aws-lambda-api-tools 0.1.22 → 0.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/lambda-route-proxy-entry-handler.d.ts.map +1 -1
- package/dist/lib/lambda-route-proxy-entry-handler.js +19 -7
- package/dist/lib/lambda-route-proxy-entry-handler.js.map +1 -1
- package/dist/lib/middleware-helpers.d.ts +50 -0
- package/dist/lib/middleware-helpers.d.ts.map +1 -0
- package/dist/lib/middleware-helpers.js +111 -0
- package/dist/lib/middleware-helpers.js.map +1 -0
- package/dist/lib/security-config-loader.d.ts +15 -0
- package/dist/lib/security-config-loader.d.ts.map +1 -0
- package/dist/lib/security-config-loader.js +257 -0
- package/dist/lib/security-config-loader.js.map +1 -0
- package/dist/lib/types-and-interfaces.d.ts +18 -0
- package/dist/lib/types-and-interfaces.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
export type { BaseResponseObject, BaseRouteResponse, MiddlewareArgumentsInputFunction, MiddlewareChain, MiddlewareSchemaInputFunction, ResponseData, ResponseError, ResponseObject, RouteArguments, RouteModule, RouteResponse, RouteSchema, ConfigRouteEntry, RouteConfig, Permission, } from './lib/types-and-interfaces';
|
|
1
|
+
export type { BaseResponseObject, BaseRouteResponse, MiddlewareArgumentsInputFunction, MiddlewareChain, MiddlewareSchemaInputFunction, ResponseData, ResponseError, ResponseObject, RouteArguments, RouteModule, RouteResponse, RouteSchema, ConfigRouteEntry, RouteConfig, Permission, SecurityConfig, } from './lib/types-and-interfaces';
|
|
2
2
|
export { CustomError } from './lib/custom-error';
|
|
3
3
|
export { lambdaRouteProxyEntryHandler } from './lib/lambda-route-proxy-entry-handler';
|
|
4
4
|
export { lambdaRouteProxyPathNotFound } from './lib/lambda-route-proxy-path-not-found';
|
|
5
5
|
export { schemaValidationMiddleware } from './lib/middlewares/route-module-schema-validation-middleware';
|
|
6
6
|
export { jwtValidationMiddleware } from './lib/middlewares/route-module-jwt-validation-middleware';
|
|
7
|
+
export { addResponseHeader, addResponseHeaders, addConditionalHeader, addRateLimitHeaders, addCacheHeaders, addSecurityHeaders, addAuthHeaders, } from './lib/middleware-helpers';
|
|
7
8
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,gCAAgC,EAChC,eAAe,EACf,6BAA6B,EAC7B,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,UAAU,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,gCAAgC,EAChC,eAAe,EACf,6BAA6B,EAC7B,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,cAAc,GACf,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,OAAO,EAAE,4BAA4B,EAAE,MAAM,wCAAwC,CAAC;AAEtF,OAAO,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAC;AAEvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,6DAA6D,CAAC;AAEzG,OAAO,EAAE,uBAAuB,EAAE,MAAM,0DAA0D,CAAC;AAEnG,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,eAAe,EACf,kBAAkB,EAClB,cAAc,GACf,MAAM,0BAA0B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.jwtValidationMiddleware = exports.schemaValidationMiddleware = exports.lambdaRouteProxyPathNotFound = exports.lambdaRouteProxyEntryHandler = exports.CustomError = void 0;
|
|
3
|
+
exports.addAuthHeaders = exports.addSecurityHeaders = exports.addCacheHeaders = exports.addRateLimitHeaders = exports.addConditionalHeader = exports.addResponseHeaders = exports.addResponseHeader = exports.jwtValidationMiddleware = exports.schemaValidationMiddleware = exports.lambdaRouteProxyPathNotFound = exports.lambdaRouteProxyEntryHandler = exports.CustomError = void 0;
|
|
4
4
|
var custom_error_1 = require("./lib/custom-error");
|
|
5
5
|
Object.defineProperty(exports, "CustomError", { enumerable: true, get: function () { return custom_error_1.CustomError; } });
|
|
6
6
|
var lambda_route_proxy_entry_handler_1 = require("./lib/lambda-route-proxy-entry-handler");
|
|
@@ -11,4 +11,12 @@ var route_module_schema_validation_middleware_1 = require("./lib/middlewares/rou
|
|
|
11
11
|
Object.defineProperty(exports, "schemaValidationMiddleware", { enumerable: true, get: function () { return route_module_schema_validation_middleware_1.schemaValidationMiddleware; } });
|
|
12
12
|
var route_module_jwt_validation_middleware_1 = require("./lib/middlewares/route-module-jwt-validation-middleware");
|
|
13
13
|
Object.defineProperty(exports, "jwtValidationMiddleware", { enumerable: true, get: function () { return route_module_jwt_validation_middleware_1.jwtValidationMiddleware; } });
|
|
14
|
+
var middleware_helpers_1 = require("./lib/middleware-helpers");
|
|
15
|
+
Object.defineProperty(exports, "addResponseHeader", { enumerable: true, get: function () { return middleware_helpers_1.addResponseHeader; } });
|
|
16
|
+
Object.defineProperty(exports, "addResponseHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addResponseHeaders; } });
|
|
17
|
+
Object.defineProperty(exports, "addConditionalHeader", { enumerable: true, get: function () { return middleware_helpers_1.addConditionalHeader; } });
|
|
18
|
+
Object.defineProperty(exports, "addRateLimitHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addRateLimitHeaders; } });
|
|
19
|
+
Object.defineProperty(exports, "addCacheHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addCacheHeaders; } });
|
|
20
|
+
Object.defineProperty(exports, "addSecurityHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addSecurityHeaders; } });
|
|
21
|
+
Object.defineProperty(exports, "addAuthHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addAuthHeaders; } });
|
|
14
22
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAmBA,mDAAiD;AAAxC,2GAAA,WAAW,OAAA;AAEpB,2FAAsF;AAA7E,gJAAA,4BAA4B,OAAA;AAErC,6FAAuF;AAA9E,iJAAA,4BAA4B,OAAA;AAErC,yHAAyG;AAAhG,uJAAA,0BAA0B,OAAA;AAEnC,mHAAmG;AAA1F,iJAAA,uBAAuB,OAAA;AAEhC,+DAQkC;AAPhC,uHAAA,iBAAiB,OAAA;AACjB,wHAAA,kBAAkB,OAAA;AAClB,0HAAA,oBAAoB,OAAA;AACpB,yHAAA,mBAAmB,OAAA;AACnB,qHAAA,eAAe,OAAA;AACf,wHAAA,kBAAkB,OAAA;AAClB,oHAAA,cAAc,OAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lambda-route-proxy-entry-handler.d.ts","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,WAAW,
|
|
1
|
+
{"version":3,"file":"lambda-route-proxy-entry-handler.d.ts","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,WAAW,EAEZ,MAAM,wBAAwB,CAAC;AA2BhC,eAAO,MAAM,cAAc,WACjB,WAAW,UACX,MAAM,QACR,MAAM;;MAEX,WAYF,CAAC;AAUF,eAAO,MAAM,oBAAoB,mBACf,WAAW,YACjB,cAAc,KACvB,QAAQ,GAAG,CAMb,CAAC;AAuCF,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,gBAAgB,EAAE,GAC1B,gBAAgB,GAAG;IAAE,MAAM,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CAAE,CAmB3D;AAED,eAAO,MAAM,4BAA4B,WAC9B,WAAW;;cAEX,sBAAsB,GAAG,oBAAoB,GAAG,eAAe,iBAqIvE,CAAC"}
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.lambdaRouteProxyEntryHandler = exports.getRouteConfigByPath = exports.getRouteModuleResult = exports.getRouteModule = void 0;
|
|
4
4
|
const custom_error_1 = require("./custom-error");
|
|
5
5
|
const authorization_helper_1 = require("./authorization-helper");
|
|
6
|
+
const security_config_loader_1 = require("./security-config-loader");
|
|
6
7
|
const getRouteConfigEntry = (config, method, path) => config.routes.find((r) => r.path.toLowerCase() === path.toLowerCase() &&
|
|
7
8
|
r.method.toLowerCase() === method.toLowerCase());
|
|
8
9
|
const shouldAuthorizeRoute = (routesConfig, routeConfigEntry) => (routesConfig.authorizeAllRoutes &&
|
|
@@ -73,6 +74,8 @@ function getRouteConfigByPath(eventPath, method, configs) {
|
|
|
73
74
|
}
|
|
74
75
|
exports.getRouteConfigByPath = getRouteConfigByPath;
|
|
75
76
|
const lambdaRouteProxyEntryHandler = (config, availableRouteModules) => async (event) => {
|
|
77
|
+
// Load security configuration
|
|
78
|
+
const securityConfig = config.security || (0, security_config_loader_1.loadSecurityConfig)();
|
|
76
79
|
console.log(`Event Data: ${JSON.stringify(event)}`);
|
|
77
80
|
const isV2 = event.version === "2.0";
|
|
78
81
|
const isProxied = !isV2 && event.hasOwnProperty("requestContext");
|
|
@@ -94,27 +97,36 @@ const lambdaRouteProxyEntryHandler = (config, availableRouteModules) => async (e
|
|
|
94
97
|
: undefined;
|
|
95
98
|
console.log(`decodedBody:
|
|
96
99
|
${decodedBody}`);
|
|
97
|
-
|
|
100
|
+
const routeArgs = {
|
|
98
101
|
query: queryStringParameters,
|
|
99
102
|
params: pathParameters,
|
|
100
103
|
body: body ? decodedBody || JSON.parse(body) : undefined,
|
|
101
104
|
rawEvent: event,
|
|
102
|
-
}
|
|
105
|
+
};
|
|
106
|
+
retVal = await (0, exports.getRouteModuleResult)(routeModule, routeArgs);
|
|
103
107
|
if (isProxied) {
|
|
104
108
|
if (retVal.statusCode && !retVal.body) {
|
|
105
109
|
console.log("body must be included when status code is set", retVal);
|
|
106
110
|
throw new custom_error_1.CustomError("No body found", 500);
|
|
107
111
|
}
|
|
108
112
|
else if (retVal.statusCode && retVal.body) {
|
|
113
|
+
// Generate secure headers based on configuration
|
|
114
|
+
const requestOrigin = event.headers?.origin || event.headers?.Origin;
|
|
115
|
+
const corsHeaders = (0, security_config_loader_1.generateCorsHeaders)(securityConfig, requestOrigin);
|
|
116
|
+
const jwtRotationHeaders = (0, security_config_loader_1.generateJwtRotationHeaders)(securityConfig, routeArgs.routeData);
|
|
109
117
|
retVal = {
|
|
110
118
|
...retVal,
|
|
111
119
|
isBase64Encoded: false,
|
|
112
120
|
headers: {
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
121
|
+
// 1. Default security headers from config (lowest priority)
|
|
122
|
+
...securityConfig.defaultHeaders,
|
|
123
|
+
// 2. CORS headers (only if origin is allowed)
|
|
124
|
+
...corsHeaders,
|
|
125
|
+
// 3. JWT rotation headers (if needed)
|
|
126
|
+
...jwtRotationHeaders,
|
|
127
|
+
// 4. Middleware-provided headers (higher priority)
|
|
128
|
+
...(routeArgs.responseHeaders ?? {}),
|
|
129
|
+
// 5. Handler-provided headers (highest priority - can override everything)
|
|
118
130
|
...(retVal.headers ?? {}),
|
|
119
131
|
},
|
|
120
132
|
body: typeof retVal.body === "object"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lambda-route-proxy-entry-handler.js","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":";;;AAKA,iDAA6C;
|
|
1
|
+
{"version":3,"file":"lambda-route-proxy-entry-handler.js","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":";;;AAKA,iDAA6C;AAQ7C,iEAAwD;AACxD,qEAIkC;AAElC,MAAM,mBAAmB,GAAG,CAC1B,MAAmB,EACnB,MAAc,EACd,IAAY,EACZ,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAChB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE;IAC3C,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CAC9B,CAAC;AAExB,MAAM,oBAAoB,GAAG,CAC3B,YAAyB,EACzB,gBAAkC,EAClC,EAAE,CACF,CAAC,YAAY,CAAC,kBAAkB;IAC9B,gBAAgB,CAAC,cAAc,KAAK,KAAK,CAAC;IAC5C,gBAAgB,CAAC,cAAc,KAAK,IAAI,CAAC;AAEpC,MAAM,cAAc,GAAG,CAC5B,MAAmB,EACnB,MAAc,EACd,IAAY,EACZ,qBAA6C,EAChC,EAAE;IACf,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,WAAW,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1D,IAAI,UAAU,EAAE;QACd,MAAM,yBAAyB,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,IAAI,CACvE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAClD,CAAC;QACF,uFAAuF;QACvF,WAAW,GAAG,qBAAqB,CAAC,yBAA0B,CAAC,CAAC;KACjE;IACD,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AAjBW,QAAA,cAAc,kBAiBzB;AAUK,MAAM,oBAAoB,GAAG,KAAK,EACvC,EAAE,UAAU,EAAe,EAC3B,QAAwB,EACV,EAAE;IAChB,IAAI,WAAW,GAAG,QAAQ,CAAC;IAC3B,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE;QAChC,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;KAC1C;IACD,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AATW,QAAA,oBAAoB,wBAS/B;AAEF,SAAS,WAAW,CAAC,IAAY;IAC/B,sCAAsC;IACtC,OAAO,IAAI;SACR,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,yBAAyB;SAC/C,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,CAAC,0CAA0C;AACtF,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,KAA6B,EAAc,EAAE;IACtE,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,qBAAqB,EACnB,KAAK,CAAC,qBAAqB;YAC1B,EAA0C;QAC7C,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,EAAE;QAC1C,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,eAAe,EAAE,KAAK,CAAC,eAAe;KACvC,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,KAA2B,EAC3B,MAAmB,EACP,EAAE;IACd,MAAM,WAAW,GAAG,oBAAoB,CACtC,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,UAAU,EAChB,MAAM,CAAC,MAAM,CACd,CAAC;IACF,OAAO;QACL,QAAQ,EAAE,GAAG,KAAK,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,EAAE;QACnD,qBAAqB,EAAE,KAAK,CAAC,qBAAqB,IAAI,EAAE;QACxD,cAAc,EAAE,WAAW,CAAC,MAAM,IAAI,EAAE;QACxC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,eAAe,EAAE,KAAK,CAAC,eAAe;KACvC,CAAC;AACJ,CAAC,CAAC;AAEF,SAAgB,oBAAoB,CAClC,SAAiB,EACjB,MAAc,EACd,OAA2B;IAE3B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB;IAClE,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB;IAC5E,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;QAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAEzC,IAAI,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAClC,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,CAAC;SAC9B;QAED,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE;YACrD,OAAO,MAAM,CAAC;SACf;KACF;IAED,MAAM,IAAI,0BAAW,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;AAC3E,CAAC;AAvBD,oDAuBC;AAEM,MAAM,4BAA4B,GACvC,CAAC,MAAmB,EAAE,qBAA6C,EAAE,EAAE,CACvE,KAAK,EACH,KAAsE,EACtE,EAAE;IACF,8BAA8B;IAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,IAAI,IAAA,2CAAkB,GAAE,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACpD,MAAM,IAAI,GAAI,KAAgC,CAAC,OAAO,KAAK,KAAK,CAAC;IAEjE,MAAM,SAAS,GAAG,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC;IAElE,MAAM,QAAQ,GAAG,IAAI;QACnB,CAAC,CAAC,iBAAiB,CAAC,KAA+B,CAAC;QACpD,CAAC,CAAC,iBAAiB,CAAC,KAA6B,EAAE,MAAM,CAAC,CAAC;IAE7D,MAAM,EACJ,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,IAAI,EACJ,eAAe,GAChB,GAAG,QAAQ,CAAC;IAEb,IAAI,MAAM,GAAQ,EAAE,CAAC;IACrB,IAAI;QACF,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,IAAI,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,IACE,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,EACvE;YACA,MAAM,IAAA,qCAAc,EAAC,KAAK,CAAC,CAAC;SAC7B;QAED,MAAM,WAAW,GAAG,IAAA,sBAAc,EAChC,MAAM,EACN,MAAM,EACN,IAAI,EACJ,qBAAqB,CACtB,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,oBAAoB,eAAe,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QAC7B,MAAM,WAAW,GAAG,eAAe;YACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,CAAC,GAAG,CAAC;QACV,WAAW,EAAE,CAAC,CAAC;QAEjB,MAAM,SAAS,GAAmB;YAChC,KAAK,EAAE,qBAAqB;YAC5B,MAAM,EAAE,cAAc;YACtB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACxD,QAAQ,EAAE,KAAK;SAChB,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,4BAAoB,EAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAE5D,IAAI,SAAS,EAAE;YACb,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;gBACrC,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,MAAM,CAAC,CAAC;gBACrE,MAAM,IAAI,0BAAW,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;aAC7C;iBAAM,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,EAAE;gBAC3C,iDAAiD;gBACjD,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,EAAE,MAAM,IAAI,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC;gBACrE,MAAM,WAAW,GAAG,IAAA,4CAAmB,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;gBACvE,MAAM,kBAAkB,GAAG,IAAA,mDAA0B,EAAC,cAAc,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;gBAE3F,MAAM,GAAG;oBACP,GAAG,MAAM;oBACT,eAAe,EAAE,KAAK;oBACtB,OAAO,EAAE;wBACP,4DAA4D;wBAC5D,GAAG,cAAc,CAAC,cAAc;wBAChC,8CAA8C;wBAC9C,GAAG,WAAW;wBACd,sCAAsC;wBACtC,GAAG,kBAAkB;wBACrB,mDAAmD;wBACnD,GAAG,CAAC,SAAS,CAAC,eAAe,IAAI,EAAE,CAAC;wBACpC,2EAA2E;wBAC3E,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;qBAC1B;oBACD,IAAI,EACF,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;wBAC7B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;wBAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;iBAClB,CAAC;aACH;SACF;aAAM;YACL,MAAM,GAAG;gBACP,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBAC5B,cAAc,EAAE,kBAAkB;aACnC,CAAC;SACH;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7D,IAAI,OAAO,GAAG;YACZ,cAAc,EAAE,kBAAkB;SACT,CAAC;QAE5B,IAAI,UAAU,GAAG,GAAG,CAAC;QAErB,IAAI,SAAS,EAAE;YACb,MAAM,SAAS,GACZ,KAAK,CAAC,cAAsB,CAAC,UAAU,KAAK,SAAS,CAAC;YACzD,IAAI,SAAS,EAAE;gBACb,UAAU,GAAG,GAAG,CAAC;aAClB;iBAAM;gBACL,UAAU,GAAG,KAAK,CAAC,cAAc,IAAI,GAAG,CAAC;aAC1C;YACD,OAAO,GAAG;gBACR,GAAG,OAAO;gBACV,6BAA6B,EAAE,GAAG;gBAClC,8BAA8B,EAC5B,wCAAwC;gBAC1C,8BAA8B,EAC5B,0EAA0E;gBAC5E,kCAAkC,EAAE,MAAM;aAC3C,CAAC;SACH;QACD,IAAI,KAAK,YAAY,0BAAW,EAAE;YAChC,MAAM,GAAG;gBACP,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,KAAK,CAAC,OAAO;aACpB,CAAC;SACH;aAAM;YACL,MAAM,GAAG;gBACP,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;aAC7C,CAAC;SACH;KACF;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAxIS,QAAA,4BAA4B,gCAwIrC"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { RouteArguments } from './types-and-interfaces';
|
|
2
|
+
/**
|
|
3
|
+
* Helper utilities for middleware to manage response headers
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Add a header to be included in the response
|
|
7
|
+
* Middleware can use this to add headers that will be automatically included
|
|
8
|
+
*/
|
|
9
|
+
export declare function addResponseHeader(args: RouteArguments, name: string, value: string): RouteArguments;
|
|
10
|
+
/**
|
|
11
|
+
* Add multiple headers to be included in the response
|
|
12
|
+
*/
|
|
13
|
+
export declare function addResponseHeaders(args: RouteArguments, headers: Record<string, string>): RouteArguments;
|
|
14
|
+
/**
|
|
15
|
+
* Conditionally add a header based on some condition
|
|
16
|
+
*/
|
|
17
|
+
export declare function addConditionalHeader(args: RouteArguments, condition: boolean, name: string, value: string): RouteArguments;
|
|
18
|
+
/**
|
|
19
|
+
* Add rate limiting headers
|
|
20
|
+
*/
|
|
21
|
+
export declare function addRateLimitHeaders(args: RouteArguments, limit: number, remaining: number, resetTime: number): RouteArguments;
|
|
22
|
+
/**
|
|
23
|
+
* Add cache control headers
|
|
24
|
+
*/
|
|
25
|
+
export declare function addCacheHeaders(args: RouteArguments, maxAge: number, options?: {
|
|
26
|
+
public?: boolean;
|
|
27
|
+
private?: boolean;
|
|
28
|
+
noCache?: boolean;
|
|
29
|
+
noStore?: boolean;
|
|
30
|
+
mustRevalidate?: boolean;
|
|
31
|
+
}): RouteArguments;
|
|
32
|
+
/**
|
|
33
|
+
* Add security headers for specific middleware needs
|
|
34
|
+
*/
|
|
35
|
+
export declare function addSecurityHeaders(args: RouteArguments, headers: {
|
|
36
|
+
contentSecurityPolicy?: string;
|
|
37
|
+
strictTransportSecurity?: string;
|
|
38
|
+
referrerPolicy?: string;
|
|
39
|
+
permissionsPolicy?: string;
|
|
40
|
+
}): RouteArguments;
|
|
41
|
+
/**
|
|
42
|
+
* Add custom authentication headers
|
|
43
|
+
*/
|
|
44
|
+
export declare function addAuthHeaders(args: RouteArguments, headers: {
|
|
45
|
+
tokenRotationRequired?: boolean;
|
|
46
|
+
tokenRotationReason?: string;
|
|
47
|
+
authRealm?: string;
|
|
48
|
+
authScheme?: string;
|
|
49
|
+
}): RouteArguments;
|
|
50
|
+
//# sourceMappingURL=middleware-helpers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware-helpers.d.ts","sourceRoot":"","sources":["../../src/lib/middleware-helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAExD;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,cAAc,EACpB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,cAAc,CAQhB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC9B,cAAc,CAQhB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,cAAc,EACpB,SAAS,EAAE,OAAO,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,cAAc,CAIhB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,cAAc,CAMhB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE;IACP,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,cAAc,CAAC,EAAE,OAAO,CAAC;CACrB,GACL,cAAc,CAWhB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE;IACP,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,GACA,cAAc,CAiBhB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE;IACP,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACA,cAAc,CAchB"}
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.addAuthHeaders = exports.addSecurityHeaders = exports.addCacheHeaders = exports.addRateLimitHeaders = exports.addConditionalHeader = exports.addResponseHeaders = exports.addResponseHeader = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Helper utilities for middleware to manage response headers
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Add a header to be included in the response
|
|
9
|
+
* Middleware can use this to add headers that will be automatically included
|
|
10
|
+
*/
|
|
11
|
+
function addResponseHeader(args, name, value) {
|
|
12
|
+
return {
|
|
13
|
+
...args,
|
|
14
|
+
responseHeaders: {
|
|
15
|
+
...args.responseHeaders,
|
|
16
|
+
[name]: value,
|
|
17
|
+
},
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
exports.addResponseHeader = addResponseHeader;
|
|
21
|
+
/**
|
|
22
|
+
* Add multiple headers to be included in the response
|
|
23
|
+
*/
|
|
24
|
+
function addResponseHeaders(args, headers) {
|
|
25
|
+
return {
|
|
26
|
+
...args,
|
|
27
|
+
responseHeaders: {
|
|
28
|
+
...args.responseHeaders,
|
|
29
|
+
...headers,
|
|
30
|
+
},
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
exports.addResponseHeaders = addResponseHeaders;
|
|
34
|
+
/**
|
|
35
|
+
* Conditionally add a header based on some condition
|
|
36
|
+
*/
|
|
37
|
+
function addConditionalHeader(args, condition, name, value) {
|
|
38
|
+
if (!condition)
|
|
39
|
+
return args;
|
|
40
|
+
return addResponseHeader(args, name, value);
|
|
41
|
+
}
|
|
42
|
+
exports.addConditionalHeader = addConditionalHeader;
|
|
43
|
+
/**
|
|
44
|
+
* Add rate limiting headers
|
|
45
|
+
*/
|
|
46
|
+
function addRateLimitHeaders(args, limit, remaining, resetTime) {
|
|
47
|
+
return addResponseHeaders(args, {
|
|
48
|
+
'X-RateLimit-Limit': limit.toString(),
|
|
49
|
+
'X-RateLimit-Remaining': remaining.toString(),
|
|
50
|
+
'X-RateLimit-Reset': resetTime.toString(),
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
exports.addRateLimitHeaders = addRateLimitHeaders;
|
|
54
|
+
/**
|
|
55
|
+
* Add cache control headers
|
|
56
|
+
*/
|
|
57
|
+
function addCacheHeaders(args, maxAge, options = {}) {
|
|
58
|
+
const cacheDirectives = [];
|
|
59
|
+
if (options.public)
|
|
60
|
+
cacheDirectives.push('public');
|
|
61
|
+
if (options.private)
|
|
62
|
+
cacheDirectives.push('private');
|
|
63
|
+
if (options.noCache)
|
|
64
|
+
cacheDirectives.push('no-cache');
|
|
65
|
+
if (options.noStore)
|
|
66
|
+
cacheDirectives.push('no-store');
|
|
67
|
+
if (options.mustRevalidate)
|
|
68
|
+
cacheDirectives.push('must-revalidate');
|
|
69
|
+
if (maxAge > 0)
|
|
70
|
+
cacheDirectives.push(`max-age=${maxAge}`);
|
|
71
|
+
return addResponseHeader(args, 'Cache-Control', cacheDirectives.join(', '));
|
|
72
|
+
}
|
|
73
|
+
exports.addCacheHeaders = addCacheHeaders;
|
|
74
|
+
/**
|
|
75
|
+
* Add security headers for specific middleware needs
|
|
76
|
+
*/
|
|
77
|
+
function addSecurityHeaders(args, headers) {
|
|
78
|
+
const securityHeaders = {};
|
|
79
|
+
if (headers.contentSecurityPolicy) {
|
|
80
|
+
securityHeaders['Content-Security-Policy'] = headers.contentSecurityPolicy;
|
|
81
|
+
}
|
|
82
|
+
if (headers.strictTransportSecurity) {
|
|
83
|
+
securityHeaders['Strict-Transport-Security'] = headers.strictTransportSecurity;
|
|
84
|
+
}
|
|
85
|
+
if (headers.referrerPolicy) {
|
|
86
|
+
securityHeaders['Referrer-Policy'] = headers.referrerPolicy;
|
|
87
|
+
}
|
|
88
|
+
if (headers.permissionsPolicy) {
|
|
89
|
+
securityHeaders['Permissions-Policy'] = headers.permissionsPolicy;
|
|
90
|
+
}
|
|
91
|
+
return addResponseHeaders(args, securityHeaders);
|
|
92
|
+
}
|
|
93
|
+
exports.addSecurityHeaders = addSecurityHeaders;
|
|
94
|
+
/**
|
|
95
|
+
* Add custom authentication headers
|
|
96
|
+
*/
|
|
97
|
+
function addAuthHeaders(args, headers) {
|
|
98
|
+
const authHeaders = {};
|
|
99
|
+
if (headers.tokenRotationRequired) {
|
|
100
|
+
authHeaders['X-Token-Rotation-Required'] = 'true';
|
|
101
|
+
}
|
|
102
|
+
if (headers.tokenRotationReason) {
|
|
103
|
+
authHeaders['X-Token-Rotation-Reason'] = headers.tokenRotationReason;
|
|
104
|
+
}
|
|
105
|
+
if (headers.authRealm) {
|
|
106
|
+
authHeaders['WWW-Authenticate'] = `${headers.authScheme || 'Bearer'} realm="${headers.authRealm}"`;
|
|
107
|
+
}
|
|
108
|
+
return addResponseHeaders(args, authHeaders);
|
|
109
|
+
}
|
|
110
|
+
exports.addAuthHeaders = addAuthHeaders;
|
|
111
|
+
//# sourceMappingURL=middleware-helpers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware-helpers.js","sourceRoot":"","sources":["../../src/lib/middleware-helpers.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AAEH;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,IAAoB,EACpB,IAAY,EACZ,KAAa;IAEb,OAAO;QACL,GAAG,IAAI;QACP,eAAe,EAAE;YACf,GAAG,IAAI,CAAC,eAAe;YACvB,CAAC,IAAI,CAAC,EAAE,KAAK;SACd;KACF,CAAC;AACJ,CAAC;AAZD,8CAYC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,IAAoB,EACpB,OAA+B;IAE/B,OAAO;QACL,GAAG,IAAI;QACP,eAAe,EAAE;YACf,GAAG,IAAI,CAAC,eAAe;YACvB,GAAG,OAAO;SACX;KACF,CAAC;AACJ,CAAC;AAXD,gDAWC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,IAAoB,EACpB,SAAkB,EAClB,IAAY,EACZ,KAAa;IAEb,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,OAAO,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AAC9C,CAAC;AATD,oDASC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,IAAoB,EACpB,KAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,OAAO,kBAAkB,CAAC,IAAI,EAAE;QAC9B,mBAAmB,EAAE,KAAK,CAAC,QAAQ,EAAE;QACrC,uBAAuB,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC7C,mBAAmB,EAAE,SAAS,CAAC,QAAQ,EAAE;KAC1C,CAAC,CAAC;AACL,CAAC;AAXD,kDAWC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,IAAoB,EACpB,MAAc,EACd,UAMI,EAAE;IAEN,MAAM,eAAe,GAAG,EAAE,CAAC;IAE3B,IAAI,OAAO,CAAC,MAAM;QAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,OAAO;QAAE,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,OAAO,CAAC,OAAO;QAAE,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,OAAO;QAAE,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,cAAc;QAAE,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACpE,IAAI,MAAM,GAAG,CAAC;QAAE,eAAe,CAAC,IAAI,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IAE1D,OAAO,iBAAiB,CAAC,IAAI,EAAE,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9E,CAAC;AArBD,0CAqBC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,IAAoB,EACpB,OAKC;IAED,MAAM,eAAe,GAA2B,EAAE,CAAC;IAEnD,IAAI,OAAO,CAAC,qBAAqB,EAAE;QACjC,eAAe,CAAC,yBAAyB,CAAC,GAAG,OAAO,CAAC,qBAAqB,CAAC;KAC5E;IACD,IAAI,OAAO,CAAC,uBAAuB,EAAE;QACnC,eAAe,CAAC,2BAA2B,CAAC,GAAG,OAAO,CAAC,uBAAuB,CAAC;KAChF;IACD,IAAI,OAAO,CAAC,cAAc,EAAE;QAC1B,eAAe,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,cAAc,CAAC;KAC7D;IACD,IAAI,OAAO,CAAC,iBAAiB,EAAE;QAC7B,eAAe,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,iBAAiB,CAAC;KACnE;IAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACnD,CAAC;AAzBD,gDAyBC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,IAAoB,EACpB,OAKC;IAED,MAAM,WAAW,GAA2B,EAAE,CAAC;IAE/C,IAAI,OAAO,CAAC,qBAAqB,EAAE;QACjC,WAAW,CAAC,2BAA2B,CAAC,GAAG,MAAM,CAAC;KACnD;IACD,IAAI,OAAO,CAAC,mBAAmB,EAAE;QAC/B,WAAW,CAAC,yBAAyB,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC;KACtE;IACD,IAAI,OAAO,CAAC,SAAS,EAAE;QACrB,WAAW,CAAC,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,UAAU,IAAI,QAAQ,WAAW,OAAO,CAAC,SAAS,GAAG,CAAC;KACpG;IAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAtBD,wCAsBC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { SecurityConfig } from './types-and-interfaces';
|
|
2
|
+
/**
|
|
3
|
+
* Load security configuration from project root
|
|
4
|
+
* Looks for: api-security.json, api-security.js, or embedded in package.json
|
|
5
|
+
*/
|
|
6
|
+
export declare function loadSecurityConfig(projectRoot?: string): SecurityConfig;
|
|
7
|
+
/**
|
|
8
|
+
* Generate CORS headers based on configuration and request origin
|
|
9
|
+
*/
|
|
10
|
+
export declare function generateCorsHeaders(config: SecurityConfig, requestOrigin?: string): Record<string, string>;
|
|
11
|
+
/**
|
|
12
|
+
* Generate JWT rotation headers if needed
|
|
13
|
+
*/
|
|
14
|
+
export declare function generateJwtRotationHeaders(config: SecurityConfig, routeData: any): Record<string, string>;
|
|
15
|
+
//# sourceMappingURL=security-config-loader.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-config-loader.d.ts","sourceRoot":"","sources":["../../src/lib/security-config-loader.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AA0BxD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,WAAW,GAAE,MAAsB,GAAG,cAAc,CAiDtF;AA+HD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAiC1G;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,GAAG,GACb,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAkBxB"}
|
|
@@ -0,0 +1,257 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.generateJwtRotationHeaders = exports.generateCorsHeaders = exports.loadSecurityConfig = void 0;
|
|
27
|
+
const fs = __importStar(require("fs"));
|
|
28
|
+
const path = __importStar(require("path"));
|
|
29
|
+
/**
|
|
30
|
+
* Default security configuration (minimal and secure)
|
|
31
|
+
*/
|
|
32
|
+
const DEFAULT_SECURITY_CONFIG = {
|
|
33
|
+
cors: {
|
|
34
|
+
allowOrigin: [],
|
|
35
|
+
allowMethods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
|
|
36
|
+
allowHeaders: ['Content-Type', 'Authorization'],
|
|
37
|
+
allowCredentials: false,
|
|
38
|
+
maxAge: 86400, // 24 hours
|
|
39
|
+
},
|
|
40
|
+
defaultHeaders: {
|
|
41
|
+
'Content-Type': 'application/json',
|
|
42
|
+
'X-Content-Type-Options': 'nosniff',
|
|
43
|
+
'X-Frame-Options': 'DENY',
|
|
44
|
+
'X-XSS-Protection': '1; mode=block',
|
|
45
|
+
},
|
|
46
|
+
jwtRotationHeaders: {
|
|
47
|
+
enabled: true,
|
|
48
|
+
rotationRequiredHeader: 'X-Token-Rotation-Required',
|
|
49
|
+
rotationReasonHeader: 'X-Token-Rotation-Reason',
|
|
50
|
+
},
|
|
51
|
+
};
|
|
52
|
+
/**
|
|
53
|
+
* Load security configuration from project root
|
|
54
|
+
* Looks for: api-security.json, api-security.js, or embedded in package.json
|
|
55
|
+
*/
|
|
56
|
+
function loadSecurityConfig(projectRoot = process.cwd()) {
|
|
57
|
+
const configPaths = [
|
|
58
|
+
path.join(projectRoot, 'api-security.json'),
|
|
59
|
+
path.join(projectRoot, 'api-security.js'),
|
|
60
|
+
path.join(projectRoot, '.api-security.json'),
|
|
61
|
+
];
|
|
62
|
+
let userConfig = {};
|
|
63
|
+
// Try to load from dedicated config files
|
|
64
|
+
for (const configPath of configPaths) {
|
|
65
|
+
if (fs.existsSync(configPath)) {
|
|
66
|
+
try {
|
|
67
|
+
if (configPath.endsWith('.js')) {
|
|
68
|
+
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
69
|
+
userConfig = require(configPath);
|
|
70
|
+
}
|
|
71
|
+
else {
|
|
72
|
+
const configContent = fs.readFileSync(configPath, 'utf8');
|
|
73
|
+
userConfig = JSON.parse(configContent);
|
|
74
|
+
}
|
|
75
|
+
console.log(`Loaded security config from: ${configPath}`);
|
|
76
|
+
break;
|
|
77
|
+
}
|
|
78
|
+
catch (error) {
|
|
79
|
+
console.warn(`Failed to load security config from ${configPath}:`, error);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
// Try to load from package.json
|
|
84
|
+
if (Object.keys(userConfig).length === 0) {
|
|
85
|
+
const packageJsonPath = path.join(projectRoot, 'package.json');
|
|
86
|
+
if (fs.existsSync(packageJsonPath)) {
|
|
87
|
+
try {
|
|
88
|
+
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
|
|
89
|
+
if (packageJson.apiSecurity) {
|
|
90
|
+
userConfig = packageJson.apiSecurity;
|
|
91
|
+
console.log('Loaded security config from package.json');
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
catch (error) {
|
|
95
|
+
console.warn('Failed to load security config from package.json:', error);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
// Merge with defaults and validate
|
|
100
|
+
const mergedConfig = mergeSecurityConfig(DEFAULT_SECURITY_CONFIG, userConfig);
|
|
101
|
+
validateSecurityConfig(mergedConfig);
|
|
102
|
+
return mergedConfig;
|
|
103
|
+
}
|
|
104
|
+
exports.loadSecurityConfig = loadSecurityConfig;
|
|
105
|
+
/**
|
|
106
|
+
* Deep merge security configurations
|
|
107
|
+
*/
|
|
108
|
+
function mergeSecurityConfig(defaults, user) {
|
|
109
|
+
return {
|
|
110
|
+
cors: {
|
|
111
|
+
...defaults.cors,
|
|
112
|
+
...user.cors,
|
|
113
|
+
},
|
|
114
|
+
defaultHeaders: {
|
|
115
|
+
...defaults.defaultHeaders,
|
|
116
|
+
...user.defaultHeaders,
|
|
117
|
+
},
|
|
118
|
+
jwtRotationHeaders: {
|
|
119
|
+
...defaults.jwtRotationHeaders,
|
|
120
|
+
...user.jwtRotationHeaders,
|
|
121
|
+
},
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Validate security configuration for common misconfigurations
|
|
126
|
+
*/
|
|
127
|
+
function validateSecurityConfig(config) {
|
|
128
|
+
// Validate CORS configuration
|
|
129
|
+
if (config.cors) {
|
|
130
|
+
const { allowOrigin, allowCredentials } = config.cors;
|
|
131
|
+
// Check for dangerous wildcard with credentials
|
|
132
|
+
const hasWildcard = allowOrigin === '*' ||
|
|
133
|
+
(Array.isArray(allowOrigin) && allowOrigin.some(origin => origin === '*'));
|
|
134
|
+
if (allowCredentials && hasWildcard) {
|
|
135
|
+
throw new Error('SECURITY ERROR: Cannot use Access-Control-Allow-Credentials: true with Access-Control-Allow-Origin: *. ' +
|
|
136
|
+
'This is a security vulnerability. Specify explicit origins instead.');
|
|
137
|
+
}
|
|
138
|
+
// Warn about wildcard origins
|
|
139
|
+
if (hasWildcard) {
|
|
140
|
+
console.warn('WARNING: Using wildcard (*) for Access-Control-Allow-Origin. ' +
|
|
141
|
+
'Consider specifying explicit origins for better security.');
|
|
142
|
+
}
|
|
143
|
+
// Validate that origins are provided
|
|
144
|
+
if (Array.isArray(allowOrigin) && allowOrigin.length === 0) {
|
|
145
|
+
console.warn('WARNING: No CORS origins configured. API will reject all cross-origin requests. ' +
|
|
146
|
+
'Configure allowOrigin in your security config if cross-origin access is needed.');
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
// Validate headers
|
|
150
|
+
if (config.defaultHeaders) {
|
|
151
|
+
const headers = config.defaultHeaders;
|
|
152
|
+
// Check for missing security headers
|
|
153
|
+
const recommendedHeaders = [
|
|
154
|
+
'X-Content-Type-Options',
|
|
155
|
+
'X-Frame-Options',
|
|
156
|
+
'X-XSS-Protection',
|
|
157
|
+
];
|
|
158
|
+
for (const header of recommendedHeaders) {
|
|
159
|
+
if (!headers[header]) {
|
|
160
|
+
console.warn(`SECURITY: Consider adding ${header} header for better security`);
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
/**
|
|
166
|
+
* Check if an origin matches allowed origins (including regex patterns)
|
|
167
|
+
*/
|
|
168
|
+
function isOriginAllowed(requestOrigin, allowOrigin, allowOriginPatterns) {
|
|
169
|
+
if (!allowOrigin && !allowOriginPatterns) {
|
|
170
|
+
return false;
|
|
171
|
+
}
|
|
172
|
+
// Handle wildcard
|
|
173
|
+
if (allowOrigin === '*') {
|
|
174
|
+
return true;
|
|
175
|
+
}
|
|
176
|
+
// Handle different allowOrigin types
|
|
177
|
+
if (Array.isArray(allowOrigin)) {
|
|
178
|
+
for (const origin of allowOrigin) {
|
|
179
|
+
if (typeof origin === 'string' && origin === requestOrigin) {
|
|
180
|
+
return true;
|
|
181
|
+
}
|
|
182
|
+
if (origin instanceof RegExp && origin.test(requestOrigin)) {
|
|
183
|
+
return true;
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
else if (typeof allowOrigin === 'string') {
|
|
188
|
+
return allowOrigin === requestOrigin;
|
|
189
|
+
}
|
|
190
|
+
else if (allowOrigin instanceof RegExp) {
|
|
191
|
+
return allowOrigin.test(requestOrigin);
|
|
192
|
+
}
|
|
193
|
+
// Handle regex patterns from JSON config (as strings)
|
|
194
|
+
if (allowOriginPatterns && allowOriginPatterns.length > 0) {
|
|
195
|
+
for (const pattern of allowOriginPatterns) {
|
|
196
|
+
try {
|
|
197
|
+
const regex = new RegExp(pattern);
|
|
198
|
+
if (regex.test(requestOrigin)) {
|
|
199
|
+
return true;
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
catch (error) {
|
|
203
|
+
console.warn(`Invalid regex pattern in allowOriginPatterns: ${pattern}`, error);
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
return false;
|
|
208
|
+
}
|
|
209
|
+
/**
|
|
210
|
+
* Generate CORS headers based on configuration and request origin
|
|
211
|
+
*/
|
|
212
|
+
function generateCorsHeaders(config, requestOrigin) {
|
|
213
|
+
const headers = {};
|
|
214
|
+
if (!config.cors || !requestOrigin) {
|
|
215
|
+
return headers;
|
|
216
|
+
}
|
|
217
|
+
const { allowOrigin, allowOriginPatterns, allowMethods, allowHeaders, allowCredentials, maxAge } = config.cors;
|
|
218
|
+
// Check if the request origin is allowed
|
|
219
|
+
if (isOriginAllowed(requestOrigin, allowOrigin, allowOriginPatterns)) {
|
|
220
|
+
// IMPORTANT: Always return the exact request origin, never the pattern
|
|
221
|
+
headers['Access-Control-Allow-Origin'] = requestOrigin;
|
|
222
|
+
// Add other CORS headers only if origin is allowed
|
|
223
|
+
if (allowMethods && allowMethods.length > 0) {
|
|
224
|
+
headers['Access-Control-Allow-Methods'] = allowMethods.join(', ');
|
|
225
|
+
}
|
|
226
|
+
if (allowHeaders && allowHeaders.length > 0) {
|
|
227
|
+
headers['Access-Control-Allow-Headers'] = allowHeaders.join(', ');
|
|
228
|
+
}
|
|
229
|
+
if (allowCredentials) {
|
|
230
|
+
headers['Access-Control-Allow-Credentials'] = 'true';
|
|
231
|
+
}
|
|
232
|
+
if (maxAge) {
|
|
233
|
+
headers['Access-Control-Max-Age'] = maxAge.toString();
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
return headers;
|
|
237
|
+
}
|
|
238
|
+
exports.generateCorsHeaders = generateCorsHeaders;
|
|
239
|
+
/**
|
|
240
|
+
* Generate JWT rotation headers if needed
|
|
241
|
+
*/
|
|
242
|
+
function generateJwtRotationHeaders(config, routeData) {
|
|
243
|
+
const headers = {};
|
|
244
|
+
if (!config.jwtRotationHeaders?.enabled || !routeData?.needsJwtRotation) {
|
|
245
|
+
return headers;
|
|
246
|
+
}
|
|
247
|
+
const { rotationRequiredHeader, rotationReasonHeader } = config.jwtRotationHeaders;
|
|
248
|
+
if (rotationRequiredHeader) {
|
|
249
|
+
headers[rotationRequiredHeader] = 'true';
|
|
250
|
+
}
|
|
251
|
+
if (rotationReasonHeader) {
|
|
252
|
+
headers[rotationReasonHeader] = 'secret-rotated';
|
|
253
|
+
}
|
|
254
|
+
return headers;
|
|
255
|
+
}
|
|
256
|
+
exports.generateJwtRotationHeaders = generateJwtRotationHeaders;
|
|
257
|
+
//# sourceMappingURL=security-config-loader.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-config-loader.js","sourceRoot":"","sources":["../../src/lib/security-config-loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAG7B;;GAEG;AACH,MAAM,uBAAuB,GAAmB;IAC9C,IAAI,EAAE;QACJ,WAAW,EAAE,EAAE;QACf,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC;QACzD,YAAY,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;QAC/C,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,KAAK,EAAE,WAAW;KAC3B;IACD,cAAc,EAAE;QACd,cAAc,EAAE,kBAAkB;QAClC,wBAAwB,EAAE,SAAS;QACnC,iBAAiB,EAAE,MAAM;QACzB,kBAAkB,EAAE,eAAe;KACpC;IACD,kBAAkB,EAAE;QAClB,OAAO,EAAE,IAAI;QACb,sBAAsB,EAAE,2BAA2B;QACnD,oBAAoB,EAAE,yBAAyB;KAChD;CACF,CAAC;AAEF;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,cAAsB,OAAO,CAAC,GAAG,EAAE;IACpE,MAAM,WAAW,GAAG;QAClB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,iBAAiB,CAAC;QACzC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,oBAAoB,CAAC;KAC7C,CAAC;IAEF,IAAI,UAAU,GAA4B,EAAE,CAAC;IAE7C,0CAA0C;IAC1C,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;QACpC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC7B,IAAI;gBACF,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;oBAC9B,8DAA8D;oBAC9D,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;iBAClC;qBAAM;oBACL,MAAM,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;oBAC1D,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;iBACxC;gBACD,OAAO,CAAC,GAAG,CAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;gBAC1D,MAAM;aACP;YAAC,OAAO,KAAK,EAAE;gBACd,OAAO,CAAC,IAAI,CAAC,uCAAuC,UAAU,GAAG,EAAE,KAAK,CAAC,CAAC;aAC3E;SACF;KACF;IAED,gCAAgC;IAChC,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAC/D,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YAClC,IAAI;gBACF,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;gBACzE,IAAI,WAAW,CAAC,WAAW,EAAE;oBAC3B,UAAU,GAAG,WAAW,CAAC,WAAW,CAAC;oBACrC,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;iBACzD;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,OAAO,CAAC,IAAI,CAAC,mDAAmD,EAAE,KAAK,CAAC,CAAC;aAC1E;SACF;KACF;IAED,mCAAmC;IACnC,MAAM,YAAY,GAAG,mBAAmB,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAAC;IAC9E,sBAAsB,CAAC,YAAY,CAAC,CAAC;IAErC,OAAO,YAAY,CAAC;AACtB,CAAC;AAjDD,gDAiDC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAwB,EAAE,IAA6B;IAClF,OAAO;QACL,IAAI,EAAE;YACJ,GAAG,QAAQ,CAAC,IAAI;YAChB,GAAG,IAAI,CAAC,IAAI;SACb;QACD,cAAc,EAAE;YACd,GAAG,QAAQ,CAAC,cAAc;YAC1B,GAAG,IAAI,CAAC,cAAc;SACvB;QACD,kBAAkB,EAAE;YAClB,GAAG,QAAQ,CAAC,kBAAkB;YAC9B,GAAG,IAAI,CAAC,kBAAkB;SAC3B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,MAAsB;IACpD,8BAA8B;IAC9B,IAAI,MAAM,CAAC,IAAI,EAAE;QACf,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;QAEtD,gDAAgD;QAChD,MAAM,WAAW,GAAG,WAAW,KAAK,GAAG;YACrC,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC;QAE7E,IAAI,gBAAgB,IAAI,WAAW,EAAE;YACnC,MAAM,IAAI,KAAK,CACb,yGAAyG;gBACzG,qEAAqE,CACtE,CAAC;SACH;QAED,8BAA8B;QAC9B,IAAI,WAAW,EAAE;YACf,OAAO,CAAC,IAAI,CACV,+DAA+D;gBAC/D,2DAA2D,CAC5D,CAAC;SACH;QAED,qCAAqC;QACrC,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;YAC1D,OAAO,CAAC,IAAI,CACV,kFAAkF;gBAClF,iFAAiF,CAClF,CAAC;SACH;KACF;IAED,mBAAmB;IACnB,IAAI,MAAM,CAAC,cAAc,EAAE;QACzB,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC;QAEtC,qCAAqC;QACrC,MAAM,kBAAkB,GAAG;YACzB,wBAAwB;YACxB,iBAAiB;YACjB,kBAAkB;SACnB,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,kBAAkB,EAAE;YACvC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACpB,OAAO,CAAC,IAAI,CAAC,6BAA6B,MAAM,6BAA6B,CAAC,CAAC;aAChF;SACF;KACF;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,aAAqB,EACrB,WAAmD,EACnD,mBAA8B;IAE9B,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE;QACxC,OAAO,KAAK,CAAC;KACd;IAED,kBAAkB;IAClB,IAAI,WAAW,KAAK,GAAG,EAAE;QACvB,OAAO,IAAI,CAAC;KACb;IAED,qCAAqC;IACrC,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;QAC9B,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE;YAChC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,aAAa,EAAE;gBAC1D,OAAO,IAAI,CAAC;aACb;YACD,IAAI,MAAM,YAAY,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;gBAC1D,OAAO,IAAI,CAAC;aACb;SACF;KACF;SAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;QAC1C,OAAO,WAAW,KAAK,aAAa,CAAC;KACtC;SAAM,IAAI,WAAW,YAAY,MAAM,EAAE;QACxC,OAAO,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KACxC;IAED,sDAAsD;IACtD,IAAI,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE;QACzD,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE;YACzC,IAAI;gBACF,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;gBAClC,IAAI,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;oBAC7B,OAAO,IAAI,CAAC;iBACb;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,OAAO,CAAC,IAAI,CAAC,iDAAiD,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;aACjF;SACF;KACF;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,MAAsB,EAAE,aAAsB;IAChF,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE;QAClC,OAAO,OAAO,CAAC;KAChB;IAED,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;IAE/G,yCAAyC;IACzC,IAAI,eAAe,CAAC,aAAa,EAAE,WAAW,EAAE,mBAAmB,CAAC,EAAE;QACpE,uEAAuE;QACvE,OAAO,CAAC,6BAA6B,CAAC,GAAG,aAAa,CAAC;QAEvD,mDAAmD;QACnD,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YAC3C,OAAO,CAAC,8BAA8B,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACnE;QAED,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YAC3C,OAAO,CAAC,8BAA8B,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACnE;QAED,IAAI,gBAAgB,EAAE;YACpB,OAAO,CAAC,kCAAkC,CAAC,GAAG,MAAM,CAAC;SACtD;QAED,IAAI,MAAM,EAAE;YACV,OAAO,CAAC,wBAAwB,CAAC,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;SACvD;KACF;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAjCD,kDAiCC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CACxC,MAAsB,EACtB,SAAc;IAEd,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,OAAO,IAAI,CAAC,SAAS,EAAE,gBAAgB,EAAE;QACvE,OAAO,OAAO,CAAC;KAChB;IAED,MAAM,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,GAAG,MAAM,CAAC,kBAAkB,CAAC;IAEnF,IAAI,sBAAsB,EAAE;QAC1B,OAAO,CAAC,sBAAsB,CAAC,GAAG,MAAM,CAAC;KAC1C;IAED,IAAI,oBAAoB,EAAE;QACxB,OAAO,CAAC,oBAAoB,CAAC,GAAG,gBAAgB,CAAC;KAClD;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AArBD,gEAqBC"}
|
|
@@ -11,9 +11,26 @@ export type ConfigRouteEntry = {
|
|
|
11
11
|
handlerPath: string;
|
|
12
12
|
authorizeRoute?: boolean;
|
|
13
13
|
};
|
|
14
|
+
export type SecurityConfig = {
|
|
15
|
+
cors?: {
|
|
16
|
+
allowOrigin?: string | string[] | RegExp | RegExp[];
|
|
17
|
+
allowOriginPatterns?: string[];
|
|
18
|
+
allowMethods?: string[];
|
|
19
|
+
allowHeaders?: string[];
|
|
20
|
+
allowCredentials?: boolean;
|
|
21
|
+
maxAge?: number;
|
|
22
|
+
};
|
|
23
|
+
defaultHeaders?: Record<string, string>;
|
|
24
|
+
jwtRotationHeaders?: {
|
|
25
|
+
enabled?: boolean;
|
|
26
|
+
rotationRequiredHeader?: string;
|
|
27
|
+
rotationReasonHeader?: string;
|
|
28
|
+
};
|
|
29
|
+
};
|
|
14
30
|
export type RouteConfig = {
|
|
15
31
|
authorizeAllRoutes?: boolean;
|
|
16
32
|
routes: Array<ConfigRouteEntry>;
|
|
33
|
+
security?: SecurityConfig;
|
|
17
34
|
};
|
|
18
35
|
export type RouteArguments = {
|
|
19
36
|
params?: any;
|
|
@@ -22,6 +39,7 @@ export type RouteArguments = {
|
|
|
22
39
|
form?: any;
|
|
23
40
|
rawEvent?: APIGatewayProxyEventV2 | APIGatewayProxyEvent;
|
|
24
41
|
routeData?: any;
|
|
42
|
+
responseHeaders?: Record<string, string>;
|
|
25
43
|
};
|
|
26
44
|
export interface RouteSchema {
|
|
27
45
|
params?: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types-and-interfaces.d.ts","sourceRoot":"","sources":["../../src/lib/types-and-interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAC;AAE9D,MAAM,MAAM,gBAAgB,GAAG;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,KAAK,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACjF,mBAAmB,EAAE,OAAO,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"types-and-interfaces.d.ts","sourceRoot":"","sources":["../../src/lib/types-and-interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAC;AAE9D,MAAM,MAAM,gBAAgB,GAAG;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,KAAK,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACjF,mBAAmB,EAAE,OAAO,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,CAAC,EAAE;QACL,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;QACpD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,kBAAkB,CAAC,EAAE;QACnB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,sBAAsB,CAAC,EAAE,MAAM,CAAC;QAChC,oBAAoB,CAAC,EAAE,MAAM,CAAC;KAC/B,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,QAAQ,CAAC,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;IACzD,SAAS,CAAC,EAAE,GAAG,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC1C,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;KAAE,CAAC;IACxC,KAAK,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;KAAE,CAAC;IACvC,IAAI,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;KAAE,CAAC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;KAAE,CAAC;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;KAAE,CAAC;CAC7D;AAED,MAAM,WAAW,kBAAmB,SAAQ,YAAY,CAAC,cAAc;CAAG;AAE1E,MAAM,WAAW,aAAc,SAAQ,YAAY,CAAC,cAAc;IAChE,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,YAAa,SAAQ,YAAY,CAAC,cAAc;IAC/D,IAAI,EAAE,GAAG,CAAC;CACX;AAED,MAAM,MAAM,cAAc,CAAC,CAAC,IAAI,YAAY,GAAG,aAAa,CAAC;AAE7D,MAAM,MAAM,iBAAiB,CAAC,CAAC,IAAI;KAChC,GAAG,IACA,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GAAG,cAAc,CAAC,CAAC,CAAC;CAC9B,CAAC;AAEF,MAAM,WAAW,aAAa,CAAC,CAAC,CAAE,SAAQ,iBAAiB,CAAC,CAAC,CAAC;IAC5D,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;CAC1B;AAED,MAAM,MAAM,6BAA6B,GAAG,CAAC,KAAK,EAAE,WAAW,KAAK,cAAc,CAAC;AACnF,MAAM,MAAM,gCAAgC,GAAG,CAAC,KAAK,EAAE,cAAc,KAAK,GAAG,CAAC;AAC9E,MAAM,MAAM,eAAe,GAAG,KAAK,CAAC,gCAAgC,CAAC,CAAC;AACtE,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,eAAe,CAAC;IAC5B,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;CACH"}
|