hook-engine
Version:
Production-grade webhook engine with comprehensive adapter support, security, reliability, structured logging, and CLI tools.
114 lines (113 loc) • 3.4 kB
TypeScript
export interface RateLimitConfig {
windowMs: number;
maxRequests: number;
skipSuccessfulRequests?: boolean;
skipFailedRequests?: boolean;
keyGenerator?: (req: any) => string;
onLimitReached?: (req: any, rateLimitInfo: RateLimitInfo) => void;
store?: RateLimitStore;
}
export interface RateLimitInfo {
totalHits: number;
totalHitsInWindow: number;
remainingPoints: number;
msBeforeNext: number;
isFirstInWindow: boolean;
}
export interface RateLimitStore {
get(key: string): Promise<RateLimitInfo | null>;
set(key: string, info: RateLimitInfo, ttlMs: number): Promise<void>;
increment(key: string, ttlMs: number): Promise<RateLimitInfo>;
reset(key: string): Promise<void>;
}
export interface ValidationConfig {
enableSignatureValidation: boolean;
enablePayloadValidation: boolean;
enableHeaderValidation: boolean;
enableTimestampValidation: boolean;
timestampToleranceMs: number;
maxPayloadSize: number;
requiredHeaders: string[];
allowedContentTypes: string[];
customValidators?: ValidationRule[];
}
export interface ValidationRule {
name: string;
validate: (req: any) => ValidationResult;
required: boolean;
errorMessage?: string;
}
export interface ValidationResult {
isValid: boolean;
errors: string[];
warnings?: string[];
}
export interface IPAllowlistConfig {
enabled: boolean;
allowedIPs: string[];
allowedRanges: string[];
denyByDefault: boolean;
trustedProxies: string[];
enableGeoBlocking?: boolean;
blockedCountries?: string[];
}
export interface WebhookSecurityConfig {
rateLimiting: RateLimitConfig;
requestValidation: ValidationConfig;
ipAllowlist: IPAllowlistConfig;
requestSizeLimit: number;
timeoutMs: number;
enableCORS: boolean;
corsOptions?: CORSConfig;
enableCSRF?: boolean;
csrfOptions?: CSRFConfig;
enableEncryption?: boolean;
encryptionOptions?: EncryptionConfig;
}
export interface CORSConfig {
origin: string | string[] | boolean;
methods: string[];
allowedHeaders: string[];
exposedHeaders?: string[];
credentials: boolean;
maxAge?: number;
}
export interface CSRFConfig {
enabled: boolean;
secret: string;
cookieName: string;
headerName: string;
ignoreMethods: string[];
}
export interface EncryptionConfig {
algorithm: string;
keyDerivation: 'pbkdf2' | 'scrypt' | 'argon2';
keyLength: number;
ivLength: number;
saltLength: number;
iterations?: number;
cost?: number;
blockSize?: number;
parallelization?: number;
}
export interface SecurityAuditLog {
timestamp: Date;
event: SecurityEvent;
severity: 'low' | 'medium' | 'high' | 'critical';
source: string;
details: Record<string, any>;
userAgent?: string;
ip?: string;
blocked: boolean;
}
export type SecurityEvent = 'rate_limit_exceeded' | 'invalid_signature' | 'invalid_payload' | 'ip_blocked' | 'request_too_large' | 'timeout_exceeded' | 'validation_failed' | 'suspicious_activity' | 'brute_force_attempt' | 'malformed_request';
export interface SecurityMetrics {
totalRequests: number;
blockedRequests: number;
rateLimitHits: number;
validationFailures: number;
ipBlockedRequests: number;
averageResponseTime: number;
securityEvents: SecurityAuditLog[];
lastUpdated: Date;
}