@noony-serverless/core 0.1.0

package/build/middlewares/rateLimitingMiddleware.d.ts

@@ -0,0 +1,157 @@
+import { BaseMiddleware, Context } from '../core';
+export interface RateLimitOptions {
+    /**
+     * Maximum number of requests per window
+     * @default 100
+     */
+    maxRequests?: number;
+    /**
+     * Time window in milliseconds
+     * @default 60000 (1 minute)
+     */
+    windowMs?: number;
+    /**
+     * Function to generate rate limiting key
+     * @default Uses IP address
+     */
+    keyGenerator?: (context: Context) => string;
+    /**
+     * Custom error message
+     * @default 'Too many requests, please try again later'
+     */
+    message?: string;
+    /**
+     * HTTP status code for rate limit exceeded
+     * @default 429
+     */
+    statusCode?: number;
+    /**
+     * Skip rate limiting for certain requests
+     */
+    skip?: (context: Context) => boolean;
+    /**
+     * Headers to include in response
+     */
+    headers?: boolean;
+    /**
+     * Different limits for different request types
+     */
+    dynamicLimits?: {
+        [key: string]: {
+            maxRequests: number;
+            windowMs: number;
+            matcher: (context: Context) => boolean;
+        };
+    };
+    /**
+     * Storage backend (default: in-memory)
+     * Use Redis or other persistent storage in production
+     */
+    store?: RateLimitStore;
+}
+export interface RateLimitStore {
+    increment(key: string, windowMs: number): Promise<{
+        count: number;
+        resetTime: number;
+    }>;
+    get(key: string): Promise<{
+        count: number;
+        resetTime: number;
+    } | null>;
+    reset(key: string): Promise<void>;
+}
+export interface RateLimitInfo {
+    limit: number;
+    current: number;
+    remaining: number;
+    resetTime: number;
+}
+/**
+ * In-memory rate limit store (use Redis in production)
+ */
+declare class MemoryStore implements RateLimitStore {
+    private store;
+    private cleanupInterval;
+    constructor();
+    increment(key: string, windowMs: number): Promise<{
+        count: number;
+        resetTime: number;
+    }>;
+    get(key: string): Promise<{
+        count: number;
+        resetTime: number;
+    } | null>;
+    reset(key: string): Promise<void>;
+    private cleanup;
+    destroy(): void;
+}
+/**
+ * Rate Limiting Middleware
+ * Implements sliding window rate limiting with comprehensive features
+ */
+export declare class RateLimitingMiddleware implements BaseMiddleware {
+    private store;
+    private options;
+    constructor(options?: RateLimitOptions);
+    before(context: Context): Promise<void>;
+}
+/**
+ * Rate Limiting Middleware Factory
+ * @param options Rate limiting configuration
+ * @returns BaseMiddleware
+ */
+export declare const rateLimiting: (options?: RateLimitOptions) => BaseMiddleware;
+/**
+ * Predefined rate limit configurations
+ */
+export declare const RateLimitPresets: {
+    /**
+     * Very strict limits for sensitive endpoints
+     */
+    readonly STRICT: {
+        maxRequests: number;
+        windowMs: number;
+        message: string;
+    };
+    /**
+     * Standard API limits
+     */
+    readonly API: {
+        maxRequests: number;
+        windowMs: number;
+        dynamicLimits: {
+            authenticated: {
+                maxRequests: number;
+                windowMs: number;
+                matcher: (context: Context) => boolean;
+            };
+        };
+    };
+    /**
+     * Authentication endpoint limits
+     */
+    readonly AUTH: {
+        maxRequests: number;
+        windowMs: number;
+        message: string;
+    };
+    /**
+     * Public endpoint limits
+     */
+    readonly PUBLIC: {
+        maxRequests: number;
+        windowMs: number;
+    };
+    /**
+     * Development mode - very permissive
+     */
+    readonly DEVELOPMENT: {
+        maxRequests: number;
+        windowMs: number;
+    };
+};
+/**
+ * Export memory store for testing and custom implementations
+ */
+export { MemoryStore };
+//# sourceMappingURL=rateLimitingMiddleware.d.ts.map

package/build/middlewares/rateLimitingMiddleware.js

@@ -0,0 +1,237 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryStore = exports.RateLimitPresets = exports.rateLimiting = exports.RateLimitingMiddleware = void 0;
+const core_1 = require("../core");
+const logger_1 = require("../core/logger");
+/**
+ * In-memory rate limit store (use Redis in production)
+ */
+class MemoryStore {
+    store = new Map();
+    cleanupInterval;
+    constructor() {
+        // Cleanup expired entries every 5 minutes
+        this.cleanupInterval = setInterval(() => {
+            this.cleanup();
+        }, 5 * 60 * 1000);
+    }
+    async increment(key, windowMs) {
+        const now = Date.now();
+        const resetTime = now + windowMs;
+        const existing = this.store.get(key);
+        if (existing && now < existing.resetTime) {
+            existing.count++;
+            return existing;
+        }
+        else {
+            const newEntry = { count: 1, resetTime };
+            this.store.set(key, newEntry);
+            return newEntry;
+        }
+    }
+    async get(key) {
+        const entry = this.store.get(key);
+        if (entry && Date.now() < entry.resetTime) {
+            return entry;
+        }
+        if (entry) {
+            this.store.delete(key);
+        }
+        return null;
+    }
+    async reset(key) {
+        this.store.delete(key);
+    }
+    cleanup() {
+        const now = Date.now();
+        for (const [key, entry] of this.store.entries()) {
+            if (now >= entry.resetTime) {
+                this.store.delete(key);
+            }
+        }
+    }
+    destroy() {
+        clearInterval(this.cleanupInterval);
+        this.store.clear();
+    }
+}
+exports.MemoryStore = MemoryStore;
+/**
+ * Default key generator using IP address with user identification
+ */
+const defaultKeyGenerator = (context) => {
+    const ip = context.req.ip ||
+        (Array.isArray(context.req.headers?.['x-forwarded-for'])
+            ? context.req.headers['x-forwarded-for'][0]
+            : context.req.headers?.['x-forwarded-for']) ||
+        'unknown';
+    // Include user ID if authenticated for per-user limits
+    const userId = context.user && typeof context.user === 'object' && 'sub' in context.user
+        ? context.user.sub
+        : null;
+    return userId ? `user:${userId}` : `ip:${ip}`;
+};
+/**
+ * Apply rate limit headers to response
+ */
+const setRateLimitHeaders = (context, info) => {
+    context.res.header('X-RateLimit-Limit', String(info.limit));
+    context.res.header('X-RateLimit-Remaining', String(Math.max(0, info.remaining)));
+    context.res.header('X-RateLimit-Reset', String(Math.ceil(info.resetTime / 1000)));
+    context.res.header('Retry-After', String(Math.ceil((info.resetTime - Date.now()) / 1000)));
+};
+/**
+ * Determine the appropriate rate limit for the request
+ */
+const getRateLimit = (context, options) => {
+    // Check dynamic limits first
+    if (options.dynamicLimits) {
+        for (const [name, config] of Object.entries(options.dynamicLimits)) {
+            if (config.matcher(context)) {
+                logger_1.logger.debug('Applied dynamic rate limit', {
+                    limitName: name,
+                    maxRequests: config.maxRequests,
+                    windowMs: config.windowMs,
+                });
+                return { maxRequests: config.maxRequests, windowMs: config.windowMs };
+            }
+        }
+    }
+    // Default limits
+    return {
+        maxRequests: options.maxRequests || 100,
+        windowMs: options.windowMs || 60000,
+    };
+};
+/**
+ * Rate Limiting Middleware
+ * Implements sliding window rate limiting with comprehensive features
+ */
+class RateLimitingMiddleware {
+    store;
+    options;
+    constructor(options = {}) {
+        this.store = options.store || new MemoryStore();
+        this.options = {
+            maxRequests: 100,
+            windowMs: 60000,
+            message: 'Too many requests, please try again later',
+            statusCode: 429,
+            headers: true,
+            keyGenerator: options.keyGenerator || defaultKeyGenerator,
+            skip: options.skip,
+            dynamicLimits: options.dynamicLimits,
+            store: options.store,
+        };
+    }
+    async before(context) {
+        // Skip rate limiting if configured
+        if (this.options.skip && this.options.skip(context)) {
+            return;
+        }
+        const key = this.options.keyGenerator(context);
+        const { maxRequests, windowMs } = getRateLimit(context, this.options);
+        try {
+            const result = await this.store.increment(key, windowMs);
+            const rateLimitInfo = {
+                limit: maxRequests,
+                current: result.count,
+                remaining: Math.max(0, maxRequests - result.count),
+                resetTime: result.resetTime,
+            };
+            // Set rate limit headers
+            if (this.options.headers) {
+                setRateLimitHeaders(context, rateLimitInfo);
+            }
+            // Check if limit exceeded
+            if (result.count > maxRequests) {
+                logger_1.logger.warn('Rate limit exceeded', {
+                    key,
+                    count: result.count,
+                    limit: maxRequests,
+                    resetTime: new Date(result.resetTime).toISOString(),
+                    userAgent: context.req.headers?.['user-agent'],
+                    endpoint: context.req.path || context.req.url,
+                });
+                throw new core_1.SecurityError(this.options.message);
+            }
+            // Log approaching limit
+            if (result.count > maxRequests * 0.8) {
+                logger_1.logger.debug('Approaching rate limit', {
+                    key,
+                    count: result.count,
+                    limit: maxRequests,
+                    percentage: Math.round((result.count / maxRequests) * 100),
+                });
+            }
+        }
+        catch (error) {
+            if (error instanceof core_1.SecurityError) {
+                throw error;
+            }
+            // Log store errors but don't block requests
+            logger_1.logger.error('Rate limiting store error', {
+                error: error instanceof Error ? error.message : 'Unknown error',
+                key,
+            });
+        }
+    }
+}
+exports.RateLimitingMiddleware = RateLimitingMiddleware;
+/**
+ * Rate Limiting Middleware Factory
+ * @param options Rate limiting configuration
+ * @returns BaseMiddleware
+ */
+const rateLimiting = (options = {}) => new RateLimitingMiddleware(options);
+exports.rateLimiting = rateLimiting;
+/**
+ * Predefined rate limit configurations
+ */
+exports.RateLimitPresets = {
+    /**
+     * Very strict limits for sensitive endpoints
+     */
+    STRICT: {
+        maxRequests: 5,
+        windowMs: 60000, // 1 minute
+        message: 'Too many requests to sensitive endpoint',
+    },
+    /**
+     * Standard API limits
+     */
+    API: {
+        maxRequests: 100,
+        windowMs: 60000, // 1 minute
+        dynamicLimits: {
+            authenticated: {
+                maxRequests: 1000,
+                windowMs: 60000,
+                matcher: (context) => !!context.user,
+            },
+        },
+    },
+    /**
+     * Authentication endpoint limits
+     */
+    AUTH: {
+        maxRequests: 10,
+        windowMs: 60000, // 1 minute
+        message: 'Too many authentication attempts',
+    },
+    /**
+     * Public endpoint limits
+     */
+    PUBLIC: {
+        maxRequests: 50,
+        windowMs: 60000, // 1 minute
+    },
+    /**
+     * Development mode - very permissive
+     */
+    DEVELOPMENT: {
+        maxRequests: 10000,
+        windowMs: 60000, // 1 minute
+    },
+};
+//# sourceMappingURL=rateLimitingMiddleware.js.map

package/build/middlewares/responseWrapperMiddleware.d.ts

@@ -0,0 +1,11 @@
+import { BaseMiddleware } from '../core/handler';
+import { Context } from '../core/core';
+export declare class ResponseWrapperMiddleware<T> implements BaseMiddleware {
+    after(context: Context): Promise<void>;
+}
+export declare const responseWrapperMiddleware: <T>() => BaseMiddleware;
+/**
+ * Helper function to set response data in context for later wrapping
+ */
+export declare function setResponseData<T>(context: Context, data: T): void;
+//# sourceMappingURL=responseWrapperMiddleware.d.ts.map

package/build/middlewares/responseWrapperMiddleware.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.responseWrapperMiddleware = exports.ResponseWrapperMiddleware = void 0;
+exports.setResponseData = setResponseData;
+const wrapResponse = (context) => {
+    if (!context.res.headersSent) {
+        const statusCode = context.res.statusCode || 200;
+        const body = context.responseData;
+        context.res.status(statusCode).json({
+            success: true,
+            payload: body,
+            timestamp: new Date().toISOString(),
+        });
+    }
+};
+class ResponseWrapperMiddleware {
+    async after(context) {
+        wrapResponse(context);
+    }
+}
+exports.ResponseWrapperMiddleware = ResponseWrapperMiddleware;
+const responseWrapperMiddleware = () => ({
+    after: async (context) => {
+        wrapResponse(context);
+    },
+});
+exports.responseWrapperMiddleware = responseWrapperMiddleware;
+/**
+ * Helper function to set response data in context for later wrapping
+ */
+function setResponseData(context, data) {
+    context.responseData = data;
+}
+//# sourceMappingURL=responseWrapperMiddleware.js.map

package/build/middlewares/securityAuditMiddleware.d.ts

@@ -0,0 +1,124 @@
+import { BaseMiddleware, Context } from '../core';
+export interface SecurityEvent {
+    type: SecurityEventType;
+    severity: SecuritySeverity;
+    timestamp: string;
+    requestId: string;
+    clientIP: string;
+    userAgent?: string;
+    userId?: string;
+    endpoint: string;
+    method: string;
+    details: Record<string, unknown>;
+}
+export type SecurityEventType = 'SUSPICIOUS_REQUEST' | 'AUTHENTICATION_FAILURE' | 'AUTHORIZATION_FAILURE' | 'RATE_LIMIT_EXCEEDED' | 'INVALID_INPUT' | 'TOKEN_MANIPULATION' | 'UNUSUAL_BEHAVIOR' | 'SECURITY_HEADER_VIOLATION' | 'INJECTION_ATTEMPT' | 'MALFORMED_REQUEST';
+export type SecuritySeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+export interface SecurityAuditOptions {
+    /**
+     * Enable detailed request logging
+     * @default false
+     */
+    logRequests?: boolean;
+    /**
+     * Enable response logging
+     * @default false
+     */
+    logResponses?: boolean;
+    /**
+     * Log request/response bodies (be careful with sensitive data)
+     * @default false
+     */
+    logBodies?: boolean;
+    /**
+     * Maximum body size to log (in bytes)
+     * @default 1024
+     */
+    maxBodyLogSize?: number;
+    /**
+     * Headers to exclude from logging (security headers, auth tokens, etc.)
+     */
+    excludeHeaders?: string[];
+    /**
+     * Custom security event handler
+     */
+    onSecurityEvent?: (event: SecurityEvent) => Promise<void> | void;
+    /**
+     * Enable anomaly detection
+     * @default true
+     */
+    enableAnomalyDetection?: boolean;
+    /**
+     * Suspicious patterns to detect
+     */
+    suspiciousPatterns?: {
+        sqlInjection?: RegExp[];
+        xss?: RegExp[];
+        pathTraversal?: RegExp[];
+        commandInjection?: RegExp[];
+    };
+}
+/**
+ * Security event tracking for anomaly detection
+ */
+declare class SecurityEventTracker {
+    private events;
+    private readonly maxEventsPerClient;
+    private readonly timeWindow;
+    addEvent(event: SecurityEvent): void;
+    getClientEvents(clientIP: string, minutes?: number): SecurityEvent[];
+    detectAnomalies(clientIP: string): SecurityEvent[];
+}
+declare const securityEventTracker: SecurityEventTracker;
+/**
+ * Security Audit Middleware
+ * Provides comprehensive security event logging and monitoring
+ */
+export declare class SecurityAuditMiddleware implements BaseMiddleware {
+    private options;
+    constructor(options?: SecurityAuditOptions);
+    before(context: Context): Promise<void>;
+    after(context: Context): Promise<void>;
+    onError(error: Error, context: Context): Promise<void>;
+    private logSecurityEvent;
+    private sanitizeHeaders;
+}
+/**
+ * Security Audit Middleware Factory
+ * @param options Security audit configuration
+ * @returns BaseMiddleware
+ */
+export declare const securityAudit: (options?: SecurityAuditOptions) => BaseMiddleware;
+/**
+ * Predefined security audit configurations
+ */
+export declare const SecurityAuditPresets: {
+    /**
+     * Full monitoring with detailed logging
+     */
+    readonly COMPREHENSIVE: {
+        logRequests: true;
+        logResponses: true;
+        logBodies: false;
+        enableAnomalyDetection: true;
+    };
+    /**
+     * Security events only
+     */
+    readonly SECURITY_ONLY: {
+        logRequests: false;
+        logResponses: false;
+        logBodies: false;
+        enableAnomalyDetection: true;
+    };
+    /**
+     * Development mode with full logging
+     */
+    readonly DEVELOPMENT: {
+        logRequests: true;
+        logResponses: true;
+        logBodies: true;
+        enableAnomalyDetection: false;
+    };
+};
+export { securityEventTracker };
+//# sourceMappingURL=securityAuditMiddleware.d.ts.map