@best-skn/elysia-helmet
Version:
A comprehensive security middleware for Elysia.js applications that helps to secure your apps by setting various HTTP headers
129 lines • 3.91 kB
TypeScript
import { Elysia } from "elysia";
/**
* Configuration interface for Report-To header
*/
export interface ReportToConfig {
/** Group name for the endpoint */
group: string;
/** Maximum age of the endpoint configuration (in seconds) */
maxAge: number;
/** Endpoints to send reports to */
endpoints: Array<{
url: string;
priority?: number;
weight?: number;
}>;
/** Include subdomains in reporting */
includeSubdomains?: boolean;
}
/**
* Configuration interface for Content Security Policy
*/
export interface CSPConfig {
/** Default source directive */
defaultSrc?: string[];
/** Script source directive */
scriptSrc?: string[];
/** Style source directive */
styleSrc?: string[];
/** Image source directive */
imgSrc?: string[];
/** Font source directive */
fontSrc?: string[];
/** Connect source directive */
connectSrc?: string[];
/** Frame source directive */
frameSrc?: string[];
/** Object source directive */
objectSrc?: string[];
/** Base URI directive */
baseUri?: string[];
/** Report URI directive */
reportUri?: string;
/** Use nonce for script and style tags */
useNonce?: boolean;
/** Report-only mode */
reportOnly?: boolean;
}
/**
* Configuration inerface for HTTP Strict Transport Security
*/
export interface HSTSConfig {
/** Maximum age */
maxAge?: number;
/** Include sub-domains */
includeSubDomains?: boolean;
/** Preload */
preload?: boolean;
}
/**
* Configuration interface for Security Headers
*/
export interface SecurityConfig {
/** Content Security Policy configuration */
csp?: CSPConfig;
/** Enable or disable X-Frame-Options (DENY, SAMEORIGIN, ALLOW-FROM) */
frameOptions?: "DENY" | "SAMEORIGIN" | "ALLOW-FROM";
/** Enable or disable XSS Protection */
xssProtection?: boolean;
/** Enable or disable DNS Prefetch Control */
dnsPrefetch?: boolean;
/** Configure Referrer Policy */
referrerPolicy?: "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url";
/** Configure Permissions Policy */
permissionsPolicy?: Record<string, string[]>;
/** Configure HSTS (HTTP Strict Transport Security) */
hsts?: HSTSConfig;
/** Enable or disable Cross-Origin Resource Policy */
corp?: "same-origin" | "same-site" | "cross-origin";
/** Enable or disable Cross-Origin Opener Policy */
coop?: "unsafe-none" | "same-origin-allow-popups" | "same-origin";
/** Configure Report-To header */
reportTo?: ReportToConfig[];
/** Custom headers to add */
customHeaders?: Record<string, string>;
}
/**
* An object containing permission related constants for some security configurations
*/
export declare const permission: {
/** Source: Self allowed */
readonly SELF: "'self'";
/** Source: Unsafe Inline allowed */
readonly UNSAFE_INLINE: "'unsafe-inline'";
/** Source: HTTPS allowed */
readonly HTTPS: "https:";
/** Source: Data allowed */
readonly DATA: "data:";
/** Source: None is allowed */
readonly NONE: "'none'";
/** Source: Blob allowed */
readonly BLOB: "blob:";
};
/**
* Creates an Elysia middleware that adds security headers to all responses
* Optimized for performance with minimal object spread operations
*/
export declare const elysiaHelmet: (config?: Partial<SecurityConfig>) => Elysia<"", {
decorator: {};
store: {};
derive: {};
resolve: {};
}, {
typebox: import("@sinclair/typebox").TModule<{}>;
error: {};
}, {
schema: {};
macro: {};
macroFn: {};
parser: {};
}, {}, {
derive: {};
resolve: {};
schema: {};
}, {
derive: {};
resolve: {};
schema: {};
}>;
//# sourceMappingURL=index.d.ts.map