@noony-serverless/core

import { BaseMiddleware, Context } from '../core'; export interface SecurityHeadersOptions { /** * Content Security Policy directive * @default "default-src 'self'" */ contentSecurityPolicy?: string; /** * Strict-Transport-Security max-age in seconds * @default 31536000 (1 year) */ hstsMaxAge?: number; /** * Enable HSTS includeSubDomains * @default true */ hstsIncludeSubDomains?: boolean; /** * Frame options policy * @default 'DENY' */ frameOptions?: 'DENY' | 'SAMEORIGIN' | 'ALLOW-FROM'; /** * X-Content-Type-Options * @default 'nosniff' */ contentTypeOptions?: 'nosniff'; /** * Referrer Policy * @default 'strict-origin-when-cross-origin' */ referrerPolicy?: string; /** * Permissions Policy (formerly Feature Policy) * @default 'geolocation=(), microphone=(), camera=()' */ permissionsPolicy?: string; /** * Cross-Origin-Embedder-Policy * @default 'require-corp' */ crossOriginEmbedderPolicy?: string; /** * Cross-Origin-Opener-Policy * @default 'same-origin' */ crossOriginOpenerPolicy?: string; /** * Cross-Origin-Resource-Policy * @default 'same-origin' */ crossOriginResourcePolicy?: string; /** * CORS configuration */ cors?: { origin?: string | string[] | boolean; methods?: string[]; allowedHeaders?: string[]; exposedHeaders?: string[]; credentials?: boolean; maxAge?: number; }; /** * Remove server identification headers * @default true */ removeServerHeader?: boolean; /** * Remove X-Powered-By headers * @default true */ removePoweredBy?: boolean; } /** * Security Headers Middleware * Implements comprehensive security headers following OWASP recommendations * * @template TBody - The type of the request body payload (preserves type chain) * @template TUser - The type of the authenticated user (preserves type chain) */ export declare class SecurityHeadersMiddleware<TBody = unknown, TUser = unknown> implements BaseMiddleware<TBody, TUser> { private options; constructor(options?: SecurityHeadersOptions); before(context: Context<TBody, TUser>): Promise<void>; } /** * Security Headers Middleware Factory * @param options Security headers configuration * @returns BaseMiddleware */ export declare const securityHeaders: (options?: SecurityHeadersOptions) => BaseMiddleware; /** * Predefined security configurations */ export declare const SecurityPresets: { /** * Strict security configuration for high-security applications */ readonly STRICT: { contentSecurityPolicy: string; hstsMaxAge: number; frameOptions: "DENY"; crossOriginEmbedderPolicy: string; crossOriginOpenerPolicy: string; crossOriginResourcePolicy: string; }; /** * Balanced security configuration for most applications */ readonly BALANCED: { contentSecurityPolicy: string; hstsMaxAge: number; frameOptions: "SAMEORIGIN"; }; /** * Permissive security configuration for development */ readonly DEVELOPMENT: { contentSecurityPolicy: string; hstsMaxAge: number; frameOptions: "SAMEORIGIN"; cors: { origin: true; methods: string[]; allowedHeaders: string[]; credentials: true; }; }; }; //# sourceMappingURL=securityHeadersMiddleware.d.ts.map