {
|
41 | const result = []
|
42 | const contentSecurityPolicyArgs = getArgs(options.contentSecurityPolicy)
|
43 | if (contentSecurityPolicyArgs) {
|
44 | result.push(content_security_policy_1.default(...contentSecurityPolicyArgs))
|
45 | }
|
46 | const crossOriginEmbedderPolicyArgs = getArgs(options.crossOriginEmbedderPolicy, {
|
47 | name: "crossOriginEmbedderPolicy",
|
48 | takesOptions: false,
|
49 | enabledByDefault: false
|
50 | })
|
51 | if (crossOriginEmbedderPolicyArgs) {
|
52 | result.push(cross_origin_embedder_policy_1.default())
|
53 | }
|
54 | const crossOriginOpenerPolicyArgs = getArgs(options.crossOriginOpenerPolicy, {
|
55 | enabledByDefault: false
|
56 | })
|
57 | if (crossOriginOpenerPolicyArgs) {
|
58 | result.push(cross_origin_opener_policy_1.default(...crossOriginOpenerPolicyArgs))
|
59 | }
|
60 | const crossOriginResourcePolicyArgs = getArgs(options.crossOriginResourcePolicy, { enabledByDefault: false })
|
61 | if (crossOriginResourcePolicyArgs) {
|
62 | result.push(cross_origin_resource_policy_1.default(...crossOriginResourcePolicyArgs))
|
63 | }
|
64 | const xDnsPrefetchControlArgs = getArgs(options.dnsPrefetchControl)
|
65 | if (xDnsPrefetchControlArgs) {
|
66 | result.push(x_dns_prefetch_control_1.default(...xDnsPrefetchControlArgs))
|
67 | }
|
68 | const expectCtArgs = getArgs(options.expectCt)
|
69 | if (expectCtArgs) {
|
70 | result.push(expect_ct_1.default(...expectCtArgs))
|
71 | }
|
72 | const xFrameOptionsArgs = getArgs(options.frameguard)
|
73 | if (xFrameOptionsArgs) {
|
74 | result.push(x_frame_options_1.default(...xFrameOptionsArgs))
|
75 | }
|
76 | const xPoweredByArgs = getArgs(options.hidePoweredBy, {
|
77 | name: "hidePoweredBy",
|
78 | takesOptions: false
|
79 | })
|
80 | if (xPoweredByArgs) {
|
81 | result.push(x_powered_by_1.default())
|
82 | }
|
83 | const strictTransportSecurityArgs = getArgs(options.hsts)
|
84 | if (strictTransportSecurityArgs) {
|
85 | result.push(strict_transport_security_1.default(...strictTransportSecurityArgs))
|
86 | }
|
87 | const xDownloadOptionsArgs = getArgs(options.ieNoOpen, {
|
88 | name: "ieNoOpen",
|
89 | takesOptions: false
|
90 | })
|
91 | if (xDownloadOptionsArgs) {
|
92 | result.push(x_download_options_1.default())
|
93 | }
|
94 | const xContentTypeOptionsArgs = getArgs(options.noSniff, {
|
95 | name: "noSniff",
|
96 | takesOptions: false
|
97 | })
|
98 | if (xContentTypeOptionsArgs) {
|
99 | result.push(x_content_type_options_1.default())
|
100 | }
|
101 | const originAgentClusterArgs = getArgs(options.originAgentCluster, {
|
102 | name: "originAgentCluster",
|
103 | takesOptions: false,
|
104 | enabledByDefault: false
|
105 | })
|
106 | if (originAgentClusterArgs) {
|
107 | result.push(origin_agent_cluster_1.default())
|
108 | }
|
109 | const xPermittedCrossDomainPoliciesArgs = getArgs(options.permittedCrossDomainPolicies)
|
110 | if (xPermittedCrossDomainPoliciesArgs) {
|
111 | result.push(x_permitted_cross_domain_policies_1.default(...xPermittedCrossDomainPoliciesArgs))
|
112 | }
|
113 | const referrerPolicyArgs = getArgs(options.referrerPolicy)
|
114 | if (referrerPolicyArgs) {
|
115 | result.push(referrer_policy_1.default(...referrerPolicyArgs))
|
116 | }
|
117 | const xXssProtectionArgs = getArgs(options.xssFilter, {
|
118 | name: "xssFilter",
|
119 | takesOptions: false
|
120 | })
|
121 | if (xXssProtectionArgs) {
|
122 | result.push(x_xss_protection_1.default())
|
123 | }
|
124 | return result
|
125 | }
|
126 | const helmet = Object.assign(
|
127 | function helmet(options = {}) {
|
128 | var _a
|
129 | if (((_a = options.constructor) === null || _a === void 0 ? void 0 : _a.name) === "IncomingMessage") {
|
130 | throw new Error("It appears you have done something like `app.use(helmet)`, but it should be `app.use(helmet())`.")
|
131 | }
|
132 | const middlewareFunctions = getMiddlewareFunctionsFromOptions(options)
|
133 | return function helmetMiddleware(req, res, next) {
|
134 | const iterator = middlewareFunctions[Symbol.iterator]()
|
135 | ;(function internalNext(err) {
|
136 | if (err) {
|
137 | next(err)
|
138 | return
|
139 | }
|
140 | const iteration = iterator.next()
|
141 | if (iteration.done) {
|
142 | next()
|
143 | } else {
|
144 | const middlewareFunction = iteration.value
|
145 | middlewareFunction(req, res, internalNext)
|
146 | }
|
147 | })()
|
148 | }
|
149 | },
|
150 | {
|
151 | contentSecurityPolicy: content_security_policy_1.default,
|
152 | crossOriginEmbedderPolicy: cross_origin_embedder_policy_1.default,
|
153 | crossOriginOpenerPolicy: cross_origin_opener_policy_1.default,
|
154 | crossOriginResourcePolicy: cross_origin_resource_policy_1.default,
|
155 | dnsPrefetchControl: x_dns_prefetch_control_1.default,
|
156 | expectCt: expect_ct_1.default,
|
157 | frameguard: x_frame_options_1.default,
|
158 | hidePoweredBy: x_powered_by_1.default,
|
159 | hsts: strict_transport_security_1.default,
|
160 | ieNoOpen: x_download_options_1.default,
|
161 | noSniff: x_content_type_options_1.default,
|
162 | originAgentCluster: origin_agent_cluster_1.default,
|
163 | permittedCrossDomainPolicies: x_permitted_cross_domain_policies_1.default,
|
164 | referrerPolicy: referrer_policy_1.default,
|
165 | xssFilter: x_xss_protection_1.default,
|
166 | featurePolicy() {
|
167 | throw new Error("helmet.featurePolicy was removed because the Feature-Policy header is deprecated. If you still need this header, you can use the `feature-policy` module.")
|
168 | },
|
169 | hpkp() {
|
170 | throw new Error("helmet.hpkp was removed because the header has been deprecated. If you still need this header, you can use the `hpkp` module. For more, see <https://github.com/helmetjs/helmet/issues/180>.")
|
171 | },
|
172 | noCache() {
|
173 | throw new Error("helmet.noCache was removed. You can use the `nocache` module instead. For more, see <https://github.com/helmetjs/helmet/issues/215>.")
|
174 | }
|
175 | }
|
176 | )
|
177 | module.exports = helmet
|