365DevNet/365devnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1a79ec5a6612f1b216641e233ebb846182005f71
365devnet/src/middleware.ts
Richard Bergsma 1a79ec5a66
Some checks failed
GitHub Actions / build (18) (push) Has been cancelled
Details
GitHub Actions / build (20) (push) Has been cancelled
Details
GitHub Actions / build (22) (push) Has been cancelled
Details
GitHub Actions / check (push) Has been cancelled
Details
image optimazation
2025-05-09 23:30:49 +02:00

93 lines
2.7 KiB
TypeScript
Raw Blame History

import { RateLimiterMemory } from 'rate-limiter-flexible';
import type { MiddlewareHandler } from 'astro';
// Rate limiter configuration
const rateLimiter = new RateLimiterMemory({
points: 10, // Number of requests
duration: 60, // Per minute
});
// Security headers configuration
const securityHeaders = {
'Content-Security-Policy': `
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
img-src 'self' data: https:;
font-src 'self';
object-src 'none';
base-uri 'self';
form-action 'self';
frame-ancestors 'none';
block-all-mixed-content;
upgrade-insecure-requests;
`.replace(/\s+/g, ' ').trim(),
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
'X-XSS-Protection': '1; mode=block',
'Referrer-Policy': 'strict-origin-when-cross-origin',
'Permissions-Policy': 'camera=(), microphone=(), geolocation=()',
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
};
// CORS configuration
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type, Authorization',
'Access-Control-Max-Age': '86400',
};
export const onRequest: MiddlewareHandler = async ({ request, next }, response) => {
// Handle preflight requests
if (request.method === 'OPTIONS') {
return new Response(null, {
status: 204,
headers: corsHeaders,
});
}
try {
// Rate limiting
const ip = request.headers.get('x-forwarded-for') || 'unknown';
await rateLimiter.consume(ip);
// Add security headers
Object.entries(securityHeaders).forEach(([key, value]) => {
response.headers.set(key, value);
});
// Add CORS headers
Object.entries(corsHeaders).forEach(([key, value]) => {
response.headers.set(key, value);
});
// Add cache headers for static assets
const url = new URL(request.url);
if (url.pathname.match(/\.(jpg|jpeg|png|gif|ico|css|js)$/)) {
response.headers.set('Cache-Control', 'public, max-age=31536000');
} else {
response.headers.set('Cache-Control', 'no-cache');
}
return next();
} catch (error) {
// Handle rate limit exceeded
if (error.name === 'RateLimiterError') {
return new Response('Too Many Requests', {
status: 429,
headers: {
'Retry-After': String(Math.ceil(error.msBeforeNext / 1000)),
...corsHeaders,
},
});
}
// Handle other errors
console.error('Middleware error:', error);
return new Response('Internal Server Error', {
status: 500,
headers: corsHeaders,
});
}
};
Reference in New Issue View Git Blame Copy Permalink