@noony-serverless/core
Version:
A Middy base framework compatible with Firebase and GCP Cloud Functions with TypeScript
127 lines • 3.87 kB
TypeScript
import { BaseMiddleware, Context } from '../core';
export interface SecurityEvent {
type: SecurityEventType;
severity: SecuritySeverity;
timestamp: string;
requestId: string;
clientIP: string;
userAgent?: string;
userId?: string;
endpoint: string;
method: string;
details: Record<string, unknown>;
}
export type SecurityEventType = 'SUSPICIOUS_REQUEST' | 'AUTHENTICATION_FAILURE' | 'AUTHORIZATION_FAILURE' | 'RATE_LIMIT_EXCEEDED' | 'INVALID_INPUT' | 'TOKEN_MANIPULATION' | 'UNUSUAL_BEHAVIOR' | 'SECURITY_HEADER_VIOLATION' | 'INJECTION_ATTEMPT' | 'MALFORMED_REQUEST';
export type SecuritySeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
export interface SecurityAuditOptions {
/**
* Enable detailed request logging
* @default false
*/
logRequests?: boolean;
/**
* Enable response logging
* @default false
*/
logResponses?: boolean;
/**
* Log request/response bodies (be careful with sensitive data)
* @default false
*/
logBodies?: boolean;
/**
* Maximum body size to log (in bytes)
* @default 1024
*/
maxBodyLogSize?: number;
/**
* Headers to exclude from logging (security headers, auth tokens, etc.)
*/
excludeHeaders?: string[];
/**
* Custom security event handler
*/
onSecurityEvent?: (event: SecurityEvent) => Promise<void> | void;
/**
* Enable anomaly detection
* @default true
*/
enableAnomalyDetection?: boolean;
/**
* Suspicious patterns to detect
*/
suspiciousPatterns?: {
sqlInjection?: RegExp[];
xss?: RegExp[];
pathTraversal?: RegExp[];
commandInjection?: RegExp[];
};
}
/**
* Security event tracking for anomaly detection
*/
declare class SecurityEventTracker {
private events;
private readonly maxEventsPerClient;
private readonly timeWindow;
addEvent(event: SecurityEvent): void;
getClientEvents(clientIP: string, minutes?: number): SecurityEvent[];
detectAnomalies(clientIP: string): SecurityEvent[];
}
declare const securityEventTracker: SecurityEventTracker;
/**
* Security Audit Middleware
* Provides comprehensive security event logging and monitoring
*
* @template TBody - The type of the request body payload (preserves type chain)
* @template TUser - The type of the authenticated user (preserves type chain)
*/
export declare class SecurityAuditMiddleware<TBody = unknown, TUser = unknown> implements BaseMiddleware<TBody, TUser> {
private options;
constructor(options?: SecurityAuditOptions);
before(context: Context<TBody, TUser>): Promise<void>;
after(context: Context<TBody, TUser>): Promise<void>;
onError(error: Error, context: Context): Promise<void>;
private logSecurityEvent;
private sanitizeHeaders;
}
/**
* Security Audit Middleware Factory
* @param options Security audit configuration
* @returns BaseMiddleware
*/
export declare const securityAudit: (options?: SecurityAuditOptions) => BaseMiddleware;
/**
* Predefined security audit configurations
*/
export declare const SecurityAuditPresets: {
/**
* Full monitoring with detailed logging
*/
readonly COMPREHENSIVE: {
logRequests: true;
logResponses: true;
logBodies: false;
enableAnomalyDetection: true;
};
/**
* Security events only
*/
readonly SECURITY_ONLY: {
logRequests: false;
logResponses: false;
logBodies: false;
enableAnomalyDetection: true;
};
/**
* Development mode with full logging
*/
readonly DEVELOPMENT: {
logRequests: true;
logResponses: true;
logBodies: true;
enableAnomalyDetection: false;
};
};
export { securityEventTracker };
//# sourceMappingURL=securityAuditMiddleware.d.ts.map