UNPKG

api-decooyy

Version:

A plug-and-play security gateway that detects malicious traffic and redirects it to a decoy API

48 lines (43 loc) 1.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// config.js require('dotenv').config(); module.exports = { // Server configuration server: { port: process.env.PORT || 3000, logFormat: process.env.LOG_FORMAT || 'combined' }, // API endpoints endpoints: { realApi: process.env.API_URL || "http://localhost:8080", decoyApi: process.env.DECOY_URL || "http://localhost:8081", adminDashboard: process.env.ADMIN_DASHBOARD_PATH || "/admin/dashboard", adminDashboardAuth: process.env.ADMIN_AUTH === 'true' || false }, // Security settings security: { // Rate limiting rateLimit: { enabled: process.env.RATE_LIMIT_ENABLED === 'true' || true, windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS) || 15 * 60 * 1000, // 15 minutes max: parseInt(process.env.RATE_LIMIT_MAX) || 100, // limit each IP to 100 requests per windowMs standardHeaders: true, legacyHeaders: false, }, // Attack detection patterns attackPatterns: { sqlInjection: process.env.DETECT_SQL_INJECTION !== 'false', xss: process.env.DETECT_XSS !== 'false', pathTraversal: process.env.DETECT_PATH_TRAVERSAL !== 'false', commandInjection: process.env.DETECT_COMMAND_INJECTION !== 'false' }, // Honeypot settings honeypot: { addHeaders: process.env.ADD_HONEYPOT_HEADERS === 'true' || true, modifyResponses: process.env.MODIFY_RESPONSES === 'true' || true, fakeServerInfo: { poweredBy: process.env.FAKE_POWERED_BY || 'PHP/7.4.3', server: process.env.FAKE_SERVER || 'Apache/2.4.38' } } } };