Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

fastify-swagger

Package Overview
Dependencies
Maintainers
13
Versions
100
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

fastify-swagger - npm Package Compare versions

Comparing version 4.5.1 to 4.6.0

test/csp.js

5

index.d.ts

@@ -81,2 +81,7 @@ import { FastifyPluginCallback } from 'fastify';

}>
/**
* CSP Config
*/
staticCSP?: boolean | string | Record<string, string | string[]>
transformStaticCSP?: (header: string) => string
}

@@ -83,0 +88,0 @@

4

lib/mode/dynamic.js

@@ -21,3 +21,5 @@ 'use strict'

const initOAuth = opts.initOAuth || {}
fastify.register(require('../routes'), { prefix, uiConfig, initOAuth })
const staticCSP = opts.staticCSP
const transformStaticCSP = opts.transformStaticCSP
fastify.register(require('../routes'), { prefix, uiConfig, initOAuth, staticCSP, transformStaticCSP })
}

@@ -24,0 +26,0 @@

4

lib/mode/static.js

@@ -66,3 +66,5 @@ 'use strict'

initOAuth: opts.initOAuth || {},
baseDir: opts.specification.baseDir
baseDir: opts.specification.baseDir,
staticCSP: opts.staticCSP,
transformStaticCSP: opts.transformStaticCSP
}

@@ -69,0 +71,0 @@

31

lib/routes.js

@@ -23,2 +23,33 @@ 'use strict'

function fastifySwagger (fastify, opts, done) {
let staticCSP = false
if (opts.staticCSP === true) {
const csp = require('../static/csp.json')
staticCSP = `default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data: validator.swagger.io; object-src 'none'; script-src 'self' ${csp.script.join(' ')}; script-src-attr 'none'; style-src 'self' https: ${csp.style.join(' ')}; upgrade-insecure-requests;`
}
if (typeof opts.staticCSP === 'string') {
staticCSP = opts.staticCSP
}
if (typeof opts.staticCSP === 'object' && opts.staticCSP !== null) {
staticCSP = ''
Object.keys(opts.staticCSP).forEach(function (key) {
const value = Array.isArray(opts.staticCSP[key]) ? opts.staticCSP[key].join(' ') : opts.staticCSP[key]
staticCSP += `${key.toLowerCase()} ${value}; `
})
}
if (typeof staticCSP === 'string' || typeof opts.transformStaticCSP === 'function') {
fastify.addHook('onSend', function (request, reply, payload, done) {
// set static csp when it is passed
if (typeof staticCSP === 'string') {
reply.header('content-security-policy', staticCSP.trim())
}
// mutate the header when it is passed
const header = reply.getHeader('content-security-policy')
if (header && typeof opts.transformStaticCSP === 'function') {
reply.header('content-security-policy', opts.transformStaticCSP(header))
}
done()
})
}
fastify.route({

@@ -25,0 +56,0 @@ url: '/',

2

package.json
{
"name": "fastify-swagger",
"version": "4.5.1",
"version": "4.6.0",
"description": "Serve Swagger/OpenAPI documentation for Fastify, supporting dynamic generation",

@@ -5,0 +5,0 @@ "main": "index.js",

24

README.md

@@ -71,2 +71,4 @@ # fastify-swagger

},
staticCSP: true,
transformStaticCSP: (header) => header
exposeRoute: true

@@ -175,12 +177,14 @@ })

| option | default | description |
| ------------- | -------- | ------------------------------------------------------------------------------------------------------------------------- |
| exposeRoute | false | Exposes documentation route. |
| hiddenTag | X-HIDDEN | Tag to control hiding of routes. |
| stripBasePath | true | Strips base path from routes in docs. |
| swagger | {} | Swagger configuration. |
| openapi | {} | OpenAPI configuration. |
| transform | null | Transform method for schema. |
| uiConfig* | {} | Configuration options for [Swagger UI](https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md) |
| initOAuth | {} | Configuration options for [Swagger UI initOAuth](https://swagger.io/docs/open-source-tools/swagger-ui/usage/oauth2/)
| option | default | description |
| ------------------ | --------- | ------------------------------------------------------------------------------------------------------------------------- |
| exposeRoute | false | Exposes documentation route. |
| hiddenTag | X-HIDDEN | Tag to control hiding of routes. |
| stripBasePath | true | Strips base path from routes in docs. |
| swagger | {} | Swagger configuration. |
| openapi | {} | OpenAPI configuration. |
| transform | null | Transform method for schema. |
| uiConfig* | {} | Configuration options for [Swagger UI](https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md) |
| initOAuth | {} | Configuration options for [Swagger UI initOAuth](https://swagger.io/docs/open-source-tools/swagger-ui/usage/oauth2/) |
| staticCSP | false | Enable CSP header for static resources. |
| transformStaticCSP | undefined | Synchronous function to transform CSP header for static resources if the header has been previously set. |

@@ -187,0 +191,0 @@ > `uiConfig` accepts only literal (number/string/object) configuration values since they are serialized in order to pass them to the generated UI. For more details see: [#5710](https://github.com/swagger-api/swagger-ui/issues/5710).

34

test/types/types.test.ts

@@ -132,2 +132,36 @@ import fastify from 'fastify';

app.swagger();
})
app.register(fastifySwagger, {
staticCSP: true,
})
.ready((err) => {
app.swagger();
})
app.register(fastifySwagger, {
staticCSP: "default-src: 'self'",
})
.ready((err) => {
app.swagger();
})
app.register(fastifySwagger, {
staticCSP: {
'default-src': "'self'",
'script-src': ["'self'"]
},
})
.ready((err) => {
app.swagger();
})
app.register(fastifySwagger, {
staticCSP: true,
transformStaticCSP(header) {
return header
}
})
.ready((err) => {
app.swagger();
})
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc