fix(types): fix keyable type and update to type aliases (#126)

* refactor: cleanup types * fix: update x-content-type-options types * docs: fix typo
reside-eng · May 9, 2022 · 2b0352e · 2b0352e
1 parent edf8228
commit 2b0352e
Show file tree

Hide file tree

Showing 20 changed files with 43 additions and 38 deletions.
diff --git a/src/directives/types.ts b/src/directives/types.ts
@@ -1,7 +1,7 @@
 /**
  * Represents the configuration for the validation module
  */
-export interface ValidationSettings {
+export type ValidationSettings = {
   /**
    * An array of the allowed kebab-cased directives for a header
    */
@@ -10,7 +10,7 @@ export interface ValidationSettings {
    * An object literal of the parameters that have special formatting. Separators defines the character delineating the directiveKey from the directiveValue: e.g. max-age=12345. Defaults to ' '.
    */
   separators?: { [key: string]: string };
-}
+};
 
 /**
  * Determines whether the header allows multiple directives or only one

diff --git a/src/directives/validation.ts b/src/directives/validation.ts
@@ -146,7 +146,11 @@ export function directiveValidation(
           );
         }
 
-        return format(directiveKey, specificationName, directiveToken);
+        return format(
+          directiveKey,
+          specificationName,
+          directiveToken as string,
+        );
       },
     );
 

diff --git a/src/fortifyHeaders.ts b/src/fortifyHeaders.ts
@@ -1,7 +1,7 @@
 import { FortifyHeaders, FortifySettings, GenerationOptions } from './types';
 import { toHeaderCasing } from './directives/normalize';
 import { getAllHeaders } from './headers';
-import { HeaderFunction } from './headers/types';
+import { FortifyHeader, HeaderFunction } from './headers/types';
 
 /**
  * Builds out a configuration that will generate the defaults. Defaults are generated
@@ -50,7 +50,7 @@ export function fortifyHeaders(
       if (!headerFactory) {
         throw new Error(`${cur} is not a supported header`);
       }
-      const headerResult = headerFactory(directiveValues);
+      const headerResult = headerFactory(directiveValues as FortifyHeader);
       acc[headerName] = headerResult[headerName];
       return acc;
     },

diff --git a/src/headers/content-security-policy/types.ts b/src/headers/content-security-policy/types.ts
@@ -6,7 +6,7 @@ type SandboxDirective = boolean | string;
  * Represents the user-specified header configuration for Content-Security-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
  */
-export interface ContentSecurityPolicy extends FortifyHeader {
+export type ContentSecurityPolicy = FortifyHeader & {
   /**
    * Fires a SecurityPolicyViolationEvent.
    */
@@ -103,4 +103,4 @@ export interface ContentSecurityPolicy extends FortifyHeader {
    * Enables a sandbox for the requested resource similar to the <iframe> sandbox attribute.
    */
   sandbox?: SandboxDirective;
-}
+};
diff --git a/src/headers/cross-origin-embedder-policy/types.ts b/src/headers/cross-origin-embedder-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Cross-Origin-Embedder-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
  */
-export interface CrossOriginEmbedderPolicy extends FortifyHeader {
+export type CrossOriginEmbedderPolicy = FortifyHeader & {
   /**
    * A document can only load resources from the same origin, or resources explicitly marked as loadable from another origin. If a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP.
    */
@@ -17,4 +17,4 @@ export interface CrossOriginEmbedderPolicy extends FortifyHeader {
    * Test for google
    */
   credentialless?: boolean;
-}
+};
diff --git a/src/headers/cross-origin-opener-policy/types.ts b/src/headers/cross-origin-opener-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Cross-Origin-Opener-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
  */
-export interface CrossOriginOpenerPolicy extends FortifyHeader {
+export type CrossOriginOpenerPolicy = FortifyHeader & {
   /**
    * Isolates the browsing context exclusively to same-origin documents. Cross-origin documents are not loaded in the same browsing context.
    */
@@ -17,4 +17,4 @@ export interface CrossOriginOpenerPolicy extends FortifyHeader {
    * Allows the document to be added to its opener's browsing context group unless the opener itself has a COOP of same-origin or same-origin-allow-popups.
    */
   unsafeNone?: boolean;
-}
+};
diff --git a/src/headers/cross-origin-resource-policy/types.ts b/src/headers/cross-origin-resource-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Cross-Origin-Resource-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
  */
-export interface CrossOriginResourcePolicy extends FortifyHeader {
+export type CrossOriginResourcePolicy = FortifyHeader & {
   /**
    * Only requests from the same origin (i.e. scheme + host + port) can read the resource
    */
@@ -17,4 +17,4 @@ export interface CrossOriginResourcePolicy extends FortifyHeader {
    * Requests from any origin (both same-site and cross-site) can read the resource. This is useful when COEP is used (see below).
    */
   crossOrigin?: boolean;
-}
+};
diff --git a/src/headers/expect-ct/types.ts b/src/headers/expect-ct/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Expect-CT
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
  */
-export interface ExpectCt extends FortifyHeader {
+export type ExpectCt = FortifyHeader & {
   /**
    * The number of seconds after reception of the Expect-CT header field during which the user agent should regard the host of the received message as a known Expect-CT host.
    */
@@ -17,4 +17,4 @@ export interface ExpectCt extends FortifyHeader {
    * The URI where the user agent should report Expect-CT failures.
    */
   reportUri?: string;
-}
+};
diff --git a/src/headers/origin-agent-cluster/types.ts b/src/headers/origin-agent-cluster/types.ts
@@ -4,9 +4,9 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Origin-Agent-Cluster
  * see: https://web.dev/origin-agent-cluster/
  */
-export interface OriginAgentCluster extends FortifyHeader {
+export type OriginAgentCluster = FortifyHeader & {
   /**
    * Represents enabling the agent cluster policy
    */
   enable?: boolean;
-}
+};
diff --git a/src/headers/referrer-policy/types.ts b/src/headers/referrer-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Referrer-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
  */
-export interface ReferrerPolicy extends FortifyHeader {
+export type ReferrerPolicy = FortifyHeader & {
   /**
    * The Referer header will be omitted: sent requests do not include any referrer information.
    */
@@ -37,4 +37,4 @@ export interface ReferrerPolicy extends FortifyHeader {
    * Send the origin, path, and query string when performing any request, regardless of security.
    */
   unsafeUrl?: boolean;
-}
+};
diff --git a/src/headers/strict-transport-security/types.ts b/src/headers/strict-transport-security/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Strict-Transport-Security
  * see: https://developer.mozilla.org/en-us/docs/web/http/headers/strict-transport-security
  */
-export interface StrictTransportSecurity extends FortifyHeader {
+export type StrictTransportSecurity = FortifyHeader & {
   /**
    * The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS.
    */
@@ -17,4 +17,4 @@ export interface StrictTransportSecurity extends FortifyHeader {
    * See Preloading Strict Transport Security for details. Not part of the specification.
    */
   preload?: boolean;
-}
+};
diff --git a/src/headers/types.ts b/src/headers/types.ts
@@ -1,5 +1,5 @@
 // single base interface to simplify generic types
-export interface FortifyHeader {}
+export type FortifyHeader = Record<string, unknown>;
 
 /**
  * The general shape of a header return value

diff --git a/src/headers/x-content-type-options/index.ts b/src/headers/x-content-type-options/index.ts
@@ -1,6 +1,6 @@
 import { applyDefaultsIfNecessary } from '../../directives/defaults';
 import { directiveValidation } from '../../directives/validation';
-import { XContentTypeOotions } from './types';
+import { XContentTypeOptions } from './types';
 
 const HEADER_NAME = 'X-Content-Type-Options';
 
@@ -11,7 +11,7 @@ const validation = directiveValidation(HEADER_NAME, {
 /**
  * Generates the X-Content-Type-Options header and returns it in an object to the caller. The header only has one option 'nosniff' and this is added by default with the header
  */
-export function xContentTypeOptions(settings: XContentTypeOotions) {
+export function xContentTypeOptions(settings: XContentTypeOptions) {
   const headerConfig = applyDefaultsIfNecessary(settings, {
     nosniff: true,
   });

diff --git a/src/headers/x-content-type-options/types.ts b/src/headers/x-content-type-options/types.ts
@@ -4,9 +4,9 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Content-Type-Options
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
  */
-export interface XContentTypeOotions extends FortifyHeader {
+export type XContentTypeOptions = FortifyHeader & {
   /**
    * Blocks a request if the request destination is of type style and the MIME type is not text/css, or of type script and the MIME type is not a JavaScript MIME type
    */
   nosniff?: boolean;
-}
+};
diff --git a/src/headers/x-dns-prefetch-control/types.ts b/src/headers/x-dns-prefetch-control/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-DNS-Prefetch-Control
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
  */
-export interface XDnsPrefetchControl extends FortifyHeader {
+export type XDnsPrefetchControl = FortifyHeader & {
   /**
    * Enables DNS prefetching. This is what browsers do, if they support the feature, when this header is not present
    */
@@ -13,4 +13,4 @@ export interface XDnsPrefetchControl extends FortifyHeader {
    * Disables DNS prefetching. This is useful if you don't control the link on the pages, or know that you don't want to leak information to these domains.
    */
   off?: boolean;
-}
+};
diff --git a/src/headers/x-download-options/types.ts b/src/headers/x-download-options/types.ts
@@ -4,9 +4,9 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Download-Options
  * see: https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions#:~:text=The%20X%2DDownload%2DOptions%20is,context%20of%20the%20web%20site.
  */
-export interface XDownloadOptions extends FortifyHeader {
+export type XDownloadOptions = FortifyHeader & {
   /**
    * Instruct IE8 to not open a download directly but to show a Save dialog
    */
   noopen?: boolean;
-}
+};
diff --git a/src/headers/x-frame-options/types.ts b/src/headers/x-frame-options/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Frame-Options
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
  */
-export interface XFrameOptions extends FortifyHeader {
+export type XFrameOptions = FortifyHeader & {
   /**
    * The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin
    */
@@ -13,4 +13,4 @@ export interface XFrameOptions extends FortifyHeader {
    * The page cannot be displayed in a frame, regardless of the site attempting to do so.
    */
   deny?: boolean;
-}
+};
diff --git a/src/headers/x-permitted-cross-domain-poilicies/types.ts b/src/headers/x-permitted-cross-domain-poilicies/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Permitted-Cross-Domain-Policies
  * see: https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies
  */
-export interface XPermittedCrossDomainPolicies extends FortifyHeader {
+export type XPermittedCrossDomainPolicies = FortifyHeader & {
   /**
    * No policy files are allowed anywhere on the target server, including this master policy file.
    */
@@ -25,4 +25,4 @@ export interface XPermittedCrossDomainPolicies extends FortifyHeader {
    * All policy files on this target domain are allowed
    */
   all?: boolean;
-}
+};
diff --git a/src/index.ts b/src/index.ts
@@ -5,7 +5,7 @@ export { CrossOriginEmbedderPolicy } from './headers/cross-origin-embedder-polic
 export { CrossOriginResourcePolicy } from './headers/cross-origin-resource-policy/types';
 export { ExpectCt } from './headers/expect-ct/types';
 export { StrictTransportSecurity } from './headers/strict-transport-security/types';
-export { XContentTypeOotions } from './headers/x-content-type-options/types';
+export { XContentTypeOptions } from './headers/x-content-type-options/types';
 export { XDnsPrefetchControl } from './headers/x-dns-prefetch-control/types';
 export { XDownloadOptions } from './headers/x-download-options/types';
 export { XFrameOptions } from './headers/x-frame-options/types';

diff --git a/src/types.ts b/src/types.ts
@@ -6,7 +6,8 @@ import { ExpectCt } from './headers/expect-ct/types';
 import { OriginAgentCluster } from './headers/origin-agent-cluster/types';
 import { ReferrerPolicy } from './headers/referrer-policy/types';
 import { StrictTransportSecurity } from './headers/strict-transport-security/types';
-import { XContentTypeOotions } from './headers/x-content-type-options/types';
+import { FortifyHeader } from './headers/types';
+import { XContentTypeOptions } from './headers/x-content-type-options/types';
 import { XDnsPrefetchControl } from './headers/x-dns-prefetch-control/types';
 import { XDownloadOptions } from './headers/x-download-options/types';
 import { XFrameOptions } from './headers/x-frame-options/types';
@@ -15,7 +16,7 @@ import { XPermittedCrossDomainPolicies } from './headers/x-permitted-cross-domai
 /**
  * Represents the primary configuration for FortifyJS
  */
-export type FortifySettings = { [key: string]: object | boolean } & {
+export type FortifySettings = { [key: string]: FortifyHeader | boolean } & {
   /**
    * Configuration for Content-Security-Policy
    */
@@ -51,7 +52,7 @@ export type FortifySettings = { [key: string]: object | boolean } & {
   /**
    * Configuration for X-Content-Type-Options
    */
-  xContentTypeOptions?: XContentTypeOotions | boolean;
+  xContentTypeOptions?: XContentTypeOptions | boolean;
   /**
    * Configuration for X-DNS-Prefetch-Control
    */