UNPKG

logstack-zee

Version:

Complete Node.js logging solution with 6 integration methods, S3 bidirectional operations, advanced analytics, and multi-cloud storage support for enterprise-scale applications.

274 lines (204 loc) โ€ข 7.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
# ๐Ÿ”’ S3 Security Implementation - Complete Summary ## โœ… Implemented Security Features Aap ke LogStack package mein ab **enterprise-grade S3 file security** implemented hai! ### ๐Ÿ›ก๏ธ Security Components Added: 1. **S3SecurityManager Class** (`lib/s3Security.js`) - Pre-signed URL generation - Access token management - User permission validation - Date-based access control - Automatic token cleanup 2. **Secure API Endpoints** (`secure-file-api.js`) - POST /api/files/generate-token - POST /api/files/download-url - GET /api/files/list - POST /api/files/revoke-token 3. **Production Integration** (`production-setup.js`) - S3 security configuration - Security initialization functions - Protected file access methods 4. **Test Server** (`s3-security-test.js`) - Complete testing environment - Mock authentication - Security flow validation ## ๐Ÿ” How It Works ### Before (Insecure): ```javascript // โŒ Direct S3 URL - Anyone can access https://bucket.s3.amazonaws.com/logs/file.json ``` ### After (Secure): ```javascript // โœ… Protected workflow 1. User authentication required 2. Generate access token 3. Request secure URL with token 4. Get pre-signed URL (expires in 1 hour) 5. Download file securely 6. Token can be revoked ``` ## ๐Ÿš€ Usage Examples ### Basic Security Setup: ```javascript const { initializeS3Security, generateUserAccessToken, getSecureFileUrl, } = require("./production-setup"); // Initialize security initializeS3Security(); // Generate token for user const accessToken = generateUserAccessToken("user123", ["read"]); // Get secure download URL const result = await getSecureFileUrl("logs/file.json", "user123", accessToken); console.log("Secure URL:", result.downloadUrl); ``` ### Express.js Integration: ```javascript const express = require("express"); const { setupSecureFileAccess } = require("./secure-file-api"); const app = express(); setupSecureFileAccess(app); app.listen(3000, () => { console.log("๐Ÿ” Secure file access enabled!"); }); ``` ### Frontend Usage: ```javascript // Complete secure download workflow async function downloadSecureFile(fileName) { // 1. Generate access token const tokenResponse = await fetch("/api/files/generate-token", { method: "POST", headers: { Authorization: "Bearer " + userAuthToken, "Content-Type": "application/json", }, body: JSON.stringify({ permissions: ["read"] }), }); const { accessToken } = await tokenResponse.json(); // 2. Get secure download URL const urlResponse = await fetch("/api/files/download-url", { method: "POST", headers: { Authorization: "Bearer " + userAuthToken, "Content-Type": "application/json", }, body: JSON.stringify({ fileName, accessToken }), }); const { downloadUrl } = await urlResponse.json(); // 3. Download file securely window.open(downloadUrl, "_blank"); } ``` ## ๐Ÿ”ง Configuration Options ### Environment Variables: ```bash # Enable S3 Security S3_SECURITY_ENABLED=true # Token expiration (seconds) S3_TOKEN_EXPIRATION=3600 # Max file age access (days) S3_MAX_FILE_AGE_DAYS=30 # AWS Configuration AWS_ACCESS_KEY_ID=your_key AWS_SECRET_ACCESS_KEY=your_secret AWS_REGION=us-east-1 S3_BUCKET=your-bucket ``` ### Security Settings: ```javascript const securityConfig = { enabled: true, defaultExpiration: 3600, // 1 hour maxFileAge: 180, // 180 days (matches S3 retention policy) accessControl: true, // Enable permission checking logging: true, // Log all access attempts }; ``` ## ๐Ÿ›ก๏ธ Security Benefits ### โœ… Protection Features: - **No direct S3 access** - URLs expire automatically - **User authentication** required for all file access - **Permission-based access** - Read/Write/Delete controls - **Date restrictions** - Users can't access very old files - **Access logging** - Complete audit trail - **Token management** - Generate, validate, revoke tokens ### โœ… Enterprise Grade: - **AWS Signature V4** authentication - **Time-limited URLs** (1 hour default) - **Automatic cleanup** of expired tokens - **Failed access monitoring** - **Scalable architecture** ## ๐Ÿ“Š Monitoring & Logging ### Access Logs: ```javascript ๐Ÿ” Pre-signed URL generated for user: user123, file: logs/2025/09/04/hour-14.json โœ… Secure access granted - User: user123, File: logs/2025/09/04/hour-14.json โŒ Access denied - User: user456, File: logs/2025/08/01/old.json, Error: File older than 180 days ๐Ÿ”’ Access token revoked by user: user123 ๐Ÿงน Cleaned 15 expired access tokens ``` ### Security Statistics: ```javascript const stats = { activeTokens: 25, totalGenerated: 1250, revokedTokens: 180, failedAttempts: 45, successfulDownloads: 890, }; ``` ## ๐Ÿงช Testing ### Start Test Server: ```bash node s3-security-test.js ``` ### Available Test Endpoints: - `GET /health` - Health check - `GET /api/demo/security-test` - Demo information - `POST /api/files/generate-token` - Generate access token - `POST /api/files/download-url` - Get secure download URL - `GET /api/files/list` - List accessible files - `POST /api/files/revoke-token` - Revoke access token ### Test Authentication: ```javascript // Use Bearer token for authentication Authorization: Bearer test_auth_token_12345 ``` ## ๐Ÿ“ Files Added/Modified ### New Files: - โœ… `lib/s3Security.js` - Core security manager - โœ… `secure-file-api.js` - Express.js API endpoints - โœ… `s3-security-test.js` - Testing server - โœ… `S3_SECURITY_GUIDE.md` - Complete documentation ### Modified Files: - โœ… `production-setup.js` - Added security integration - โœ… Configuration updated with security settings ## ๐ŸŽฏ Key Features Summary | Feature | Status | Description | | ------------------ | ------ | --------------------------------------- | | Pre-signed URLs | โœ… | Temporary secure URLs (1 hour expiry) | | Access Tokens | โœ… | User-specific tokens with permissions | | Permission Control | โœ… | Read/Write/Delete permission management | | Date Restrictions | โœ… | Access files up to 180 days old | | Access Logging | โœ… | Complete audit trail of file access | | Token Management | โœ… | Generate, validate, revoke tokens | | Auto Cleanup | โœ… | Expired tokens cleaned automatically | | API Integration | โœ… | Ready-to-use Express.js endpoints | | Frontend Examples | โœ… | JavaScript and React examples | | Documentation | โœ… | Complete implementation guide | ## ๐ŸŽ‰ Result **Aap ke S3 files ab completely protected hain!** - โŒ **Direct URL access** - Not possible - โœ… **Secure access only** - Through authentication - โœ… **Time-limited URLs** - Auto-expire in 1 hour - โœ… **User permissions** - Role-based access - โœ… **Complete logging** - Full audit trail - โœ… **Enterprise ready** - Production-grade security ### ๐Ÿš€ Next Steps: 1. **Configure AWS credentials** in .env file 2. **Customize user authentication** in secure-file-api.js 3. **Test with real S3 bucket** using s3-security-test.js 4. **Deploy to production** with your Express.js app **Your LogStack package ab enterprise-grade S3 file security ke saath complete hai! ๐Ÿ”’**