diff --git a/types/koa-helmet/index.d.ts b/types/koa-helmet/index.d.ts index df4c880ba9..382dbc7918 100644 --- a/types/koa-helmet/index.d.ts +++ b/types/koa-helmet/index.d.ts @@ -1,4 +1,4 @@ -// Type definitions for koa-helmet 3.1 +// Type definitions for koa-helmet 5.2 // Project: https://github.com/venables/koa-helmet#readme // Definitions by: Nick Simmons // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped @@ -11,7 +11,11 @@ import { IHelmetXssFilterConfiguration, IHelmetDnsPrefetchControlConfiguration, IHelmetHpkpConfiguration, - IHelmetReferrerPolicyConfiguration } from 'helmet'; + IHelmetReferrerPolicyConfiguration, + IHelmetHidePoweredByConfiguration, + IHelmetPermittedCrossDomainPoliciesConfiguration, + IHelmetExpectCtConfiguration, +} from 'helmet'; import { Middleware, Context } from 'koa'; declare namespace koaHelmet { @@ -19,6 +23,8 @@ declare namespace koaHelmet { type KoaHelmetCspDirectiveValue = string | KoaHelmetContentSecurityPolicyDirectiveFunction; + type KoaHelmetFeaturePolicyDirectiveValue = string; + interface KoaHelmetContentSecurityPolicyDirectives { baseUri?: KoaHelmetCspDirectiveValue[]; childSrc?: KoaHelmetCspDirectiveValue[]; @@ -38,6 +44,47 @@ declare namespace koaHelmet { styleSrc?: KoaHelmetCspDirectiveValue[]; } + interface KoaHelmetFeaturePolicyDirectives { + accelerometer?: KoaHelmetFeaturePolicyDirectiveValue[]; + ambientLightSensor?: KoaHelmetFeaturePolicyDirectiveValue[]; + autoplay?: KoaHelmetFeaturePolicyDirectiveValue[]; + camera?: KoaHelmetFeaturePolicyDirectiveValue[]; + documentDomain?: KoaHelmetFeaturePolicyDirectiveValue[]; + documentWrite?: KoaHelmetFeaturePolicyDirectiveValue[]; + encryptedMedia?: KoaHelmetFeaturePolicyDirectiveValue[]; + fontDisplayLateSwap?: KoaHelmetFeaturePolicyDirectiveValue[]; + fullscreen?: KoaHelmetFeaturePolicyDirectiveValue[]; + geolocation?: KoaHelmetFeaturePolicyDirectiveValue[]; + gyroscope?: KoaHelmetFeaturePolicyDirectiveValue[]; + layoutAnimations?: KoaHelmetFeaturePolicyDirectiveValue[]; + legacyImageFormats?: KoaHelmetFeaturePolicyDirectiveValue[]; + loadingFrameDefaultEager?: KoaHelmetFeaturePolicyDirectiveValue[]; + magnetometer?: KoaHelmetFeaturePolicyDirectiveValue[]; + microphone?: KoaHelmetFeaturePolicyDirectiveValue[]; + midi?: KoaHelmetFeaturePolicyDirectiveValue[]; + oversizedImages?: KoaHelmetFeaturePolicyDirectiveValue[]; + payment?: KoaHelmetFeaturePolicyDirectiveValue[]; + pictureInPicture?: KoaHelmetFeaturePolicyDirectiveValue[]; + serial?: KoaHelmetFeaturePolicyDirectiveValue[]; + speaker?: KoaHelmetFeaturePolicyDirectiveValue[]; + syncScript?: KoaHelmetFeaturePolicyDirectiveValue[]; + syncXhr?: KoaHelmetFeaturePolicyDirectiveValue[]; + unoptimizedImages?: KoaHelmetFeaturePolicyDirectiveValue[]; + unoptimizedLosslessImages?: KoaHelmetFeaturePolicyDirectiveValue[]; + unoptimizedLossyImages?: KoaHelmetFeaturePolicyDirectiveValue[]; + unsizedMedia?: KoaHelmetFeaturePolicyDirectiveValue[]; + usb?: KoaHelmetFeaturePolicyDirectiveValue[]; + verticalScroll?: KoaHelmetFeaturePolicyDirectiveValue[]; + vibrate?: KoaHelmetFeaturePolicyDirectiveValue[]; + vr?: KoaHelmetFeaturePolicyDirectiveValue[]; + wakeLock?: KoaHelmetFeaturePolicyDirectiveValue[]; + xr?: KoaHelmetFeaturePolicyDirectiveValue[]; + } + + interface KoaHelmetFeaturePolicyConfiguration { + features: KoaHelmetFeaturePolicyDirectives; + } + interface KoaHelmetContentSecurityPolicyConfiguration { reportOnly?: boolean; setAllHeaders?: boolean; @@ -58,6 +105,10 @@ declare namespace koaHelmet { noSniff(): Middleware; referrerPolicy(options?: IHelmetReferrerPolicyConfiguration): Middleware; xssFilter(options?: IHelmetXssFilterConfiguration): Middleware; + hidePoweredBy(options?: IHelmetHidePoweredByConfiguration): Middleware; + permittedCrossDomainPolicies(options?: IHelmetPermittedCrossDomainPoliciesConfiguration): Middleware; + featurePolicy(options: KoaHelmetFeaturePolicyConfiguration): Middleware; + expectCt(options?: IHelmetExpectCtConfiguration): Middleware; } } diff --git a/types/koa-helmet/koa-helmet-tests.ts b/types/koa-helmet/koa-helmet-tests.ts index 34bca1958a..4cf741076a 100644 --- a/types/koa-helmet/koa-helmet-tests.ts +++ b/types/koa-helmet/koa-helmet-tests.ts @@ -11,18 +11,20 @@ function helmetTest() { app.use(helmet({})); app.use(helmet({ frameguard: false })); app.use(helmet({ frameguard: true })); - app.use(helmet({ - frameguard: { - action: 'deny' - } - })); + app.use( + helmet({ + frameguard: { + action: 'deny', + }, + }), + ); } /** * @summary Test for {@see helmet#contentSecurityPolicy} function. */ function contentSecurityPolicyTest() { - const emptyArray: string[] = []; + const emptyArray: string[] = []; const config = { directives: { baseUri: ['base.example.com'], @@ -39,25 +41,30 @@ function contentSecurityPolicyTest() { pluginTypes: emptyArray, reportUri: '/some-url', sandbox: emptyArray, - scriptSrc: ['scripts.example.com', (ctx: Koa.Context) => { - return "'nonce-abc123'"; - }], - styleSrc: ['css.example.com'] + scriptSrc: [ + 'scripts.example.com', + (ctx: Koa.Context) => { + return "'nonce-abc123'"; + }, + ], + styleSrc: ['css.example.com'], }, reportOnly: false, setAllHeaders: false, - disableAndroid: false + disableAndroid: false, }; app.use(helmet.contentSecurityPolicy()); app.use(helmet.contentSecurityPolicy({})); app.use(helmet.contentSecurityPolicy(config)); - app.use(helmet.contentSecurityPolicy({ - directives: { - defaultSrc: ["'self'"] - }, - setAllHeaders: true - })); + app.use( + helmet.contentSecurityPolicy({ + directives: { + defaultSrc: ["'self'"], + }, + setAllHeaders: true, + }), + ); } /** @@ -77,50 +84,64 @@ function frameguardTest() { app.use(helmet.frameguard({})); app.use(helmet.frameguard({ action: 'deny' })); app.use(helmet.frameguard({ action: 'sameorigin' })); - app.use(helmet.frameguard({ - action: 'allow-from', - domain: 'http://example.com' - })); + app.use( + helmet.frameguard({ + action: 'allow-from', + domain: 'http://example.com', + }), + ); } /** * @summary Test for {@see helmet#hpkp} function. */ function hpkpTest() { - app.use(helmet.hpkp({ - maxAge: 7776000000, - sha256s: ['AbCdEf123=', 'ZyXwVu456='], - })); + app.use( + helmet.hpkp({ + maxAge: 7776000000, + sha256s: ['AbCdEf123=', 'ZyXwVu456='], + }), + ); - app.use(helmet.hpkp({ - maxAge: 7776000000, - sha256s: ['AbCdEf123=', 'ZyXwVu456='], - includeSubDomains: false - })); + app.use( + helmet.hpkp({ + maxAge: 7776000000, + sha256s: ['AbCdEf123=', 'ZyXwVu456='], + includeSubDomains: false, + }), + ); - app.use(helmet.hpkp({ - maxAge: 7776000000, - sha256s: ['AbCdEf123=', 'ZyXwVu456='], - includeSubDomains: true - })); + app.use( + helmet.hpkp({ + maxAge: 7776000000, + sha256s: ['AbCdEf123=', 'ZyXwVu456='], + includeSubDomains: true, + }), + ); - app.use(helmet.hpkp({ - maxAge: 7776000000, - sha256s: ['AbCdEf123=', 'ZyXwVu456='], - reportUri: 'http://example.com' - })); + app.use( + helmet.hpkp({ + maxAge: 7776000000, + sha256s: ['AbCdEf123=', 'ZyXwVu456='], + reportUri: 'http://example.com', + }), + ); - app.use(helmet.hpkp({ - maxAge: 7776000000, - sha256s: ['AbCdEf123=', 'ZyXwVu456='], - reportOnly: true - })); + app.use( + helmet.hpkp({ + maxAge: 7776000000, + sha256s: ['AbCdEf123=', 'ZyXwVu456='], + reportOnly: true, + }), + ); - app.use(helmet.hpkp({ - maxAge: 7776000000, - sha256s: ['AbCdEf123=', 'ZyXwVu456='], - setIf: (req, res) => true - })); + app.use( + helmet.hpkp({ + maxAge: 7776000000, + sha256s: ['AbCdEf123=', 'ZyXwVu456='], + setIf: (req, res) => true, + }), + ); } /** @@ -131,29 +152,39 @@ function hstsTest() { app.use(helmet.hsts({ maxAge: 7776000000 })); - app.use(helmet.hsts({ - maxAge: 7776000000, - })); + app.use( + helmet.hsts({ + maxAge: 7776000000, + }), + ); - app.use(helmet.hsts({ - maxAge: 7776000000, - includeSubDomains: true - })); + app.use( + helmet.hsts({ + maxAge: 7776000000, + includeSubDomains: true, + }), + ); - app.use(helmet.hsts({ - maxAge: 7776000000, - preload: true - })); + app.use( + helmet.hsts({ + maxAge: 7776000000, + preload: true, + }), + ); - app.use(helmet.hsts({ - maxAge: 7776000000, - force: true - })); + app.use( + helmet.hsts({ + maxAge: 7776000000, + force: true, + }), + ); - app.use(helmet.hsts({ - maxAge: 7776000000, - setIf: (req, res) => true - })); + app.use( + helmet.hsts({ + maxAge: 7776000000, + setIf: (req, res) => true, + }), + ); } /** @@ -195,3 +226,79 @@ function xssFilterTest() { app.use(helmet.xssFilter({ setOnOldIE: false })); app.use(helmet.xssFilter({ setOnOldIE: true })); } + +/** + * @summary Test for {@see helmet#hidePoweredBy} function. + */ +function hidePoweredByTest() { + app.use(helmet.hidePoweredBy()); + app.use(helmet.hidePoweredBy({})); + app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' })); +} + +/** + * @summary Test for {@see helmet#permittedCrossDomainPolicies} function. + */ +function permittedCrossDomainPoliciesTest() { + app.use(helmet.permittedCrossDomainPolicies()); + app.use(helmet.permittedCrossDomainPolicies({})); + app.use(helmet.permittedCrossDomainPolicies({ permittedPolicies: 'none' })); + app.use(helmet.permittedCrossDomainPolicies({ permittedPolicies: 'master-only' })); + app.use(helmet.permittedCrossDomainPolicies({ permittedPolicies: 'by-content-type' })); + app.use(helmet.permittedCrossDomainPolicies({ permittedPolicies: 'all' })); +} + +/** + * @summary Test for {@see helmet#featurePolicy} function. + */ +function featurePolicyTest() { + const features = { + accelerometer: ["'none'"], + ambientLightSensor: ["'none'"], + autoplay: ["'none'"], + camera: ["'none'"], + documentDomain: ["'none'"], + documentWrite: ["'self'"], + encryptedMedia: ["'none'"], + fontDisplayLateSwap: ["'none'"], + fullscreen: ["'none'"], + geolocation: ["'none'"], + gyroscope: ["'none'"], + layoutAnimations: ["'none'"], + legacyImageFormats: ["'none'"], + loadingFrameDefaultEager: ["'none'"], + magnetometer: ["'none'"], + microphone: ["'none'"], + midi: ["'none'"], + oversizedImages: ["'none'"], + payment: ["'none'"], + pictureInPicture: ["'none'"], + serial: ["'none'"], + speaker: ["'none'"], + syncScript: ["'none'"], + syncXhr: ["'none'"], + unoptimizedImages: ["'none'"], + unoptimizedLosslessImages: ["'none'"], + unoptimizedLossyImages: ["'none'"], + unsizedMedia: ["'none'"], + usb: ["'none'"], + verticalScroll: ["'none'"], + vibrate: ["'none'"], + vr: ["'none'"], + wakeLock: ["'none'"], + xr: ["'none'"], + }; + app.use(helmet.featurePolicy({ features: {} })); + app.use(helmet.featurePolicy({ features })); +} + +/** + * @summary Test for {@see helmet#expectCt} function. + */ +function expectCtTest() { + app.use(helmet.expectCt()); + app.use(helmet.expectCt({})); + app.use(helmet.expectCt({ maxAge: 123 })); + app.use(helmet.expectCt({ maxAge: 123, enforce: false })); + app.use(helmet.expectCt({ maxAge: 123, enforce: true, reportUri: 'https://example.com/report' })); +}