feat: add security configuration module
This commit is contained in:
张翔
@@ -0,0 +1,23 @@
|
||||
import { getSecurityConfig, validateSecurityConfig } from './config';
|
||||
|
||||
describe('Security Config', () => {
|
||||
test('should return default security configuration', () => {
|
||||
const config = getSecurityConfig();
|
||||
expect(config).toBeDefined();
|
||||
expect(config.rateLimit.ip.maxRequests).toBe(10);
|
||||
expect(config.rateLimit.ip.windowMinutes).toBe(60);
|
||||
expect(config.captcha.complexity).toBe('medium');
|
||||
});
|
||||
|
||||
test('should validate security config structure', () => {
|
||||
const config = getSecurityConfig();
|
||||
const isValid = validateSecurityConfig(config);
|
||||
expect(isValid).toBe(true);
|
||||
});
|
||||
|
||||
test('should reject invalid config', () => {
|
||||
const invalidConfig = { rateLimit: { ip: { maxRequests: -1 } } };
|
||||
const isValid = validateSecurityConfig(invalidConfig);
|
||||
expect(isValid).toBe(false);
|
||||
});
|
||||
});
|
||||
@@ -0,0 +1,77 @@
|
||||
export interface SecurityConfig {
|
||||
captcha: {
|
||||
complexity: 'simple' | 'medium' | 'complex';
|
||||
expiryMinutes: number;
|
||||
maxAttempts: number;
|
||||
};
|
||||
rateLimit: {
|
||||
ip: {
|
||||
maxRequests: number;
|
||||
windowMinutes: number;
|
||||
};
|
||||
email: {
|
||||
maxRequests: number;
|
||||
windowHours: number;
|
||||
};
|
||||
global: {
|
||||
maxRequests: number;
|
||||
windowMinutes: number;
|
||||
};
|
||||
};
|
||||
protection: {
|
||||
enableCSRF: boolean;
|
||||
enableInputSanitization: boolean;
|
||||
enableBehaviorDetection: boolean;
|
||||
blockSuspiciousIPs: boolean;
|
||||
};
|
||||
logging: {
|
||||
enableSecurityLogs: boolean;
|
||||
logRetentionDays: number;
|
||||
alertThreshold: number;
|
||||
};
|
||||
}
|
||||
|
||||
const defaultConfig: SecurityConfig = {
|
||||
captcha: {
|
||||
complexity: 'medium',
|
||||
expiryMinutes: 5,
|
||||
maxAttempts: 3,
|
||||
},
|
||||
rateLimit: {
|
||||
ip: {
|
||||
maxRequests: 10,
|
||||
windowMinutes: 60,
|
||||
},
|
||||
email: {
|
||||
maxRequests: 3,
|
||||
windowHours: 24,
|
||||
},
|
||||
global: {
|
||||
maxRequests: 50,
|
||||
windowMinutes: 1,
|
||||
},
|
||||
},
|
||||
protection: {
|
||||
enableCSRF: true,
|
||||
enableInputSanitization: true,
|
||||
enableBehaviorDetection: true,
|
||||
blockSuspiciousIPs: true,
|
||||
},
|
||||
logging: {
|
||||
enableSecurityLogs: true,
|
||||
logRetentionDays: 30,
|
||||
alertThreshold: 5,
|
||||
},
|
||||
};
|
||||
|
||||
export function getSecurityConfig(): SecurityConfig {
|
||||
return { ...defaultConfig };
|
||||
}
|
||||
|
||||
export function validateSecurityConfig(config: any): boolean {
|
||||
if (!config || typeof config !== 'object') return false;
|
||||
if (!config.rateLimit || !config.captcha || !config.protection) return false;
|
||||
if (config.rateLimit.ip?.maxRequests < 0) return false;
|
||||
if (config.captcha.expiryMinutes <= 0) return false;
|
||||
return true;
|
||||
}
|
||||
Reference in New Issue
Block a user