import { createSecurityMiddleware, createSecurityHeadersMiddleware, createCSRFMiddleware, createSanitizationMiddleware, createSecurityEndpoints, HttpRequest, HttpResponse, HttpContext } from '../src/infra/http/security'; // Example 1: Complete Security Middleware console.log('=== Complete Security Middleware Example ==='); const securityMiddleware = createSecurityMiddleware({ enabled: true, headers: { enabled: true, headers: { contentSecurityPolicy: "default-src 'self'", frameOptions: 'DENY', contentTypeOptions: true, xssProtection: '1; mode=block' } }, csrf: { enabled: true, secret: 'my-secret-key', cookieName: '_csrf', headerName: 'x-csrf-token' }, sanitization: { enabled: true, options: { stripHtml: true, escapeHtml: true, escapeSql: true, preventPathTraversal: true } } }); // Mock request/response objects const mockRequest: HttpRequest = { method: 'POST', path: '/api/users', headers: { 'x-csrf-token': 'some-token', 'content-type': 'application/json', 'user-agent': 'Mozilla/5.0' }, body: { name: 'John Doe' }, query: { page: '1' }, params: { id: '123' }, cookies: { '_csrf': 'hashed-token' }, secure: false, ip: '127.0.0.1' }; const mockResponse: HttpResponse = { status: (code: number) => mockResponse, json: (data: any) => mockResponse, cookie: (name: string, value: string, options?: any) => mockResponse, setHeader: (name: string, value: string) => mockResponse, locals: {} }; const mockNext = () => console.log('Next middleware called'); // Test middleware function console.log('Testing security middleware...'); const middleware = securityMiddleware.middleware(); middleware(mockRequest, mockResponse, mockNext); // Test process method console.log('\nTesting process method...'); const context: HttpContext = { req: mockRequest, res: mockResponse, next: mockNext }; securityMiddleware.process(context); // Example 2: Individual Middleware Components console.log('\n=== Individual Middleware Components Example ==='); // Security Headers Middleware const headersMiddleware = createSecurityHeadersMiddleware({ enabled: true, headers: { contentSecurityPolicy: "default-src 'self'", frameOptions: 'DENY', contentTypeOptions: true } }); console.log('Headers middleware created:', typeof headersMiddleware.middleware() === 'function'); // CSRF Middleware const csrfMiddleware = createCSRFMiddleware({ enabled: true, secret: 'my-secret-key', cookieName: '_csrf', headerName: 'x-csrf-token' }); console.log('CSRF middleware created:', typeof csrfMiddleware.middleware() === 'function'); // Sanitization Middleware const sanitizationMiddleware = createSanitizationMiddleware({ enabled: true, options: { stripHtml: true, escapeHtml: true, preventPathTraversal: true } }); console.log('Sanitization middleware created:', typeof sanitizationMiddleware.middleware() === 'function'); // Example 3: Configuration Management console.log('\n=== Configuration Management Example ==='); // Get current config const currentConfig = securityMiddleware.getConfig(); console.log('Security enabled:', currentConfig.enabled); console.log('CSRF enabled:', currentConfig.csrf?.enabled); console.log('Headers enabled:', currentConfig.headers?.enabled); console.log('Sanitization enabled:', currentConfig.sanitization?.enabled); // Update config securityMiddleware.updateConfig({ csrf: { enabled: false, secret: 'new-secret-key' } }); const updatedConfig = securityMiddleware.getConfig(); console.log('Updated CSRF enabled:', updatedConfig.csrf?.enabled); // Example 4: Security Violations console.log('\n=== Security Violations Example ==='); // Get violations from sanitization middleware const violations = sanitizationMiddleware.getViolations(); console.log('Current violations:', violations.length); const stats = sanitizationMiddleware.getViolationStats(); console.log('Violation stats:', stats); // Example 5: Token Generation console.log('\n=== Token Generation Example ==='); const token = csrfMiddleware.generateToken(); console.log('Generated CSRF token:', token); // Example 6: Security Endpoints console.log('\n=== Security Endpoints Example ==='); const endpoints = createSecurityEndpoints(securityMiddleware); // Test CSRF token endpoint console.log('Testing CSRF token endpoint...'); endpoints.csrfToken(mockRequest, mockResponse); // Test security status endpoint console.log('Testing security status endpoint...'); endpoints.status(mockRequest, mockResponse); // Test violations endpoint console.log('Testing violations endpoint...'); endpoints.violations(mockRequest, mockResponse); console.log('\n=== All security middleware examples completed successfully! ===');