Restore project source code

EvanHahn · EvanHahn · commit c1eab3af331a · 2023-04-09T17:16:00.000Z
Helmet v7 is going to drop support for the `Expect-CT` header. I still plan to keep the code maintained in the `expect-ct` package, and restoring this source code lets me do that. Conceptually, this is a revert of fcb65b1. However, it removes the build system and many other (development-only) dependencies.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -0,0 +1,11 @@
+{
+  "env": {
+    "commonjs": true,
+    "es2021": true,
+    "node": true
+  },
+  "extends": "eslint:recommended",
+  "parserOptions": {
+    "ecmaVersion": "latest"
+  }
+}
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -0,0 +1,26 @@
+name: Node.js CI
+
+on: [push]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x]
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: npm ci
+      - run: npm test
+        env:
+          CI: true
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+/node_modules/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,33 @@
+# Changelog
+
+## 1.0.0 - 2020-08-02
+
+### Changed
+
+- If `maxAge` is `undefined`, it will be set to `0`
+- If `maxAge` is not an integer, it will be rounded down
+
+### Removed
+
+- Dropped support for old Node versions. Node 10+ is now required
+
+## 0.3.0 - 2019-09-01
+
+### Changed
+
+- Dropped support for Node <8
+- You must now pass a positive integer for `maxAge` (instead of any positive number)
+- You cannot pass `undefined` for `maxAge` (though you can still omit the property)
+
+## 0.2.0 - 2019-05-04
+
+### Added
+
+- TypeScript type definitions. See [helmetjs/helmet#188](https://github.com/helmetjs/helmet/issues/188)
+- Additional package metadata (bugs, homepage, etc)
+
+### Changed
+
+- Updated documentation
+
+Changes in versions 0.1.1 and below can be found in [Helmet's changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md).
diff --git a/README.md b/README.md
@@ -1,3 +1,29 @@
-The source code for this module has moved.
+# Expect-CT middleware
 
-[See the Helmet repository](https://github.com/helmetjs/helmet) for the updated source.
+The `Expect-CT` HTTP header tells browsers to expect Certificate Transparency. For more, see [this blog post](https://scotthelme.co.uk/a-new-security-header-expect-ct/) and the [article on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT).
+
+Usage:
+
+```javascript
+const expectCt = require("expect-ct");
+
+// Sets Expect-CT: max-age=123
+app.use(expectCt({ maxAge: 123 }));
+
+// Sets Expect-CT: enforce, max-age=123
+app.use(
+  expectCt({
+    enforce: true,
+    maxAge: 123,
+  })
+);
+
+// Sets Expect-CT: enforce, max-age=30, report-uri="https://example.com/report"
+app.use(
+  expectCt({
+    enforce: true,
+    maxAge: 30,
+    reportUri: "https://example.com/report",
+  })
+);
+```
diff --git a/index.d.ts b/index.d.ts
@@ -0,0 +1,13 @@
+import { IncomingMessage, ServerResponse } from "http";
+
+export interface ExpectCtOptions {
+  maxAge?: number;
+  enforce?: boolean;
+  reportUri?: string;
+}
+
+declare function expectCt(
+  options?: Readonly<ExpectCtOptions>
+): (_req: IncomingMessage, res: ServerResponse, next: () => void) => void;
+
+export default expectCt;
diff --git a/index.js b/index.js
@@ -0,0 +1,36 @@
+function parseMaxAge(value = 0) {
+  if (value >= 0 && Number.isFinite(value)) {
+    return Math.floor(value);
+  } else {
+    throw new Error(
+      `Expect-CT: ${JSON.stringify(
+        value
+      )} is not a valid value for maxAge. Please choose a positive integer.`
+    );
+  }
+}
+
+function getHeaderValueFromOptions(options) {
+  const directives = [`max-age=${parseMaxAge(options.maxAge)}`];
+
+  if (options.enforce) {
+    directives.push("enforce");
+  }
+
+  if (options.reportUri) {
+    directives.push(`report-uri="${options.reportUri}"`);
+  }
+
+  return directives.join(", ");
+}
+
+function expectCt(options = {}) {
+  const headerValue = getHeaderValueFromOptions(options);
+
+  return function expectCtMiddleware(_req, res, next) {
+    res.setHeader("Expect-CT", headerValue);
+    next();
+  };
+}
+
+module.exports = expectCt;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/test.js b/test.js
