next-csrf
Version:
CSRF mitigation library for Next.js
1 lines • 10.7 kB
JSON
{"ast":null,"code":"\"use strict\";\n\nexports.__esModule = true;\nexports.getRouteRegex = getRouteRegex; // this isn't importing the escape-string-regex module\n// to reduce bytes\n\nfunction escapeRegex(str) {\n return str.replace(/[|\\\\{}()[\\]^$+*?.-]/g, '\\\\$&');\n}\n\nfunction parseParameter(param) {\n var optional = param.startsWith('[') && param.endsWith(']');\n\n if (optional) {\n param = param.slice(1, -1);\n }\n\n var repeat = param.startsWith('...');\n\n if (repeat) {\n param = param.slice(3);\n }\n\n return {\n key: param,\n repeat: repeat,\n optional: optional\n };\n}\n\nfunction getRouteRegex(normalizedRoute) {\n var segments = (normalizedRoute.replace(/\\/$/, '') || '/').slice(1).split('/');\n var groups = {};\n var groupIndex = 1;\n var parameterizedRoute = segments.map(function (segment) {\n if (segment.startsWith('[') && segment.endsWith(']')) {\n var _parseParameter = parseParameter(segment.slice(1, -1)),\n key = _parseParameter.key,\n optional = _parseParameter.optional,\n repeat = _parseParameter.repeat;\n\n groups[key] = {\n pos: groupIndex++,\n repeat: repeat,\n optional: optional\n };\n return repeat ? optional ? '(?:/(.+?))?' : '/(.+?)' : '/([^/]+?)';\n } else {\n return \"/\".concat(escapeRegex(segment));\n }\n }).join(''); // dead code eliminate for browser since it's only needed\n // while generating routes-manifest\n\n if (false) {\n var routeKeyCharCode = 97;\n var routeKeyCharLength = 1; // builds a minimal routeKey using only a-z and minimal number of characters\n\n var getSafeRouteKey = function getSafeRouteKey() {\n var routeKey = '';\n\n for (var i = 0; i < routeKeyCharLength; i++) {\n routeKey += String.fromCharCode(routeKeyCharCode);\n routeKeyCharCode++;\n\n if (routeKeyCharCode > 122) {\n routeKeyCharLength++;\n routeKeyCharCode = 97;\n }\n }\n\n return routeKey;\n };\n\n var routeKeys = {};\n var namedParameterizedRoute = segments.map(function (segment) {\n if (segment.startsWith('[') && segment.endsWith(']')) {\n var _parseParameter2 = parseParameter(segment.slice(1, -1)),\n key = _parseParameter2.key,\n optional = _parseParameter2.optional,\n repeat = _parseParameter2.repeat; // replace any non-word characters since they can break\n // the named regex\n\n\n var cleanedKey = key.replace(/\\W/g, '');\n var invalidKey = false; // check if the key is still invalid and fallback to using a known\n // safe key\n\n if (cleanedKey.length === 0 || cleanedKey.length > 30) {\n invalidKey = true;\n }\n\n if (!isNaN(parseInt(cleanedKey.substr(0, 1)))) {\n invalidKey = true;\n }\n\n if (invalidKey) {\n cleanedKey = getSafeRouteKey();\n }\n\n routeKeys[cleanedKey] = key;\n return repeat ? optional ? \"(?:/(?<\".concat(cleanedKey, \">.+?))?\") : \"/(?<\".concat(cleanedKey, \">.+?)\") : \"/(?<\".concat(cleanedKey, \">[^/]+?)\");\n } else {\n return \"/\".concat(escapeRegex(segment));\n }\n }).join('');\n return {\n re: new RegExp(\"^\".concat(parameterizedRoute, \"(?:/)?$\")),\n groups: groups,\n routeKeys: routeKeys,\n namedRegex: \"^\".concat(namedParameterizedRoute, \"(?:/)?$\")\n };\n }\n\n return {\n re: new RegExp(\"^\".concat(parameterizedRoute, \"(?:/)?$\")),\n groups: groups\n };\n}","map":{"version":3,"sources":["../../../../../next-server/lib/router/utils/route-regex.ts"],"names":["str","optional","param","repeat","key","segments","normalizedRoute","groups","groupIndex","parameterizedRoute","segment","parseParameter","pos","escapeRegex","routeKeyCharCode","routeKeyCharLength","getSafeRouteKey","routeKey","i","String","routeKeys","namedParameterizedRoute","cleanedKey","invalidKey","isNaN","parseInt","re","namedRegex"],"mappings":";;;uCAMA;AACA;;AACA,SAAA,WAAA,CAAA,GAAA,EAAkC;AAChC,SAAOA,GAAG,CAAHA,OAAAA,CAAAA,sBAAAA,EAAP,MAAOA,CAAP;AAGF;;AAAA,SAAA,cAAA,CAAA,KAAA,EAAuC;AACrC,MAAMC,QAAQ,GAAGC,KAAK,CAALA,UAAAA,CAAAA,GAAAA,KAAyBA,KAAK,CAALA,QAAAA,CAA1C,GAA0CA,CAA1C;;AACA,MAAA,QAAA,EAAc;AACZA,IAAAA,KAAK,GAAGA,KAAK,CAALA,KAAAA,CAAAA,CAAAA,EAAe,CAAvBA,CAAQA,CAARA;AAEF;;AAAA,MAAMC,MAAM,GAAGD,KAAK,CAALA,UAAAA,CAAf,KAAeA,CAAf;;AACA,MAAA,MAAA,EAAY;AACVA,IAAAA,KAAK,GAAGA,KAAK,CAALA,KAAAA,CAARA,CAAQA,CAARA;AAEF;;AAAA,SAAO;AAAEE,IAAAA,GAAG,EAAL,KAAA;AAAcD,IAAAA,MAAd,EAAcA,MAAd;AAAsBF,IAAAA,QAA7B,EAA6BA;AAAtB,GAAP;AAGK;;AAAA,SAAA,aAAA,CAAA,eAAA,EAOL;AACA,MAAMI,QAAQ,GAAG,CAACC,eAAe,CAAfA,OAAAA,CAAAA,KAAAA,EAAAA,EAAAA,KAAD,GAAA,EAAA,KAAA,CAAA,CAAA,EAAA,KAAA,CAAjB,GAAiB,CAAjB;AAIA,MAAMC,MAAsC,GAA5C,EAAA;AACA,MAAIC,UAAU,GAAd,CAAA;AACA,MAAMC,kBAAkB,GAAGJ,QAAQ,CAARA,GAAAA,CACnBK,UAAAA,OAAD,EAAa;AAChB,QAAIA,OAAO,CAAPA,UAAAA,CAAAA,GAAAA,KAA2BA,OAAO,CAAPA,QAAAA,CAA/B,GAA+BA,CAA/B,EAAsD;AAAA,4BAClBC,cAAc,CAACD,OAAO,CAAPA,KAAAA,CAAAA,CAAAA,EAAiB,CAAlE,CAAiDA,CAAD,CADI;AAAA,UAC9C,GAD8C,mBAC9C,GAD8C;AAAA,UAC9C,QAD8C,mBAC9C,QAD8C;AAAA,UAC9C,MAD8C,mBAC9C,MAD8C;;AAEpDH,MAAAA,MAAM,CAANA,GAAM,CAANA,GAAc;AAAEK,QAAAA,GAAG,EAAEJ,UAAP,EAAA;AAAqBL,QAAAA,MAArB,EAAqBA,MAArB;AAA6BF,QAAAA,QAA3CM,EAA2CN;AAA7B,OAAdM;AACA,aAAOJ,MAAM,GAAIF,QAAQ,GAAA,aAAA,GAAZ,QAAA,GAAb,WAAA;AAHF,KAAA,MAIO;AACL,wBAAWY,WAAW,CAAtB,OAAsB,CAAtB;AAEH;AATwBR,GAAAA,EAAAA,IAAAA,CAA3B,EAA2BA,CAA3B,CAPA,CAmBA;AACA;;AACA,aAAmC;AACjC,QAAIS,gBAAgB,GAApB,EAAA;AACA,QAAIC,kBAAkB,GAAtB,CAAA,CAFiC,CAIjC;;AACA,QAAMC,eAAe,GAAG,SAAlBA,eAAkB,GAAM;AAC5B,UAAIC,QAAQ,GAAZ,EAAA;;AAEA,WAAK,IAAIC,CAAC,GAAV,CAAA,EAAgBA,CAAC,GAAjB,kBAAA,EAAwCA,CAAxC,EAAA,EAA6C;AAC3CD,QAAAA,QAAQ,IAAIE,MAAM,CAANA,YAAAA,CAAZF,gBAAYE,CAAZF;AACAH,QAAAA,gBAAgB;;AAEhB,YAAIA,gBAAgB,GAApB,GAAA,EAA4B;AAC1BC,UAAAA,kBAAkB;AAClBD,UAAAA,gBAAgB,GAAhBA,EAAAA;AAEH;AACD;;AAAA,aAAA,QAAA;AAZF,KAAA;;AAeA,QAAMM,SAAsC,GAA5C,EAAA;AAEA,QAAIC,uBAAuB,GAAGhB,QAAQ,CAARA,GAAAA,CACtBK,UAAAA,OAAD,EAAa;AAChB,UAAIA,OAAO,CAAPA,UAAAA,CAAAA,GAAAA,KAA2BA,OAAO,CAAPA,QAAAA,CAA/B,GAA+BA,CAA/B,EAAsD;AAAA,+BAClBC,cAAc,CAACD,OAAO,CAAPA,KAAAA,CAAAA,CAAAA,EAAiB,CAAlE,CAAiDA,CAAD,CADI;AAAA,YAC9C,GAD8C,oBAC9C,GAD8C;AAAA,YAC9C,QAD8C,oBAC9C,QAD8C;AAAA,YAC9C,MAD8C,oBAC9C,MAD8C,EAEpD;AACA;;;AACA,YAAIY,UAAU,GAAGlB,GAAG,CAAHA,OAAAA,CAAAA,KAAAA,EAAjB,EAAiBA,CAAjB;AACA,YAAImB,UAAU,GAAd,KAAA,CALoD,CAOpD;AACA;;AACA,YAAID,UAAU,CAAVA,MAAAA,KAAAA,CAAAA,IAA2BA,UAAU,CAAVA,MAAAA,GAA/B,EAAA,EAAuD;AACrDC,UAAAA,UAAU,GAAVA,IAAAA;AAEF;;AAAA,YAAI,CAACC,KAAK,CAACC,QAAQ,CAACH,UAAU,CAAVA,MAAAA,CAAAA,CAAAA,EAApB,CAAoBA,CAAD,CAAT,CAAV,EAA+C;AAC7CC,UAAAA,UAAU,GAAVA,IAAAA;AAGF;;AAAA,YAAA,UAAA,EAAgB;AACdD,UAAAA,UAAU,GAAGN,eAAbM,EAAAA;AAGFF;;AAAAA,QAAAA,SAAS,CAATA,UAAS,CAATA,GAAAA,GAAAA;AACA,eAAOjB,MAAM,GACTF,QAAQ,oBAAA,UAAA,6BADC,UACD,UADC,iBAAb,UAAa,aAAb;AArBF,OAAA,MA0BO;AACL,0BAAWY,WAAW,CAAtB,OAAsB,CAAtB;AAEH;AA/B2BR,KAAAA,EAAAA,IAAAA,CAA9B,EAA8BA,CAA9B;AAkCA,WAAO;AACLqB,MAAAA,EAAE,EAAE,IAAA,MAAA,YADC,kBACD,aADC;AAELnB,MAAAA,MAFK,EAELA,MAFK;AAGLa,MAAAA,SAHK,EAGLA,SAHK;AAILO,MAAAA,UAAU,aAJZ,uBAIY;AAJL,KAAP;AAQF;;AAAA,SAAO;AACLD,IAAAA,EAAE,EAAE,IAAA,MAAA,YADC,kBACD,aADC;AAELnB,IAAAA,MAFF,EAEEA;AAFK,GAAP;AAID","sourcesContent":["interface Group {\n pos: number\n repeat: boolean\n optional: boolean\n}\n\n// this isn't importing the escape-string-regex module\n// to reduce bytes\nfunction escapeRegex(str: string) {\n return str.replace(/[|\\\\{}()[\\]^$+*?.-]/g, '\\\\$&')\n}\n\nfunction parseParameter(param: string) {\n const optional = param.startsWith('[') && param.endsWith(']')\n if (optional) {\n param = param.slice(1, -1)\n }\n const repeat = param.startsWith('...')\n if (repeat) {\n param = param.slice(3)\n }\n return { key: param, repeat, optional }\n}\n\nexport function getRouteRegex(\n normalizedRoute: string\n): {\n re: RegExp\n namedRegex?: string\n routeKeys?: { [named: string]: string }\n groups: { [groupName: string]: Group }\n} {\n const segments = (normalizedRoute.replace(/\\/$/, '') || '/')\n .slice(1)\n .split('/')\n\n const groups: { [groupName: string]: Group } = {}\n let groupIndex = 1\n const parameterizedRoute = segments\n .map((segment) => {\n if (segment.startsWith('[') && segment.endsWith(']')) {\n const { key, optional, repeat } = parseParameter(segment.slice(1, -1))\n groups[key] = { pos: groupIndex++, repeat, optional }\n return repeat ? (optional ? '(?:/(.+?))?' : '/(.+?)') : '/([^/]+?)'\n } else {\n return `/${escapeRegex(segment)}`\n }\n })\n .join('')\n\n // dead code eliminate for browser since it's only needed\n // while generating routes-manifest\n if (typeof window === 'undefined') {\n let routeKeyCharCode = 97\n let routeKeyCharLength = 1\n\n // builds a minimal routeKey using only a-z and minimal number of characters\n const getSafeRouteKey = () => {\n let routeKey = ''\n\n for (let i = 0; i < routeKeyCharLength; i++) {\n routeKey += String.fromCharCode(routeKeyCharCode)\n routeKeyCharCode++\n\n if (routeKeyCharCode > 122) {\n routeKeyCharLength++\n routeKeyCharCode = 97\n }\n }\n return routeKey\n }\n\n const routeKeys: { [named: string]: string } = {}\n\n let namedParameterizedRoute = segments\n .map((segment) => {\n if (segment.startsWith('[') && segment.endsWith(']')) {\n const { key, optional, repeat } = parseParameter(segment.slice(1, -1))\n // replace any non-word characters since they can break\n // the named regex\n let cleanedKey = key.replace(/\\W/g, '')\n let invalidKey = false\n\n // check if the key is still invalid and fallback to using a known\n // safe key\n if (cleanedKey.length === 0 || cleanedKey.length > 30) {\n invalidKey = true\n }\n if (!isNaN(parseInt(cleanedKey.substr(0, 1)))) {\n invalidKey = true\n }\n\n if (invalidKey) {\n cleanedKey = getSafeRouteKey()\n }\n\n routeKeys[cleanedKey] = key\n return repeat\n ? optional\n ? `(?:/(?<${cleanedKey}>.+?))?`\n : `/(?<${cleanedKey}>.+?)`\n : `/(?<${cleanedKey}>[^/]+?)`\n } else {\n return `/${escapeRegex(segment)}`\n }\n })\n .join('')\n\n return {\n re: new RegExp(`^${parameterizedRoute}(?:/)?$`),\n groups,\n routeKeys,\n namedRegex: `^${namedParameterizedRoute}(?:/)?$`,\n }\n }\n\n return {\n re: new RegExp(`^${parameterizedRoute}(?:/)?$`),\n groups,\n }\n}\n"]},"metadata":{},"sourceType":"script"}