fiberx-backend-toolkit 0.0.74 → 0.0.76

package/dist/config/constants.d.ts

@@ -16,7 +16,36 @@ export declare const DEVICE_ID_COOKIE_MAX_AGE: number;
 export declare const DEVICE_ID_COOKIE_NAME = "device_id";
 export declare const DEVICE_ID_HEADERS_NAME = "X-Device-Id";
 export declare const CORS_ALLOWED_METHODS: string[];
-export declare const CORS_ALLOWED_HEADERS: string[];
+export declare const HEADERS_KEY_NAME: {
+    readonly content_type: "Content-Type";
+    readonly authorization: "Authorization";
+    readonly user_agent: "User-Agent";
+    readonly origin: "Origin";
+    readonly vary: "Vary";
+    readonly device_id: "X-Device-Id";
+    readonly device_name: "X-Device-Name";
+    readonly request_id: "X-Request-Id";
+    readonly rate_limit_limit: "X-RateLimit-Limit";
+    readonly rate_limit_remaining: "X-RateLimit-Remaining";
+    readonly rate_limit_reset: "X-RateLimit-Reset";
+    readonly rate_limit_retry_after: "X-RateLimit-Retry-After";
+    readonly login_challenge_token: "X-Login-Challenge-Token";
+    readonly csrf_token_header: "X-CSRF-Token";
+    readonly access_control_allow_origin: "Access-Control-Allow-Origin";
+    readonly access_control_allow_methods: "Access-Control-Allow-Methods";
+    readonly access_control_allow_headers: "Access-Control-Allow-Headers";
+    readonly access_control_allow_credentials: "Access-Control-Allow-Credentials";
+    readonly access_control_max_age: "Access-Control-Max-Age";
+    readonly xss_protection: "X-XSS-Protection";
+    readonly content_type_options: "X-Content-Type-Options";
+    readonly frame_options: "X-Frame-Options";
+    readonly referrer_policy: "Referrer-Policy";
+    readonly content_security_policy: "Content-Security-Policy";
+    readonly strict_transport_security: "Strict-Transport-Security";
+    readonly cross_origin_resource_policy: "Cross-Origin-Resource-Policy";
+    readonly cross_origin_opener_policy: "Cross-Origin-Opener-Policy";
+};
+export declare const CORS_ALLOWED_HEADERS: ("X-Request-Id" | "X-Device-Id" | "Content-Type" | "Authorization" | "User-Agent" | "Origin" | "Vary" | "X-Device-Name" | "X-RateLimit-Limit" | "X-RateLimit-Remaining" | "X-RateLimit-Reset" | "X-Login-Challenge-Token" | "X-CSRF-Token" | "Access-Control-Allow-Origin" | "Access-Control-Allow-Methods" | "Access-Control-Allow-Headers" | "Access-Control-Allow-Credentials" | "Access-Control-Max-Age")[];
 export declare const CORS_MAX_AGE_IN_SECONDS = 600;
 export declare const CORS_MAX_AGE_IN_MICRO_SECONDS: number;
 export declare const REQUEST_RATE_LIMITTER_OPTIONS: {

package/dist/config/constants.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_CONTENT_CACHE_TTL = exports.DEFAULT_CONTENT_LANG = exports.DEFAULT_CONTENT_URL = exports.CONTENT_LANG_KEY = exports.CONTENT_URL_KEY = exports.CONTENT_CACHE_TTL_KEY = exports.EMAIL_ENQUEUE_UTIL_FILE_NAME = exports.EMAIL_ENQUEUE_TYPES_FILE_NAME = exports.DEFAULT_RBAC_CACHE_TTL = exports.DEFAULT_RBAC_CACHE_KEY = exports.DEFAULT_TOTP_WINDOW = exports.DEFAULT_TOTP_DIGITS = exports.DEFAULT_TOTP_STEP = exports.ALPHABET_CORPUS = exports.CHARACTER_CORPUS = exports.REQUEST_RATE_LIMITTER_OPTIONS = exports.CORS_MAX_AGE_IN_MICRO_SECONDS = exports.CORS_MAX_AGE_IN_SECONDS = exports.CORS_ALLOWED_HEADERS = exports.CORS_ALLOWED_METHODS = exports.DEVICE_ID_HEADERS_NAME = exports.DEVICE_ID_COOKIE_NAME = exports.DEVICE_ID_COOKIE_MAX_AGE = exports.REQUEST_ID_HEADERS_NAME = exports.REQUEST_ID_COOKIE_NAME = exports.REQUEST_ID_COOKIE_MAX_AGE = exports.SEQUELIZE_SEEDER_META_TABLE_NAME = exports.SEQUELIZE_META_TABLE_NAME = exports.EMAIL_ENQUEUE_DIR = exports.SEEDERS_DIR = exports.MIGRATIONS_DIR = exports.MODELS_DIR = exports.SCHEMA_SNAPSHOTS_DIR = exports.SCHEMAS_DIR = exports.ENV_VAR_DIR = exports.LOG_DIR = exports.BASE_DIR = void 0;
+exports.DEFAULT_CONTENT_CACHE_TTL = exports.DEFAULT_CONTENT_LANG = exports.DEFAULT_CONTENT_URL = exports.CONTENT_LANG_KEY = exports.CONTENT_URL_KEY = exports.CONTENT_CACHE_TTL_KEY = exports.EMAIL_ENQUEUE_UTIL_FILE_NAME = exports.EMAIL_ENQUEUE_TYPES_FILE_NAME = exports.DEFAULT_RBAC_CACHE_TTL = exports.DEFAULT_RBAC_CACHE_KEY = exports.DEFAULT_TOTP_WINDOW = exports.DEFAULT_TOTP_DIGITS = exports.DEFAULT_TOTP_STEP = exports.ALPHABET_CORPUS = exports.CHARACTER_CORPUS = exports.REQUEST_RATE_LIMITTER_OPTIONS = exports.CORS_MAX_AGE_IN_MICRO_SECONDS = exports.CORS_MAX_AGE_IN_SECONDS = exports.CORS_ALLOWED_HEADERS = exports.HEADERS_KEY_NAME = exports.CORS_ALLOWED_METHODS = exports.DEVICE_ID_HEADERS_NAME = exports.DEVICE_ID_COOKIE_NAME = exports.DEVICE_ID_COOKIE_MAX_AGE = exports.REQUEST_ID_HEADERS_NAME = exports.REQUEST_ID_COOKIE_NAME = exports.REQUEST_ID_COOKIE_MAX_AGE = exports.SEQUELIZE_SEEDER_META_TABLE_NAME = exports.SEQUELIZE_META_TABLE_NAME = exports.EMAIL_ENQUEUE_DIR = exports.SEEDERS_DIR = exports.MIGRATIONS_DIR = exports.MODELS_DIR = exports.SCHEMA_SNAPSHOTS_DIR = exports.SCHEMAS_DIR = exports.ENV_VAR_DIR = exports.LOG_DIR = exports.BASE_DIR = void 0;
 const path_1 = __importDefault(require("path"));
 exports.BASE_DIR = process.cwd();
 exports.LOG_DIR = path_1.default.join(exports.BASE_DIR, "logs");
@@ -24,7 +24,76 @@ exports.DEVICE_ID_COOKIE_NAME = "device_id";
 exports.DEVICE_ID_HEADERS_NAME = "X-Device-Id";
 // CORS constants
 exports.CORS_ALLOWED_METHODS = ["GET", "POST", "PATCH", "DELETE", "OPTIONS"];
-exports.CORS_ALLOWED_HEADERS = ["Content-Type", "Authorization", exports.REQUEST_ID_HEADERS_NAME, exports.DEVICE_ID_HEADERS_NAME, "X-Device-Name", "User-Agent"];
+exports.HEADERS_KEY_NAME = {
+    // ======================
+    // Standard Headers
+    // ======================
+    content_type: "Content-Type",
+    authorization: "Authorization",
+    user_agent: "User-Agent",
+    origin: "Origin",
+    vary: "Vary",
+    // ======================
+    // Device
+    // ======================
+    device_id: "X-Device-Id",
+    device_name: "X-Device-Name",
+    // ======================
+    // Request Tracking
+    // ======================
+    request_id: "X-Request-Id",
+    // ======================
+    // Rate limit
+    // ======================
+    rate_limit_limit: "X-RateLimit-Limit",
+    rate_limit_remaining: "X-RateLimit-Remaining",
+    rate_limit_reset: "X-RateLimit-Reset",
+    rate_limit_retry_after: "X-RateLimit-Retry-After",
+    // ======================
+    // Auth / Security
+    // ======================
+    login_challenge_token: "X-Login-Challenge-Token",
+    csrf_token_header: "X-CSRF-Token",
+    // ======================
+    // CORS Headers
+    // ======================
+    access_control_allow_origin: "Access-Control-Allow-Origin",
+    access_control_allow_methods: "Access-Control-Allow-Methods",
+    access_control_allow_headers: "Access-Control-Allow-Headers",
+    access_control_allow_credentials: "Access-Control-Allow-Credentials",
+    access_control_max_age: "Access-Control-Max-Age",
+    // ======================
+    // Secure Headers
+    // ======================
+    xss_protection: "X-XSS-Protection",
+    content_type_options: "X-Content-Type-Options",
+    frame_options: "X-Frame-Options",
+    referrer_policy: "Referrer-Policy",
+    content_security_policy: "Content-Security-Policy",
+    strict_transport_security: "Strict-Transport-Security",
+    cross_origin_resource_policy: "Cross-Origin-Resource-Policy",
+    cross_origin_opener_policy: "Cross-Origin-Opener-Policy",
+};
+exports.CORS_ALLOWED_HEADERS = [
+    exports.HEADERS_KEY_NAME.content_type,
+    exports.HEADERS_KEY_NAME.authorization,
+    exports.HEADERS_KEY_NAME.user_agent,
+    exports.HEADERS_KEY_NAME.origin,
+    exports.HEADERS_KEY_NAME.vary,
+    exports.HEADERS_KEY_NAME.device_id,
+    exports.HEADERS_KEY_NAME.device_name,
+    exports.HEADERS_KEY_NAME.request_id,
+    exports.HEADERS_KEY_NAME.rate_limit_limit,
+    exports.HEADERS_KEY_NAME.rate_limit_remaining,
+    exports.HEADERS_KEY_NAME.rate_limit_reset,
+    exports.HEADERS_KEY_NAME.login_challenge_token,
+    exports.HEADERS_KEY_NAME.csrf_token_header,
+    exports.HEADERS_KEY_NAME.access_control_allow_origin,
+    exports.HEADERS_KEY_NAME.access_control_allow_methods,
+    exports.HEADERS_KEY_NAME.access_control_allow_headers,
+    exports.HEADERS_KEY_NAME.access_control_allow_credentials,
+    exports.HEADERS_KEY_NAME.access_control_max_age,
+];
 exports.CORS_MAX_AGE_IN_SECONDS = (600); // default: 10 min
 exports.CORS_MAX_AGE_IN_MICRO_SECONDS = (1000 * 60 * 10); // 10 minutes
 // Rate limitter

package/dist/middle_ware/cookie_manager_middle_ware.d.ts

@@ -12,7 +12,7 @@ declare class CookieManagerMiddleWare {
     private device_id_cookie_name;
     private device_id_header_name;
     private device_id_generator;
-    constructor(options?: CookieManagerOptions);
+    constructor(options: CookieManagerOptions);
     private getDefaultCookieOptions;
     private handleRequestId;
     private handleDeviceId;

package/dist/middle_ware/cookie_manager_middle_ware.js

@@ -27,7 +27,7 @@ class CookieManagerMiddleWare {
     device_id_cookie_name;
     device_id_header_name;
     device_id_generator;
-    constructor(options = {}) {
+    constructor(options) {
         this.request_id_max_age = options?.request_id_max_age || constants_1.REQUEST_ID_COOKIE_MAX_AGE;
         this.request_id_cookie_name = options.request_id_cookie_name || constants_1.REQUEST_ID_COOKIE_NAME;
         this.request_id_header_name = options.request_id_header_name || constants_1.REQUEST_ID_HEADERS_NAME;
@@ -50,7 +50,7 @@ class CookieManagerMiddleWare {
     }
     // Method to Ensure request_id exists + rolling expiration
     handleRequestId(req, res) {
-        let request_id = this.get(req, "request_id");
+        let request_id = this.get(req, this.request_id_cookie_name);
         if (!request_id) {
             request_id = this.request_id_generator();
             this.logger.info(`Generated request_id: ${request_id}`);
@@ -59,7 +59,7 @@ class CookieManagerMiddleWare {
         this.set(res, "request_id", request_id, {
             max_age: this.request_id_max_age,
         });
-        res.setHeader("X-Request-Id", request_id);
+        res.setHeader(this.request_id_header_name, request_id);
         return request_id;
     }
     // Method to Ensure device_id exists (long-lived)

package/dist/middle_ware/cors_middle_ware.d.ts

@@ -6,6 +6,7 @@ declare class CorsMiddleWare {
     private origin_cache;
     private origins;
     private methods;
+    private headers_key_name;
     private headers;
     private credentials;
     private max_age;

package/dist/middle_ware/cors_middle_ware.js

@@ -17,57 +17,53 @@ class CorsMiddleWare {
     origin_cache = new main_1.InMemoryCacheUtil();
     origins;
     methods;
+    headers_key_name;
     headers;
     credentials;
     max_age;
     allow_null_origin;
     origin_resolver;
     constructor(options = {}) {
-        this.origins = options.origins || [];
+        this.origins = options.origins ?? [];
         this.methods = options.methods ?? constants_1.CORS_ALLOWED_METHODS;
-        this.headers = options.headers ?? constants_1.CORS_ALLOWED_HEADERS;
         this.credentials = options.credentials ?? true;
         this.max_age = options.max_age ?? constants_1.CORS_MAX_AGE_IN_SECONDS;
-        this.allow_null_origin = options.allow_null_origin ?? false,
-            this.origin_resolver = options?.origin_resolver || null;
+        this.headers_key_name = options.headers_key_name ?? constants_1.HEADERS_KEY_NAME;
+        this.allow_null_origin = options.allow_null_origin ?? false;
+        this.origin_resolver = options.origin_resolver ?? null;
+        // generate headers array dynamically from the key names
+        this.headers = Object.values(this.headers_key_name);
         main_1.SafeExecuteUtil.setNamedInstance(this.name, this);
     }
-    // Method for Origin resolution logic
+    // -------------------------
+    // Origin resolution
+    // -------------------------
     async resolveAllowedOrigins() {
-        if (Array.isArray(this.origins) && this.origins.length) {
+        if (Array.isArray(this.origins) && this.origins.length)
             return this.origins;
-        }
-        else if (this.origin_resolver && typeof this.origin_resolver === "function") {
+        if (this.origin_resolver) {
             const result = await this.origin_resolver();
             return Array.isArray(result) ? result : [];
         }
         return [];
     }
-    // Method to validate origin
     async isValidOrigin(origin) {
-        if (!origin) {
+        if (!origin)
             return this.allow_null_origin;
-        }
-        // Cached
-        if (this.origin_cache.has(origin)) {
+        if (this.origin_cache.has(origin))
             return true;
-        }
-        // Function validator
-        else if (this.origin_resolver && typeof this.origin_resolver === "function") {
+        if (this.origin_resolver) {
             const result = await this.origin_resolver(origin);
             if (typeof result === "boolean") {
-                if (result) {
+                if (result)
                     this.origin_cache.set(origin, true, constants_1.CORS_MAX_AGE_IN_MICRO_SECONDS);
-                }
                 return result;
             }
         }
-        // List validator
         const allowed = await this.resolveAllowedOrigins();
         const is_valid = allowed.includes(origin);
-        if (is_valid) {
+        if (is_valid)
             this.origin_cache.set(origin, true, constants_1.CORS_MAX_AGE_IN_MICRO_SECONDS);
-        }
         return is_valid;
     }
     // -------------------------
@@ -75,13 +71,12 @@ class CorsMiddleWare {
     // -------------------------
     async getRequestOrigin(req) {
         const { headers, protocol } = req;
-        if (headers?.origin) {
-            return headers?.origin;
-        }
-        else if (headers?.referer) {
+        const originHeader = headers?.[this.headers_key_name.origin.toLowerCase()];
+        if (originHeader)
+            return originHeader;
+        if (headers?.referer)
             return new URL(headers.referer).origin;
-        }
-        return `${protocol}://${req?.get('host')}`;
+        return `${protocol}://${req.get("host")}`;
     }
     // -------------------------
     // Middleware
@@ -89,26 +84,25 @@ class CorsMiddleWare {
     async middleWare(req, res, next) {
         const origin = await this.getRequestOrigin(req);
         const is_allowed = await this.isValidOrigin(origin);
-        res.setHeader("Vary", "Origin");
+        res.setHeader(this.headers_key_name.vary, this.headers_key_name.origin);
         if (!is_allowed) {
             this.logger.error(`Blocked CORS request from origin: ${origin}`);
             return res.status(403).json({ status: "error", code: 403, msg: "cors_blocked" });
         }
-        res.setHeader("Access-Control-Allow-Origin", origin);
-        res.setHeader("Access-Control-Allow-Methods", this.methods.join(","));
-        res.setHeader("Access-Control-Allow-Headers", this.headers.join(","));
+        // Use constants from this.headers_key_name
+        res.setHeader(this.headers_key_name.access_control_allow_origin, origin);
+        res.setHeader(this.headers_key_name.access_control_allow_methods, this.methods.join(","));
+        res.setHeader(this.headers_key_name.access_control_allow_headers, this.headers.join(","));
         if (this.credentials) {
-            res.setHeader("Access-Control-Allow-Credentials", "true");
+            res.setHeader(this.headers_key_name.access_control_allow_credentials, "true");
         }
         if (this.max_age) {
-            res.setHeader("Access-Control-Max-Age", this.max_age.toString());
+            res.setHeader(this.headers_key_name.access_control_max_age, this.max_age.toString());
         }
-        if (req.method === "OPTIONS") {
+        if (req.method === "OPTIONS")
             return res.sendStatus(204);
-        }
         return next();
     }
-    ;
 }
 __decorate([
     main_1.SafeExecuteUtil.safeExecuteReturn("cors_middle_ware", []),

package/dist/middle_ware/rate_limiter_middle_ware.d.ts

@@ -8,6 +8,7 @@ declare class RateLimiterMiddleWare {
     private cache;
     private logger;
     private key_generator;
+    private headers_key_name;
     constructor(options?: RateLimiterOptions);
     private generateRequestIdentitfier;
     private getResetSeconds;

package/dist/middle_ware/rate_limiter_middle_ware.js

@@ -19,10 +19,12 @@ class RateLimiterMiddleWare {
     cache;
     logger;
     key_generator;
+    headers_key_name;
     constructor(options = {}) {
         this.window_ms = options?.window_ms ?? constants_1.REQUEST_RATE_LIMITTER_OPTIONS.window_ms;
         this.max_requests = options?.max_requests ?? constants_1.REQUEST_RATE_LIMITTER_OPTIONS.max_requests;
         this.message = options.message ?? constants_1.REQUEST_RATE_LIMITTER_OPTIONS.message;
+        this.headers_key_name = options.headers_key_name ?? constants_1.HEADERS_KEY_NAME;
         this.key_generator = options?.key_generator || this.generateRequestIdentitfier;
         this.cache = new main_1.InMemoryCacheUtil();
         this.logger = new main_1.LoggerUtil(this.name);
@@ -54,12 +56,12 @@ class RateLimiterMiddleWare {
         const remaining = Math.max(this.max_requests - record.count, 0);
         const reset_seconds = this.getResetSeconds(record.expires_at);
         // RFC-ish headers
-        res.setHeader("X-RateLimit-Limit", this.max_requests);
-        res.setHeader("X-RateLimit-Remaining", remaining);
-        res.setHeader("X-RateLimit-Reset", reset_seconds);
+        res.setHeader(this.headers_key_name.rate_limit_limit, this.max_requests);
+        res.setHeader(this.headers_key_name.rate_limit_remaining, remaining);
+        res.setHeader(this.headers_key_name.rate_limit_reset, reset_seconds);
         if (record.count > this.max_requests) {
             this.logger.alert(`⚠️ Rate limit exceeded for key: ${key} (retry in ${reset_seconds}s)`);
-            res.setHeader("Retry-After", reset_seconds);
+            res.setHeader(this.headers_key_name.rate_limit_retry_after, reset_seconds);
             return res.status(429).json({
                 status: "error",
                 code: 429,

package/dist/middle_ware/secure_headers_middle_ware.d.ts

@@ -3,17 +3,18 @@ import { SecureHeadersOptions } from "../types/middle_ware_type";
 declare class SecureHeadersMiddleWare {
     private name;
     private logger;
-    private readonly enabled?;
-    private readonly HSTS_enabled?;
-    private readonly HSTS_max_age?;
+    private readonly enabled;
+    private readonly HSTS_enabled;
+    private readonly HSTS_max_age;
+    private readonly HSTS_Extras;
     private readonly frame_options;
-    private readonly xss_protection?;
-    private readonly content_type_options?;
+    private readonly xss_protection;
+    private readonly content_type_options;
     private readonly referrer_policy;
     private readonly content_security_policy;
-    private readonly HSTS_Extras;
     private readonly cors_policy;
     private readonly cors_opener_policy;
+    private headers_key_name;
     constructor(options?: SecureHeadersOptions);
     private getDefaultContentSecurityPolicy;
     private getContentSecurityPolicyString;

package/dist/middle_ware/secure_headers_middle_ware.js

@@ -10,35 +10,37 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const main_1 = require("../utils/main");
+const constants_1 = require("../config/constants");
 class SecureHeadersMiddleWare {
     name = "secure_headers_middle_ware";
     logger = new main_1.LoggerUtil(this.name);
     enabled;
     HSTS_enabled;
     HSTS_max_age;
+    HSTS_Extras;
     frame_options;
     xss_protection;
     content_type_options;
     referrer_policy;
     content_security_policy;
-    HSTS_Extras;
     cors_policy;
     cors_opener_policy;
+    headers_key_name;
     constructor(options = {}) {
         this.enabled = options.enabled ?? true;
-        this.HSTS_enabled = options?.HSTS_enabled ?? main_1.InputValidatorUtil.isProduction();
-        this.HSTS_max_age = options?.HSTS_max_age ?? 63072000;
-        this.frame_options = options?.frame_options ?? "SAMEORIGIN";
-        this.xss_protection = options?.xss_protection ?? true;
-        this.content_type_options = options?.content_type_options ?? true;
-        this.referrer_policy = options?.referrer_policy ?? "no-referrer-when-downgrade";
-        this.content_security_policy = options?.content_security_policy ?? this.getDefaultContentSecurityPolicy(),
-            this.HSTS_Extras = options?.HSTS_Extras ?? "includeSubDomains; preload;";
-        this.cors_policy = options?.cors_policy ?? "same-origin";
-        this.cors_opener_policy = options?.cors_opener_policy ?? "same-origin";
+        this.HSTS_enabled = options.HSTS_enabled ?? main_1.InputValidatorUtil.isProduction();
+        this.HSTS_max_age = options.HSTS_max_age ?? 63072000;
+        this.HSTS_Extras = options.HSTS_Extras ?? "includeSubDomains; preload;";
+        this.frame_options = options.frame_options ?? "SAMEORIGIN";
+        this.xss_protection = options.xss_protection ?? true;
+        this.content_type_options = options.content_type_options ?? true;
+        this.referrer_policy = options.referrer_policy ?? "no-referrer-when-downgrade";
+        this.content_security_policy = options.content_security_policy ?? this.getDefaultContentSecurityPolicy();
+        this.cors_policy = options.cors_policy ?? "same-origin";
+        this.cors_opener_policy = options.cors_opener_policy ?? "same-origin";
+        this.headers_key_name = options.headers_key_name ?? constants_1.HEADERS_KEY_NAME;
         main_1.SafeExecuteUtil.setNamedInstance(this.name, this);
     }
-    // Method to get default content security policy
     getDefaultContentSecurityPolicy() {
         return {
             "default-src": ["'self'"],
@@ -52,46 +54,32 @@ class SecureHeadersMiddleWare {
             "frame-ancestors": ["'self'"],
         };
     }
-    // Method to convert content security policy object to string
     getContentSecurityPolicyString(policy) {
         return Object.entries(policy)
             .map(([key, value]) => `${key} ${value.join(" ")}`)
             .join("; ");
     }
-    // -------------------------
-    // Middleware
-    // -------------------------
     async middleWare(req, res, next) {
-        if (!this.enabled) {
+        if (!this.enabled)
             return next();
-        }
         // Prevent XSS
-        if (this.xss_protection) {
-            res.setHeader("X-XSS-Protection", "1; mode=block");
-        }
-        else {
-            res.setHeader("X-XSS-Protection", "0");
-        }
+        res.setHeader(this.headers_key_name.xss_protection ?? "X-XSS-Protection", this.xss_protection ? "1; mode=block" : "0");
         // Prevent MIME-type sniffing
-        if (this.content_type_options) {
-            res.setHeader("X-Content-Type-Options", "nosniff");
-        }
-        // Disable framing (clickjacking protection)
-        res.setHeader("X-Frame-Options", this.frame_options);
-        res.setHeader("Referrer-Policy", this.referrer_policy);
-        if (this.cors_policy) {
-            res.setHeader("Cross-Origin-Resource-Policy", this.cors_policy);
-        }
-        if (this.cors_opener_policy) {
-            res.setHeader("Cross-Origin-Opener-Policy", this.cors_opener_policy);
-        }
+        res.setHeader(this.headers_key_name.content_type_options ?? "X-Content-Type-Options", this.content_type_options ? "nosniff" : "0");
+        // Clickjacking protection
+        res.setHeader(this.headers_key_name.frame_options ?? "X-Frame-Options", this.frame_options);
+        // Referrer Policy
+        res.setHeader(this.headers_key_name.referrer_policy ?? "Referrer-Policy", this.referrer_policy);
+        // Cross-Origin Resource Policy
+        res.setHeader(this.headers_key_name.cross_origin_resource_policy ?? "Cross-Origin-Resource-Policy", this.cors_policy);
+        // Cross-Origin Opener Policy
+        res.setHeader(this.headers_key_name.cross_origin_opener_policy ?? "Cross-Origin-Opener-Policy", this.cors_opener_policy);
         // Content Security Policy
-        if (this.content_security_policy) {
-            const content_security_policy_string = this.getContentSecurityPolicyString(this.content_security_policy);
-            res.setHeader("Content-Security-Policy", content_security_policy_string);
-        }
+        const csp_string = this.getContentSecurityPolicyString(this.content_security_policy);
+        res.setHeader(this.headers_key_name.content_security_policy ?? "Content-Security-Policy", csp_string);
+        // HSTS
         if (this.HSTS_enabled) {
-            res.setHeader("Strict-Transport-Security", `max-age=${this.HSTS_max_age}; ${this.HSTS_Extras}`);
+            res.setHeader(this.headers_key_name.strict_transport_security ?? "Strict-Transport-Security", `max-age=${this.HSTS_max_age}; ${this.HSTS_Extras}`);
         }
         return next();
     }

package/dist/types/middle_ware_type.d.ts

@@ -1,5 +1,6 @@
 import { Model } from "sequelize";
 import { Request, Response, NextFunction } from "express";
+import { HEADERS_KEY_NAME } from "../config/constants";
 export type CorsOriginResolver = ((origin?: string) => boolean | Promise<boolean>) | (() => Promise<string[]>);
 export interface CorsOptions {
     origins?: string[];
@@ -9,11 +10,13 @@ export interface CorsOptions {
     credentials?: boolean;
     max_age?: number;
     allow_null_origin?: boolean;
+    headers_key_name?: typeof HEADERS_KEY_NAME;
 }
 export interface RateLimiterOptions {
     window_ms?: number;
     max_requests?: number;
     message?: string;
+    headers_key_name?: typeof HEADERS_KEY_NAME;
     key_generator?: (req: Request) => string;
 }
 export type RateLimitRecord = {
@@ -22,12 +25,12 @@ export type RateLimitRecord = {
 };
 export interface CookieManagerOptions {
     request_id_max_age?: number;
-    request_id_cookie_name?: string;
-    request_id_header_name?: string;
+    request_id_cookie_name: string;
+    request_id_header_name: string;
     request_id_generator?: () => string;
     device_id_max_age?: number;
-    device_id_cookie_name?: string;
-    device_id_header_name?: string;
+    device_id_cookie_name: string;
+    device_id_header_name: string;
     device_id_generator?: () => string;
 }
 export interface ForceHTTPSOptions {
@@ -47,6 +50,7 @@ export interface SecureHeadersOptions {
     HSTS_Extras?: string;
     cors_policy?: string;
     cors_opener_policy?: string;
+    headers_key_name?: typeof HEADERS_KEY_NAME;
 }
 export interface ResponseFormatterOptions {
     include_request_id?: boolean;

package/dist/utils/input_transformer_util.d.ts

@@ -113,5 +113,6 @@ declare class InputTransformerUtil {
     static formatLinksObject(links: Record<string, string>): Record<string, string>;
     static buildNestedObject(paths: string[]): any;
     static minifyHtml(html: string): string;
+    static joinStringsBy(parts: string | string[], separator: string): string;
 }
 export default InputTransformerUtil;

package/dist/utils/input_transformer_util.js

@@ -349,5 +349,13 @@ class InputTransformerUtil {
         });
         return html;
     }
+    // Method to join strings by
+    static joinStringsBy(parts, separator) {
+        // Ensure parts is always a flat array of strings
+        const flat_parts = Array.isArray(parts) ? parts : [parts];
+        // Filter out empty/null/undefined strings to avoid extra separators
+        const valid_parts = flat_parts.filter(part => part !== null && part !== undefined && part !== "");
+        return valid_parts.join(separator);
+    }
 }
 exports.default = InputTransformerUtil;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "fiberx-backend-toolkit",
-    "version": "0.0.74",
+    "version": "0.0.76",
     "description": "A TypeScript backend toolkit providing shared domain logic, infrastructure helpers, and utilities for FiberX server-side applications and services.",
     "type": "commonjs",
     "main": "./dist/index.js",