auto-smart-security 1.0.7 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -0
- package/dist/apply-security.js +7 -7
- package/dist/types.d.ts +1 -1
- package/dist/utils.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -41,6 +41,7 @@ applySecurity(app, {
|
|
|
41
41
|
mode: 'prod',
|
|
42
42
|
pathWhitelist: ['admin/', 'media', 'oauth2'],
|
|
43
43
|
rateLimit: { max: 120, windowMs: 60_000 },
|
|
44
|
+
trustProxy: 1
|
|
44
45
|
bot: { enabled: true },
|
|
45
46
|
blacklistTTL: 10 * 60 * 1000,
|
|
46
47
|
|
|
@@ -83,6 +84,9 @@ interface SecurityOptions {
|
|
|
83
84
|
max: number;
|
|
84
85
|
};
|
|
85
86
|
|
|
87
|
+
/** express trust proxy setting */
|
|
88
|
+
trustProxy?: number;
|
|
89
|
+
|
|
86
90
|
/** Bot detection */
|
|
87
91
|
bot?: {
|
|
88
92
|
enabled: boolean;
|
|
@@ -142,6 +146,7 @@ const redis = new Redis({
|
|
|
142
146
|
applySecurity(app, {
|
|
143
147
|
mode: process.env.NODE_ENV === 'development' ? 'dev' : 'prod',
|
|
144
148
|
rateLimit: { max: 120, windowMs: 60_000 },
|
|
149
|
+
trustProxy: 1,
|
|
145
150
|
bot: { enabled: true },
|
|
146
151
|
blacklistTTL: 10 * 60 * 1000,
|
|
147
152
|
pathWhitelist: ['api', '/media'],
|
package/dist/apply-security.js
CHANGED
|
@@ -15,13 +15,12 @@ function applySecurity(app, options) {
|
|
|
15
15
|
return;
|
|
16
16
|
if (options.rateLimit) {
|
|
17
17
|
if (options.trustProxy === undefined) {
|
|
18
|
-
|
|
19
|
-
app.set('trust proxy', true);
|
|
20
|
-
}
|
|
21
|
-
else {
|
|
22
|
-
app.set('trust proxy', options.trustProxy);
|
|
18
|
+
throw new Error('[auto-smart-security] rateLimit requires trustProxy to be a number (e.g. 1). Do NOT use true.');
|
|
23
19
|
}
|
|
20
|
+
app.set('trust proxy', options.trustProxy);
|
|
24
21
|
}
|
|
22
|
+
/** ================= HELMET ================= */
|
|
23
|
+
app.use((0, helmet_1.default)());
|
|
25
24
|
/** ================= BLACKLIST STORE ================= */
|
|
26
25
|
const blacklist = options.blacklist?.store ??
|
|
27
26
|
new memory_store_1.MemoryBlacklistStore(options.staticBlacklist, options.blacklistTTL);
|
|
@@ -44,6 +43,9 @@ function applySecurity(app, options) {
|
|
|
44
43
|
}
|
|
45
44
|
/** ================= MAIN SECURITY ================= */
|
|
46
45
|
app.use(async (req, res, next) => {
|
|
46
|
+
// pass OPTIONS requests
|
|
47
|
+
if (req.method === 'OPTIONS')
|
|
48
|
+
return next();
|
|
47
49
|
const ip = (0, utils_1.getClientIP)(req);
|
|
48
50
|
const url = req.originalUrl;
|
|
49
51
|
/** 1️⃣ Blacklist */
|
|
@@ -79,6 +81,4 @@ function applySecurity(app, options) {
|
|
|
79
81
|
}
|
|
80
82
|
next();
|
|
81
83
|
});
|
|
82
|
-
/** ================= HELMET ================= */
|
|
83
|
-
app.use((0, helmet_1.default)());
|
|
84
84
|
}
|
package/dist/types.d.ts
CHANGED
|
@@ -19,7 +19,7 @@ export interface SecurityOptions {
|
|
|
19
19
|
/** dev → skip security */
|
|
20
20
|
mode?: 'prod' | 'dev';
|
|
21
21
|
/** express trust proxy setting */
|
|
22
|
-
trustProxy?:
|
|
22
|
+
trustProxy?: number;
|
|
23
23
|
/** allow only these paths */
|
|
24
24
|
pathWhitelist: string[];
|
|
25
25
|
/** hard blacklist */
|
package/dist/utils.js
CHANGED
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.getClientIP = getClientIP;
|
|
4
4
|
function getClientIP(req) {
|
|
5
5
|
return (req.headers?.['x-real-ip'] ||
|
|
6
|
-
req.headers?.['x-forwarded-for']?.split(',')[0] ||
|
|
6
|
+
// (req.headers?.['x-forwarded-for'] as string)?.split(',')[0] ||
|
|
7
7
|
req.socket?.remoteAddress ||
|
|
8
8
|
req.ip ||
|
|
9
9
|
'unknown');
|