From 4aed4999bd0e055b03dfcfb90a86db63e03ce2cb Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Sun, 8 Dec 2024 10:44:09 +0000 Subject: [PATCH 1/3] build(deps-dev): replace standard with neostandard --- README.md | 2 +- package.json | 5 +++-- types/index.d.ts | 27 +++++++++++++-------------- types/index.test-d.ts | 13 ++++++------- 4 files changed, 23 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 7ae568a..2ee1f7b 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![CI](https://github.com/fastify/csrf-protection/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/fastify/csrf-protection/actions/workflows/ci.yml) [![NPM version](https://img.shields.io/npm/v/@fastify/csrf-protection.svg?style=flat)](https://www.npmjs.com/package/@fastify/csrf-protection) -[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/) +[![neostandard javascript style](https://img.shields.io/badge/code_style-neostandard-brightgreen?style=flat)](https://github.com/neostandard/neostandard) This plugin helps developers protect their Fastify server against [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) attacks. In order to fully protect against CSRF, developers should study [Cross-Site Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html) diff --git a/package.json b/package.json index 2eb7e66..831499d 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,8 @@ "type": "commonjs", "types": "types/index.d.ts", "scripts": { - "lint": "standard", + "lint": "eslint", + "lint:fix": "eslint --fix", "test": "npm run test:unit", "test:unit": "tap", "test:typescript": "tsd" @@ -40,9 +41,9 @@ "@fastify/session": "^11.0.0", "@types/node": "^22.0.0", "fastify": "^5.0.0", + "neostandard": "^0.11.9", "proxyquire": "^2.1.3", "sinon": "^19.0.2", - "standard": "^17.1.0", "tap": "^18.7.2", "tsd": "^0.31.0" }, diff --git a/types/index.d.ts b/types/index.d.ts index abbcd01..9bae228 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -1,8 +1,8 @@ /// -import { FastifyPluginAsync, FastifyRequest } from 'fastify'; -import { Options as CSRFOptions } from "@fastify/csrf"; -import { CookieSerializeOptions as FastifyCookieSerializeOptions } from "@fastify/cookie"; +import { FastifyPluginAsync, FastifyRequest } from 'fastify' +import { Options as CSRFOptions } from '@fastify/csrf' +import { CookieSerializeOptions as FastifyCookieSerializeOptions } from '@fastify/cookie' declare module 'fastify' { interface FastifyInstance { @@ -20,12 +20,12 @@ declare module 'fastify' { } } -type FastifyCsrfProtection = FastifyPluginAsync; +type FastifyCsrfProtection = FastifyPluginAsync declare namespace fastifyCsrfProtection { export type CookieSerializeOptions = FastifyCookieSerializeOptions - export type GetTokenFn = (req: FastifyRequest) => string | void; + export type GetTokenFn = (req: FastifyRequest) => string | void interface FastifyCsrfProtectionOptionsBase { cookieKey?: string; @@ -38,15 +38,15 @@ declare namespace fastifyCsrfProtection { interface FastifyCsrfProtectionOptionsFastifyCookie { sessionPlugin?: '@fastify/cookie'; csrfOpts?: | ({ - [k in keyof CSRFOptions]: k extends "userInfo" + [k in keyof CSRFOptions]: k extends 'userInfo' ? true : CSRFOptions[k]; - } & Required>) + } & Required>) | ({ - [k in keyof CSRFOptions]: k extends "userInfo" - ? false - : CSRFOptions[k]; - }); + [k in keyof CSRFOptions]: k extends 'userInfo' + ? false + : CSRFOptions[k]; + }); } interface FastifyCsrfProtectionOptionsFastifySession { @@ -68,12 +68,11 @@ declare namespace fastifyCsrfProtection { /** * @deprecated Use FastifyCsrfProtectionOptions instead */ - export type FastifyCsrfOptions = FastifyCsrfProtectionOptions; + export type FastifyCsrfOptions = FastifyCsrfProtectionOptions export const fastifyCsrfProtection: FastifyCsrfProtection export { fastifyCsrfProtection as default } } - -declare function fastifyCsrfProtection(...params: Parameters): ReturnType +declare function fastifyCsrfProtection (...params: Parameters): ReturnType export = fastifyCsrfProtection diff --git a/types/index.test-d.ts b/types/index.test-d.ts index 30e19ff..9565110 100644 --- a/types/index.test-d.ts +++ b/types/index.test-d.ts @@ -12,7 +12,7 @@ declare module 'fastify' { } } -async function run() { +async function run () { await fastify.register(FastifyCookie) await fastify.register(FastifyCsrfProtection) @@ -38,7 +38,6 @@ async function run() { fastify.addHook('onRequest', fastify.csrfProtection) } - fastify.register(FastifyCsrfProtection, { csrfOpts: { algorithm: 'sha1', hmacKey: 'hmac' } }) expectError(fastify.register(FastifyCsrfProtection, { csrfOpts: { algorithm: 1 } })) @@ -47,7 +46,7 @@ fastify.register(FastifyCsrfProtection, { csrfOpts: { hmacKey: '123' }, - getUserInfo(req) { + getUserInfo (req) { const info = req.session.get('username') if (info) { return info @@ -61,10 +60,10 @@ expectError(fastify.register(FastifyCsrfProtection, { getUserInfo: 'invalid' })) fastify.register(FastifyCsrfProtection, { csrfOpts: { hmacKey: 'hmac' }, sessionPlugin: '@fastify/cookie' }) fastify.register(FastifyCsrfProtection, { csrfOpts: { hmacKey: 'hmac' } }) fastify.register(FastifyCsrfProtection, { }) -fastify.register(FastifyCsrfProtection, { csrfOpts: { }}) -expectError(fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true}})) -fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true, hmacKey: 'key'}}) -fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie'}) +fastify.register(FastifyCsrfProtection, { csrfOpts: { } }) +expectError(fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true } })) +fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true, hmacKey: 'key' } }) +fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie' }) fastify.register(FastifyCsrfProtection, { csrfOpts: { }, sessionPlugin: '@fastify/session' }) fastify.register(FastifyCsrfProtection, { csrfOpts: { }, sessionPlugin: '@fastify/secure-session' }) fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/session' }) From dafdb6ea729831afa5d9e617460cbb66935db4a4 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Sun, 8 Dec 2024 10:53:04 +0000 Subject: [PATCH 2/3] chore: add eslint.config.js --- eslint.config.js | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 eslint.config.js diff --git a/eslint.config.js b/eslint.config.js new file mode 100644 index 0000000..89fd678 --- /dev/null +++ b/eslint.config.js @@ -0,0 +1,6 @@ +'use strict' + +module.exports = require('neostandard')({ + ignores: require('neostandard').resolveIgnoresFromGitignore(), + ts: true +}) From b16898073edc01182e457593e760ac47a218eaa8 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 12 Dec 2024 20:18:40 +0000 Subject: [PATCH 3/3] test(types): add required params for fastify session plugin --- types/index.test-d.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/types/index.test-d.ts b/types/index.test-d.ts index 9565110..d89d63f 100644 --- a/types/index.test-d.ts +++ b/types/index.test-d.ts @@ -37,11 +37,12 @@ async function run () { fastify.addHook('onRequest', fastify.csrfProtection) } +run() fastify.register(FastifyCsrfProtection, { csrfOpts: { algorithm: 'sha1', hmacKey: 'hmac' } }) expectError(fastify.register(FastifyCsrfProtection, { csrfOpts: { algorithm: 1 } })) -fastify.register(FastifySession) +fastify.register(FastifySession, { secret: 'a secret with minimum length of 32 characters' }) fastify.register(FastifyCsrfProtection, { csrfOpts: { hmacKey: '123'