Comparing version 1.0.0-beta.3 to 1.0.0-beta.4
{ | ||
"name": "server", | ||
"version": "1.0.0-beta.3", | ||
"version": "1.0.0-beta.4", | ||
"description": "A modern and powerful server for Node.js", | ||
@@ -42,2 +42,3 @@ "main": "server.js", | ||
"hbs": "^4.0.1", | ||
"helmet": "^3.9.0", | ||
"loadware": "^2.0.0", | ||
@@ -64,3 +65,3 @@ "log": "^1.4.0", | ||
"grunt-contrib-watch": "^1.0.0", | ||
"jest": "^20.0.0", | ||
"jest": "^21.2.1", | ||
"jstransformer-marked": "^1.0.2", | ||
@@ -67,0 +68,0 @@ "picnic": "^6.4.0", |
const modern = require('../../src/modern'); | ||
const csurf = require('csurf'); | ||
const helmet = require('helmet'); | ||
@@ -8,8 +9,45 @@ module.exports = { | ||
csrf: { | ||
env: 'SECURITY_CSRF', | ||
default: {}, | ||
type: Object | ||
}, | ||
contentSecurityPolicy: { | ||
env: 'SECURITY_CONTENTSECURITYPOLICY' | ||
}, | ||
expectCt: { | ||
env: 'SECURITY_EXPECTCT' | ||
}, | ||
dnsPrefetchControl: { | ||
env: 'SECURITY_DNSPREFETCHCONTROL' | ||
}, | ||
frameguard: { | ||
env: 'SECURITY_FRAMEGUARD' | ||
}, | ||
hidePoweredBy: { | ||
env: 'SECURITY_HIDEPOWEREDBY' | ||
}, | ||
hpkp: { | ||
env: 'SECURITY_HPKP' | ||
}, | ||
hsts: { | ||
env: 'SECURITY_HSTS' | ||
}, | ||
ieNoOpen: { | ||
env: 'SECURITY_IENOOPEN' | ||
}, | ||
noCache: { | ||
env: 'SECURITY_NOCACHE' | ||
}, | ||
noSniff: { | ||
env: 'SECURITY_NOSNIFF' | ||
}, | ||
referrerPolicy: { | ||
env: 'SECURITY_REFERRERPOLICY' | ||
}, | ||
xssFilter: { | ||
env: 'SECURITY_XSSFILTER' | ||
} | ||
}, | ||
before: [ | ||
ctx => modern(csurf(ctx.options.security.csrf))(ctx), | ||
ctx => ctx.options.security.csrf ? modern(csurf(ctx.options.security.csrf))(ctx) : false, | ||
ctx => { | ||
@@ -19,4 +57,5 @@ // Set the csrf for render(): https://expressjs.com/en/api.html#res.locals | ||
ctx.res.locals.csrf = ctx.csrf; | ||
} | ||
}, | ||
ctx => modern(helmet(ctx.options.security))(ctx) | ||
] | ||
}; |
@@ -142,3 +142,6 @@ // parse.js | ||
} | ||
options[name] = value; | ||
if (typeof value !== 'undefined') { | ||
options[name] = value; | ||
} | ||
} | ||
@@ -145,0 +148,0 @@ |
@@ -5,3 +5,2 @@ const schema = require('./schema'); | ||
const config = require('./index'); | ||
//const defaults = require('./defaults'); | ||
@@ -41,3 +40,3 @@ describe('options', () => { | ||
const opts = config({ secret: 'your-random-string-here' }); | ||
await expect(opts).rejects.toMatchObject({ code: '/server/options/noarg' }); | ||
await expect(opts).rejects.toHaveProperty('code', '/server/options/noarg'); | ||
}); | ||
@@ -94,6 +93,6 @@ }); | ||
const pub = parse(schema, { public: 25 }); | ||
await expect(pub).rejects.toMatchObject({ code: '/server/options/type' }); | ||
await expect(pub).rejects.toHaveProperty('code', '/server/options/type'); | ||
const port = parse(schema, { port: '25' }); | ||
await expect(port).rejects.toMatchObject({ code: '/server/options/type' }); | ||
await expect(port).rejects.toHaveProperty('code', '/server/options/type'); | ||
}); | ||
@@ -109,3 +108,3 @@ | ||
const env = parse(schema, {}, { NODE_ENV: 'abc' }); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/enum' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/enum'); | ||
}); | ||
@@ -115,3 +114,3 @@ | ||
const env = parse({}, 'hello'); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/notobject' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/notobject'); | ||
}); | ||
@@ -121,3 +120,3 @@ | ||
const arg = parse(schema, { env: 'abc' }); | ||
await expect(arg).rejects.toMatchObject({ code: '/server/options/noarg' }); | ||
await expect(arg).rejects.toHaveProperty('code', '/server/options/noarg'); | ||
}); | ||
@@ -127,3 +126,3 @@ | ||
const env = parse({ public: { env: false }}, {}, { PUBLIC: 'hello' }); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/noenv' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/noenv'); | ||
}); | ||
@@ -133,3 +132,3 @@ | ||
const env = parse({ public: { required: true } }); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/required' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/required'); | ||
}); | ||
@@ -144,3 +143,3 @@ | ||
const env = parse({ public: { validate } }, {}, { PUBLIC: 'hello' }); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/fakeerror' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/fakeerror'); | ||
}); | ||
@@ -155,3 +154,3 @@ | ||
const env = parse({ public: { validate: () => false } }); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/validate' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/validate'); | ||
}); | ||
@@ -161,4 +160,4 @@ | ||
const env = parse({ public: { validate: () => false } }); | ||
await expect(env).rejects.toMatchObject({ code: '/server/options/validate' }); | ||
await expect(env).rejects.toHaveProperty('code', '/server/options/validate'); | ||
}); | ||
}); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
2102066
3308
22
+ Addedhelmet@^3.9.0
+ Addedbowser@2.9.0(transitive)
+ Addedcamelize@1.0.0(transitive)
+ Addedcontent-security-policy-builder@2.1.0(transitive)
+ Addeddasherize@2.0.0(transitive)
+ Addeddont-sniff-mimetype@1.1.0(transitive)
+ Addedfeature-policy@0.3.0(transitive)
+ Addedhelmet@3.23.3(transitive)
+ Addedhelmet-crossdomain@0.4.0(transitive)
+ Addedhelmet-csp@2.10.0(transitive)
+ Addedhide-powered-by@1.1.0(transitive)
+ Addedhpkp@2.0.0(transitive)
+ Addedhsts@2.2.0(transitive)
+ Addednocache@2.1.0(transitive)
+ Addedreferrer-policy@1.2.0(transitive)
+ Addedx-xss-protection@1.3.0(transitive)