Security Utils API Reference

The Security Utils provide comprehensive security features including headers, CSRF protection, XSS prevention, and DDoS mitigation.

SecurityHeaders

HTTP security headers management.

Constructor

new SecurityHeaders(options)

Parameters:

options (object): Security headers configuration

Methods

applyHeaders(response)

Apply security headers to response.

const secureResponse = securityHeaders.applyHeaders(response);

Parameters:

response (Response): HTTP response

Returns: Response with security headers

setHeader(name, value)

Set custom security header.

securityHeaders.setHeader('X-Frame-Options', 'DENY');

Parameters:

name (string): Header name
value (string): Header value

CSRFProtection

Cross-Site Request Forgery protection.

Constructor

new CSRFProtection(options)

Parameters:

options (object): CSRF protection options

Methods

generateToken()

Generate CSRF token.

const token = csrf.generateToken();

Returns: CSRF token string

validateToken(token, sessionId)

Validate CSRF token.

const isValid = csrf.validateToken(token, sessionId);

Parameters:

token (string): CSRF token
sessionId (string): Session ID

Returns: Boolean indicating validity

XSSPrevention

Cross-Site Scripting prevention utilities.

Methods

sanitize(input)

Sanitize user input.

const safeInput = xssPrevention.sanitize(userInput);

Parameters:

input (string): User input

Returns: Sanitized string

escapeHtml(input)

Escape HTML characters.

const escaped = xssPrevention.escapeHtml('<script>alert("xss")</script>');

Parameters:

input (string): HTML string

Returns: Escaped HTML string

DDoSMitigation

DDoS attack mitigation utilities.

Constructor

new DDoSMitigation(options)

Parameters:

options (object): DDoS mitigation options

Methods

checkRequest(request)

Check request for DDoS patterns.

const isAllowed = await ddos.checkRequest(request);

Parameters:

request (Request): HTTP request

Returns: Promise resolving to boolean

getStats()

Get DDoS statistics.

const stats = ddos.getStats();

Returns: DDoS statistics object

Type Definitions

SecurityHeadersOptions

interface SecurityHeadersOptions {
  contentSecurityPolicy?: string;
  hsts?: HSTSOptions;
  cors?: CORSOptions;
  frameOptions?: string;
}

CSRFOptions

interface CSRFOptions {
  secret?: string;
  cookieName?: string;
  headerName?: string;
  tokenLength?: number;
}

DDoSOptions

interface DDoSOptions {
  maxRequests?: number;
  windowMs?: number;
  blockDuration?: number;
  whitelist?: string[];
}

Get Started

Core Features

Edge Computing

API Reference

Examples

Security

Contributing

Security Utils API

Security Utils API Reference

SecurityHeaders

Constructor

Methods

applyHeaders(response)

setHeader(name, value)

CSRFProtection

Constructor

Methods

generateToken()

validateToken(token, sessionId)

XSSPrevention

Methods

sanitize(input)

escapeHtml(input)

DDoSMitigation

Constructor

Methods

checkRequest(request)

getStats()

Type Definitions

SecurityHeadersOptions

CSRFOptions

DDoSOptions

Get Started

Core Features

Edge Computing

API Reference

Examples

Security

Contributing

​Security Utils API Reference

​SecurityHeaders

​Constructor

​Methods

​applyHeaders(response)

​setHeader(name, value)

​CSRFProtection

​Constructor

​Methods

​generateToken()

​validateToken(token, sessionId)

​XSSPrevention

​Methods

​sanitize(input)

​escapeHtml(input)

​DDoSMitigation

​Constructor

​Methods

​checkRequest(request)

​getStats()

​Type Definitions

​SecurityHeadersOptions

​CSRFOptions

​DDoSOptions

Security Utils API Reference

SecurityHeaders

Constructor

Methods

applyHeaders(response)

setHeader(name, value)

CSRFProtection

Constructor

Methods

generateToken()

validateToken(token, sessionId)

XSSPrevention

Methods

sanitize(input)

escapeHtml(input)

DDoSMitigation

Constructor

Methods

checkRequest(request)

getStats()

Type Definitions

SecurityHeadersOptions

CSRFOptions

DDoSOptions