41 lines
1.4 KiB
TypeScript
41 lines
1.4 KiB
TypeScript
import type { NextApiRequest, NextApiResponse } from 'next'
|
|
|
|
export function securityHeaders(req: NextApiRequest, res: NextApiResponse, next: () => void) {
|
|
// Set security headers
|
|
res.setHeader('X-Content-Type-Options', 'nosniff')
|
|
res.setHeader('X-Frame-Options', 'DENY')
|
|
res.setHeader('X-XSS-Protection', '1; mode=block')
|
|
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin')
|
|
res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=()')
|
|
|
|
// Prevent information leakage
|
|
res.removeHeader('X-Powered-By')
|
|
|
|
next()
|
|
}
|
|
|
|
export function validateContentType(allowedTypes: string[] = ['application/json']) {
|
|
return (req: NextApiRequest, res: NextApiResponse, next: () => void) => {
|
|
if (req.method === 'POST' || req.method === 'PUT' || req.method === 'PATCH') {
|
|
const contentType = req.headers['content-type']
|
|
|
|
if (!contentType || !allowedTypes.some(type => contentType.includes(type))) {
|
|
return res.status(415).json({ error: 'Unsupported Media Type' })
|
|
}
|
|
}
|
|
|
|
next()
|
|
}
|
|
}
|
|
|
|
export function validateRequestSize(maxSize = 1024 * 1024) { // 1MB default
|
|
return (req: NextApiRequest, res: NextApiResponse, next: () => void) => {
|
|
const contentLength = req.headers['content-length']
|
|
|
|
if (contentLength && parseInt(contentLength) > maxSize) {
|
|
return res.status(413).json({ error: 'Request entity too large' })
|
|
}
|
|
|
|
next()
|
|
}
|
|
} |