secure-gateway-sdk 1.1.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.js CHANGED
@@ -1,4 +1,5 @@
1
1
  const express = require('express');
2
+ const fetch = require('node-fetch');
2
3
  const { createProxyMiddleware } = require('http-proxy-middleware');
3
4
  const { createSecurityMiddleware } = require('./middleware/security');
4
5
  const { createMLSMiddleware } = require('./middleware/mls');
@@ -1,5 +1,6 @@
1
1
  const { SecureChannel } = require('./crypto');
2
2
  const crypto = require('crypto');
3
+ const fetch = require('node-fetch');
3
4
 
4
5
  /**
5
6
  * EnclaveClient acts as the secure intermediary between the Proxy and the TEE.
@@ -12,22 +12,32 @@ const rateLimit = require('express-rate-limit');
12
12
  * 3. Sensitive route rate limit — strictest limit on protected endpoints
13
13
  */
14
14
 
15
+ const isDev = process.env.NODE_ENV === 'development';
16
+
15
17
  /**
16
18
  * Creates a global rate limiter for all gateway traffic.
17
19
  * Default: 100 requests per 15 minutes per IP.
20
+ * In development, window is 15 seconds to allow fast simulator resets.
18
21
  */
19
22
  function createGlobalRateLimit(options = {}) {
23
+ const windowMs = process.env.RATE_LIMIT_GLOBAL_WINDOW_MS
24
+ ? parseInt(process.env.RATE_LIMIT_GLOBAL_WINDOW_MS)
25
+ : (options.windowMs || (isDev ? 15 * 1000 : 15 * 60 * 1000));
26
+ const max = process.env.RATE_LIMIT_GLOBAL_MAX
27
+ ? parseInt(process.env.RATE_LIMIT_GLOBAL_MAX)
28
+ : (options.max || 100);
29
+
20
30
  return rateLimit({
21
- windowMs: options.windowMs || 15 * 60 * 1000, // 15 minutes
22
- max: options.max || 100, // 100 requests per window
31
+ windowMs,
32
+ max,
23
33
  standardHeaders: true, // Return rate limit info in headers
24
34
  legacyHeaders: false,
25
35
  message: {
26
36
  error: 'Too many requests from this IP. Please try again later.',
27
- retryAfterMs: options.windowMs || 15 * 60 * 1000
37
+ retryAfterMs: windowMs
28
38
  },
29
39
  handler: (req, res, next, options) => {
30
- console.warn(`[DDoS Protection] Rate limit exceeded for IP: ${req.ip}`);
40
+ console.warn(`[DDoS Protection] Global rate limit exceeded for IP: ${req.ip}`);
31
41
  res.status(429).json(options.message);
32
42
  }
33
43
  });
@@ -36,16 +46,24 @@ function createGlobalRateLimit(options = {}) {
36
46
  /**
37
47
  * Creates a strict rate limiter for authentication endpoints.
38
48
  * Default: 10 requests per 15 minutes per IP (brute-force protection).
49
+ * In development, window is 15 seconds to allow fast simulator resets.
39
50
  */
40
51
  function createAuthRateLimit(options = {}) {
52
+ const windowMs = process.env.RATE_LIMIT_AUTH_WINDOW_MS
53
+ ? parseInt(process.env.RATE_LIMIT_AUTH_WINDOW_MS)
54
+ : (options.windowMs || (isDev ? 15 * 1000 : 15 * 60 * 1000));
55
+ const max = process.env.RATE_LIMIT_AUTH_MAX
56
+ ? parseInt(process.env.RATE_LIMIT_AUTH_MAX)
57
+ : (options.max || 10);
58
+
41
59
  return rateLimit({
42
- windowMs: options.windowMs || 15 * 60 * 1000, // 15 minutes
43
- max: options.max || 10, // 10 login attempts per window
60
+ windowMs,
61
+ max,
44
62
  standardHeaders: true,
45
63
  legacyHeaders: false,
46
64
  message: {
47
65
  error: 'Too many authentication attempts. Account protection triggered.',
48
- retryAfterMs: options.windowMs || 15 * 60 * 1000
66
+ retryAfterMs: windowMs
49
67
  },
50
68
  handler: (req, res, next, options) => {
51
69
  console.warn(`[DDoS Protection] Auth rate limit exceeded for IP: ${req.ip} on ${req.path}`);
@@ -57,16 +75,24 @@ function createAuthRateLimit(options = {}) {
57
75
  /**
58
76
  * Creates a strict rate limiter for sensitive/protected routes (e.g., Enclave access).
59
77
  * Default: 20 requests per 15 minutes per IP.
78
+ * In development, window is 15 seconds and max is 10 to guarantee simulator triggers and resets.
60
79
  */
61
80
  function createSensitiveRateLimit(options = {}) {
81
+ const windowMs = process.env.RATE_LIMIT_SENSITIVE_WINDOW_MS
82
+ ? parseInt(process.env.RATE_LIMIT_SENSITIVE_WINDOW_MS)
83
+ : (options.windowMs || (isDev ? 15 * 1000 : 15 * 60 * 1000));
84
+ const max = process.env.RATE_LIMIT_SENSITIVE_MAX
85
+ ? parseInt(process.env.RATE_LIMIT_SENSITIVE_MAX)
86
+ : (options.max || (isDev ? 10 : 20));
87
+
62
88
  return rateLimit({
63
- windowMs: options.windowMs || 15 * 60 * 1000, // 15 minutes
64
- max: options.max || 20, // 20 requests per window
89
+ windowMs,
90
+ max,
65
91
  standardHeaders: true,
66
92
  legacyHeaders: false,
67
93
  message: {
68
94
  error: 'Too many requests to protected resource. Access temporarily restricted.',
69
- retryAfterMs: options.windowMs || 15 * 60 * 1000
95
+ retryAfterMs: windowMs
70
96
  },
71
97
  handler: (req, res, next, options) => {
72
98
  console.warn(`[DDoS Protection] Sensitive route rate limit exceeded for IP: ${req.ip}`);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "secure-gateway-sdk",
3
- "version": "1.1.0",
3
+ "version": "1.2.1",
4
4
  "scripts": {
5
5
  "dev": "nodemon server.js"
6
6
  },
@@ -10,7 +10,8 @@
10
10
  "express": "^5.2.1",
11
11
  "express-rate-limit": "^8.5.2",
12
12
  "http-proxy-middleware": "^3.0.5",
13
- "jsonwebtoken": "^9.0.3"
13
+ "jsonwebtoken": "^9.0.3",
14
+ "node-fetch": "^2.7.0"
14
15
  },
15
16
  "description": "This package is a drop-in API Gateway library designed to secure and route traffic to a microservice ecosystem containing Auth, Enclave, and Audit endpoints.",
16
17
  "main": "index.js",