nuxt-security/dist/shared/nuxt-security.ChELT23c.d.mts

🛡️ Security Module for Nuxt based on HTTP Headers and Middleware

import { ModuleOptions as ModuleOptions$1 } from 'nuxt-csurf';
import { Options } from 'unplugin-remove/types';
import { S as SecurityHeaders } from './nuxt-security.D3Gn0bHZ.mjs';
import { BuiltinDriverName, BuiltinDriverOptions } from 'unstorage';
import { HookResult } from '@nuxt/schema';

type RequestSizeLimiter = {
    maxRequestSizeInBytes?: number;
    maxUploadFileRequestInBytes?: number;
    throwError?: boolean;
};
type RateLimiter = {
    tokensPerInterval?: number;
    interval?: string | number;
    driver?: {
        [driverName in BuiltinDriverName]: {
            name: driverName;
            options?: BuiltinDriverOptions[driverName];
        };
    }[BuiltinDriverName];
    headers?: boolean;
    whiteList?: string[];
    throwError?: boolean;
};
type XssValidator = {
    /** Array of methods for which the validator will be invoked.
    @default ['GET', 'POST']
    */
    methods?: Array<HTTPMethod>;
    whiteList?: Record<string, any>;
    escapeHtml?: boolean;
    stripIgnoreTag?: boolean;
    stripIgnoreTagBody?: boolean;
    css?: Record<string, any> | boolean;
    throwError?: boolean;
};
type BasicAuth = {
    exclude?: string[];
    include?: string[];
    name: string;
    pass: string;
    enabled?: boolean;
    message: string;
};
type HTTPMethod = 'GET' | 'POST' | 'DELETE' | 'PATCH' | 'PUT' | 'TRACE' | 'OPTIONS' | 'CONNECT' | 'HEAD';
type CorsOptions = {
    origin?: '*' | string | string[];
    useRegExp?: boolean;
    methods?: '*' | HTTPMethod[];
    allowHeaders?: '*' | string[];
    exposeHeaders?: '*' | string[];
    credentials?: boolean;
    maxAge?: string | false;
    preflight?: {
        statusCode?: number;
    };
};
type AllowedHTTPMethods = {
    methods: HTTPMethod[] | '*';
    throwError?: boolean;
};

type Ssg = {
    meta?: boolean;
    hashScripts?: boolean;
    hashStyles?: boolean;
    nitroHeaders?: boolean;
    exportToPresets?: boolean;
};
interface ModuleOptions {
    strict: boolean;
    headers: SecurityHeaders | false;
    requestSizeLimiter: RequestSizeLimiter | false;
    rateLimiter: RateLimiter | false;
    xssValidator: XssValidator | false;
    corsHandler: CorsOptions | false;
    allowedMethodsRestricter: AllowedHTTPMethods | false;
    hidePoweredBy: boolean;
    enabled: boolean;
    nonce: boolean;
    ssg: Ssg | false;
    sri: boolean;
    basicAuth: BasicAuth | false;
    csrf: ModuleOptions$1 | boolean;
    removeLoggers: Options | boolean;
}
type NuxtSecurityRouteRules = Partial<Omit<ModuleOptions, 'strict' | 'csrf' | 'basicAuth' | 'rateLimiter' | 'ssg' | 'requestSizeLimiter' | 'removeLoggers'> & {
    rateLimiter: Omit<RateLimiter, 'driver'> | false;
} & {
    ssg: Omit<Ssg, 'exportToPresets'> | false;
} & {
    requestSizeLimiter: RequestSizeLimiter | false;
}>;
declare module '@nuxt/schema' {
    interface NuxtOptions {
        security: ModuleOptions;
    }
    interface RuntimeConfig {
        security: ModuleOptions;
        private: {
            basicAuth: BasicAuth | false;
            [key: string]: any;
        };
    }
    interface NuxtHooks {
        'nuxt-security:prerenderedHeaders': (prerenderedHeaders: Record<string, Record<string, string>>) => HookResult;
    }
}
declare module 'nitropack/types' {
    interface NitroRouteConfig {
        security?: NuxtSecurityRouteRules;
    }
    interface NitroRuntimeHooks {
        /**
         * @deprecated
         */
        'nuxt-security:headers': (config: {
            /**
             * The route for which the headers are being configured
             */
            route: string;
            /**
             * The headers configuration for the route
             */
            headers: NuxtSecurityRouteRules['headers'];
        }) => void;
        /**
         * @deprecated
         */
        'nuxt-security:ready': () => void;
        /**
         * Runtime hook to configure security rules for each route
         */
        'nuxt-security:routeRules': (routeRules: Record<string, NuxtSecurityRouteRules>) => void;
    }
}
declare module 'nitropack' {
    interface NitroRouteConfig {
        security?: NuxtSecurityRouteRules;
    }
    interface NitroRuntimeHooks {
        /**
         * @deprecated
         */
        'nuxt-security:headers': (config: {
            /**
             * The route for which the headers are being configured
             */
            route: string;
            /**
             * The headers configuration for the route
             */
            headers: NuxtSecurityRouteRules['headers'];
        }) => void;
        /**
         * @deprecated
         */
        'nuxt-security:ready': () => void;
        /**
         * Runtime hook to configure security rules for each route
         */
        'nuxt-security:routeRules': (routeRules: Record<string, NuxtSecurityRouteRules>) => void;
    }
}
type Section = 'body' | 'bodyAppend' | 'bodyPrepend' | 'head';
declare module 'h3' {
    interface H3EventContext {
        security?: {
            route?: string;
            rules?: NuxtSecurityRouteRules;
            nonce?: string;
            hashes?: {
                script: Set<string>;
                style: Set<string>;
            };
        };
    }
}

export type { AllowedHTTPMethods as A, BasicAuth as B, CorsOptions as C, HTTPMethod as H, ModuleOptions as M, NuxtSecurityRouteRules as N, RequestSizeLimiter as R, Ssg as S, XssValidator as X, Section as a, RateLimiter as b };