@nanggo/social-preview/dist/constants/security.d.ts

Generate beautiful social media preview images from any URL

/**
 * Centralized Security Constants - Phase 1.5 Advanced Security
 * All security-related limits and configurations in one place
 */
/** Private IP ranges to block for SSRF protection */
export declare const BLOCKED_IP_RANGES: readonly [{
    readonly start: "0.0.0.0";
    readonly end: "0.255.255.255";
    readonly description: "Current network";
}, {
    readonly start: "10.0.0.0";
    readonly end: "10.255.255.255";
    readonly description: "Private Class A";
}, {
    readonly start: "127.0.0.0";
    readonly end: "127.255.255.255";
    readonly description: "Loopback";
}, {
    readonly start: "169.254.0.0";
    readonly end: "169.254.255.255";
    readonly description: "Link-local";
}, {
    readonly start: "172.16.0.0";
    readonly end: "172.31.255.255";
    readonly description: "Private Class B";
}, {
    readonly start: "192.0.0.0";
    readonly end: "192.0.0.255";
    readonly description: "IETF Protocol Assignments";
}, {
    readonly start: "192.0.2.0";
    readonly end: "192.0.2.255";
    readonly description: "TEST-NET-1";
}, {
    readonly start: "192.88.99.0";
    readonly end: "192.88.99.255";
    readonly description: "6to4 Relay";
}, {
    readonly start: "192.168.0.0";
    readonly end: "192.168.255.255";
    readonly description: "Private Class C";
}, {
    readonly start: "198.18.0.0";
    readonly end: "198.19.255.255";
    readonly description: "Network Testing";
}, {
    readonly start: "198.51.100.0";
    readonly end: "198.51.100.255";
    readonly description: "TEST-NET-2";
}, {
    readonly start: "203.0.113.0";
    readonly end: "203.0.113.255";
    readonly description: "TEST-NET-3";
}, {
    readonly start: "224.0.0.0";
    readonly end: "255.255.255.255";
    readonly description: "Multicast/Reserved";
}, {
    readonly start: "100.64.0.0";
    readonly end: "100.127.255.255";
    readonly description: "Carrier-Grade NAT";
}];
/** Blocked IPv6 ranges */
export declare const BLOCKED_IPV6_RANGES: readonly ["::1/128", "::/128", "fc00::/7", "fe80::/10", "ff00::/8"];
/** Allowed protocols for URLs */
export declare const ALLOWED_PROTOCOLS: readonly ["http:", "https:"];
/** Blocked protocols (security threats) */
export declare const BLOCKED_PROTOCOLS: readonly ["javascript:", "data:", "vbscript:", "file:", "ftp:", "blob:", "about:"];
/** Maximum allowed pixels for image processing (64 megapixels) */
export declare const MAX_INPUT_PIXELS: number;
/** Maximum image dimensions */
export declare const MAX_IMAGE_WIDTH = 8192;
export declare const MAX_IMAGE_HEIGHT = 8192;
/** Maximum file size (15MB) */
export declare const MAX_FILE_SIZE: number;
/** Maximum SVG content size (1MB) */
export declare const MAX_SVG_SIZE: number;
/** Sharp processing timeout (30 seconds) */
export declare const PROCESSING_TIMEOUT = 30000;
/** Allowed image formats (whitelist approach) */
export declare const ALLOWED_IMAGE_FORMATS: Set<"png" | "jpeg" | "webp" | "jpg" | "gif" | "bmp" | "tiff">;
/** Maximum DPI to prevent memory exhaustion */
export declare const MAX_DPI = 600;
/** Maximum text content length */
export declare const MAX_TEXT_LENGTH = 10000;
/** Maximum color value length */
export declare const MAX_COLOR_LENGTH = 100;
/** Maximum URL length */
export declare const MAX_URL_LENGTH = 2048;
/** Dangerous HTML/Script patterns to block */
export declare const DANGEROUS_HTML_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
/** Dangerous CSS patterns to block */
export declare const DANGEROUS_CSS_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
/** Suspicious keyword patterns */
export declare const SUSPICIOUS_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
/** ASCII control characters to remove (except \t, \n, \r) */
export declare const ASCII_CONTROL_CHARS: RegExp;
/** Extended ASCII control characters */
export declare const EXTENDED_ASCII_CONTROL_CHARS: RegExp;
/** Unicode Bidirectional Text Control Characters (Bidi attack prevention) */
export declare const BIDI_CONTROL_CHARS: {
    readonly RIGHT_TO_LEFT_OVERRIDE: RegExp;
    readonly LEFT_TO_RIGHT_OVERRIDE: RegExp;
    readonly LEFT_TO_RIGHT_MARK: RegExp;
    readonly RIGHT_TO_LEFT_MARK: RegExp;
    readonly ARABIC_LETTER_MARK: RegExp;
    readonly LEFT_TO_RIGHT_ISOLATE: RegExp;
    readonly RIGHT_TO_LEFT_ISOLATE: RegExp;
    readonly FIRST_STRONG_ISOLATE: RegExp;
    readonly POP_DIRECTIONAL_ISOLATE: RegExp;
};
/** Zero-width and formatting characters */
export declare const ZERO_WIDTH_CHARS: {
    readonly ZERO_WIDTH_SPACE: RegExp;
    readonly ZERO_WIDTH_NON_JOINER: RegExp;
    readonly ZERO_WIDTH_JOINER: RegExp;
    readonly ZERO_WIDTH_NO_BREAK_SPACE: RegExp;
    readonly SOFT_HYPHEN: RegExp;
    readonly COMBINING_GRAPHEME_JOINER: RegExp;
};
/** Other dangerous Unicode characters */
export declare const DANGEROUS_UNICODE_CHARS: {
    readonly MONGOLIAN_VOWEL_SEPARATOR: RegExp;
    readonly LINE_SEPARATOR: RegExp;
    readonly PARAGRAPH_SEPARATOR: RegExp;
    readonly VARIATION_SELECTORS: RegExp;
};
/** SVG tags allowed for security (whitelist) */
export declare const ALLOWED_SVG_TAGS: readonly ["svg", "g", "path", "rect", "circle", "ellipse", "line", "polyline", "polygon", "text", "tspan", "defs", "linearGradient", "radialGradient", "stop", "title", "desc"];
/** SVG tags forbidden for security (blacklist) */
export declare const FORBIDDEN_SVG_TAGS: readonly ["script", "object", "embed", "iframe", "frame", "frameset", "link", "meta", "base", "form", "input", "button", "select", "textarea", "video", "audio", "source", "track", "canvas", "applet", "param", "foreignObject", "animate", "animateTransform", "animateMotion", "set", "use", "image", "textPath", "marker", "symbol", "style"];
/** SVG attributes allowed for security (whitelist) */
export declare const ALLOWED_SVG_ATTRIBUTES: readonly ["id", "class", "x", "y", "x1", "y1", "x2", "y2", "cx", "cy", "r", "rx", "ry", "width", "height", "d", "points", "fill", "stroke", "stroke-width", "stroke-dasharray", "stroke-dashoffset", "stroke-linecap", "stroke-linejoin", "stroke-miterlimit", "fill-opacity", "stroke-opacity", "opacity", "visibility", "display", "transform", "viewBox", "preserveAspectRatio", "xmlns", "gradientUnits", "gradientTransform", "spreadMethod", "stop-color", "stop-opacity", "offset", "text-anchor", "dominant-baseline", "font-family", "font-size", "font-weight", "font-style", "text-decoration", "letter-spacing", "word-spacing", "dx", "dy", "rotate", "textLength", "lengthAdjust"];
/** SVG attributes forbidden for security (blacklist) */
export declare const FORBIDDEN_SVG_ATTRIBUTES: readonly ["style", "href", "xlink:href", "src", "data", "action", "xmlns:xlink", "clip-path", "mask", "filter"];
/** Allowed SVG URI pattern (only fragment identifiers) */
export declare const ALLOWED_SVG_URI_PATTERN: RegExp;
/** Allowed SVG namespaces */
export declare const ALLOWED_SVG_NAMESPACES: readonly ["http://www.w3.org/2000/svg"];
/** Sharp memory cache settings */
export declare const SHARP_CACHE_CONFIG: {
    readonly memory: 150;
    readonly files: 30;
    readonly items: 300;
};
/** Sharp security configuration */
export declare const SHARP_SECURITY_CONFIG: {
    readonly limitInputPixels: number;
    readonly sequentialRead: true;
    readonly density: 300;
    readonly failOnError: true;
    readonly stripMetadata: true;
};
/** Suspicious URL query parameters */
export declare const SUSPICIOUS_URL_PARAMS: readonly ["callback", "jsonp", "eval", "script"];
/** HTTP/HTTPS connection timeouts */
export declare const HTTP_TIMEOUT = 30000;
/** Maximum concurrent connections per agent */
export declare const MAX_CONCURRENT_CONNECTIONS = 50;
/** DNS cache TTL in milliseconds */
export declare const DNS_CACHE_TTL: number;
/** Maximum DNS cache size */
export declare const MAX_DNS_CACHE_SIZE = 1000;
/** Security configuration object */
export declare const SECURITY_CONFIG: {
    readonly HTTP_TIMEOUT: 30000;
    readonly MAX_CONCURRENT_CONNECTIONS: 50;
    readonly DNS_CACHE_TTL: number;
    readonly MAX_DNS_CACHE_SIZE: 1000;
    readonly PROCESSING_TIMEOUT: 30000;
    readonly MAX_INPUT_PIXELS: number;
};
/** Dimension validation limits */
export declare const DIMENSION_LIMITS: {
    readonly MIN_WIDTH: 100;
    readonly MIN_HEIGHT: 100;
    readonly MAX_WIDTH: 4096;
    readonly MAX_HEIGHT: 4096;
};
/** Quality validation limits */
export declare const QUALITY_LIMITS: {
    readonly MIN: 1;
    readonly MAX: 100;
};
/** Template validation */
export declare const ALLOWED_TEMPLATES: readonly ["modern", "classic", "minimal"];
/** Combined security limits for easy access */
export declare const SECURITY_LIMITS: {
    readonly MIN: 1;
    readonly MAX: 100;
    readonly MIN_WIDTH: 100;
    readonly MIN_HEIGHT: 100;
    readonly MAX_WIDTH: 4096;
    readonly MAX_HEIGHT: 4096;
    readonly MAX_URL_LENGTH: 2048;
    readonly ALLOWED_PROTOCOLS: readonly ["http:", "https:"];
    readonly BLOCKED_PROTOCOLS: readonly ["javascript:", "data:", "vbscript:", "file:", "ftp:", "blob:", "about:"];
    readonly MAX_INPUT_PIXELS: number;
    readonly MAX_IMAGE_WIDTH: 8192;
    readonly MAX_IMAGE_HEIGHT: 8192;
    readonly MAX_FILE_SIZE: number;
    readonly MAX_SVG_SIZE: number;
    readonly MAX_DPI: 600;
    readonly PROCESSING_TIMEOUT: 30000;
    readonly ALLOWED_IMAGE_FORMATS: ("png" | "jpeg" | "webp" | "jpg" | "gif" | "bmp" | "tiff")[];
    readonly MAX_TEXT_LENGTH: 10000;
    readonly MAX_COLOR_LENGTH: 100;
    readonly ALLOWED_TEMPLATES: readonly ["modern", "classic", "minimal"];
};
export type SecurityLimits = typeof SECURITY_LIMITS;