UNPKG

spartan-shield

Version:

nodejs project to package and configure common security middleware.

github.com/darkmsph1t/_spartan

darkmsph1t/_spartan

103 lines (78 loc) 2.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
'use strict' import validate from 'validate.js' // import formidable from 'formidable' import whitelist, { headers } from './.whitelists.json' // let browserErrors = {} // check file types // look at end of file name // look at file size // look at file metadata // look at file name const uploadInspector = (formInput) => { formInput.name } // check user input // check data types // check data length // check data context // create errors for failures // create output/receipt const sanitizeInput = async (input) => { } const formCheck = (formValues, rules, callback) => { let error = new Error('validation/invalid-form-value') let errResult = validate(formValues, rules) if (errResult !== undefined) { callback(error, errResult) } error.code = 400 return 'pass' || error } const headerCheck = (headerValue) => { let headerErrors = [] let match = 0 for (let h in headerValue) { // each key in the headerValue object should match a key in the whitelist if (!headers.includes(h)) { headerErrors.push(`validation/${h}-not-in-whitelist`) } (headers).forEach(e => { if (e === h) { match++ } }) if (Object.keys(headerValue).length !== headers.length || match === 0) { // now we need a way to see if the required headers are there headerErrors.push('validation/missing-required-header') } if (!whitelist[h].includes(headerValue[h])) { // now we need to check to see if the property values are what they are supposed to be for each header headerErrors.push(`validation/${headerValue[h]}-not-in-whitelist`) } } return headerErrors || undefined } const browserCheck = (request) => { // check that user agents provided are on the whitelist if (!whitelist['user-agent'].includes(request.headers['user-agent'])) { browserErrors['user-agent'] = 'validation/user-agent-mismatch' } // check headers? let headerErrors = headerCheck(request.headers) // request.headers is expected to be an object if (headerErrors) { browserCheck['headers'] = headerErrors } // check connection if (request.connection.encrypted !== 'https') { browserErrors['connection'] = 'validation/failed-connection-check' } return browserErrors || undefined } export function validator (whatToValidate) { try { // something } catch (e) { e.code = '(validation/validation-error)' return e } }