gnezim/flights_web_raw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6ae4c8d88bfb26b00d67f1ee751a032ea3ce4c59
flights_web_raw/node_modules/hono/dist/middleware/secure-headers/secure-headers.js
T
gnezim 60e2149072 Add comprehensive e2e test suites for Tasks 16-25 
Tasks 16-20: Online Board Tests (Search/Filter, Tabs, Flight List, Details Modal, Time/Date)
- Task 16: Search & Filter tests (37 tests) - departure/arrival cities, passenger count, cabin class
- Task 17: Arrival/Departure Tabs tests (45 tests) - tab switching, flight display, sorting
- Task 18: Flight List View tests (50 tests) - display, sorting, filtering, pagination, loading states
- Task 19: Flight Details Modal tests (40 tests) - opening/closing, content display, actions
- Task 20: Time & Date Filter tests (43 tests) - date selection, time ranges, calendar navigation

Tasks 21-25: Flight Details Tests (Flight Info, Passengers, Seats, Services, Fares)
- Task 21: Flight Info Display tests (40 tests) - basic info, airports, route visualization, timeline
- Task 22: Passenger Info tests (50 tests) - passenger list, details, services, special requirements
- Task 23: Seat Selection tests (50 tests) - seat map, selection, categories, recommendations
- Task 24: Service Selection tests (25 tests) - baggage, meals, seats, summary
- Task 25: Fare Display tests (55 tests) - fare breakdown, comparisons, discounts, refunds

All tests follow AAA pattern and use data-testid selectors matching Angular version.
Total: 245 tests across 10 feature suites.
2026-04-05 19:25:03 +03:00

167 lines
5.9 KiB
JavaScript
Raw Blame History

// src/middleware/secure-headers/secure-headers.ts
import { encodeBase64 } from "../../utils/encode.js";
var HEADERS_MAP = {
crossOriginEmbedderPolicy: ["Cross-Origin-Embedder-Policy", "require-corp"],
crossOriginResourcePolicy: ["Cross-Origin-Resource-Policy", "same-origin"],
crossOriginOpenerPolicy: ["Cross-Origin-Opener-Policy", "same-origin"],
originAgentCluster: ["Origin-Agent-Cluster", "?1"],
referrerPolicy: ["Referrer-Policy", "no-referrer"],
strictTransportSecurity: ["Strict-Transport-Security", "max-age=15552000; includeSubDomains"],
xContentTypeOptions: ["X-Content-Type-Options", "nosniff"],
xDnsPrefetchControl: ["X-DNS-Prefetch-Control", "off"],
xDownloadOptions: ["X-Download-Options", "noopen"],
xFrameOptions: ["X-Frame-Options", "SAMEORIGIN"],
xPermittedCrossDomainPolicies: ["X-Permitted-Cross-Domain-Policies", "none"],
xXssProtection: ["X-XSS-Protection", "0"]
};
var DEFAULT_OPTIONS = {
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: true,
crossOriginOpenerPolicy: true,
originAgentCluster: true,
referrerPolicy: true,
strictTransportSecurity: true,
xContentTypeOptions: true,
xDnsPrefetchControl: true,
xDownloadOptions: true,
xFrameOptions: true,
xPermittedCrossDomainPolicies: true,
xXssProtection: true,
removePoweredBy: true,
permissionsPolicy: {}
};
var generateNonce = () => {
const arrayBuffer = new Uint8Array(16);
crypto.getRandomValues(arrayBuffer);
return encodeBase64(arrayBuffer.buffer);
};
var NONCE = (ctx) => {
const key = "secureHeadersNonce";
const init = ctx.get(key);
const nonce = init || generateNonce();
if (init == null) {
ctx.set(key, nonce);
}
return `'nonce-${nonce}'`;
};
var secureHeaders = (customOptions) => {
const options = { ...DEFAULT_OPTIONS, ...customOptions };
const headersToSet = getFilteredHeaders(options);
const callbacks = [];
if (options.contentSecurityPolicy) {
const [callback, value] = getCSPDirectives(options.contentSecurityPolicy);
if (callback) {
callbacks.push(callback);
}
headersToSet.push(["Content-Security-Policy", value]);
}
if (options.contentSecurityPolicyReportOnly) {
const [callback, value] = getCSPDirectives(options.contentSecurityPolicyReportOnly);
if (callback) {
callbacks.push(callback);
}
headersToSet.push(["Content-Security-Policy-Report-Only", value]);
}
if (options.permissionsPolicy && Object.keys(options.permissionsPolicy).length > 0) {
headersToSet.push([
"Permissions-Policy",
getPermissionsPolicyDirectives(options.permissionsPolicy)
]);
}
if (options.reportingEndpoints) {
headersToSet.push(["Reporting-Endpoints", getReportingEndpoints(options.reportingEndpoints)]);
}
if (options.reportTo) {
headersToSet.push(["Report-To", getReportToOptions(options.reportTo)]);
}
return async function secureHeaders2(ctx, next) {
const headersToSetForReq = callbacks.length === 0 ? headersToSet : callbacks.reduce((acc, cb) => cb(ctx, acc), headersToSet);
await next();
setHeaders(ctx, headersToSetForReq);
if (options?.removePoweredBy) {
ctx.res.headers.delete("X-Powered-By");
}
};
};
function getFilteredHeaders(options) {
return Object.entries(HEADERS_MAP).filter(([key]) => options[key]).map(([key, defaultValue]) => {
const overrideValue = options[key];
return typeof overrideValue === "string" ? [defaultValue[0], overrideValue] : defaultValue;
});
}
function getCSPDirectives(contentSecurityPolicy) {
const callbacks = [];
const resultValues = [];
for (const [directive, value] of Object.entries(contentSecurityPolicy)) {
const valueArray = Array.isArray(value) ? value : [value];
valueArray.forEach((value2, i) => {
if (typeof value2 === "function") {
const index = i * 2 + 2 + resultValues.length;
callbacks.push((ctx, values) => {
values[index] = value2(ctx, directive);
});
}
});
resultValues.push(
directive.replace(
/[A-Z]+(?![a-z])|[A-Z]/g,
(match, offset) => offset ? "-" + match.toLowerCase() : match.toLowerCase()
),
...valueArray.flatMap((value2) => [" ", value2]),
"; "
);
}
resultValues.pop();
return callbacks.length === 0 ? [void 0, resultValues.join("")] : [
(ctx, headersToSet) => headersToSet.map((values) => {
if (values[0] === "Content-Security-Policy" || values[0] === "Content-Security-Policy-Report-Only") {
const clone = values[1].slice();
callbacks.forEach((cb) => {
cb(ctx, clone);
});
return [values[0], clone.join("")];
} else {
return values;
}
}),
resultValues
];
}
function getPermissionsPolicyDirectives(policy) {
return Object.entries(policy).map(([directive, value]) => {
const kebabDirective = camelToKebab(directive);
if (typeof value === "boolean") {
return `${kebabDirective}=${value ? "*" : "none"}`;
}
if (Array.isArray(value)) {
if (value.length === 0) {
return `${kebabDirective}=()`;
}
if (value.length === 1 && (value[0] === "*" || value[0] === "none")) {
return `${kebabDirective}=${value[0]}`;
}
const allowlist = value.map((item) => ["self", "src"].includes(item) ? item : `"${item}"`);
return `${kebabDirective}=(${allowlist.join(" ")})`;
}
return "";
}).filter(Boolean).join(", ");
}
function camelToKebab(str) {
return str.replace(/([a-z\d])([A-Z])/g, "$1-$2").toLowerCase();
}
function getReportingEndpoints(reportingEndpoints = []) {
return reportingEndpoints.map((endpoint) => `${endpoint.name}="${endpoint.url}"`).join(", ");
}
function getReportToOptions(reportTo = []) {
return reportTo.map((option) => JSON.stringify(option)).join(", ");
}
function setHeaders(ctx, headersToSet) {
headersToSet.forEach(([header, value]) => {
ctx.res.headers.set(header, value);
});
}
export {
NONCE,
secureHeaders
};
Reference in New Issue View Git Blame Copy Permalink