aws-lambda-api-tools 0.1.22 → 0.1.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/bootstrap-iam.js +53 -1
- package/dist/bin/bootstrap-iam.js +78 -34
- package/dist/bin/bootstrap-iam.js.map +1 -1
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/lambda-route-proxy-entry-handler.d.ts.map +1 -1
- package/dist/lib/lambda-route-proxy-entry-handler.js +19 -7
- package/dist/lib/lambda-route-proxy-entry-handler.js.map +1 -1
- package/dist/lib/middleware-helpers.d.ts +50 -0
- package/dist/lib/middleware-helpers.d.ts.map +1 -0
- package/dist/lib/middleware-helpers.js +111 -0
- package/dist/lib/middleware-helpers.js.map +1 -0
- package/dist/lib/security-config-loader.d.ts +15 -0
- package/dist/lib/security-config-loader.d.ts.map +1 -0
- package/dist/lib/security-config-loader.js +257 -0
- package/dist/lib/security-config-loader.js.map +1 -0
- package/dist/lib/types-and-interfaces.d.ts +18 -0
- package/dist/lib/types-and-interfaces.d.ts.map +1 -1
- package/package.json +2 -1
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
4
4
|
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
5
5
|
const child_process_1 = require("child_process");
|
|
6
|
+
const client_iam_1 = require("@aws-sdk/client-iam");
|
|
6
7
|
console.log('Starting GitHub OIDC IAM setup...');
|
|
7
8
|
// Parse command line arguments
|
|
8
9
|
const args = process.argv.slice(2);
|
|
@@ -18,22 +19,53 @@ const repoNames = repoArgs;
|
|
|
18
19
|
const policyName = policyArg ? policyArg.split("=")[1] : "AdministratorAccess";
|
|
19
20
|
console.log(`Configuring for repositories: ${repoNames.join(", ")}`);
|
|
20
21
|
console.log(`Using policy: ${policyName}`);
|
|
22
|
+
// Check if GitHub OIDC provider already exists
|
|
23
|
+
async function checkOidcProviderExists() {
|
|
24
|
+
try {
|
|
25
|
+
const iamClient = new client_iam_1.IAMClient({ region: process.env.AWS_REGION || 'us-east-1' });
|
|
26
|
+
const command = new client_iam_1.ListOpenIDConnectProvidersCommand({});
|
|
27
|
+
const response = await iamClient.send(command);
|
|
28
|
+
const githubProvider = response.OpenIDConnectProviderList?.find(provider => provider.Arn?.includes('token.actions.githubusercontent.com'));
|
|
29
|
+
if (githubProvider) {
|
|
30
|
+
console.log(`✅ Found existing GitHub OIDC provider: ${githubProvider.Arn}`);
|
|
31
|
+
return true;
|
|
32
|
+
}
|
|
33
|
+
else {
|
|
34
|
+
console.log('ℹ️ No existing GitHub OIDC provider found');
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
catch (error) {
|
|
39
|
+
console.log('⚠️ Could not check for existing OIDC provider:', error);
|
|
40
|
+
return false;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
21
43
|
const app = new aws_cdk_lib_1.App();
|
|
22
44
|
class GithubActionsIamStack extends aws_cdk_lib_1.Stack {
|
|
23
45
|
constructor(scope, id, props) {
|
|
24
46
|
super(scope, id, props);
|
|
25
|
-
console.log('
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
47
|
+
console.log('Setting up OIDC Provider...');
|
|
48
|
+
// Reference existing OIDC provider or create new one
|
|
49
|
+
const accountId = aws_cdk_lib_1.Stack.of(this).account;
|
|
50
|
+
const githubOidcProviderArn = `arn:aws:iam::${accountId}:oidc-provider/token.actions.githubusercontent.com`;
|
|
51
|
+
// Create OIDC provider only if it doesn't exist
|
|
52
|
+
if (props?.createOidcProvider) {
|
|
53
|
+
console.log('Creating new OIDC Provider...');
|
|
54
|
+
new aws_iam_1.CfnOIDCProvider(this, "GithubOidcProvider", {
|
|
55
|
+
url: "https://token.actions.githubusercontent.com",
|
|
56
|
+
clientIdList: ["sts.amazonaws.com"],
|
|
57
|
+
thumbprintList: [
|
|
58
|
+
"6938fd4d98bab03faadb97b34396831e3780aea1",
|
|
59
|
+
"1c58a3a8518e8759bf075b76b750d4f2df264fcd"
|
|
60
|
+
]
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
console.log('Using existing OIDC Provider');
|
|
65
|
+
}
|
|
34
66
|
console.log('Creating IAM Role...');
|
|
35
67
|
const deploymentRole = new aws_iam_1.Role(this, "GithubActionsRole", {
|
|
36
|
-
assumedBy: new aws_iam_1.WebIdentityPrincipal(
|
|
68
|
+
assumedBy: new aws_iam_1.WebIdentityPrincipal(githubOidcProviderArn, {
|
|
37
69
|
StringEquals: {
|
|
38
70
|
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
|
|
39
71
|
},
|
|
@@ -51,31 +83,43 @@ class GithubActionsIamStack extends aws_cdk_lib_1.Stack {
|
|
|
51
83
|
});
|
|
52
84
|
}
|
|
53
85
|
}
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
console.log('
|
|
57
|
-
const
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
const cdkCommand = [
|
|
62
|
-
'cdk deploy',
|
|
63
|
-
'GithubActionsIam',
|
|
64
|
-
'--require-approval never',
|
|
65
|
-
`--app "${assembly.directory}"`,
|
|
66
|
-
].join(' ');
|
|
67
|
-
console.log(`Executing: ${cdkCommand}`);
|
|
68
|
-
(0, child_process_1.execSync)(cdkCommand, {
|
|
69
|
-
stdio: 'inherit',
|
|
70
|
-
env: {
|
|
71
|
-
...process.env,
|
|
72
|
-
AWS_REGION: process.env.AWS_REGION || 'us-east-1',
|
|
73
|
-
}
|
|
86
|
+
// Main execution
|
|
87
|
+
async function main() {
|
|
88
|
+
console.log('Checking for existing OIDC provider...');
|
|
89
|
+
const oidcExists = await checkOidcProviderExists();
|
|
90
|
+
console.log('Creating CloudFormation stack...');
|
|
91
|
+
new GithubActionsIamStack(app, "GithubActionsIam", {
|
|
92
|
+
createOidcProvider: !oidcExists
|
|
74
93
|
});
|
|
75
|
-
console.log('
|
|
94
|
+
console.log('Synthesizing CloudFormation template...');
|
|
95
|
+
const assembly = app.synth();
|
|
96
|
+
// Execute the deployment
|
|
97
|
+
console.log('Starting deployment...');
|
|
98
|
+
try {
|
|
99
|
+
const cdkCommand = [
|
|
100
|
+
'cdk deploy',
|
|
101
|
+
'GithubActionsIam',
|
|
102
|
+
'--require-approval never',
|
|
103
|
+
`--app "${assembly.directory}"`,
|
|
104
|
+
].join(' ');
|
|
105
|
+
console.log(`Executing: ${cdkCommand}`);
|
|
106
|
+
(0, child_process_1.execSync)(cdkCommand, {
|
|
107
|
+
stdio: 'inherit',
|
|
108
|
+
env: {
|
|
109
|
+
...process.env,
|
|
110
|
+
AWS_REGION: process.env.AWS_REGION || 'us-east-1',
|
|
111
|
+
}
|
|
112
|
+
});
|
|
113
|
+
console.log('✅ Deployment completed successfully!');
|
|
114
|
+
}
|
|
115
|
+
catch (error) {
|
|
116
|
+
console.error('❌ Deployment failed:', error);
|
|
117
|
+
process.exit(1);
|
|
118
|
+
}
|
|
76
119
|
}
|
|
77
|
-
|
|
78
|
-
|
|
120
|
+
// Run the main function
|
|
121
|
+
main().catch(error => {
|
|
122
|
+
console.error('❌ Setup failed:', error);
|
|
79
123
|
process.exit(1);
|
|
80
|
-
}
|
|
124
|
+
});
|
|
81
125
|
//# sourceMappingURL=bootstrap-iam.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap-iam.js","sourceRoot":"","sources":["../../src/bin/bootstrap-iam.ts"],"names":[],"mappings":";;AAAA,6CAAgE;AAChE,
|
|
1
|
+
{"version":3,"file":"bootstrap-iam.js","sourceRoot":"","sources":["../../src/bin/bootstrap-iam.ts"],"names":[],"mappings":";;AAAA,6CAAgE;AAChE,iDAAwH;AACxH,iDAAyC;AACzC,oDAAmF;AAEnF,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;AAEjD,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;AAE5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;IACzB,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACjE,OAAO,CAAC,KAAK,CAAC,sGAAsG,CAAC,CAAC;IACtH,OAAO,CAAC,KAAK,CAAC,2GAA2G,CAAC,CAAC;IAC3H,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;CACjB;AAED,MAAM,SAAS,GAAG,QAAQ,CAAC;AAC3B,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC;AAE/E,OAAO,CAAC,GAAG,CAAC,iCAAiC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,EAAE,CAAC,CAAC;AAE3C,+CAA+C;AAC/C,KAAK,UAAU,uBAAuB;IACpC,IAAI;QACF,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,EAAE,CAAC,CAAC;QACnF,MAAM,OAAO,GAAG,IAAI,8CAAiC,CAAC,EAAE,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/C,MAAM,cAAc,GAAG,QAAQ,CAAC,yBAAyB,EAAE,IAAI,CAC7D,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,qCAAqC,CAAC,CAC1E,CAAC;QAEF,IAAI,cAAc,EAAE;YAClB,OAAO,CAAC,GAAG,CAAC,0CAA0C,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC;YAC5E,OAAO,IAAI,CAAC;SACb;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;YAC1D,OAAO,KAAK,CAAC;SACd;KACF;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACtE,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,MAAM,GAAG,GAAG,IAAI,iBAAG,EAAE,CAAC;AAEtB,MAAM,qBAAsB,SAAQ,mBAAK;IACvC,YAAY,KAAU,EAAE,EAAU,EAAE,KAAqD;QACvF,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAExB,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,qDAAqD;QACrD,MAAM,SAAS,GAAG,mBAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;QACzC,MAAM,qBAAqB,GAAG,gBAAgB,SAAS,oDAAoD,CAAC;QAE5G,gDAAgD;QAChD,IAAI,KAAK,EAAE,kBAAkB,EAAE;YAC7B,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAC7C,IAAI,yBAAe,CAAC,IAAI,EAAE,oBAAoB,EAAE;gBAC9C,GAAG,EAAE,6CAA6C;gBAClD,YAAY,EAAE,CAAC,mBAAmB,CAAC;gBACnC,cAAc,EAAE;oBACd,0CAA0C;oBAC1C,0CAA0C;iBAC3C;aACF,CAAC,CAAC;SACJ;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;SAC7C;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,cAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE;YACzD,SAAS,EAAE,IAAI,8BAAoB,CACjC,qBAAqB,EACrB;gBACE,YAAY,EAAE;oBACZ,yCAAyC,EAAE,mBAAmB;iBAC/D;gBACD,UAAU,EAAE;oBACV,yCAAyC,EAAE,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,IAAI,IAAI,CAAC;iBACnF;aACF,CACF;YACD,eAAe,EAAE;gBACf,uBAAa,CAAC,wBAAwB,CAAC,UAAW,CAAC;aACpD;SACF,CAAC,CAAC;QAEH,IAAI,uBAAS,CAAC,IAAI,EAAE,SAAS,EAAE;YAC7B,KAAK,EAAE,cAAc,CAAC,OAAO;YAC7B,WAAW,EAAE,sCAAsC;SACpD,CAAC,CAAC;IACL,CAAC;CACF;AAED,iBAAiB;AACjB,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,MAAM,uBAAuB,EAAE,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,IAAI,qBAAqB,CAAC,GAAG,EAAE,kBAAkB,EAAE;QACjD,kBAAkB,EAAE,CAAC,UAAU;KAChC,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC;IAE7B,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACtC,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,YAAY;YACZ,kBAAkB;YAClB,0BAA0B;YAC1B,UAAU,QAAQ,CAAC,SAAS,GAAG;SAChC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,OAAO,CAAC,GAAG,CAAC,cAAc,UAAU,EAAE,CAAC,CAAC;QAExC,IAAA,wBAAQ,EAAC,UAAU,EAAE;YACnB,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;aAClD;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;KACrD;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC;AAED,wBAAwB;AACxB,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;IACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
export type { BaseResponseObject, BaseRouteResponse, MiddlewareArgumentsInputFunction, MiddlewareChain, MiddlewareSchemaInputFunction, ResponseData, ResponseError, ResponseObject, RouteArguments, RouteModule, RouteResponse, RouteSchema, ConfigRouteEntry, RouteConfig, Permission, } from './lib/types-and-interfaces';
|
|
1
|
+
export type { BaseResponseObject, BaseRouteResponse, MiddlewareArgumentsInputFunction, MiddlewareChain, MiddlewareSchemaInputFunction, ResponseData, ResponseError, ResponseObject, RouteArguments, RouteModule, RouteResponse, RouteSchema, ConfigRouteEntry, RouteConfig, Permission, SecurityConfig, } from './lib/types-and-interfaces';
|
|
2
2
|
export { CustomError } from './lib/custom-error';
|
|
3
3
|
export { lambdaRouteProxyEntryHandler } from './lib/lambda-route-proxy-entry-handler';
|
|
4
4
|
export { lambdaRouteProxyPathNotFound } from './lib/lambda-route-proxy-path-not-found';
|
|
5
5
|
export { schemaValidationMiddleware } from './lib/middlewares/route-module-schema-validation-middleware';
|
|
6
6
|
export { jwtValidationMiddleware } from './lib/middlewares/route-module-jwt-validation-middleware';
|
|
7
|
+
export { addResponseHeader, addResponseHeaders, addConditionalHeader, addRateLimitHeaders, addCacheHeaders, addSecurityHeaders, addAuthHeaders, } from './lib/middleware-helpers';
|
|
7
8
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,gCAAgC,EAChC,eAAe,EACf,6BAA6B,EAC7B,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,UAAU,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,gCAAgC,EAChC,eAAe,EACf,6BAA6B,EAC7B,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,cAAc,GACf,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,OAAO,EAAE,4BAA4B,EAAE,MAAM,wCAAwC,CAAC;AAEtF,OAAO,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAC;AAEvF,OAAO,EAAE,0BAA0B,EAAE,MAAM,6DAA6D,CAAC;AAEzG,OAAO,EAAE,uBAAuB,EAAE,MAAM,0DAA0D,CAAC;AAEnG,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,eAAe,EACf,kBAAkB,EAClB,cAAc,GACf,MAAM,0BAA0B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.jwtValidationMiddleware = exports.schemaValidationMiddleware = exports.lambdaRouteProxyPathNotFound = exports.lambdaRouteProxyEntryHandler = exports.CustomError = void 0;
|
|
3
|
+
exports.addAuthHeaders = exports.addSecurityHeaders = exports.addCacheHeaders = exports.addRateLimitHeaders = exports.addConditionalHeader = exports.addResponseHeaders = exports.addResponseHeader = exports.jwtValidationMiddleware = exports.schemaValidationMiddleware = exports.lambdaRouteProxyPathNotFound = exports.lambdaRouteProxyEntryHandler = exports.CustomError = void 0;
|
|
4
4
|
var custom_error_1 = require("./lib/custom-error");
|
|
5
5
|
Object.defineProperty(exports, "CustomError", { enumerable: true, get: function () { return custom_error_1.CustomError; } });
|
|
6
6
|
var lambda_route_proxy_entry_handler_1 = require("./lib/lambda-route-proxy-entry-handler");
|
|
@@ -11,4 +11,12 @@ var route_module_schema_validation_middleware_1 = require("./lib/middlewares/rou
|
|
|
11
11
|
Object.defineProperty(exports, "schemaValidationMiddleware", { enumerable: true, get: function () { return route_module_schema_validation_middleware_1.schemaValidationMiddleware; } });
|
|
12
12
|
var route_module_jwt_validation_middleware_1 = require("./lib/middlewares/route-module-jwt-validation-middleware");
|
|
13
13
|
Object.defineProperty(exports, "jwtValidationMiddleware", { enumerable: true, get: function () { return route_module_jwt_validation_middleware_1.jwtValidationMiddleware; } });
|
|
14
|
+
var middleware_helpers_1 = require("./lib/middleware-helpers");
|
|
15
|
+
Object.defineProperty(exports, "addResponseHeader", { enumerable: true, get: function () { return middleware_helpers_1.addResponseHeader; } });
|
|
16
|
+
Object.defineProperty(exports, "addResponseHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addResponseHeaders; } });
|
|
17
|
+
Object.defineProperty(exports, "addConditionalHeader", { enumerable: true, get: function () { return middleware_helpers_1.addConditionalHeader; } });
|
|
18
|
+
Object.defineProperty(exports, "addRateLimitHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addRateLimitHeaders; } });
|
|
19
|
+
Object.defineProperty(exports, "addCacheHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addCacheHeaders; } });
|
|
20
|
+
Object.defineProperty(exports, "addSecurityHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addSecurityHeaders; } });
|
|
21
|
+
Object.defineProperty(exports, "addAuthHeaders", { enumerable: true, get: function () { return middleware_helpers_1.addAuthHeaders; } });
|
|
14
22
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAmBA,mDAAiD;AAAxC,2GAAA,WAAW,OAAA;AAEpB,2FAAsF;AAA7E,gJAAA,4BAA4B,OAAA;AAErC,6FAAuF;AAA9E,iJAAA,4BAA4B,OAAA;AAErC,yHAAyG;AAAhG,uJAAA,0BAA0B,OAAA;AAEnC,mHAAmG;AAA1F,iJAAA,uBAAuB,OAAA;AAEhC,+DAQkC;AAPhC,uHAAA,iBAAiB,OAAA;AACjB,wHAAA,kBAAkB,OAAA;AAClB,0HAAA,oBAAoB,OAAA;AACpB,yHAAA,mBAAmB,OAAA;AACnB,qHAAA,eAAe,OAAA;AACf,wHAAA,kBAAkB,OAAA;AAClB,oHAAA,cAAc,OAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lambda-route-proxy-entry-handler.d.ts","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,WAAW,
|
|
1
|
+
{"version":3,"file":"lambda-route-proxy-entry-handler.d.ts","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,WAAW,EAEZ,MAAM,wBAAwB,CAAC;AA2BhC,eAAO,MAAM,cAAc,WACjB,WAAW,UACX,MAAM,QACR,MAAM;;MAEX,WAYF,CAAC;AAUF,eAAO,MAAM,oBAAoB,mBACf,WAAW,YACjB,cAAc,KACvB,QAAQ,GAAG,CAMb,CAAC;AAuCF,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,gBAAgB,EAAE,GAC1B,gBAAgB,GAAG;IAAE,MAAM,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CAAE,CAmB3D;AAED,eAAO,MAAM,4BAA4B,WAC9B,WAAW;;cAEX,sBAAsB,GAAG,oBAAoB,GAAG,eAAe,iBAqIvE,CAAC"}
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.lambdaRouteProxyEntryHandler = exports.getRouteConfigByPath = exports.getRouteModuleResult = exports.getRouteModule = void 0;
|
|
4
4
|
const custom_error_1 = require("./custom-error");
|
|
5
5
|
const authorization_helper_1 = require("./authorization-helper");
|
|
6
|
+
const security_config_loader_1 = require("./security-config-loader");
|
|
6
7
|
const getRouteConfigEntry = (config, method, path) => config.routes.find((r) => r.path.toLowerCase() === path.toLowerCase() &&
|
|
7
8
|
r.method.toLowerCase() === method.toLowerCase());
|
|
8
9
|
const shouldAuthorizeRoute = (routesConfig, routeConfigEntry) => (routesConfig.authorizeAllRoutes &&
|
|
@@ -73,6 +74,8 @@ function getRouteConfigByPath(eventPath, method, configs) {
|
|
|
73
74
|
}
|
|
74
75
|
exports.getRouteConfigByPath = getRouteConfigByPath;
|
|
75
76
|
const lambdaRouteProxyEntryHandler = (config, availableRouteModules) => async (event) => {
|
|
77
|
+
// Load security configuration
|
|
78
|
+
const securityConfig = config.security || (0, security_config_loader_1.loadSecurityConfig)();
|
|
76
79
|
console.log(`Event Data: ${JSON.stringify(event)}`);
|
|
77
80
|
const isV2 = event.version === "2.0";
|
|
78
81
|
const isProxied = !isV2 && event.hasOwnProperty("requestContext");
|
|
@@ -94,27 +97,36 @@ const lambdaRouteProxyEntryHandler = (config, availableRouteModules) => async (e
|
|
|
94
97
|
: undefined;
|
|
95
98
|
console.log(`decodedBody:
|
|
96
99
|
${decodedBody}`);
|
|
97
|
-
|
|
100
|
+
const routeArgs = {
|
|
98
101
|
query: queryStringParameters,
|
|
99
102
|
params: pathParameters,
|
|
100
103
|
body: body ? decodedBody || JSON.parse(body) : undefined,
|
|
101
104
|
rawEvent: event,
|
|
102
|
-
}
|
|
105
|
+
};
|
|
106
|
+
retVal = await (0, exports.getRouteModuleResult)(routeModule, routeArgs);
|
|
103
107
|
if (isProxied) {
|
|
104
108
|
if (retVal.statusCode && !retVal.body) {
|
|
105
109
|
console.log("body must be included when status code is set", retVal);
|
|
106
110
|
throw new custom_error_1.CustomError("No body found", 500);
|
|
107
111
|
}
|
|
108
112
|
else if (retVal.statusCode && retVal.body) {
|
|
113
|
+
// Generate secure headers based on configuration
|
|
114
|
+
const requestOrigin = event.headers?.origin || event.headers?.Origin;
|
|
115
|
+
const corsHeaders = (0, security_config_loader_1.generateCorsHeaders)(securityConfig, requestOrigin);
|
|
116
|
+
const jwtRotationHeaders = (0, security_config_loader_1.generateJwtRotationHeaders)(securityConfig, routeArgs.routeData);
|
|
109
117
|
retVal = {
|
|
110
118
|
...retVal,
|
|
111
119
|
isBase64Encoded: false,
|
|
112
120
|
headers: {
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
121
|
+
// 1. Default security headers from config (lowest priority)
|
|
122
|
+
...securityConfig.defaultHeaders,
|
|
123
|
+
// 2. CORS headers (only if origin is allowed)
|
|
124
|
+
...corsHeaders,
|
|
125
|
+
// 3. JWT rotation headers (if needed)
|
|
126
|
+
...jwtRotationHeaders,
|
|
127
|
+
// 4. Middleware-provided headers (higher priority)
|
|
128
|
+
...(routeArgs.responseHeaders ?? {}),
|
|
129
|
+
// 5. Handler-provided headers (highest priority - can override everything)
|
|
118
130
|
...(retVal.headers ?? {}),
|
|
119
131
|
},
|
|
120
132
|
body: typeof retVal.body === "object"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lambda-route-proxy-entry-handler.js","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":";;;AAKA,iDAA6C;
|
|
1
|
+
{"version":3,"file":"lambda-route-proxy-entry-handler.js","sourceRoot":"","sources":["../../src/lib/lambda-route-proxy-entry-handler.ts"],"names":[],"mappings":";;;AAKA,iDAA6C;AAQ7C,iEAAwD;AACxD,qEAIkC;AAElC,MAAM,mBAAmB,GAAG,CAC1B,MAAmB,EACnB,MAAc,EACd,IAAY,EACZ,EAAE,CACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAChB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE;IAC3C,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CAC9B,CAAC;AAExB,MAAM,oBAAoB,GAAG,CAC3B,YAAyB,EACzB,gBAAkC,EAClC,EAAE,CACF,CAAC,YAAY,CAAC,kBAAkB;IAC9B,gBAAgB,CAAC,cAAc,KAAK,KAAK,CAAC;IAC5C,gBAAgB,CAAC,cAAc,KAAK,IAAI,CAAC;AAEpC,MAAM,cAAc,GAAG,CAC5B,MAAmB,EACnB,MAAc,EACd,IAAY,EACZ,qBAA6C,EAChC,EAAE;IACf,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,WAAW,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1D,IAAI,UAAU,EAAE;QACd,MAAM,yBAAyB,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,IAAI,CACvE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAClD,CAAC;QACF,uFAAuF;QACvF,WAAW,GAAG,qBAAqB,CAAC,yBAA0B,CAAC,CAAC;KACjE;IACD,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AAjBW,QAAA,cAAc,kBAiBzB;AAUK,MAAM,oBAAoB,GAAG,KAAK,EACvC,EAAE,UAAU,EAAe,EAC3B,QAAwB,EACV,EAAE;IAChB,IAAI,WAAW,GAAG,QAAQ,CAAC;IAC3B,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE;QAChC,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;KAC1C;IACD,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AATW,QAAA,oBAAoB,wBAS/B;AAEF,SAAS,WAAW,CAAC,IAAY;IAC/B,sCAAsC;IACtC,OAAO,IAAI;SACR,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,yBAAyB;SAC/C,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,CAAC,0CAA0C;AACtF,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,KAA6B,EAAc,EAAE;IACtE,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,qBAAqB,EACnB,KAAK,CAAC,qBAAqB;YAC1B,EAA0C;QAC7C,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,EAAE;QAC1C,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,eAAe,EAAE,KAAK,CAAC,eAAe;KACvC,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,KAA2B,EAC3B,MAAmB,EACP,EAAE;IACd,MAAM,WAAW,GAAG,oBAAoB,CACtC,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,UAAU,EAChB,MAAM,CAAC,MAAM,CACd,CAAC;IACF,OAAO;QACL,QAAQ,EAAE,GAAG,KAAK,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,EAAE;QACnD,qBAAqB,EAAE,KAAK,CAAC,qBAAqB,IAAI,EAAE;QACxD,cAAc,EAAE,WAAW,CAAC,MAAM,IAAI,EAAE;QACxC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,eAAe,EAAE,KAAK,CAAC,eAAe;KACvC,CAAC;AACJ,CAAC,CAAC;AAEF,SAAgB,oBAAoB,CAClC,SAAiB,EACjB,MAAc,EACd,OAA2B;IAE3B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB;IAClE,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB;IAC5E,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;QAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAEzC,IAAI,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAClC,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,CAAC;SAC9B;QAED,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE;YACrD,OAAO,MAAM,CAAC;SACf;KACF;IAED,MAAM,IAAI,0BAAW,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;AAC3E,CAAC;AAvBD,oDAuBC;AAEM,MAAM,4BAA4B,GACvC,CAAC,MAAmB,EAAE,qBAA6C,EAAE,EAAE,CACvE,KAAK,EACH,KAAsE,EACtE,EAAE;IACF,8BAA8B;IAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,IAAI,IAAA,2CAAkB,GAAE,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACpD,MAAM,IAAI,GAAI,KAAgC,CAAC,OAAO,KAAK,KAAK,CAAC;IAEjE,MAAM,SAAS,GAAG,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC;IAElE,MAAM,QAAQ,GAAG,IAAI;QACnB,CAAC,CAAC,iBAAiB,CAAC,KAA+B,CAAC;QACpD,CAAC,CAAC,iBAAiB,CAAC,KAA6B,EAAE,MAAM,CAAC,CAAC;IAE7D,MAAM,EACJ,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,IAAI,EACJ,eAAe,GAChB,GAAG,QAAQ,CAAC;IAEb,IAAI,MAAM,GAAQ,EAAE,CAAC;IACrB,IAAI;QACF,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,IAAI,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,IACE,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,EACvE;YACA,MAAM,IAAA,qCAAc,EAAC,KAAK,CAAC,CAAC;SAC7B;QAED,MAAM,WAAW,GAAG,IAAA,sBAAc,EAChC,MAAM,EACN,MAAM,EACN,IAAI,EACJ,qBAAqB,CACtB,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,oBAAoB,eAAe,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QAC7B,MAAM,WAAW,GAAG,eAAe;YACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,CAAC,GAAG,CAAC;QACV,WAAW,EAAE,CAAC,CAAC;QAEjB,MAAM,SAAS,GAAmB;YAChC,KAAK,EAAE,qBAAqB;YAC5B,MAAM,EAAE,cAAc;YACtB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACxD,QAAQ,EAAE,KAAK;SAChB,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,4BAAoB,EAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAE5D,IAAI,SAAS,EAAE;YACb,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;gBACrC,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,MAAM,CAAC,CAAC;gBACrE,MAAM,IAAI,0BAAW,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;aAC7C;iBAAM,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,EAAE;gBAC3C,iDAAiD;gBACjD,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,EAAE,MAAM,IAAI,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC;gBACrE,MAAM,WAAW,GAAG,IAAA,4CAAmB,EAAC,cAAc,EAAE,aAAa,CAAC,CAAC;gBACvE,MAAM,kBAAkB,GAAG,IAAA,mDAA0B,EAAC,cAAc,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;gBAE3F,MAAM,GAAG;oBACP,GAAG,MAAM;oBACT,eAAe,EAAE,KAAK;oBACtB,OAAO,EAAE;wBACP,4DAA4D;wBAC5D,GAAG,cAAc,CAAC,cAAc;wBAChC,8CAA8C;wBAC9C,GAAG,WAAW;wBACd,sCAAsC;wBACtC,GAAG,kBAAkB;wBACrB,mDAAmD;wBACnD,GAAG,CAAC,SAAS,CAAC,eAAe,IAAI,EAAE,CAAC;wBACpC,2EAA2E;wBAC3E,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;qBAC1B;oBACD,IAAI,EACF,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;wBAC7B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;wBAC7B,CAAC,CAAC,MAAM,CAAC,IAAI;iBAClB,CAAC;aACH;SACF;aAAM;YACL,MAAM,GAAG;gBACP,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBAC5B,cAAc,EAAE,kBAAkB;aACnC,CAAC;SACH;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7D,IAAI,OAAO,GAAG;YACZ,cAAc,EAAE,kBAAkB;SACT,CAAC;QAE5B,IAAI,UAAU,GAAG,GAAG,CAAC;QAErB,IAAI,SAAS,EAAE;YACb,MAAM,SAAS,GACZ,KAAK,CAAC,cAAsB,CAAC,UAAU,KAAK,SAAS,CAAC;YACzD,IAAI,SAAS,EAAE;gBACb,UAAU,GAAG,GAAG,CAAC;aAClB;iBAAM;gBACL,UAAU,GAAG,KAAK,CAAC,cAAc,IAAI,GAAG,CAAC;aAC1C;YACD,OAAO,GAAG;gBACR,GAAG,OAAO;gBACV,6BAA6B,EAAE,GAAG;gBAClC,8BAA8B,EAC5B,wCAAwC;gBAC1C,8BAA8B,EAC5B,0EAA0E;gBAC5E,kCAAkC,EAAE,MAAM;aAC3C,CAAC;SACH;QACD,IAAI,KAAK,YAAY,0BAAW,EAAE;YAChC,MAAM,GAAG;gBACP,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,KAAK,CAAC,OAAO;aACpB,CAAC;SACH;aAAM;YACL,MAAM,GAAG;gBACP,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;aAC7C,CAAC;SACH;KACF;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAxIS,QAAA,4BAA4B,gCAwIrC"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { RouteArguments } from './types-and-interfaces';
|
|
2
|
+
/**
|
|
3
|
+
* Helper utilities for middleware to manage response headers
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Add a header to be included in the response
|
|
7
|
+
* Middleware can use this to add headers that will be automatically included
|
|
8
|
+
*/
|
|
9
|
+
export declare function addResponseHeader(args: RouteArguments, name: string, value: string): RouteArguments;
|
|
10
|
+
/**
|
|
11
|
+
* Add multiple headers to be included in the response
|
|
12
|
+
*/
|
|
13
|
+
export declare function addResponseHeaders(args: RouteArguments, headers: Record<string, string>): RouteArguments;
|
|
14
|
+
/**
|
|
15
|
+
* Conditionally add a header based on some condition
|
|
16
|
+
*/
|
|
17
|
+
export declare function addConditionalHeader(args: RouteArguments, condition: boolean, name: string, value: string): RouteArguments;
|
|
18
|
+
/**
|
|
19
|
+
* Add rate limiting headers
|
|
20
|
+
*/
|
|
21
|
+
export declare function addRateLimitHeaders(args: RouteArguments, limit: number, remaining: number, resetTime: number): RouteArguments;
|
|
22
|
+
/**
|
|
23
|
+
* Add cache control headers
|
|
24
|
+
*/
|
|
25
|
+
export declare function addCacheHeaders(args: RouteArguments, maxAge: number, options?: {
|
|
26
|
+
public?: boolean;
|
|
27
|
+
private?: boolean;
|
|
28
|
+
noCache?: boolean;
|
|
29
|
+
noStore?: boolean;
|
|
30
|
+
mustRevalidate?: boolean;
|
|
31
|
+
}): RouteArguments;
|
|
32
|
+
/**
|
|
33
|
+
* Add security headers for specific middleware needs
|
|
34
|
+
*/
|
|
35
|
+
export declare function addSecurityHeaders(args: RouteArguments, headers: {
|
|
36
|
+
contentSecurityPolicy?: string;
|
|
37
|
+
strictTransportSecurity?: string;
|
|
38
|
+
referrerPolicy?: string;
|
|
39
|
+
permissionsPolicy?: string;
|
|
40
|
+
}): RouteArguments;
|
|
41
|
+
/**
|
|
42
|
+
* Add custom authentication headers
|
|
43
|
+
*/
|
|
44
|
+
export declare function addAuthHeaders(args: RouteArguments, headers: {
|
|
45
|
+
tokenRotationRequired?: boolean;
|
|
46
|
+
tokenRotationReason?: string;
|
|
47
|
+
authRealm?: string;
|
|
48
|
+
authScheme?: string;
|
|
49
|
+
}): RouteArguments;
|
|
50
|
+
//# sourceMappingURL=middleware-helpers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware-helpers.d.ts","sourceRoot":"","sources":["../../src/lib/middleware-helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAExD;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,cAAc,EACpB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,cAAc,CAQhB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC9B,cAAc,CAQhB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,cAAc,EACpB,SAAS,EAAE,OAAO,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,cAAc,CAIhB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,cAAc,CAMhB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE;IACP,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,cAAc,CAAC,EAAE,OAAO,CAAC;CACrB,GACL,cAAc,CAWhB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE;IACP,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,GACA,cAAc,CAiBhB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE;IACP,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACA,cAAc,CAchB"}
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.addAuthHeaders = exports.addSecurityHeaders = exports.addCacheHeaders = exports.addRateLimitHeaders = exports.addConditionalHeader = exports.addResponseHeaders = exports.addResponseHeader = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Helper utilities for middleware to manage response headers
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Add a header to be included in the response
|
|
9
|
+
* Middleware can use this to add headers that will be automatically included
|
|
10
|
+
*/
|
|
11
|
+
function addResponseHeader(args, name, value) {
|
|
12
|
+
return {
|
|
13
|
+
...args,
|
|
14
|
+
responseHeaders: {
|
|
15
|
+
...args.responseHeaders,
|
|
16
|
+
[name]: value,
|
|
17
|
+
},
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
exports.addResponseHeader = addResponseHeader;
|
|
21
|
+
/**
|
|
22
|
+
* Add multiple headers to be included in the response
|
|
23
|
+
*/
|
|
24
|
+
function addResponseHeaders(args, headers) {
|
|
25
|
+
return {
|
|
26
|
+
...args,
|
|
27
|
+
responseHeaders: {
|
|
28
|
+
...args.responseHeaders,
|
|
29
|
+
...headers,
|
|
30
|
+
},
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
exports.addResponseHeaders = addResponseHeaders;
|
|
34
|
+
/**
|
|
35
|
+
* Conditionally add a header based on some condition
|
|
36
|
+
*/
|
|
37
|
+
function addConditionalHeader(args, condition, name, value) {
|
|
38
|
+
if (!condition)
|
|
39
|
+
return args;
|
|
40
|
+
return addResponseHeader(args, name, value);
|
|
41
|
+
}
|
|
42
|
+
exports.addConditionalHeader = addConditionalHeader;
|
|
43
|
+
/**
|
|
44
|
+
* Add rate limiting headers
|
|
45
|
+
*/
|
|
46
|
+
function addRateLimitHeaders(args, limit, remaining, resetTime) {
|
|
47
|
+
return addResponseHeaders(args, {
|
|
48
|
+
'X-RateLimit-Limit': limit.toString(),
|
|
49
|
+
'X-RateLimit-Remaining': remaining.toString(),
|
|
50
|
+
'X-RateLimit-Reset': resetTime.toString(),
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
exports.addRateLimitHeaders = addRateLimitHeaders;
|
|
54
|
+
/**
|
|
55
|
+
* Add cache control headers
|
|
56
|
+
*/
|
|
57
|
+
function addCacheHeaders(args, maxAge, options = {}) {
|
|
58
|
+
const cacheDirectives = [];
|
|
59
|
+
if (options.public)
|
|
60
|
+
cacheDirectives.push('public');
|
|
61
|
+
if (options.private)
|
|
62
|
+
cacheDirectives.push('private');
|
|
63
|
+
if (options.noCache)
|
|
64
|
+
cacheDirectives.push('no-cache');
|
|
65
|
+
if (options.noStore)
|
|
66
|
+
cacheDirectives.push('no-store');
|
|
67
|
+
if (options.mustRevalidate)
|
|
68
|
+
cacheDirectives.push('must-revalidate');
|
|
69
|
+
if (maxAge > 0)
|
|
70
|
+
cacheDirectives.push(`max-age=${maxAge}`);
|
|
71
|
+
return addResponseHeader(args, 'Cache-Control', cacheDirectives.join(', '));
|
|
72
|
+
}
|
|
73
|
+
exports.addCacheHeaders = addCacheHeaders;
|
|
74
|
+
/**
|
|
75
|
+
* Add security headers for specific middleware needs
|
|
76
|
+
*/
|
|
77
|
+
function addSecurityHeaders(args, headers) {
|
|
78
|
+
const securityHeaders = {};
|
|
79
|
+
if (headers.contentSecurityPolicy) {
|
|
80
|
+
securityHeaders['Content-Security-Policy'] = headers.contentSecurityPolicy;
|
|
81
|
+
}
|
|
82
|
+
if (headers.strictTransportSecurity) {
|
|
83
|
+
securityHeaders['Strict-Transport-Security'] = headers.strictTransportSecurity;
|
|
84
|
+
}
|
|
85
|
+
if (headers.referrerPolicy) {
|
|
86
|
+
securityHeaders['Referrer-Policy'] = headers.referrerPolicy;
|
|
87
|
+
}
|
|
88
|
+
if (headers.permissionsPolicy) {
|
|
89
|
+
securityHeaders['Permissions-Policy'] = headers.permissionsPolicy;
|
|
90
|
+
}
|
|
91
|
+
return addResponseHeaders(args, securityHeaders);
|
|
92
|
+
}
|
|
93
|
+
exports.addSecurityHeaders = addSecurityHeaders;
|
|
94
|
+
/**
|
|
95
|
+
* Add custom authentication headers
|
|
96
|
+
*/
|
|
97
|
+
function addAuthHeaders(args, headers) {
|
|
98
|
+
const authHeaders = {};
|
|
99
|
+
if (headers.tokenRotationRequired) {
|
|
100
|
+
authHeaders['X-Token-Rotation-Required'] = 'true';
|
|
101
|
+
}
|
|
102
|
+
if (headers.tokenRotationReason) {
|
|
103
|
+
authHeaders['X-Token-Rotation-Reason'] = headers.tokenRotationReason;
|
|
104
|
+
}
|
|
105
|
+
if (headers.authRealm) {
|
|
106
|
+
authHeaders['WWW-Authenticate'] = `${headers.authScheme || 'Bearer'} realm="${headers.authRealm}"`;
|
|
107
|
+
}
|
|
108
|
+
return addResponseHeaders(args, authHeaders);
|
|
109
|
+
}
|
|
110
|
+
exports.addAuthHeaders = addAuthHeaders;
|
|
111
|
+
//# sourceMappingURL=middleware-helpers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware-helpers.js","sourceRoot":"","sources":["../../src/lib/middleware-helpers.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AAEH;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,IAAoB,EACpB,IAAY,EACZ,KAAa;IAEb,OAAO;QACL,GAAG,IAAI;QACP,eAAe,EAAE;YACf,GAAG,IAAI,CAAC,eAAe;YACvB,CAAC,IAAI,CAAC,EAAE,KAAK;SACd;KACF,CAAC;AACJ,CAAC;AAZD,8CAYC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,IAAoB,EACpB,OAA+B;IAE/B,OAAO;QACL,GAAG,IAAI;QACP,eAAe,EAAE;YACf,GAAG,IAAI,CAAC,eAAe;YACvB,GAAG,OAAO;SACX;KACF,CAAC;AACJ,CAAC;AAXD,gDAWC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,IAAoB,EACpB,SAAkB,EAClB,IAAY,EACZ,KAAa;IAEb,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,OAAO,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AAC9C,CAAC;AATD,oDASC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,IAAoB,EACpB,KAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,OAAO,kBAAkB,CAAC,IAAI,EAAE;QAC9B,mBAAmB,EAAE,KAAK,CAAC,QAAQ,EAAE;QACrC,uBAAuB,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC7C,mBAAmB,EAAE,SAAS,CAAC,QAAQ,EAAE;KAC1C,CAAC,CAAC;AACL,CAAC;AAXD,kDAWC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,IAAoB,EACpB,MAAc,EACd,UAMI,EAAE;IAEN,MAAM,eAAe,GAAG,EAAE,CAAC;IAE3B,IAAI,OAAO,CAAC,MAAM;QAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,OAAO;QAAE,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,OAAO,CAAC,OAAO;QAAE,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,OAAO;QAAE,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,cAAc;QAAE,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACpE,IAAI,MAAM,GAAG,CAAC;QAAE,eAAe,CAAC,IAAI,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IAE1D,OAAO,iBAAiB,CAAC,IAAI,EAAE,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9E,CAAC;AArBD,0CAqBC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,IAAoB,EACpB,OAKC;IAED,MAAM,eAAe,GAA2B,EAAE,CAAC;IAEnD,IAAI,OAAO,CAAC,qBAAqB,EAAE;QACjC,eAAe,CAAC,yBAAyB,CAAC,GAAG,OAAO,CAAC,qBAAqB,CAAC;KAC5E;IACD,IAAI,OAAO,CAAC,uBAAuB,EAAE;QACnC,eAAe,CAAC,2BAA2B,CAAC,GAAG,OAAO,CAAC,uBAAuB,CAAC;KAChF;IACD,IAAI,OAAO,CAAC,cAAc,EAAE;QAC1B,eAAe,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,cAAc,CAAC;KAC7D;IACD,IAAI,OAAO,CAAC,iBAAiB,EAAE;QAC7B,eAAe,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,iBAAiB,CAAC;KACnE;IAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACnD,CAAC;AAzBD,gDAyBC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,IAAoB,EACpB,OAKC;IAED,MAAM,WAAW,GAA2B,EAAE,CAAC;IAE/C,IAAI,OAAO,CAAC,qBAAqB,EAAE;QACjC,WAAW,CAAC,2BAA2B,CAAC,GAAG,MAAM,CAAC;KACnD;IACD,IAAI,OAAO,CAAC,mBAAmB,EAAE;QAC/B,WAAW,CAAC,yBAAyB,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC;KACtE;IACD,IAAI,OAAO,CAAC,SAAS,EAAE;QACrB,WAAW,CAAC,kBAAkB,CAAC,GAAG,GAAG,OAAO,CAAC,UAAU,IAAI,QAAQ,WAAW,OAAO,CAAC,SAAS,GAAG,CAAC;KACpG;IAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAtBD,wCAsBC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { SecurityConfig } from './types-and-interfaces';
|
|
2
|
+
/**
|
|
3
|
+
* Load security configuration from project root
|
|
4
|
+
* Looks for: api-security.json, api-security.js, or embedded in package.json
|
|
5
|
+
*/
|
|
6
|
+
export declare function loadSecurityConfig(projectRoot?: string): SecurityConfig;
|
|
7
|
+
/**
|
|
8
|
+
* Generate CORS headers based on configuration and request origin
|
|
9
|
+
*/
|
|
10
|
+
export declare function generateCorsHeaders(config: SecurityConfig, requestOrigin?: string): Record<string, string>;
|
|
11
|
+
/**
|
|
12
|
+
* Generate JWT rotation headers if needed
|
|
13
|
+
*/
|
|
14
|
+
export declare function generateJwtRotationHeaders(config: SecurityConfig, routeData: any): Record<string, string>;
|
|
15
|
+
//# sourceMappingURL=security-config-loader.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-config-loader.d.ts","sourceRoot":"","sources":["../../src/lib/security-config-loader.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AA0BxD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,WAAW,GAAE,MAAsB,GAAG,cAAc,CAiDtF;AA+HD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAiC1G;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,GAAG,GACb,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAkBxB"}
|