@ordojs/security
Version:
Security package for OrdoJS with XSS, CSRF, and injection protection
197 lines • 6.92 kB
JavaScript
/**
* Input Validation Example
* Demonstrates how to use the comprehensive input validation system
*/
import { InputValidator, MemoryRateLimitStore, RateLimiter } from './index';
// Example 1: Basic Input Validation
function basicValidationExample() {
console.log('=== Basic Input Validation Example ===');
const validator = new InputValidator();
// Define validation schema
const userSchema = {
name: [
validator.getRule('required'),
validator.getRule('maxLength')
],
email: [
validator.getRule('required'),
validator.getRule('email'),
validator.getRule('noXss')
],
age: [
validator.getRule('numeric')
]
};
// Valid data
const validUser = {
name: 'John Doe',
email: 'john@example.com',
age: '25'
};
const validResult = validator.validate(validUser, userSchema);
console.log('Valid user result:', validResult);
// Invalid data with XSS attempt
const maliciousUser = {
name: 'Hacker',
email: '<script>alert("xss")</script>',
age: 'not-a-number'
};
const invalidResult = validator.validate(maliciousUser, userSchema);
console.log('Malicious user result:', invalidResult);
}
// Example 2: SQL Injection Prevention
function sqlInjectionExample() {
console.log('\n=== SQL Injection Prevention Example ===');
const validator = new InputValidator();
// Test various SQL injection attempts
const inputs = [
"John Doe", // Safe input
"'; DROP TABLE users; --", // SQL injection attempt
"1' OR '1'='1", // Boolean-based injection
"UNION SELECT * FROM passwords" // Union-based injection
];
inputs.forEach(input => {
const result = validator.validateSqlInput(input);
console.log(`Input: "${input}"`);
console.log(`Valid: ${result.isValid}`);
console.log(`Sanitized: "${result.sanitized}"`);
console.log(`Threats: ${result.threats.join(', ')}`);
console.log('---');
});
}
// Example 3: Path Traversal Prevention
function pathTraversalExample() {
console.log('\n=== Path Traversal Prevention Example ===');
const validator = new InputValidator();
const paths = [
'documents/file.txt', // Safe path
'../../../etc/passwd', // Path traversal attempt
'C:\\Windows\\System32\\config\\SAM', // Windows system path
'images/photo.jpg' // Safe path
];
paths.forEach(path => {
const result = validator.validatePath(path);
console.log(`Path: "${path}"`);
console.log(`Valid: ${result.isValid}`);
console.log(`Errors: ${result.errors.join(', ')}`);
console.log('---');
});
}
// Example 4: Rate Limiting
async function rateLimitingExample() {
console.log('\n=== Rate Limiting Example ===');
const store = new MemoryRateLimitStore();
const rateLimiter = new RateLimiter({
windowMs: 60000, // 1 minute
maxRequests: 3 // 3 requests per minute
}, store);
const mockRequest = { ip: '127.0.0.1' };
// Make several requests
for (let i = 1; i <= 5; i++) {
const result = await rateLimiter.checkLimit(mockRequest);
console.log(`Request ${i}:`);
console.log(`Allowed: ${result.allowed}`);
console.log(`Remaining: ${result.remaining}`);
if (result.retryAfter) {
console.log(`Retry after: ${result.retryAfter} seconds`);
}
console.log('---');
}
store.destroy();
}
// Example 5: Custom Validation Rules
function customRulesExample() {
console.log('\n=== Custom Validation Rules Example ===');
const validator = new InputValidator();
// Create a custom password strength rule
const strongPasswordRule = validator.createRule('strongPassword', (value) => {
if (!value)
return false;
return value.length >= 8 &&
/[A-Z]/.test(value) &&
/[a-z]/.test(value) &&
/[0-9]/.test(value) &&
/[!@#$%^&*]/.test(value);
}, 'Password must be at least 8 characters with uppercase, lowercase, numbers, and special characters');
const passwordSchema = {
password: [
validator.getRule('required'),
strongPasswordRule
]
};
const passwords = [
'weak',
'StrongPass123!',
'NoNumbers!',
'nonumbers123!'
];
passwords.forEach(password => {
const result = validator.validate({ password }, passwordSchema);
console.log(`Password: "${password}"`);
console.log(`Valid: ${result.isValid}`);
if (!result.isValid) {
console.log(`Errors: ${result.errors.map(e => e.message).join(', ')}`);
}
console.log('---');
});
}
// Example 6: Comprehensive Security Validation
function comprehensiveExample() {
console.log('\n=== Comprehensive Security Validation Example ===');
const validator = new InputValidator({
enableSqlInjectionPrevention: true,
enableXssProtection: true,
enablePathTraversalPrevention: true,
sanitizationDefaults: {
maxLength: 1000,
trimWhitespace: true,
escapeHtml: true
}
});
// Define a comprehensive schema for user input
const schema = {
username: [
validator.getRule('required'),
validator.getRule('noXss'),
validator.getRule('noSqlInjection')
],
bio: [
validator.getRule('noXss'),
validator.getRule('maxLength')
],
website: [
validator.getRule('url'),
validator.getRule('noXss')
],
profileImage: [
validator.getRule('safePath')
]
};
const userInput = {
username: '<script>alert("hack")</script>',
bio: 'I am a developer who loves coding and "; DROP TABLE users; --',
website: 'javascript:alert("xss")',
profileImage: '../../../etc/passwd'
};
const result = validator.validate(userInput, schema);
console.log('Comprehensive validation result:');
console.log('Valid:', result.isValid);
console.log('Errors:', result.errors);
console.log('Sanitized data:', result.sanitizedData);
}
// Run all examples
async function runExamples() {
basicValidationExample();
sqlInjectionExample();
pathTraversalExample();
await rateLimitingExample();
customRulesExample();
comprehensiveExample();
}
// Export for use in other files
export { basicValidationExample, comprehensiveExample, customRulesExample, pathTraversalExample, rateLimitingExample, runExamples, sqlInjectionExample };
// Run examples if this file is executed directly
if (require.main === module) {
runExamples().catch(console.error);
}
//# sourceMappingURL=example.js.map