nuxt-modules · Baroshem · Oct 30, 2023 · Oct 17, 2023 · Oct 17, 2023 · Oct 17, 2023
diff --git a/.eslintrc b/.eslintrc
@@ -1,6 +1,3 @@
 {
-  "extends": ["@nuxtjs/eslint-config-typescript"],
-  "rules": {
-    "@typescript-eslint/no-unused-vars": ["off"]
-  }
+  "extends": ["@nuxt/eslint-config"]
 }
diff --git a/.gitignore b/.gitignore
@@ -49,3 +49,6 @@ coverage
 Network Trash Folder
 Temporary Items
 .apdisk
+
+# Yarn is the package manager, do not commit npm lock file
+package-lock.json
diff --git a/.npmrc b/.npmrc
@@ -0,0 +1,2 @@
+shamefully-hoist=true
+strict-peer-dependencies=false
diff --git a/.nuxtrc b/.nuxtrc
@@ -1 +1,2 @@
-imports.autoImport=true
+imports.autoImport=false
+typescript.includeWorkspace=true
diff --git a/docs/.nuxtrc b/docs/.nuxtrc
@@ -0,0 +1 @@
+imports.autoImport=true
diff --git a/package.json b/package.json
@@ -35,22 +35,22 @@
     "dist"
   ],
   "scripts": {
-    "prepack": "nuxt-module-build",
-    "dev": "nuxt-module-build --stub && nuxi prepare playground && nuxi dev playground",
+    "prepack": "nuxt-module-build build",
+    "dev": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground && nuxi dev playground",
     "dev:build": "nuxi build playground",
     "dev:start": "nuxi start playground",
     "dev:generate": "nuxi generate playground",
-    "dev:prepare": "nuxt-module-build --stub && nuxi prepare playground",
+    "dev:prepare": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground",
     "dev:preview": "nuxi preview playground",
     "dev:docs": "cd docs && yarn dev",
-    "lint": "eslint --ext .js,.ts,.vue",
+    "lint": "eslint .",
     "test": "vitest run --silent",
     "test:watch": "vitest watch",
     "stackblitz": "cd .stackblitz && yarn && yarn dev"
   },
   "packageManager": "[email protected]",
   "dependencies": {
-    "@nuxt/kit": "^3.7.3",
+    "@nuxt/kit": "^3.8.0",
     "basic-auth": "^2.0.1",
     "defu": "^6.1.1",
     "nuxt-csurf": "^1.3.1",
@@ -59,15 +59,15 @@
     "xss": "^1.0.14"
   },
   "devDependencies": {
-    "@nuxt/module-builder": "latest",
-    "@nuxt/schema": "^3.7.3",
-    "@nuxt/test-utils": "^3.7.3",
-    "@nuxtjs/eslint-config-typescript": "latest",
-    "@types/node": "^18.14.4",
-    "eslint": "latest",
-    "nuxt": "^3.7.3",
-    "typescript": "5.2.2",
-    "vitest": "^0.28.5"
+    "@nuxt/module-builder": "^0.5.2",
+    "@nuxt/schema": "^3.8.0",
+    "@nuxt/test-utils": "^3.8.0",
+    "@nuxt/eslint-config": "^0.2.0",
+    "@types/node": "^18.18.1",
+    "eslint": "^8.50.0",
+    "nuxt": "^3.8.0",
+    "typescript": "^5.2.2",
+    "vitest": "^0.33.0"
   },
   "stackblitz": {
     "installDependencies": false,

diff --git a/playground/.nuxtrc b/playground/.nuxtrc
@@ -0,0 +1 @@
+imports.autoImport=true
diff --git a/playground/pages/secret.vue b/playground/pages/secret.vue
@@ -1,3 +1,5 @@
 <template>
-  Secret Route
+  <div>
+    Secret Route
+  </div>
 </template>
diff --git a/playground/server/api/test.post.ts b/playground/server/api/test.post.ts
@@ -1,6 +1,3 @@
-import { defineEventHandler } from 'h3'
-
-
 export default defineEventHandler((event) => {
   console.log('test')
 })
diff --git a/playground/server/tsconfig.json b/playground/server/tsconfig.json
@@ -0,0 +1,3 @@
+{
+  "extends": "../.nuxt/tsconfig.server.json"
+}
diff --git a/playground/tsconfig.json b/playground/tsconfig.json
@@ -0,0 +1,3 @@
+{
+  "extends": "./.nuxt/tsconfig.json"
+}
diff --git a/src/module.ts b/src/module.ts
@@ -2,28 +2,32 @@ import { fileURLToPath } from 'node:url'
 import { resolve, normalize } from 'pathe'
 import { defineNuxtModule, addServerHandler, installModule, addVitePlugin } from '@nuxt/kit'
 import { defu } from 'defu'
-import { Nuxt, RuntimeConfig } from '@nuxt/schema'
+import type { Nuxt, RuntimeConfig } from '@nuxt/schema'
 import viteRemove from 'unplugin-remove/vite'
 import { defuReplaceArray } from './utils'
-import {
+import type {
   ModuleOptions,
   NuxtSecurityRouteRules
 } from './types/index'
-import {
+import type {
   SecurityHeaders
 } from './types/headers'
-import {
+import type {
   BasicAuth
 } from './types/middlewares'
 import {
   defaultSecurityConfig
 } from './defaultConfig'
 import { SECURITY_MIDDLEWARE_NAMES } from './middlewares'
-import { HeaderMapper, SECURITY_HEADER_NAMES, getHeaderValueFromOptions } from './headers'
+import { type HeaderMapper, SECURITY_HEADER_NAMES, getHeaderValueFromOptions } from './headers'
 
-declare module '@nuxt/schema' {
+declare module 'nuxt/schema' {
   interface NuxtOptions {
-    security: ModuleOptions;
+    security: ModuleOptions
+  }
+  interface RuntimeConfig {
+    security: ModuleOptions,
+    private: { basicAuth: BasicAuth | false, [key: string]: any }
   }
 }
 
@@ -67,7 +71,7 @@ export default defineNuxtModule<ModuleOptions>({
     nuxt.options.runtimeConfig.private = defu(
       nuxt.options.runtimeConfig.private,
       {
-        basicAuth: securityOptions.basicAuth as BasicAuth | boolean
+        basicAuth: securityOptions.basicAuth
       }
     )
 
@@ -76,7 +80,7 @@ export default defineNuxtModule<ModuleOptions>({
     nuxt.options.runtimeConfig.security = defu(
       nuxt.options.runtimeConfig.security,
       {
-        ...(securityOptions as unknown as RuntimeConfig['security'])
+        ...securityOptions
       }
     )
 

diff --git a/src/runtime/nitro/plugins/01-hidePoweredBy.ts b/src/runtime/nitro/plugins/01-hidePoweredBy.ts
@@ -1,9 +1,9 @@
-import type { NitroAppPlugin, RenderResponse } from 'nitropack'
+import { defineNitroPlugin } from '#imports'
 
-export default <NitroAppPlugin> function (nitro) {
-  nitro.hooks.hook('render:response', (response: RenderResponse) => {
-    if (response.headers['x-powered-by']) {
+export default defineNitroPlugin((nitroApp) => {
+  nitroApp.hooks.hook('render:response', (response) => {
+    if (response?.headers?.['x-powered-by']) {
       delete response.headers['x-powered-by']
     }
   })
-}
+})
diff --git a/src/runtime/nitro/plugins/02-cspSsg.ts b/src/runtime/nitro/plugins/02-cspSsg.ts
@@ -1,6 +1,5 @@
 import path from 'node:path'
 import crypto from 'node:crypto'
-import type { NitroAppPlugin } from 'nitropack'
 import type { H3Event } from 'h3'
 import defu from 'defu'
 import type {
@@ -9,22 +8,12 @@ import type {
 import type {
   ContentSecurityPolicyValue
 } from '../../../types/headers'
-import { useRuntimeConfig } from '#imports'
-
-interface NuxtRenderHTMLContext {
-  island?: boolean
-  htmlAttrs: string[]
-  head: string[]
-  bodyAttrs: string[]
-  bodyPrepend: string[]
-  body: string[]
-  bodyAppend: string[]
-}
-
-const moduleOptions = useRuntimeConfig().security as ModuleOptions
-
-export default <NitroAppPlugin> function (nitro) {
-  nitro.hooks.hook('render:html', (html: NuxtRenderHTMLContext, { event }: { event: H3Event }) => {
+import { defineNitroPlugin, useRuntimeConfig } from '#imports'
+
+const moduleOptions = useRuntimeConfig().security
+
+export default defineNitroPlugin((nitroApp) => {
+  nitroApp.hooks.hook('render:html', (html, { event }) => {
     // Content Security Policy
 
     if (!isContentSecurityPolicyEnabled(event, moduleOptions)) {
@@ -54,7 +43,7 @@ export default <NitroAppPlugin> function (nitro) {
   })
 
   function generateCspMetaTag (policies: ContentSecurityPolicyValue, scriptHashes: string[]) {
-    const unsupportedPolicies = {
+    const unsupportedPolicies:Record<string, boolean> = {
       'frame-ancestors': true,
       'report-uri': true,
       sandbox: true
@@ -120,4 +109,4 @@ export default <NitroAppPlugin> function (nitro) {
 
     return true
   }
-}
+})
diff --git a/src/runtime/nitro/plugins/99-cspNonce.ts b/src/runtime/nitro/plugins/99-cspNonce.ts
@@ -1,28 +1,14 @@
-import type { NitroAppPlugin } from 'nitropack'
+import { defineNitroPlugin } from '#imports'
 import type { H3Event } from 'h3'
-import type {
-  ModuleOptions
-} from '../../../types'
-import { useRuntimeConfig } from '#imports'
-
-interface NuxtRenderHTMLContext {
-  island?: boolean
-  htmlAttrs: string[]
-  head: string[]
-  bodyAttrs: string[]
-  bodyPrepend: string[]
-  body: string[]
-  bodyAppend: string[]
-}
 
 // To prevent the nonce attribute from being added to literal strings,
 // we need to make sure that the tag is not preceded by a single or double quote.
 // This is done by using a negative lookbehind assertion. See https://www.regular-expressions.info/lookaround.html
 // See https://regex101.com/r/DBE57j/1 for some examples.
 const tagNotPrecededByQuotes = (tag: string) => new RegExp(`(?<!['|"])<${tag}`, 'g')
 
-export default <NitroAppPlugin> function (nitro) {
-  nitro.hooks.hook('render:html', (html: NuxtRenderHTMLContext, { event }: { event: H3Event }) => {
+export default defineNitroPlugin((nitroApp) => {
+  nitroApp.hooks.hook('render:html', (html, { event }) => {
     if (isPrerendering(event)) {
       // In SSG mode, do not inject nonces in html
       // However first make sure we erase nonce placeholders from CSP meta
@@ -79,4 +65,4 @@ export default <NitroAppPlugin> function (nitro) {
 
     return true
   }
-}
+})
diff --git a/src/runtime/nitro/tsconfig.json b/src/runtime/nitro/tsconfig.json
@@ -0,0 +1,9 @@
+{
+  "extends": "../../../.nuxt/tsconfig.server.json",
+  "exclude": [
+    "../../../docs",
+    "../../../dist",
+    "../../../test",
+    "../../../playground"
+  ]
+}
diff --git a/src/runtime/server/middleware/allowedMethodsRestricter.ts b/src/runtime/server/middleware/allowedMethodsRestricter.ts
@@ -1,6 +1,4 @@
-import { defineEventHandler, createError } from 'h3'
-// @ts-ignore
-import { getRouteRules } from '#imports'
+import { getRouteRules, defineEventHandler, createError } from '#imports'
 
 export default defineEventHandler((event) => {
   const routeRules = getRouteRules(event)

diff --git a/src/runtime/server/middleware/basicAuth.ts b/src/runtime/server/middleware/basicAuth.ts
@@ -1,7 +1,6 @@
+// @ts-ignore : the basic-auth module does not export types
 import getCredentials from 'basic-auth'
-import { createError, defineEventHandler, sendError, setHeader } from 'h3'
-// @ts-ignore
-import { useRuntimeConfig } from '#imports'
+import { useRuntimeConfig, createError, defineEventHandler, sendError, setHeader } from '#imports'
 
 type Credentials = {
   name: string;

diff --git a/src/runtime/server/middleware/corsHandler.ts b/src/runtime/server/middleware/corsHandler.ts
@@ -1,6 +1,4 @@
-import { defineEventHandler, handleCors } from 'h3'
-// @ts-ignore
-import { getRouteRules } from '#imports'
+import { getRouteRules, defineEventHandler, handleCors } from '#imports'
 
 export default defineEventHandler((event) => {
   const routeRules = getRouteRules(event)

diff --git a/src/runtime/server/middleware/cspNonceHandler.ts b/src/runtime/server/middleware/cspNonceHandler.ts
@@ -1,7 +1,5 @@
 import crypto from 'node:crypto'
-import { defineEventHandler } from 'h3'
-// @ts-ignore
-import { getRouteRules } from '#imports'
+import { getRouteRules, defineEventHandler } from '#imports'
 
 export default defineEventHandler((event) => {
   let csp = `${event.node.res.getHeader('Content-Security-Policy')}`

diff --git a/src/runtime/server/middleware/requestSizeLimiter.ts b/src/runtime/server/middleware/requestSizeLimiter.ts
@@ -1,6 +1,4 @@
-import { defineEventHandler, getRequestHeader, createError } from 'h3'
-// @ts-ignore
-import { getRouteRules } from '#imports'
+import { defineEventHandler, getRequestHeader, createError, getRouteRules } from '#imports'
 
 const FILE_UPLOAD_HEADER = 'multipart/form-data'
 

diff --git a/src/runtime/server/middleware/xssValidator.ts b/src/runtime/server/middleware/xssValidator.ts
@@ -1,7 +1,5 @@
-import { defineEventHandler, createError, getQuery, readBody } from 'h3'
 import { FilterXSS } from 'xss'
-// @ts-ignore
-import { getRouteRules } from '#imports'
+import { defineEventHandler, createError, getQuery, readBody, getRouteRules } from '#imports'
 
 export default defineEventHandler(async (event) => {
   const routeRules = getRouteRules(event)

diff --git a/src/runtime/server/tsconfig.json b/src/runtime/server/tsconfig.json
@@ -0,0 +1,9 @@
+{
+  "extends": "../../../.nuxt/tsconfig.server.json",
+  "exclude": [
+    "../../../docs",
+    "../../../dist",
+    "../../../test",
+    "../../../playground"
+  ]
+}
diff --git a/src/types/index.ts b/src/types/index.ts
@@ -1,8 +1,8 @@
-import { ModuleOptions as CsrfOptions } from 'nuxt-csurf'
+import type { ModuleOptions as CsrfOptions } from 'nuxt-csurf'
 import type { Options as RemoveOptions } from 'unplugin-remove/types'
 
-import { SecurityHeaders } from './headers'
-import { AllowedHTTPMethods, BasicAuth, CorsOptions, RateLimiter, RequestSizeLimiter, XssValidator } from './middlewares'
+import type { SecurityHeaders } from './headers'
+import type { AllowedHTTPMethods, BasicAuth, CorsOptions, RateLimiter, RequestSizeLimiter, XssValidator } from './middlewares'
 
 export type Ssg = {
   hashScripts?: boolean;

diff --git a/test/fixtures/basicAuth/.nuxtrc b/test/fixtures/basicAuth/.nuxtrc
@@ -0,0 +1 @@
+imports.autoImport=true
diff --git a/test/fixtures/basicAuth/server/api/hello.ts b/test/fixtures/basicAuth/server/api/hello.ts
@@ -1,3 +1 @@
-import { defineEventHandler } from 'h3'
-
 export default defineEventHandler(() => 'Hello World')
diff --git a/test/fixtures/nonce/.nuxtrc b/test/fixtures/nonce/.nuxtrc
@@ -0,0 +1 @@
+imports.autoImport=true
diff --git a/test/fixtures/nonce/server/api/generated-script.ts b/test/fixtures/nonce/server/api/generated-script.ts
@@ -1,5 +1,3 @@
-import { defineEventHandler } from 'h3'
-
 export default defineEventHandler((event) => {
   event.node.res.setHeader('Content-Type', 'application/javascript')
   return 'console.log("Hello World")'

diff --git a/test/fixtures/nonce/server/api/nonce-exempt.ts b/test/fixtures/nonce/server/api/nonce-exempt.ts
@@ -1,3 +1 @@
-import { defineEventHandler } from 'h3'
-
 export default defineEventHandler(() => 'Hello World')
diff --git a/test/fixtures/tsconfig.json b/test/fixtures/tsconfig.json
@@ -0,0 +1,3 @@
+{
+  "extends": "../../playground/.nuxt/tsconfig.json"
+}
diff --git a/tsconfig.json b/tsconfig.json
@@ -1,3 +1,3 @@
 {
-  "extends": "./playground/.nuxt/tsconfig.json"
+  "extends": "./.nuxt/tsconfig.json"
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		shamefully-hoist=true
		strict-peer-dependencies=false
Original file line number	Diff line number	Diff line change
		@@ -1,3 +1 @@
		import { defineEventHandler } from 'h3'

		export default defineEventHandler(() => 'Hello World')