UNPKG

@best-skn/elysia-helmet

Version:

A comprehensive security middleware for Elysia.js applications that helps to secure your apps by setting various HTTP headers

129 lines 3.91 kB
import { Elysia } from "elysia"; /** * Configuration interface for Report-To header */ export interface ReportToConfig { /** Group name for the endpoint */ group: string; /** Maximum age of the endpoint configuration (in seconds) */ maxAge: number; /** Endpoints to send reports to */ endpoints: Array<{ url: string; priority?: number; weight?: number; }>; /** Include subdomains in reporting */ includeSubdomains?: boolean; } /** * Configuration interface for Content Security Policy */ export interface CSPConfig { /** Default source directive */ defaultSrc?: string[]; /** Script source directive */ scriptSrc?: string[]; /** Style source directive */ styleSrc?: string[]; /** Image source directive */ imgSrc?: string[]; /** Font source directive */ fontSrc?: string[]; /** Connect source directive */ connectSrc?: string[]; /** Frame source directive */ frameSrc?: string[]; /** Object source directive */ objectSrc?: string[]; /** Base URI directive */ baseUri?: string[]; /** Report URI directive */ reportUri?: string; /** Use nonce for script and style tags */ useNonce?: boolean; /** Report-only mode */ reportOnly?: boolean; } /** * Configuration inerface for HTTP Strict Transport Security */ export interface HSTSConfig { /** Maximum age */ maxAge?: number; /** Include sub-domains */ includeSubDomains?: boolean; /** Preload */ preload?: boolean; } /** * Configuration interface for Security Headers */ export interface SecurityConfig { /** Content Security Policy configuration */ csp?: CSPConfig; /** Enable or disable X-Frame-Options (DENY, SAMEORIGIN, ALLOW-FROM) */ frameOptions?: "DENY" | "SAMEORIGIN" | "ALLOW-FROM"; /** Enable or disable XSS Protection */ xssProtection?: boolean; /** Enable or disable DNS Prefetch Control */ dnsPrefetch?: boolean; /** Configure Referrer Policy */ referrerPolicy?: "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url"; /** Configure Permissions Policy */ permissionsPolicy?: Record<string, string[]>; /** Configure HSTS (HTTP Strict Transport Security) */ hsts?: HSTSConfig; /** Enable or disable Cross-Origin Resource Policy */ corp?: "same-origin" | "same-site" | "cross-origin"; /** Enable or disable Cross-Origin Opener Policy */ coop?: "unsafe-none" | "same-origin-allow-popups" | "same-origin"; /** Configure Report-To header */ reportTo?: ReportToConfig[]; /** Custom headers to add */ customHeaders?: Record<string, string>; } /** * An object containing permission related constants for some security configurations */ export declare const permission: { /** Source: Self allowed */ readonly SELF: "'self'"; /** Source: Unsafe Inline allowed */ readonly UNSAFE_INLINE: "'unsafe-inline'"; /** Source: HTTPS allowed */ readonly HTTPS: "https:"; /** Source: Data allowed */ readonly DATA: "data:"; /** Source: None is allowed */ readonly NONE: "'none'"; /** Source: Blob allowed */ readonly BLOB: "blob:"; }; /** * Creates an Elysia middleware that adds security headers to all responses * Optimized for performance with minimal object spread operations */ export declare const elysiaHelmet: (config?: Partial<SecurityConfig>) => Elysia<"", { decorator: {}; store: {}; derive: {}; resolve: {}; }, { typebox: import("@sinclair/typebox").TModule<{}>; error: {}; }, { schema: {}; macro: {}; macroFn: {}; parser: {}; }, {}, { derive: {}; resolve: {}; schema: {}; }, { derive: {}; resolve: {}; schema: {}; }>; //# sourceMappingURL=index.d.ts.map