Initial commit

2025-08-25 05:52:02 +02:00 · 2023-11-30 14:15:19 +00:00
commit e4599df811
5457 changed files with 500139 additions and 0 deletions
--- a/node_modules/hpkp/.npmignore
+++ b/node_modules/hpkp/.npmignore
@@ -0,0 +1,2 @@
+test
+.travis.yml
--- a/node_modules/hpkp/LICENSE
+++ b/node_modules/hpkp/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015-2016 Evan Hahn, Adam Baldwin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/node_modules/hpkp/README.md
+++ b/node_modules/hpkp/README.md
@@ -0,0 +1,36 @@
+HTTP Public Key Pinning (HPKP) middleware
+=========================================
+[![Build Status](https://travis-ci.org/helmetjs/hpkp.svg?branch=master)](https://travis-ci.org/helmetjs/hpkp)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
+
+[_Looking for a changelog?_](https://github.com/helmetjs/helmet/blob/master/HISTORY.md)
+
+Adds Public Key Pinning headers to Express/Connect applications. To learn more about HPKP, check out [the spec](https://tools.ietf.org/html/rfc7469), [the article on MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning), and [this tutorial](https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/).
+
+Usage:
+
+```js
+var express = require('express')
+var hpkp = require('hpkp')
+
+var app = express()
+
+var ninetyDaysInSeconds = 7776000
+app.use(hpkp({
+  maxAge: ninetyDaysInSeconds,
+  sha256s: ['AbCdEf123=', 'ZyXwVu456='],
+  includeSubDomains: true,         // optional
+  reportUri: 'http://example.com', // optional
+  reportOnly: false,               // optional
+
+  // Set the header based on a condition.
+  // This is optional.
+  setIf: function (req, res) {
+    return req.secure
+  }
+}))
+```
+
+Setting `reportOnly` to `true` will change the header from `Public-Key-Pins` to `Public-Key-Pins-Report-Only`.
+
+Don't let these get out of sync with your certs! It's also recommended to test your HPKP deployment in `reportOnly` mode, or alternatively, to use a very short `maxAge` until you're confident your deployment is correct.
--- a/node_modules/hpkp/index.js
+++ b/node_modules/hpkp/index.js
@@ -0,0 +1,71 @@
+var badArgumentsError = new Error('hpkp must be called with a maxAge and at least two SHA-256s (one actually used and another kept as a backup).')
+
+module.exports = function hpkp (passedOptions) {
+  var options = parseOptions(passedOptions)
+  var headerKey = getHeaderKey(options)
+  var headerValue = getHeaderValue(options)
+
+  return function hpkp (req, res, next) {
+    var setHeader = true
+    var setIf = options.setIf
+
+    if (setIf) {
+      setHeader = setIf(req, res)
+    }
+
+    if (setHeader) {
+      res.setHeader(headerKey, headerValue)
+    }
+
+    next()
+  }
+}
+
+function parseOptions (options) {
+  if (!options) { throw badArgumentsError }
+
+  if (options.maxage && options.maxAge) { throw badArgumentsError }
+
+  var maxAge = options.maxAge
+  var sha256s = options.sha256s
+  var setIf = options.setIf
+
+  if (!maxAge || maxAge <= 0) { throw badArgumentsError }
+  if (!sha256s || sha256s.length < 2) { throw badArgumentsError }
+  if (setIf && (typeof setIf !== 'function')) {
+    throw new TypeError('setIf must be a function.')
+  }
+
+  if (options.reportOnly && !options.reportUri) { throw badArgumentsError }
+
+  return {
+    maxAge: maxAge,
+    sha256s: sha256s,
+    includeSubDomains: options.includeSubDomains || options.includeSubdomains,
+    reportUri: options.reportUri,
+    reportOnly: options.reportOnly,
+    setIf: setIf
+  }
+}
+
+function getHeaderKey (options) {
+  var header = 'Public-Key-Pins'
+  if (options.reportOnly) {
+    header += '-Report-Only'
+  }
+  return header
+}
+
+function getHeaderValue (options) {
+  var result = options.sha256s.map(function (sha) {
+    return 'pin-sha256="' + sha + '"'
+  })
+  result.push('max-age=' + Math.round(options.maxAge))
+  if (options.includeSubDomains) {
+    result.push('includeSubDomains')
+  }
+  if (options.reportUri) {
+    result.push('report-uri="' + options.reportUri + '"')
+  }
+  return result.join('; ')
+}
--- a/node_modules/hpkp/package.json
+++ b/node_modules/hpkp/package.json
@@ -0,0 +1,83 @@
+{
+  "_from": "hpkp@2.0.0",
+  "_id": "hpkp@2.0.0",
+  "_inBundle": false,
+  "_integrity": "sha1-EOFCJk52IVpdMMROxD3mTe5tFnI=",
+  "_location": "/hpkp",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "version",
+    "registry": true,
+    "raw": "hpkp@2.0.0",
+    "name": "hpkp",
+    "escapedName": "hpkp",
+    "rawSpec": "2.0.0",
+    "saveSpec": null,
+    "fetchSpec": "2.0.0"
+  },
+  "_requiredBy": [
+    "/helmet"
+  ],
+  "_resolved": "https://registry.npmjs.org/hpkp/-/hpkp-2.0.0.tgz",
+  "_shasum": "10e142264e76215a5d30c44ec43de64dee6d1672",
+  "_spec": "hpkp@2.0.0",
+  "_where": "/home/runner/Socketio-Chat-Template/node_modules/helmet",
+  "author": {
+    "name": "Adam Baldwin",
+    "email": "baldwin@andyet.net",
+    "url": "http://andyet.net/team/baldwin"
+  },
+  "bugs": {
+    "url": "https://github.com/helmetjs/hpkp/issues"
+  },
+  "bundleDependencies": false,
+  "contributors": [
+    {
+      "name": "Evan Hahn",
+      "email": "me@evanhahn.com",
+      "url": "http://evanhahn.com"
+    },
+    {
+      "name": "Tom Delmas",
+      "email": "tdelmas@gmail.com",
+      "url": "https://tdelmas.ovh"
+    }
+  ],
+  "deprecated": false,
+  "description": "HTTP Public Key Pinning (HPKP) middleware",
+  "devDependencies": {
+    "connect": "^3.5.0",
+    "mocha": "^3.1.2",
+    "standard": "^8.5.0",
+    "supertest": "^2.0.1"
+  },
+  "homepage": "https://github.com/helmetjs/hpkp#readme",
+  "keywords": [
+    "helmet",
+    "security",
+    "express",
+    "connect",
+    "public-key pinning",
+    "https",
+    "cert",
+    "certificate"
+  ],
+  "license": "MIT",
+  "name": "hpkp",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/helmetjs/hpkp.git"
+  },
+  "scripts": {
+    "pretest": "standard",
+    "test": "mocha"
+  },
+  "standard": {
+    "global": [
+      "beforeEach",
+      "describe",
+      "it"
+    ]
+  },
+  "version": "2.0.0"
+}