From 7b3d73edb11a1f1f22797122f05a48a002f45ec4 Mon Sep 17 00:00:00 2001 From: Rich Liu Date: Mon, 15 Oct 2018 10:04:57 -0700 Subject: [PATCH] Added type definitions for Host Validation. (#29533) * Created host-validation typings. * Fixed tsconfig.json. * Added strictFunctionTypes to true in tsconfig.json. * Changed T[] to Array because it is non-simple type. * Added optional parameters. * Added more tests. * trailing whitespace fix * Fixed Spelling. * Change hosts parameter to opts. * Changed import in test, and added namespace. --- .../host-validation/host-validation-tests.ts | 73 +++++++++++++++++++ types/host-validation/index.d.ts | 21 ++++++ types/host-validation/tsconfig.json | 23 ++++++ types/host-validation/tslint.json | 1 + 4 files changed, 118 insertions(+) create mode 100644 types/host-validation/host-validation-tests.ts create mode 100644 types/host-validation/index.d.ts create mode 100644 types/host-validation/tsconfig.json create mode 100644 types/host-validation/tslint.json diff --git a/types/host-validation/host-validation-tests.ts b/types/host-validation/host-validation-tests.ts new file mode 100644 index 0000000000..a025432416 --- /dev/null +++ b/types/host-validation/host-validation-tests.ts @@ -0,0 +1,73 @@ +// Copyright (c) 2018 Brannon Dorsey +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. + +import * as express from 'express'; +import * as hostValidation from 'host-validation'; + +const app = express(); + +// allow development hosts, a domain name, and a regex for all subdomains +// host can accept strings or regular expressions +app.use(hostValidation({ hosts: ['127.0.0.1:3000', + 'localhost:3000', + 'mydomain.com', + /.*\.mydomain\.com/] })); + +// referer headers can accept strings or regular expressions +app.use(hostValidation({ referers: ['http://trusted-site.com/login.php', + /^http:\/\/othersite\.com\/login\/.*/] })); + +// only accept POSTs from HTTPS referrers +app.use(hostValidation({ referers: [/^https:\/\//]})); + +// you can include both host and referer values in the config +// by default, only requests that match BOTH Host and Referer values will be allowed +app.use(hostValidation({ hosts: ['trusted-host.com'], + referers: ['https://trusted-host.com/login.php'] })); + +// you can use the { mode: 'either' } value in the config accept requests that match +// either the hosts or the referers requirements. Accepted values for mode include +// 'both' and 'either'. The default value is 'both' if none is specified. +app.use(hostValidation({ hosts: ['trusted-host.com'], + referers: ['https://trusted-host.com/login.php'], + mode: 'either' })); + +// route-specific rules can be specified like any Express.js middleware +app.use('/login', hostValidation({ hosts: ['trusted-host.com'] })); +app.use('/from-twitter', hostValidation({ referers: [/^https:\/\/twitter.com\//] })); + +// Add a custom error handler that's run when host or referer validation fails. +// This function overwrites the default behavior of responding to failed requests +// with a 403 Forbidden error. +app.use('/brew-tea', hostValidation({ + hosts: ['office-teapot'], + fail: (req, res, next) => { + // send a 418 "I'm a Teapot" Error + res.status(418).send('I\'m the office teapot. Refer to me only as such.'); + } +})); + +app.get('/', (req, res) => { + res.send('Hello trusted client, thanks for including 127.0.0.1 in your Host header.'); +}); + +app.listen(3000, () => { + console.log('server allowing HTTP requests from 127.0.0.1 on port 3000'); +}); diff --git a/types/host-validation/index.d.ts b/types/host-validation/index.d.ts new file mode 100644 index 0000000000..7dfc66b559 --- /dev/null +++ b/types/host-validation/index.d.ts @@ -0,0 +1,21 @@ +// Type definitions for host-validation 2.0 +// Project: https://github.com/brannondorsey/host-validation +// Definitions by: Rich Liu +// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped +// TypeScript Version: 2.8 + +import { Request, Response, NextFunction } from 'express'; + +declare namespace hostValidation { + interface config { + hosts?: Array; + referers?: Array; + mode?: 'both' | 'either'; + fail?(req: Request, res: Response, next: NextFunction): void; + } +} + +declare function hostValidation(opts: hostValidation.config): + (req: Request, res: Response, next: NextFunction) => void; + +export = hostValidation; diff --git a/types/host-validation/tsconfig.json b/types/host-validation/tsconfig.json new file mode 100644 index 0000000000..af2a26a4fb --- /dev/null +++ b/types/host-validation/tsconfig.json @@ -0,0 +1,23 @@ +{ + "compilerOptions": { + "module": "commonjs", + "lib": [ + "es6" + ], + "noImplicitAny": true, + "noImplicitThis": true, + "strictNullChecks": true, + "strictFunctionTypes": true, + "baseUrl": "../", + "typeRoots": [ + "../" + ], + "types": [], + "noEmit": true, + "forceConsistentCasingInFileNames": true + }, + "files": [ + "index.d.ts", + "host-validation-tests.ts" + ] +} diff --git a/types/host-validation/tslint.json b/types/host-validation/tslint.json new file mode 100644 index 0000000000..3db14f85ea --- /dev/null +++ b/types/host-validation/tslint.json @@ -0,0 +1 @@ +{ "extends": "dtslint/dt.json" }