spartan-shield/example/example.com/security/api.js

nodejs project to package and configure common security middleware.

'use strict'

/* The purpose of this module is to ensure that APIs are designed, built, maintained and sustained. This is done by achieving the following objectives:
  1. Ensure that all endpoints are provided over a secure connection (HTTPS)
  2. Utilization of access control mechanisms where appropriate for non-public APIs
  3. Issuance and validation of JWTs for intra-service authentication
  4. Issuance and validation of API Keys for external users and inter-service communication
  5. Dynamic rate limiting => by endpoint && by time
  6. Validation of input, parameters and content types
*/

module.exports = function apiSec () {
  function secureConnection () {

  }
  function apiAccessControl () {

  }
  function getJwt () {

  }
  function issueJwt () {

  }
  function getApiKey () {

  }
  function issueApiKey () {

  }
  function rateLimiter () {

  }
  function validator () {

  }
}