import { ExpressHttpApp, createExpressApp } from '../src/infra/http/http-app'; import { SecurityPlugin, SecurityPluginOptions } from '../src/infra/http/plugins/security-plugin'; import { PluginManager } from '../src/infra/http/plugins/plugin-manager'; /** * Security Plugin Example * * This example demonstrates how to use the SecurityPlugin to add comprehensive * security features to your SoapExpress application. */ async function securityPluginExample() { console.log('šŸ”’ Security Plugin Example'); console.log('========================\n'); // Create HTTP application using Express const app = createExpressApp(); const pluginManager = new PluginManager(app); // Example 1: Basic Security Plugin Setup console.log('1. Basic Security Plugin Setup'); console.log('-------------------------------'); const basicSecurityPlugin = new SecurityPlugin({ enabled: true, exposeEndpoints: true, endpointsPath: '/security', enableMonitoring: true }); pluginManager.usePlugin(basicSecurityPlugin); console.log('āœ… Basic security plugin installed'); console.log(' - CSRF protection enabled'); console.log(' - Security headers enabled'); console.log(' - Input sanitization enabled'); console.log(' - Security endpoints available at /security/*\n'); // Example 2: Custom Security Configuration console.log('2. Custom Security Configuration'); console.log('--------------------------------'); const customSecurityPlugin = new SecurityPlugin({ enabled: true, exposeEndpoints: true, endpointsPath: '/api/security', enableMonitoring: true, headers: { enabled: true, headers: { contentSecurityPolicy: "default-src 'self'; script-src 'self' 'unsafe-inline'", frameOptions: 'SAMEORIGIN', contentTypeOptions: true, xssProtection: '1; mode=block', referrerPolicy: 'strict-origin-when-cross-origin' } }, csrf: { enabled: true, secret: 'my-super-secret-key-change-in-production', cookieName: '_csrf_token', cookieOptions: { httpOnly: true, secure: false, // Set to true in production with HTTPS sameSite: 'strict', maxAge: 3600000 // 1 hour }, ignorePaths: ['/health', '/metrics', '/api/public'] }, sanitization: { enabled: true, options: { stripHtml: true, escapeHtml: true, escapeSql: true, preventPathTraversal: true, validateFileUploads: true, maxFileSize: 5 * 1024 * 1024, // 5MB allowedMimeTypes: ['image/jpeg', 'image/png', 'application/pdf'] } }, onViolation: (violation) => { console.log(`šŸšØ Security violation detected: ${violation.type} - ${violation.message}`); // Here you could send alerts, log to external service, etc. } }); // Example 3: Production-Ready Security Setup console.log('3. Production-Ready Security Setup'); console.log('----------------------------------'); const productionSecurityPlugin = new SecurityPlugin({ enabled: true, exposeEndpoints: false, // Disable in production for security enableMonitoring: true, headers: { enabled: true, headers: { contentSecurityPolicy: "default-src 'self'; script-src 'self'", frameOptions: 'DENY', contentTypeOptions: true, xssProtection: '1; mode=block', referrerPolicy: 'strict-origin-when-cross-origin', strictTransportSecurity: 'max-age=31536000; includeSubDomains' } }, csrf: { enabled: true, secret: process.env.CSRF_SECRET || 'change-this-in-production', cookieName: '_csrf', cookieOptions: { httpOnly: true, secure: true, // HTTPS only in production sameSite: 'strict', maxAge: 3600000 }, ignorePaths: ['/health', '/metrics'] }, sanitization: { enabled: true, options: { stripHtml: true, escapeHtml: true, escapeSql: true, preventPathTraversal: true, validateFileUploads: true, maxFileSize: 10 * 1024 * 1024, // 10MB allowedMimeTypes: [ 'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'application/pdf', 'text/plain' ] } }, rateLimit: { enabled: true, windowMs: 15 * 60 * 1000, // 15 minutes max: 100, // limit each IP to 100 requests per windowMs skipSuccessfulRequests: false }, cors: { enabled: true, origin: ['https://yourdomain.com', 'https://www.yourdomain.com'], credentials: true, methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], allowedHeaders: ['Content-Type', 'Authorization', 'X-CSRF-Token'] } }); // Example 4: Security Plugin Management console.log('4. Security Plugin Management'); console.log('-----------------------------'); // Get security statistics const stats = basicSecurityPlugin.getSecurityStats(); console.log('šŸ“Š Security Statistics:'); console.log(` - Plugin uptime: ${stats.uptime}ms`); console.log(` - Violation count: ${stats.violationCount}`); console.log(` - Timestamp: ${stats.timestamp}`); // Get current configuration const config = basicSecurityPlugin.getConfig(); console.log('\nāš™ļø Current Configuration:'); console.log(` - Security enabled: ${config.enabled}`); console.log(` - Endpoints exposed: ${config.exposeEndpoints}`); console.log(` - Monitoring enabled: ${config.enableMonitoring}`); console.log(` - Headers enabled: ${config.headers?.enabled}`); console.log(` - CSRF enabled: ${config.csrf?.enabled}`); console.log(` - Sanitization enabled: ${config.sanitization?.enabled}`); // Example 5: Available Security Endpoints console.log('\n5. Available Security Endpoints'); console.log('--------------------------------'); if (config.exposeEndpoints) { console.log('šŸ”— Security endpoints (when exposeEndpoints is true):'); console.log(` - GET ${config.endpointsPath}/csrf-token - Get CSRF token`); console.log(` - GET ${config.endpointsPath}/violations - View security violations`); console.log(` - GET ${config.endpointsPath}/status - Security status`); console.log(` - GET ${config.endpointsPath}/info - Detailed security information`); } else { console.log('šŸ”’ Security endpoints are disabled (recommended for production)'); } // Example 6: Runtime Configuration Updates console.log('\n6. Runtime Configuration Updates'); console.log('----------------------------------'); // Update configuration at runtime basicSecurityPlugin.updateConfig({ enableMonitoring: false, sanitization: { enabled: true, options: { stripHtml: false, // Allow HTML in development escapeHtml: true, escapeSql: true, preventPathTraversal: true } } }); console.log('āœ… Configuration updated at runtime'); console.log(' - Monitoring disabled'); console.log(' - HTML stripping disabled (development mode)'); // Example 7: Security Violations Handling console.log('\n7. Security Violations Handling'); console.log('--------------------------------'); // Get current violations const violations = basicSecurityPlugin.getSecurityViolations(); console.log(`šŸ“‹ Current security violations: ${violations.length}`); // Clear violations if needed if (violations.length > 0) { basicSecurityPlugin.clearSecurityViolations(); console.log('āœ… Security violations cleared'); } // Example 8: Integration with Other Plugins console.log('\n8. Integration with Other Plugins'); console.log('----------------------------------'); // Security plugin works well with other plugins console.log('šŸ”„ Security plugin integrates with:'); console.log(' - Health Check Plugin (excludes /health from CSRF)'); console.log(' - Metrics Plugin (excludes /metrics from CSRF)'); console.log(' - Any custom plugins that follow security best practices'); console.log('\nšŸŽ‰ Security Plugin Example Complete!'); console.log('\nšŸ“ Next Steps:'); console.log(' 1. Start your application'); console.log(' 2. Test security endpoints (if enabled)'); console.log(' 3. Monitor security violations'); console.log(' 4. Configure for your production environment'); console.log(' 5. Set up proper CSRF secrets and HTTPS'); } // Example usage scenarios export function developmentSecurityExample() { return new SecurityPlugin({ enabled: true, exposeEndpoints: true, // Enable for testing endpointsPath: '/dev/security', enableMonitoring: true, csrf: { enabled: false // Disable CSRF in development for easier testing } }); } export function createDevelopmentApp() { return createExpressApp(); } export function productionSecurityExample() { return new SecurityPlugin({ enabled: true, exposeEndpoints: false, // Disable for security enableMonitoring: true, csrf: { enabled: true, secret: process.env.CSRF_SECRET!, cookieOptions: { secure: true, // HTTPS only httpOnly: true, sameSite: 'strict' } }, headers: { enabled: true, headers: { strictTransportSecurity: 'max-age=31536000; includeSubDomains; preload' } } }); } export function apiSecurityExample() { return new SecurityPlugin({ enabled: true, exposeEndpoints: false, csrf: { enabled: true, ignorePaths: ['/api/auth/login', '/api/auth/register'] }, cors: { enabled: true, origin: process.env.ALLOWED_ORIGINS?.split(',') || ['http://localhost:3000'], credentials: true }, rateLimit: { enabled: true, windowMs: 15 * 60 * 1000, max: 1000 // Higher limit for API } }); } // Run the example if (require.main === module) { securityPluginExample().catch(console.error); } export default securityPluginExample;