97 lines
2.5 KiB
TypeScript
97 lines
2.5 KiB
TypeScript
|
/**
|
||
|
|
* Security Route Helper Functions
|
||
|
|
*
|
||
|
|
* This module provides utility functions for adding security features to routes.
|
||
|
|
*/
|
||
|
|
|
||
|
|
import type { IRouteConfig } from '../../models/route-types.js';
|
||
|
|
import { mergeRouteConfigs } from '../route-utils.js';
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Create a rate limiting route pattern
|
||
|
|
* @param baseRoute Base route to add rate limiting to
|
||
|
|
* @param rateLimit Rate limiting configuration
|
||
|
|
* @returns Route with rate limiting
|
||
|
|
*/
|
||
|
|
export function addRateLimiting(
|
||
|
|
baseRoute: IRouteConfig,
|
||
|
|
rateLimit: {
|
||
|
|
maxRequests: number;
|
||
|
|
window: number; // Time window in seconds
|
||
|
|
keyBy?: 'ip' | 'path' | 'header';
|
||
|
|
headerName?: string; // Required if keyBy is 'header'
|
||
|
|
errorMessage?: string;
|
||
|
|
}
|
||
|
|
): IRouteConfig {
|
||
|
|
return mergeRouteConfigs(baseRoute, {
|
||
|
|
security: {
|
||
|
|
rateLimit: {
|
||
|
|
enabled: true,
|
||
|
|
maxRequests: rateLimit.maxRequests,
|
||
|
|
window: rateLimit.window,
|
||
|
|
keyBy: rateLimit.keyBy || 'ip',
|
||
|
|
headerName: rateLimit.headerName,
|
||
|
|
errorMessage: rateLimit.errorMessage || 'Rate limit exceeded. Please try again later.'
|
||
|
|
}
|
||
|
|
}
|
||
|
|
});
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Create a basic authentication route pattern
|
||
|
|
* @param baseRoute Base route to add authentication to
|
||
|
|
* @param auth Authentication configuration
|
||
|
|
* @returns Route with basic authentication
|
||
|
|
*/
|
||
|
|
export function addBasicAuth(
|
||
|
|
baseRoute: IRouteConfig,
|
||
|
|
auth: {
|
||
|
|
users: Array<{ username: string; password: string }>;
|
||
|
|
realm?: string;
|
||
|
|
excludePaths?: string[];
|
||
|
|
}
|
||
|
|
): IRouteConfig {
|
||
|
|
return mergeRouteConfigs(baseRoute, {
|
||
|
|
security: {
|
||
|
|
basicAuth: {
|
||
|
|
enabled: true,
|
||
|
|
users: auth.users,
|
||
|
|
realm: auth.realm || 'Restricted Area',
|
||
|
|
excludePaths: auth.excludePaths || []
|
||
|
|
}
|
||
|
|
}
|
||
|
|
});
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Create a JWT authentication route pattern
|
||
|
|
* @param baseRoute Base route to add JWT authentication to
|
||
|
|
* @param jwt JWT authentication configuration
|
||
|
|
* @returns Route with JWT authentication
|
||
|
|
*/
|
||
|
|
export function addJwtAuth(
|
||
|
|
baseRoute: IRouteConfig,
|
||
|
|
jwt: {
|
||
|
|
secret: string;
|
||
|
|
algorithm?: string;
|
||
|
|
issuer?: string;
|
||
|
|
audience?: string;
|
||
|
|
expiresIn?: number; // Time in seconds
|
||
|
|
excludePaths?: string[];
|
||
|
|
}
|
||
|
|
): IRouteConfig {
|
||
|
|
return mergeRouteConfigs(baseRoute, {
|
||
|
|
security: {
|
||
|
|
jwtAuth: {
|
||
|
|
enabled: true,
|
||
|
|
secret: jwt.secret,
|
||
|
|
algorithm: jwt.algorithm || 'HS256',
|
||
|
|
issuer: jwt.issuer,
|
||
|
|
audience: jwt.audience,
|
||
|
|
expiresIn: jwt.expiresIn,
|
||
|
|
excludePaths: jwt.excludePaths || []
|
||
|
|
}
|
||
|
|
}
|
||
|
|
});
|
||
|
|
}
|