UNPKG

nuxt-security

Version:

🛡️ Security Module for Nuxt based on HTTP Headers and Middleware

nuxt-security.vercel.app

48 lines (47 loc) 1.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import { defineNitroPlugin, useRuntimeConfig } from "#imports"; import { getAppSecurityOptions } from "../context/index.js"; import { defuReplaceArray } from "../../../utils/merge"; import { standardToSecurity, backwardsCompatibleSecurity } from "../../../utils/headers"; export default defineNitroPlugin(async (nitroApp) => { const appSecurityOptions = getAppSecurityOptions(); const runtimeConfig = useRuntimeConfig(); for (const route in runtimeConfig.nitro.routeRules) { const rule = runtimeConfig.nitro.routeRules[route]; const { headers: headers2 } = rule; const securityHeaders2 = standardToSecurity(headers2); if (securityHeaders2) { appSecurityOptions[route] = { headers: securityHeaders2 }; } } const securityOptions = runtimeConfig.security; const { headers } = securityOptions; const securityHeaders = backwardsCompatibleSecurity(headers); appSecurityOptions["/**"] = defuReplaceArray( { headers: securityHeaders }, securityOptions, appSecurityOptions["/**"] ); for (const route in runtimeConfig.nitro.routeRules) { const rule = runtimeConfig.nitro.routeRules[route]; const { security } = rule; if (security) { const { headers: headers2 } = security; const securityHeaders2 = backwardsCompatibleSecurity(headers2); appSecurityOptions[route] = defuReplaceArray( { headers: securityHeaders2 }, security, appSecurityOptions[route] ); } } nitroApp.hooks.hook("nuxt-security:headers", ({ route, headers: headers2 }) => { appSecurityOptions[route] = defuReplaceArray( { headers: headers2 }, appSecurityOptions[route] ); }); nitroApp.hooks.hook("nuxt-security:ready", async () => { await nitroApp.hooks.callHook("nuxt-security:routeRules", appSecurityOptions); }); await nitroApp.hooks.callHook("nuxt-security:ready"); });