UNPKG

@voilajsx/appkit

Version:

Minimal and framework agnostic Node.js toolkit designed for AI agentic backend development

github.com/voilajsx/appkit

voilajsx/appkit

64 lines 2.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
/** * Smart defaults and environment validation for security * @module @voilajsx/appkit/security * @file src/security/defaults.ts * * @llm-rule WHEN: App startup - need to configure security behavior and encryption keys * @llm-rule AVOID: Calling multiple times - expensive environment parsing, use lazy loading in get() * @llm-rule NOTE: Called once at startup, cached globally for performance */ export interface CSRFConfig { secret: string; tokenField: string; headerField: string; expiryMinutes: number; } export interface RateLimitConfig { maxRequests: number; windowMs: number; message: string; } export interface SanitizationConfig { maxLength: number; allowedTags: string[]; stripAllTags: boolean; } export interface EncryptionConfig { key?: string; algorithm: string; ivLength: number; tagLength: number; keyLength: number; } export interface EnvironmentConfig { isDevelopment: boolean; isProduction: boolean; isTest: boolean; nodeEnv: string; } export interface SecurityConfig { csrf: CSRFConfig; rateLimit: RateLimitConfig; sanitization: SanitizationConfig; encryption: EncryptionConfig; environment: EnvironmentConfig; } export interface SecurityError extends Error { statusCode: number; [key: string]: any; } /** * Gets smart defaults using VOILA_SECURITY_* environment variables * @llm-rule WHEN: App startup to get production-ready security configuration * @llm-rule AVOID: Calling repeatedly - expensive validation, cache the result * @llm-rule NOTE: Automatically configures CSRF, rate limiting, and encryption from environment */ export declare function getSmartDefaults(): SecurityConfig; /** * Creates security error with status code and additional details * @llm-rule WHEN: Creating errors in security functions for proper HTTP status codes * @llm-rule AVOID: Using generic Error objects - security errors need status codes * @llm-rule NOTE: Use 400 for client errors, 401 for auth failures, 403 for access denied, 500 for server errors */ export declare function createSecurityError(message: string, statusCode?: number, details?: Record<string, any>): SecurityError; //# sourceMappingURL=defaults.d.ts.map