npm - @dynamicu/chromedebug-mcp - Versions diffs - 2.2.0 - Mend

@dynamicu/chromedebug-mcp 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

package/CLAUDE.md +344 -0
package/LICENSE +21 -0
package/README.md +250 -0
package/chrome-extension/README.md +41 -0
package/chrome-extension/background.js +3917 -0
package/chrome-extension/chrome-session-manager.js +706 -0
package/chrome-extension/content.css +181 -0
package/chrome-extension/content.js +3022 -0
package/chrome-extension/data-buffer.js +435 -0
package/chrome-extension/dom-tracker.js +411 -0
package/chrome-extension/extension-config.js +78 -0
package/chrome-extension/firebase-client.js +278 -0
package/chrome-extension/firebase-config.js +32 -0
package/chrome-extension/firebase-config.module.js +22 -0
package/chrome-extension/firebase-config.module.template.js +27 -0
package/chrome-extension/firebase-config.template.js +36 -0
package/chrome-extension/frame-capture.js +407 -0
package/chrome-extension/icon128.png +1 -0
package/chrome-extension/icon16.png +1 -0
package/chrome-extension/icon48.png +1 -0
package/chrome-extension/license-helper.js +181 -0
package/chrome-extension/logger.js +23 -0
package/chrome-extension/manifest.json +73 -0
package/chrome-extension/network-tracker.js +510 -0
package/chrome-extension/offscreen.html +10 -0
package/chrome-extension/options.html +203 -0
package/chrome-extension/options.js +282 -0
package/chrome-extension/pako.min.js +2 -0
package/chrome-extension/performance-monitor.js +533 -0
package/chrome-extension/pii-redactor.js +405 -0
package/chrome-extension/popup.html +532 -0
package/chrome-extension/popup.js +2446 -0
package/chrome-extension/upload-manager.js +323 -0
package/chrome-extension/web-vitals.iife.js +1 -0
package/config/api-keys.json +11 -0
package/config/chrome-pilot-config.json +45 -0
package/package.json +126 -0
package/scripts/cleanup-processes.js +109 -0
package/scripts/config-manager.js +280 -0
package/scripts/generate-extension-config.js +53 -0
package/scripts/setup-security.js +64 -0
package/src/capture/architecture.js +426 -0
package/src/capture/error-handling-tests.md +38 -0
package/src/capture/error-handling-types.ts +360 -0
package/src/capture/index.js +508 -0
package/src/capture/interfaces.js +625 -0
package/src/capture/memory-manager.js +713 -0
package/src/capture/types.js +342 -0
package/src/chrome-controller.js +2658 -0
package/src/cli.js +19 -0
package/src/config-loader.js +303 -0
package/src/database.js +2178 -0
package/src/firebase-license-manager.js +462 -0
package/src/firebase-privacy-guard.js +397 -0
package/src/http-server.js +1516 -0
package/src/index-direct.js +157 -0
package/src/index-modular.js +219 -0
package/src/index-monolithic-backup.js +2230 -0
package/src/index.js +305 -0
package/src/legacy/chrome-controller-old.js +1406 -0
package/src/legacy/index-express.js +625 -0
package/src/legacy/index-old.js +977 -0
package/src/legacy/routes.js +260 -0
package/src/legacy/shared-storage.js +101 -0
package/src/logger.js +10 -0
package/src/mcp/handlers/chrome-tool-handler.js +306 -0
package/src/mcp/handlers/element-tool-handler.js +51 -0
package/src/mcp/handlers/frame-tool-handler.js +957 -0
package/src/mcp/handlers/request-handler.js +104 -0
package/src/mcp/handlers/workflow-tool-handler.js +636 -0
package/src/mcp/server.js +68 -0
package/src/mcp/tools/index.js +701 -0
package/src/middleware/auth.js +371 -0
package/src/middleware/security.js +267 -0
package/src/port-discovery.js +258 -0
package/src/routes/admin.js +182 -0
package/src/services/browser-daemon.js +494 -0
package/src/services/chrome-service.js +375 -0
package/src/services/failover-manager.js +412 -0
package/src/services/git-safety-service.js +675 -0
package/src/services/heartbeat-manager.js +200 -0
package/src/services/http-client.js +195 -0
package/src/services/process-manager.js +318 -0
package/src/services/process-tracker.js +574 -0
package/src/services/profile-manager.js +449 -0
package/src/services/project-manager.js +415 -0
package/src/services/session-manager.js +497 -0
package/src/services/session-registry.js +491 -0
package/src/services/unified-session-manager.js +678 -0
package/src/shared-storage-old.js +267 -0
package/src/standalone-server.js +53 -0
package/src/utils/extension-path.js +145 -0
package/src/utils.js +187 -0
package/src/validation/log-transformer.js +125 -0
package/src/validation/schemas.js +391 -0

package/src/middleware/auth.js ADDED Viewed

@@ -0,0 +1,371 @@
+import jwt from 'jsonwebtoken';
+import bcrypt from 'bcrypt';
+import { v4 as uuidv4 } from 'uuid';
+import path from 'path';
+import fs from 'fs';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+// Configuration
+const JWT_SECRET = process.env.JWT_SECRET || 'chrome-pilot-secret-key-change-in-production';
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '24h';
+const API_KEYS_FILE = path.join(__dirname, '../../config/api-keys.json');
+// Ensure config directory exists
+const configDir = path.dirname(API_KEYS_FILE);
+if (!fs.existsSync(configDir)) {
+  fs.mkdirSync(configDir, { recursive: true });
+}
+// Load or initialize API keys
+let apiKeys = [];
+try {
+  if (fs.existsSync(API_KEYS_FILE)) {
+    apiKeys = JSON.parse(fs.readFileSync(API_KEYS_FILE, 'utf8'));
+  }
+} catch (error) {
+  console.error('Error loading API keys:', error);
+  apiKeys = [];
+}
+// Save API keys to file
+function saveApiKeys() {
+  try {
+    fs.writeFileSync(API_KEYS_FILE, JSON.stringify(apiKeys, null, 2));
+  } catch (error) {
+    console.error('Error saving API keys:', error);
+  }
+}
+// Roles and permissions
+const ROLES = {
+  ADMIN: 'admin',
+  USER: 'user',
+  READONLY: 'readonly'
+};
+// MCP Service roles for internal service-to-service communication
+const MCP_SERVICE_ROLES = {
+  MCP_CLIENT: 'mcp_client'
+};
+const PERMISSIONS = {
+  CHROME_CONTROL: 'chrome:control',
+  WORKFLOW_READ: 'workflow:read',
+  WORKFLOW_WRITE: 'workflow:write',
+  WORKFLOW_DELETE: 'workflow:delete',
+  FRAME_READ: 'frame:read',
+  FRAME_WRITE: 'frame:write',
+  ADMIN_MANAGE: 'admin:manage'
+};
+const ROLE_PERMISSIONS = {
+  [ROLES.ADMIN]: Object.values(PERMISSIONS),
+  [ROLES.USER]: [
+    PERMISSIONS.CHROME_CONTROL,
+    PERMISSIONS.WORKFLOW_READ,
+    PERMISSIONS.WORKFLOW_WRITE,
+    PERMISSIONS.WORKFLOW_DELETE,
+    PERMISSIONS.FRAME_READ,
+    PERMISSIONS.FRAME_WRITE
+  ],
+  [ROLES.READONLY]: [
+    PERMISSIONS.WORKFLOW_READ,
+    PERMISSIONS.FRAME_READ
+  ],
+  [MCP_SERVICE_ROLES.MCP_CLIENT]: [
+    PERMISSIONS.WORKFLOW_READ,
+    PERMISSIONS.FRAME_READ
+  ]
+};
+// Generate secure API key
+export function generateApiKey(name, role = ROLES.USER) {
+  const apiKey = `cp_${uuidv4().replace(/-/g, '')}`;
+  const hashedKey = bcrypt.hashSync(apiKey, 12);
+  const keyData = {
+    id: uuidv4(),
+    name,
+    role,
+    hashedKey,
+    createdAt: new Date().toISOString(),
+    lastUsed: null,
+    active: true
+  };
+  apiKeys.push(keyData);
+  saveApiKeys();
+  return { apiKey, keyData: { ...keyData, hashedKey: undefined } };
+}
+// Validate API key
+function validateApiKey(apiKey) {
+  if (!apiKey) return null;
+  for (const keyData of apiKeys) {
+    if (keyData.active && bcrypt.compareSync(apiKey, keyData.hashedKey)) {
+      // Update last used timestamp
+      keyData.lastUsed = new Date().toISOString();
+      saveApiKeys();
+      return keyData;
+    }
+  }
+  return null;
+}
+// Generate JWT token
+export function generateJWT(payload) {
+  return jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+}
+// Verify JWT token
+function verifyJWT(token) {
+  try {
+    return jwt.verify(token, JWT_SECRET);
+  } catch (error) {
+    return null;
+  }
+}
+// Authentication middleware
+export function authenticate(req, res, next) {
+  // Debug logging for authentication flow
+  console.log(`[AUTH-DEBUG] ${new Date().toISOString()} - ${req.method} ${req.originalUrl}`);
+  console.log(`[AUTH-DEBUG] Client IP: ${req.ip}`);
+  console.log(`[AUTH-DEBUG] X-Forwarded-For: ${req.headers['x-forwarded-for'] || 'none'}`);
+  console.log(`[AUTH-DEBUG] User-Agent: ${req.headers['user-agent'] || 'none'}`);
+  console.log(`[AUTH-DEBUG] Authorization header present: ${!!req.headers.authorization}`);
+  console.log(`[AUTH-DEBUG] X-API-Key header present: ${!!req.headers['x-api-key']}`);
+  console.log(`[AUTH-DEBUG] X-Service-Token header present: ${!!req.headers['x-service-token']}`);
+  // Allow localhost requests from Chrome extension
+  const isLocalhost = req.ip === '::1' || req.ip === '127.0.0.1' || req.ip === '::ffff:127.0.0.1';
+  console.log(`[AUTH-DEBUG] Is localhost: ${isLocalhost}`);
+  if (isLocalhost) {
+    // Set a synthetic user for localhost requests with explicit permissions
+    req.user = {
+      id: 'localhost',
+      name: 'Chrome Extension (Localhost)',
+      role: 'USER',
+      authMethod: 'localhost-bypass',
+      permissions: [
+        PERMISSIONS.CHROME_CONTROL,
+        PERMISSIONS.WORKFLOW_READ,
+        PERMISSIONS.WORKFLOW_WRITE,
+        PERMISSIONS.WORKFLOW_DELETE,
+        PERMISSIONS.FRAME_READ,
+        PERMISSIONS.FRAME_WRITE
+      ]
+    };
+    console.log(`[AUTH-DEBUG] ✅ Localhost bypass granted for user:`, req.user);
+    return next();
+  }
+  const authHeader = req.headers.authorization;
+  const apiKey = req.headers['x-api-key'];
+  const serviceToken = req.headers['x-service-token'];
+  let user = null;
+  // Check Bearer token (JWT)
+  if (authHeader && authHeader.startsWith('Bearer ')) {
+    const token = authHeader.substring(7);
+    const decoded = verifyJWT(token);
+    if (decoded) {
+      user = decoded;
+    }
+  }
+  // Check API key
+  if (!user && apiKey) {
+    const keyData = validateApiKey(apiKey);
+    if (keyData) {
+      user = {
+        id: keyData.id,
+        name: keyData.name,
+        role: keyData.role,
+        authMethod: 'api-key'
+      };
+    }
+  }
+  // Check MCP service token
+  if (!user && serviceToken) {
+    const isValidServiceToken = validateServiceToken(serviceToken);
+    if (isValidServiceToken) {
+      user = {
+        id: 'mcp-service',
+        name: 'MCP Service',
+        role: MCP_SERVICE_ROLES.MCP_CLIENT,
+        authMethod: 'service-token'
+      };
+    }
+  }
+  if (!user) {
+    console.log(`[AUTH-DEBUG] ❌ Authentication failed - no valid credentials found`);
+    return res.status(401).json({
+      error: 'Authentication required',
+      message: 'Please provide a valid API key, Bearer token, or service token',
+      debug: {
+        clientIp: req.ip,
+        userAgent: req.headers['user-agent'],
+        timestamp: new Date().toISOString()
+      }
+    });
+  }
+  console.log(`[AUTH-DEBUG] ✅ Authentication successful for user:`, {
+    id: user.id,
+    name: user.name,
+    role: user.role,
+    authMethod: user.authMethod
+  });
+  req.user = user;
+  next();
+}
+// Authorization middleware
+export function authorize(requiredPermission) {
+  return (req, res, next) => {
+    const user = req.user;
+    if (!user) {
+      return res.status(401).json({ error: 'Authentication required' });
+    }
+    // Get permissions from role-based mapping
+    const rolePermissions = ROLE_PERMISSIONS[user.role] || [];
+    // Also check explicit permissions on user object (for localhost bypass, etc.)
+    const explicitPermissions = user.permissions || [];
+    // Combine both permission sources
+    const userPermissions = [...new Set([...rolePermissions, ...explicitPermissions])];
+    if (!userPermissions.includes(requiredPermission)) {
+      return res.status(403).json({
+        error: 'Insufficient permissions',
+        required: requiredPermission,
+        userRole: user.role,
+        userPermissions: userPermissions
+      });
+    }
+    next();
+  };
+}
+// Admin-only middleware
+export function requireAdmin(req, res, next) {
+  if (!req.user || req.user.role !== ROLES.ADMIN) {
+    return res.status(403).json({
+      error: 'Admin access required'
+    });
+  }
+  next();
+}
+// API key management functions
+export function listApiKeys() {
+  return apiKeys.map(key => ({
+    id: key.id,
+    name: key.name,
+    role: key.role,
+    createdAt: key.createdAt,
+    lastUsed: key.lastUsed,
+    active: key.active
+  }));
+}
+export function revokeApiKey(keyId) {
+  const key = apiKeys.find(k => k.id === keyId);
+  if (key) {
+    key.active = false;
+    saveApiKeys();
+    return true;
+  }
+  return false;
+}
+export function activateApiKey(keyId) {
+  const key = apiKeys.find(k => k.id === keyId);
+  if (key) {
+    key.active = true;
+    saveApiKeys();
+    return true;
+  }
+  return false;
+}
+export function deleteApiKey(keyId) {
+  const index = apiKeys.findIndex(k => k.id === keyId);
+  if (index !== -1) {
+    apiKeys.splice(index, 1);
+    saveApiKeys();
+    return true;
+  }
+  return false;
+}
+// Initialize with default admin key if no keys exist
+if (apiKeys.length === 0) {
+  const defaultAdmin = generateApiKey('Default Admin', ROLES.ADMIN);
+  console.log('=== Chrome Debug Security Initialization ===');
+  console.log('Generated default admin API key:');
+  console.log(`API Key: ${defaultAdmin.apiKey}`);
+  console.log('Please save this key securely and create additional keys as needed.');
+  console.log('============================================');
+}
+// Generate MCP service token
+export function generateServiceToken() {
+  const serviceToken = `mcp_${uuidv4().replace(/-/g, '')}`;
+  return serviceToken;
+}
+// Validate MCP service token
+function validateServiceToken(token) {
+  const expectedToken = process.env.MCP_SERVICE_TOKEN;
+  if (!expectedToken) {
+    console.warn('MCP_SERVICE_TOKEN not set. Service authentication disabled.');
+    return false;
+  }
+  return token === expectedToken;
+}
+// Initialize MCP service token if not set
+function initializeMcpServiceToken() {
+  if (!process.env.MCP_SERVICE_TOKEN) {
+    const serviceToken = generateServiceToken();
+    process.env.MCP_SERVICE_TOKEN = serviceToken;
+    console.log('=== ChromeDebug MCP Service Token ===');
+    console.log(`Generated MCP service token: ${serviceToken}`);
+    console.log('This token allows MCP clients to access recordings.');
+    console.log('======================================');
+    // Optionally save to .env file for persistence
+    try {
+      const envPath = path.join(__dirname, '../../.env');
+      const envContent = fs.existsSync(envPath) ? fs.readFileSync(envPath, 'utf8') : '';
+      if (!envContent.includes('MCP_SERVICE_TOKEN=')) {
+        const newEnvContent = envContent + (envContent.endsWith('\n') ? '' : '\n') + `MCP_SERVICE_TOKEN=${serviceToken}\n`;
+        fs.writeFileSync(envPath, newEnvContent);
+        console.log('MCP service token saved to .env file');
+      }
+    } catch (error) {
+      console.log('Could not save MCP service token to .env file:', error.message);
+    }
+  }
+}
+// Initialize MCP service token on module load
+initializeMcpServiceToken();
+export { ROLES, PERMISSIONS, ROLE_PERMISSIONS, MCP_SERVICE_ROLES, validateServiceToken };

package/src/middleware/security.js ADDED Viewed

@@ -0,0 +1,267 @@
+import helmet from 'helmet';
+import rateLimit from 'express-rate-limit';
+import cors from 'cors';
+// Environment configuration
+const isDevelopment = process.env.NODE_ENV === 'development';
+const isProduction = process.env.NODE_ENV === 'production';
+// Trusted origins configuration
+const trustedOrigins = [
+  // Chrome extension origins
+  'chrome-extension://*',
+  // VS Code extension
+  'vscode-webview://*',
+  // Local development (always allowed for Chrome extension compatibility)
+  'http://localhost:*',
+  'http://127.0.0.1:*',
+  'http://0.0.0.0:*',
+  // Add production origins from environment
+  ...(process.env.TRUSTED_ORIGINS ? process.env.TRUSTED_ORIGINS.split(',') : [])
+];
+// CORS configuration
+export const corsOptions = {
+  origin: function (origin, callback) {
+    // Allow requests with no origin (mobile apps, Postman, etc.)
+    if (!origin) return callback(null, true);
+    // Check if origin matches any trusted pattern
+    const isAllowed = trustedOrigins.some(pattern => {
+      if (pattern.includes('*')) {
+        const regex = new RegExp(pattern.replace(/\*/g, '.*'));
+        return regex.test(origin);
+      }
+      return pattern === origin;
+    });
+    if (isAllowed) {
+      callback(null, true);
+    } else {
+      console.warn(`CORS: Blocked origin ${origin}`);
+      callback(new Error('Not allowed by CORS policy'));
+    }
+  },
+  credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'X-API-Key', 'X-Requested-With'],
+  exposedHeaders: ['X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-RateLimit-Reset']
+};
+// Security headers configuration
+export const securityHeaders = helmet({
+  contentSecurityPolicy: {
+    directives: {
+      defaultSrc: ["'self'"],
+      scriptSrc: ["'self'", "'unsafe-inline'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      imgSrc: ["'self'", "data:", "blob:"],
+      connectSrc: ["'self'", "ws:", "wss:"],
+      fontSrc: ["'self'"],
+      objectSrc: ["'none'"],
+      mediaSrc: ["'self'", "blob:"],
+      frameSrc: ["'none'"]
+    }
+  },
+  crossOriginEmbedderPolicy: false, // Allow Chrome extension integration
+  crossOriginOpenerPolicy: false,
+  crossOriginResourcePolicy: { policy: "cross-origin" },
+  hsts: {
+    maxAge: 31536000,
+    includeSubDomains: true,
+    preload: true
+  }
+});
+// Rate limiting configuration
+export const createRateLimit = (options = {}) => {
+  return rateLimit({
+    windowMs: options.windowMs || 15 * 60 * 1000, // 15 minutes
+    max: options.max || 100, // Limit each IP to 100 requests per windowMs
+    message: {
+      error: 'Too many requests',
+      retryAfter: options.windowMs || 15 * 60 * 1000
+    },
+    standardHeaders: true,
+    legacyHeaders: false,
+    // Use user ID for authenticated requests, default for unauthenticated
+    keyGenerator: (req) => {
+      if (req.user?.id) {
+        return `user:${req.user.id}`;
+      }
+      // Let express-rate-limit handle IP address properly (including IPv6)
+      return undefined;
+    },
+    skip: (req) => {
+      // Skip rate limiting for certain endpoints in development
+      if (isDevelopment && req.path === '/chromedebug/status') {
+        return true;
+      }
+      return false;
+    }
+  });
+};
+// Different rate limits for different endpoint types
+export const rateLimits = {
+  // General API rate limit
+  general: createRateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 1000 // 1000 requests per 15 minutes
+  }),
+  // Authentication endpoints
+  auth: createRateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 10 // 10 auth attempts per 15 minutes
+  }),
+  // File upload endpoints
+  upload: createRateLimit({
+    windowMs: 5 * 60 * 1000, // 5 minutes
+    max: 20 // 20 uploads per 5 minutes
+  }),
+  // Chrome control endpoints (more restrictive)
+  chromeControl: createRateLimit({
+    windowMs: 1 * 60 * 1000, // 1 minute
+    max: 60 // 60 control actions per minute
+  }),
+  // Status endpoints (less restrictive)
+  status: createRateLimit({
+    windowMs: 1 * 60 * 1000, // 1 minute
+    max: 100 // 100 status checks per minute
+  })
+};
+// Request size limits
+export const requestSizeLimits = {
+  // Standard JSON requests
+  json: '10mb',
+  // Form data (for file uploads)
+  urlencoded: '10mb',
+  // Large uploads (frame batches, screenshots)
+  largeUpload: '50mb'
+};
+// Security audit logging
+export function securityLogger(req, res, next) {
+  const start = Date.now();
+  // Log sensitive operations
+  const sensitiveEndpoints = [
+    '/chromedebug/workflow-recording',
+    '/chromedebug/frame-batch',
+    '/chromedebug/evaluate',
+    '/chromedebug/launch',
+    '/chromedebug/navigate'
+  ];
+  const isSensitive = sensitiveEndpoints.some(endpoint =>
+    req.path.startsWith(endpoint)
+  );
+  if (isSensitive) {
+    console.log(`[Security] ${req.method} ${req.path} - User: ${req.user?.name || 'unauthenticated'} - IP: ${req.ip}`);
+  }
+  // Track response time for monitoring
+  res.on('finish', () => {
+    const duration = Date.now() - start;
+    if (duration > 5000) { // Log slow requests
+      console.warn(`[Performance] Slow request: ${req.method} ${req.path} - ${duration}ms`);
+    }
+  });
+  next();
+}
+// Request validation middleware
+export function validateRequest(schema) {
+  return (req, res, next) => {
+    const { error, value } = schema.validate(req.body, {
+      abortEarly: false,
+      stripUnknown: true
+    });
+    if (error) {
+      return res.status(400).json({
+        error: 'Validation failed',
+        details: error.details.map(detail => ({
+          field: detail.path.join('.'),
+          message: detail.message
+        }))
+      });
+    }
+    req.validatedBody = value;
+    next();
+  };
+}
+// Error handling for security middleware
+export function securityErrorHandler(err, req, res, next) {
+  // CORS errors
+  if (err.message.includes('CORS')) {
+    return res.status(403).json({
+      error: 'CORS policy violation',
+      message: 'Origin not allowed'
+    });
+  }
+  // Rate limiting errors
+  if (err.status === 429) {
+    return res.status(429).json({
+      error: 'Rate limit exceeded',
+      message: 'Too many requests, please try again later'
+    });
+  }
+  // Security headers errors
+  if (err.code === 'EBADCSRFTOKEN') {
+    return res.status(403).json({
+      error: 'Invalid CSRF token'
+    });
+  }
+  // Default security error response
+  console.error('[Security Error]', err);
+  res.status(500).json({
+    error: 'Security error',
+    message: 'An internal security error occurred'
+  });
+}
+// IP whitelisting (if needed)
+export function createIPWhitelist(allowedIPs = []) {
+  return (req, res, next) => {
+    if (allowedIPs.length === 0) {
+      return next(); // No restrictions if no IPs specified
+    }
+    const clientIP = req.ip || req.connection.remoteAddress;
+    if (!allowedIPs.includes(clientIP)) {
+      console.warn(`[Security] Blocked IP: ${clientIP}`);
+      return res.status(403).json({
+        error: 'IP not whitelisted'
+      });
+    }
+    next();
+  };
+}
+export default {
+  corsOptions,
+  securityHeaders,
+  rateLimits,
+  requestSizeLimits,
+  securityLogger,
+  validateRequest,
+  securityErrorHandler,
+  createIPWhitelist
+};