alex/homeassistant-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: optimize configuration and tool implementations

Browse Source 
- Standardized error handling across tool implementations
- Improved return type consistency for tool execution results
- Simplified configuration parsing and type definitions
- Enhanced type safety for various configuration schemas
- Cleaned up and normalized tool response structures
- Updated SSE and event subscription tool implementations
This commit is contained in:
jango-blockchained
2025-02-04 00:56:45 +01:00
parent 9a02bdaf11
commit bc1dc8278a
65 changed files with 7094 additions and 7675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

229
src/config/__tests__/test.config.ts
View File

@@ -1,135 +1,162 @@
import { z } from 'zod';
import { z } from "zod";
// Test configuration schema
const testConfigSchema = z.object({
// Test Environment
TEST_PORT: z.number().default(3001),
TEST_HOST: z.string().default('http://localhost'),
TEST_WEBSOCKET_PORT: z.number().default(3002),
// Test Environment
TEST_PORT: z.number().default(3001),
TEST_HOST: z.string().default("http://localhost"),
TEST_WEBSOCKET_PORT: z.number().default(3002),
// Mock Authentication
TEST_JWT_SECRET: z.string().default('test_jwt_secret_key_that_is_at_least_32_chars'),
TEST_TOKEN: z.string().default('test_token_that_is_at_least_32_chars_long'),
TEST_INVALID_TOKEN: z.string().default('invalid_token'),
// Mock Authentication
TEST_JWT_SECRET: z
.string()
.default("test_jwt_secret_key_that_is_at_least_32_chars"),
TEST_TOKEN: z.string().default("test_token_that_is_at_least_32_chars_long"),
TEST_INVALID_TOKEN: z.string().default("invalid_token"),
// Mock Client Settings
TEST_CLIENT_IP: z.string().default('127.0.0.1'),
TEST_MAX_CLIENTS: z.number().default(10),
TEST_PING_INTERVAL: z.number().default(100),
TEST_CLEANUP_INTERVAL: z.number().default(200),
TEST_MAX_CONNECTION_AGE: z.number().default(1000),
// Mock Client Settings
TEST_CLIENT_IP: z.string().default("127.0.0.1"),
TEST_MAX_CLIENTS: z.number().default(10),
TEST_PING_INTERVAL: z.number().default(100),
TEST_CLEANUP_INTERVAL: z.number().default(200),
TEST_MAX_CONNECTION_AGE: z.number().default(1000),
// Mock Rate Limiting
TEST_RATE_LIMIT_WINDOW: z.number().default(60000), // 1 minute
TEST_RATE_LIMIT_MAX_REQUESTS: z.number().default(100),
TEST_RATE_LIMIT_WEBSOCKET: z.number().default(1000),
// Mock Rate Limiting
TEST_RATE_LIMIT_WINDOW: z.number().default(60000), // 1 minute
TEST_RATE_LIMIT_MAX_REQUESTS: z.number().default(100),
TEST_RATE_LIMIT_WEBSOCKET: z.number().default(1000),
// Mock Events
TEST_EVENT_TYPES: z.array(z.string()).default([
'state_changed',
'automation_triggered',
'script_executed',
'service_called'
// Mock Events
TEST_EVENT_TYPES: z
.array(z.string())
.default([
"state_changed",
"automation_triggered",
"script_executed",
"service_called",
]),
// Mock Entities
TEST_ENTITIES: z.array(z.object({
// Mock Entities
TEST_ENTITIES: z
.array(
z.object({
entity_id: z.string(),
state: z.string(),
attributes: z.record(z.any()),
last_changed: z.string(),
last_updated: z.string()
})).default([
{
entity_id: 'light.test_light',
state: 'on',
attributes: {
brightness: 255,
color_temp: 400
},
last_changed: new Date().toISOString(),
last_updated: new Date().toISOString()
last_updated: z.string(),
}),
)
.default([
{
entity_id: "light.test_light",
state: "on",
attributes: {
brightness: 255,
color_temp: 400,
},
{
entity_id: 'switch.test_switch',
state: 'off',
attributes: {},
last_changed: new Date().toISOString(),
last_updated: new Date().toISOString()
}
last_changed: new Date().toISOString(),
last_updated: new Date().toISOString(),
},
{
entity_id: "switch.test_switch",
state: "off",
attributes: {},
last_changed: new Date().toISOString(),
last_updated: new Date().toISOString(),
},
]),
// Mock Services
TEST_SERVICES: z.array(z.object({
// Mock Services
TEST_SERVICES: z
.array(
z.object({
domain: z.string(),
service: z.string(),
data: z.record(z.any())
})).default([
{
domain: 'light',
service: 'turn_on',
data: {
entity_id: 'light.test_light',
brightness: 255
}
data: z.record(z.any()),
}),
)
.default([
{
domain: "light",
service: "turn_on",
data: {
entity_id: "light.test_light",
brightness: 255,
},
{
domain: 'switch',
service: 'turn_off',
data: {
entity_id: 'switch.test_switch'
}
}
},
{
domain: "switch",
service: "turn_off",
data: {
entity_id: "switch.test_switch",
},
},
]),
// Mock Error Scenarios
TEST_ERROR_SCENARIOS: z.array(z.object({
// Mock Error Scenarios
TEST_ERROR_SCENARIOS: z
.array(
z.object({
type: z.string(),
message: z.string(),
code: z.number()
})).default([
{
type: 'authentication_error',
message: 'Invalid token',
code: 401
},
{
type: 'rate_limit_error',
message: 'Too many requests',
code: 429
},
{
type: 'validation_error',
message: 'Invalid request body',
code: 400
}
])
code: z.number(),
}),
)
.default([
{
type: "authentication_error",
message: "Invalid token",
code: 401,
},
{
type: "rate_limit_error",
message: "Too many requests",
code: 429,
},
{
type: "validation_error",
message: "Invalid request body",
code: 400,
},
]),
});
// Parse environment variables or use defaults
const parseTestConfig = () => {
const config = {
TEST_PORT: parseInt(process.env.TEST_PORT || '3001'),
TEST_HOST: process.env.TEST_HOST || 'http://localhost',
TEST_WEBSOCKET_PORT: parseInt(process.env.TEST_WEBSOCKET_PORT || '3002'),
TEST_JWT_SECRET: process.env.TEST_JWT_SECRET || 'test_jwt_secret_key_that_is_at_least_32_chars',
TEST_TOKEN: process.env.TEST_TOKEN || 'test_token_that_is_at_least_32_chars_long',
TEST_INVALID_TOKEN: process.env.TEST_INVALID_TOKEN || 'invalid_token',
TEST_CLIENT_IP: process.env.TEST_CLIENT_IP || '127.0.0.1',
TEST_MAX_CLIENTS: parseInt(process.env.TEST_MAX_CLIENTS || '10'),
TEST_PING_INTERVAL: parseInt(process.env.TEST_PING_INTERVAL || '100'),
TEST_CLEANUP_INTERVAL: parseInt(process.env.TEST_CLEANUP_INTERVAL || '200'),
TEST_MAX_CONNECTION_AGE: parseInt(process.env.TEST_MAX_CONNECTION_AGE || '1000'),
TEST_RATE_LIMIT_WINDOW: parseInt(process.env.TEST_RATE_LIMIT_WINDOW || '60000'),
TEST_RATE_LIMIT_MAX_REQUESTS: parseInt(process.env.TEST_RATE_LIMIT_MAX_REQUESTS || '100'),
TEST_RATE_LIMIT_WEBSOCKET: parseInt(process.env.TEST_RATE_LIMIT_WEBSOCKET || '1000'),
};
const config = {
TEST_PORT: parseInt(process.env.TEST_PORT || "3001"),
TEST_HOST: process.env.TEST_HOST || "http://localhost",
TEST_WEBSOCKET_PORT: parseInt(process.env.TEST_WEBSOCKET_PORT || "3002"),
TEST_JWT_SECRET:
process.env.TEST_JWT_SECRET ||
"test_jwt_secret_key_that_is_at_least_32_chars",
TEST_TOKEN:
process.env.TEST_TOKEN || "test_token_that_is_at_least_32_chars_long",
TEST_INVALID_TOKEN: process.env.TEST_INVALID_TOKEN || "invalid_token",
TEST_CLIENT_IP: process.env.TEST_CLIENT_IP || "127.0.0.1",
TEST_MAX_CLIENTS: parseInt(process.env.TEST_MAX_CLIENTS || "10"),
TEST_PING_INTERVAL: parseInt(process.env.TEST_PING_INTERVAL || "100"),
TEST_CLEANUP_INTERVAL: parseInt(process.env.TEST_CLEANUP_INTERVAL || "200"),
TEST_MAX_CONNECTION_AGE: parseInt(
process.env.TEST_MAX_CONNECTION_AGE || "1000",
),
TEST_RATE_LIMIT_WINDOW: parseInt(
process.env.TEST_RATE_LIMIT_WINDOW || "60000",
),
TEST_RATE_LIMIT_MAX_REQUESTS: parseInt(
process.env.TEST_RATE_LIMIT_MAX_REQUESTS || "100",
),
TEST_RATE_LIMIT_WEBSOCKET: parseInt(
process.env.TEST_RATE_LIMIT_WEBSOCKET || "1000",
),
};
return testConfigSchema.parse(config);
return testConfigSchema.parse(config);
};
// Export the validated test configuration
export const TEST_CONFIG = parseTestConfig();
// Export types
export type TestConfig = z.infer<typeof testConfigSchema>;
export type TestConfig = z.infer<typeof testConfigSchema>;

141
src/config/app.config.ts
View File

@@ -1,5 +1,6 @@
import { config } from 'dotenv';
import { resolve } from 'path';
import { config } from "dotenv";
import { resolve } from "path";
import { z } from "zod";
/**
* Load environment variables based on NODE_ENV
@@ -7,11 +8,12 @@ import { resolve } from 'path';
* Test: .env.test
* Production: .env
*/
const envFile = process.env.NODE_ENV === 'production'
? '.env'
: process.env.NODE_ENV === 'test'
? '.env.test'
: '.env.development';
const envFile =
process.env.NODE_ENV === "production"
? ".env"
: process.env.NODE_ENV === "test"
? ".env.test"
: ".env.development";
console.log(`Loading environment from ${envFile}`);
config({ path: resolve(process.cwd(), envFile) });
@@ -20,66 +22,95 @@ config({ path: resolve(process.cwd(), envFile) });
* Application configuration object
* Contains all configuration settings for the application
*/
export const APP_CONFIG = {
/** Server Configuration */
PORT: process.env.PORT || 3000,
NODE_ENV: process.env.NODE_ENV || 'development',
export const AppConfigSchema = z.object({
/** Server Configuration */
PORT: z.number().default(4000),
NODE_ENV: z
.enum(["development", "production", "test"])
.default("development"),
/** Home Assistant Configuration */
HASS_HOST: process.env.HASS_HOST || 'http://192.168.178.63:8123',
HASS_TOKEN: process.env.HASS_TOKEN,
/** Home Assistant Configuration */
HASS_HOST: z.string().default("http://192.168.178.63:8123"),
HASS_TOKEN: z.string().optional(),
/** Security Configuration */
JWT_SECRET: process.env.JWT_SECRET || 'your-secret-key',
RATE_LIMIT: {
/** Time window for rate limiting in milliseconds */
windowMs: 15 * 60 * 1000, // 15 minutes
/** Maximum number of requests per window */
max: 100 // limit each IP to 100 requests per windowMs
},
/** Security Configuration */
JWT_SECRET: z.string().default("your-secret-key"),
RATE_LIMIT: z.object({
/** Time window for rate limiting in milliseconds */
windowMs: z.number().default(15 * 60 * 1000), // 15 minutes
/** Maximum number of requests per window */
max: z.number().default(100), // limit each IP to 100 requests per windowMs
}),
/** Server-Sent Events Configuration */
SSE: {
/** Maximum number of concurrent SSE clients */
MAX_CLIENTS: 1000,
/** Ping interval in milliseconds to keep connections alive */
PING_INTERVAL: 30000 // 30 seconds
},
/** Server-Sent Events Configuration */
SSE: z.object({
/** Maximum number of concurrent SSE clients */
MAX_CLIENTS: z.number().default(1000),
/** Ping interval in milliseconds to keep connections alive */
PING_INTERVAL: z.number().default(30000), // 30 seconds
}),
/** Logging Configuration */
LOGGING: {
/** Log level (error, warn, info, http, debug) */
LEVEL: process.env.LOG_LEVEL || 'info',
/** Directory for log files */
DIR: process.env.LOG_DIR || 'logs',
/** Maximum log file size before rotation */
MAX_SIZE: process.env.LOG_MAX_SIZE || '20m',
/** Maximum number of days to keep log files */
MAX_DAYS: process.env.LOG_MAX_DAYS || '14d',
/** Whether to compress rotated logs */
COMPRESS: process.env.LOG_COMPRESS === 'true',
/** Format for timestamps in logs */
TIMESTAMP_FORMAT: 'YYYY-MM-DD HH:mm:ss:ms',
/** Whether to include request logging */
LOG_REQUESTS: process.env.LOG_REQUESTS === 'true',
},
/** Logging Configuration */
LOGGING: z.object({
/** Log level (error, warn, info, http, debug) */
LEVEL: z.enum(["error", "warn", "info", "debug", "trace"]).default("info"),
/** Directory for log files */
DIR: z.string().default("logs"),
/** Maximum log file size before rotation */
MAX_SIZE: z.string().default("20m"),
/** Maximum number of days to keep log files */
MAX_DAYS: z.string().default("14d"),
/** Whether to compress rotated logs */
COMPRESS: z.boolean().default(false),
/** Format for timestamps in logs */
TIMESTAMP_FORMAT: z.string().default("YYYY-MM-DD HH:mm:ss:ms"),
/** Whether to include request logging */
LOG_REQUESTS: z.boolean().default(false),
}),
/** Application Version */
VERSION: '0.1.0'
} as const;
/** Application Version */
VERSION: z.string().default("0.1.0"),
});
/** Type definition for the configuration object */
export type AppConfig = typeof APP_CONFIG;
export type AppConfig = z.infer<typeof AppConfigSchema>;
/** Required environment variables that must be set */
const requiredEnvVars = ['HASS_TOKEN'] as const;
const requiredEnvVars = ["HASS_TOKEN"] as const;
/**
* Validate that all required environment variables are set
* Throws an error if any required variable is missing
*/
for (const envVar of requiredEnvVars) {
if (!process.env[envVar]) {
throw new Error(`Missing required environment variable: ${envVar}`);
}
}
if (!process.env[envVar]) {
throw new Error(`Missing required environment variable: ${envVar}`);
}
}
// Load and validate configuration
export const APP_CONFIG = AppConfigSchema.parse({
PORT: process.env.PORT || 4000,
NODE_ENV: process.env.NODE_ENV || "development",
HASS_HOST: process.env.HASS_HOST || "http://192.168.178.63:8123",
HASS_TOKEN: process.env.HASS_TOKEN,
JWT_SECRET: process.env.JWT_SECRET || "your-secret-key",
RATE_LIMIT: {
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
},
SSE: {
MAX_CLIENTS: 1000,
PING_INTERVAL: 30000, // 30 seconds
},
LOGGING: {
LEVEL: process.env.LOG_LEVEL || "info",
DIR: process.env.LOG_DIR || "logs",
MAX_SIZE: process.env.LOG_MAX_SIZE || "20m",
MAX_DAYS: process.env.LOG_MAX_DAYS || "14d",
COMPRESS: process.env.LOG_COMPRESS === "true",
TIMESTAMP_FORMAT: "YYYY-MM-DD HH:mm:ss:ms",
LOG_REQUESTS: process.env.LOG_REQUESTS === "true",
},
VERSION: "0.1.0",
});

35
src/config/boilerplate.config.ts Normal file
View File

@@ -0,0 +1,35 @@
export const BOILERPLATE_CONFIG = {
configuration: {
LOG_LEVEL: {
type: "string" as const,
default: "debug",
description: "Logging level",
enum: ["error", "warn", "info", "debug", "trace"],
},
CACHE_DIRECTORY: {
type: "string" as const,
default: ".cache",
description: "Directory for cache files",
},
CONFIG_DIRECTORY: {
type: "string" as const,
default: ".config",
description: "Directory for configuration files",
},
DATA_DIRECTORY: {
type: "string" as const,
default: ".data",
description: "Directory for data files",
},
},
internal: {
boilerplate: {
configuration: {
LOG_LEVEL: "debug",
CACHE_DIRECTORY: ".cache",
CONFIG_DIRECTORY: ".config",
DATA_DIRECTORY: ".data",
},
},
},
};

55
src/config/hass.config.ts
View File

@@ -1,11 +1,50 @@
import dotenv from 'dotenv';
import { config } from "dotenv";
import { resolve } from "path";
// Load environment variables
dotenv.config();
// Load environment variables based on NODE_ENV
const envFile =
process.env.NODE_ENV === "production"
? ".env"
: process.env.NODE_ENV === "test"
? ".env.test"
: ".env.development";
config({ path: resolve(process.cwd(), envFile) });
export const HASS_CONFIG = {
BASE_URL: process.env.HASS_HOST || 'http://homeassistant.local:8123',
TOKEN: process.env.HASS_TOKEN || '',
SOCKET_URL: process.env.HASS_SOCKET_URL || '',
SOCKET_TOKEN: process.env.HASS_TOKEN || '',
};
// Base configuration
BASE_URL: process.env.HASS_HOST || "http://localhost:8123",
TOKEN: process.env.HASS_TOKEN || "",
SOCKET_URL: process.env.HASS_WS_URL || "ws://localhost:8123/api/websocket",
SOCKET_TOKEN: process.env.HASS_TOKEN || "",
// Boilerplate configuration
BOILERPLATE: {
CACHE_DIRECTORY: ".cache",
CONFIG_DIRECTORY: ".config",
DATA_DIRECTORY: ".data",
LOG_LEVEL: "debug",
ENVIRONMENT: process.env.NODE_ENV || "development",
},
// Application configuration
APP_NAME: "homeassistant-mcp",
APP_VERSION: "1.0.0",
// API configuration
API_VERSION: "1.0.0",
API_PREFIX: "/api",
// Security configuration
RATE_LIMIT: {
WINDOW_MS: 15 * 60 * 1000, // 15 minutes
MAX_REQUESTS: 100,
},
// WebSocket configuration
WS_CONFIG: {
AUTO_RECONNECT: true,
MAX_RECONNECT_ATTEMPTS: 3,
RECONNECT_DELAY: 1000,
},
};

97
src/config/index.ts
View File

@@ -1,77 +1,86 @@
import { config } from 'dotenv';
import { resolve } from 'path';
import { config } from "dotenv";
import { resolve } from "path";
// Load environment variables based on NODE_ENV
const envFile = process.env.NODE_ENV === 'production'
? '.env'
: process.env.NODE_ENV === 'test'
? '.env.test'
: '.env.development';
const envFile =
process.env.NODE_ENV === "production"
? ".env"
: process.env.NODE_ENV === "test"
? ".env.test"
: ".env.development";
console.log(`Loading environment from ${envFile}`);
config({ path: resolve(process.cwd(), envFile) });
// Home Assistant Configuration
export const HASS_CONFIG = {
HOST: process.env.HASS_HOST || 'http://homeassistant.local:8123',
TOKEN: process.env.HASS_TOKEN,
SOCKET_URL: process.env.HASS_SOCKET_URL || 'ws://homeassistant.local:8123/api/websocket',
BASE_URL: process.env.HASS_HOST || 'http://homeassistant.local:8123',
SOCKET_TOKEN: process.env.HASS_TOKEN
HOST: process.env.HASS_HOST || "http://homeassistant.local:8123",
TOKEN: process.env.HASS_TOKEN,
SOCKET_URL:
process.env.HASS_SOCKET_URL ||
"ws://homeassistant.local:8123/api/websocket",
BASE_URL: process.env.HASS_HOST || "http://homeassistant.local:8123",
SOCKET_TOKEN: process.env.HASS_TOKEN,
};
// Server Configuration
export const SERVER_CONFIG = {
PORT: parseInt(process.env.PORT || '3000', 10),
NODE_ENV: process.env.NODE_ENV || 'development',
DEBUG: process.env.DEBUG === 'true',
LOG_LEVEL: process.env.LOG_LEVEL || 'info'
PORT: parseInt(process.env.PORT || "3000", 10),
NODE_ENV: process.env.NODE_ENV || "development",
DEBUG: process.env.DEBUG === "true",
LOG_LEVEL: process.env.LOG_LEVEL || "info",
};
// AI Configuration
export const AI_CONFIG = {
PROCESSOR_TYPE: process.env.PROCESSOR_TYPE || 'claude',
OPENAI_API_KEY: process.env.OPENAI_API_KEY
PROCESSOR_TYPE: process.env.PROCESSOR_TYPE || "claude",
OPENAI_API_KEY: process.env.OPENAI_API_KEY,
};
// Rate Limiting Configuration
export const RATE_LIMIT_CONFIG = {
REGULAR: parseInt(process.env.RATE_LIMIT_REGULAR || '100', 10),
WEBSOCKET: parseInt(process.env.RATE_LIMIT_WEBSOCKET || '1000', 10)
REGULAR: parseInt(process.env.RATE_LIMIT_REGULAR || "100", 10),
WEBSOCKET: parseInt(process.env.RATE_LIMIT_WEBSOCKET || "1000", 10),
};
// Security Configuration
export const SECURITY_CONFIG = {
JWT_SECRET: process.env.JWT_SECRET || 'default_secret_key_change_in_production',
CORS_ORIGINS: (process.env.CORS_ORIGINS || 'http://localhost:3000,http://localhost:8123')
.split(',')
.map(origin => origin.trim())
JWT_SECRET:
process.env.JWT_SECRET || "default_secret_key_change_in_production",
CORS_ORIGINS: (
process.env.CORS_ORIGINS || "http://localhost:3000,http://localhost:8123"
)
.split(",")
.map((origin) => origin.trim()),
};
// Test Configuration
export const TEST_CONFIG = {
HASS_HOST: process.env.TEST_HASS_HOST || 'http://localhost:8123',
HASS_TOKEN: process.env.TEST_HASS_TOKEN || 'test_token',
HASS_SOCKET_URL: process.env.TEST_HASS_SOCKET_URL || 'ws://localhost:8123/api/websocket',
PORT: parseInt(process.env.TEST_PORT || '3001', 10)
HASS_HOST: process.env.TEST_HASS_HOST || "http://localhost:8123",
HASS_TOKEN: process.env.TEST_HASS_TOKEN || "test_token",
HASS_SOCKET_URL:
process.env.TEST_HASS_SOCKET_URL || "ws://localhost:8123/api/websocket",
PORT: parseInt(process.env.TEST_PORT || "3001", 10),
};
// Mock Configuration (for testing)
export const MOCK_CONFIG = {
SERVICES: process.env.MOCK_SERVICES === 'true',
RESPONSES_DIR: process.env.MOCK_RESPONSES_DIR || '__tests__/mock-responses'
SERVICES: process.env.MOCK_SERVICES === "true",
RESPONSES_DIR: process.env.MOCK_RESPONSES_DIR || "__tests__/mock-responses",
};
// Validate required configuration
function validateConfig() {
const missingVars: string[] = [];
const missingVars: string[] = [];
if (!HASS_CONFIG.TOKEN) missingVars.push('HASS_TOKEN');
if (!SECURITY_CONFIG.JWT_SECRET) missingVars.push('JWT_SECRET');
if (!HASS_CONFIG.TOKEN) missingVars.push("HASS_TOKEN");
if (!SECURITY_CONFIG.JWT_SECRET) missingVars.push("JWT_SECRET");
if (missingVars.length > 0) {
throw new Error(`Missing required environment variables: ${missingVars.join(', ')}`);
}
if (missingVars.length > 0) {
throw new Error(
`Missing required environment variables: ${missingVars.join(", ")}`,
);
}
}
// Export configuration validation
@@ -79,11 +88,11 @@ export const validateConfiguration = validateConfig;
// Export all configurations as a single object
export const AppConfig = {
HASS: HASS_CONFIG,
SERVER: SERVER_CONFIG,
AI: AI_CONFIG,
RATE_LIMIT: RATE_LIMIT_CONFIG,
SECURITY: SECURITY_CONFIG,
TEST: TEST_CONFIG,
MOCK: MOCK_CONFIG
};
HASS: HASS_CONFIG,
SERVER: SERVER_CONFIG,
AI: AI_CONFIG,
RATE_LIMIT: RATE_LIMIT_CONFIG,
SECURITY: SECURITY_CONFIG,
TEST: TEST_CONFIG,
MOCK: MOCK_CONFIG,
};

185
src/config/security.config.ts
View File

@@ -1,112 +1,129 @@
import { z } from 'zod';
import { z } from "zod";
// Security configuration schema
const securityConfigSchema = z.object({
// JWT Configuration
JWT_SECRET: z.string().min(32),
JWT_EXPIRY: z.number().default(24 * 60 * 60 * 1000), // 24 hours
JWT_MAX_AGE: z.number().default(30 * 24 * 60 * 60 * 1000), // 30 days
JWT_ALGORITHM: z.enum(['HS256', 'HS384', 'HS512']).default('HS256'),
// JWT Configuration
JWT_SECRET: z.string().min(32),
JWT_EXPIRY: z.number().default(24 * 60 * 60 * 1000), // 24 hours
JWT_MAX_AGE: z.number().default(30 * 24 * 60 * 60 * 1000), // 30 days
JWT_ALGORITHM: z.enum(["HS256", "HS384", "HS512"]).default("HS256"),
// Rate Limiting
RATE_LIMIT_WINDOW: z.number().default(15 * 60 * 1000), // 15 minutes
RATE_LIMIT_MAX_REQUESTS: z.number().default(100),
RATE_LIMIT_WEBSOCKET: z.number().default(1000),
// Rate Limiting
RATE_LIMIT_WINDOW: z.number().default(15 * 60 * 1000), // 15 minutes
RATE_LIMIT_MAX_REQUESTS: z.number().default(100),
RATE_LIMIT_WEBSOCKET: z.number().default(1000),
// Token Security
TOKEN_MIN_LENGTH: z.number().default(32),
MAX_FAILED_ATTEMPTS: z.number().default(5),
LOCKOUT_DURATION: z.number().default(15 * 60 * 1000), // 15 minutes
// Token Security
TOKEN_MIN_LENGTH: z.number().default(32),
MAX_FAILED_ATTEMPTS: z.number().default(5),
LOCKOUT_DURATION: z.number().default(15 * 60 * 1000), // 15 minutes
// CORS Configuration
CORS_ORIGINS: z.array(z.string()).default(['http://localhost:3000', 'http://localhost:8123']),
CORS_METHODS: z.array(z.string()).default(['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']),
CORS_ALLOWED_HEADERS: z.array(z.string()).default([
'Content-Type',
'Authorization',
'X-Requested-With'
]),
CORS_EXPOSED_HEADERS: z.array(z.string()).default([]),
CORS_CREDENTIALS: z.boolean().default(true),
CORS_MAX_AGE: z.number().default(24 * 60 * 60), // 24 hours
// CORS Configuration
CORS_ORIGINS: z
.array(z.string())
.default(["http://localhost:3000", "http://localhost:8123"]),
CORS_METHODS: z
.array(z.string())
.default(["GET", "POST", "PUT", "DELETE", "OPTIONS"]),
CORS_ALLOWED_HEADERS: z
.array(z.string())
.default(["Content-Type", "Authorization", "X-Requested-With"]),
CORS_EXPOSED_HEADERS: z.array(z.string()).default([]),
CORS_CREDENTIALS: z.boolean().default(true),
CORS_MAX_AGE: z.number().default(24 * 60 * 60), // 24 hours
// Content Security Policy
CSP_ENABLED: z.boolean().default(true),
CSP_REPORT_ONLY: z.boolean().default(false),
CSP_REPORT_URI: z.string().optional(),
// Content Security Policy
CSP_ENABLED: z.boolean().default(true),
CSP_REPORT_ONLY: z.boolean().default(false),
CSP_REPORT_URI: z.string().optional(),
// SSL/TLS Configuration
REQUIRE_HTTPS: z.boolean().default(process.env.NODE_ENV === 'production'),
HSTS_MAX_AGE: z.number().default(31536000), // 1 year
HSTS_INCLUDE_SUBDOMAINS: z.boolean().default(true),
HSTS_PRELOAD: z.boolean().default(true),
// SSL/TLS Configuration
REQUIRE_HTTPS: z.boolean().default(process.env.NODE_ENV === "production"),
HSTS_MAX_AGE: z.number().default(31536000), // 1 year
HSTS_INCLUDE_SUBDOMAINS: z.boolean().default(true),
HSTS_PRELOAD: z.boolean().default(true),
// Cookie Security
COOKIE_SECRET: z.string().min(32).optional(),
COOKIE_SECURE: z.boolean().default(process.env.NODE_ENV === 'production'),
COOKIE_HTTP_ONLY: z.boolean().default(true),
COOKIE_SAME_SITE: z.enum(['Strict', 'Lax', 'None']).default('Strict'),
// Cookie Security
COOKIE_SECRET: z.string().min(32).optional(),
COOKIE_SECURE: z.boolean().default(process.env.NODE_ENV === "production"),
COOKIE_HTTP_ONLY: z.boolean().default(true),
COOKIE_SAME_SITE: z.enum(["Strict", "Lax", "None"]).default("Strict"),
// Request Limits
MAX_REQUEST_SIZE: z.number().default(1024 * 1024), // 1MB
MAX_REQUEST_FIELDS: z.number().default(1000),
// Request Limits
MAX_REQUEST_SIZE: z.number().default(1024 * 1024), // 1MB
MAX_REQUEST_FIELDS: z.number().default(1000),
});
// Parse environment variables
const parseEnvConfig = () => {
const config = {
JWT_SECRET: process.env.JWT_SECRET || 'default_secret_key_change_in_production',
JWT_EXPIRY: parseInt(process.env.JWT_EXPIRY || '86400000'),
JWT_MAX_AGE: parseInt(process.env.JWT_MAX_AGE || '2592000000'),
JWT_ALGORITHM: process.env.JWT_ALGORITHM || 'HS256',
const config = {
JWT_SECRET:
process.env.JWT_SECRET || "default_secret_key_change_in_production",
JWT_EXPIRY: parseInt(process.env.JWT_EXPIRY || "86400000"),
JWT_MAX_AGE: parseInt(process.env.JWT_MAX_AGE || "2592000000"),
JWT_ALGORITHM: process.env.JWT_ALGORITHM || "HS256",
RATE_LIMIT_WINDOW: parseInt(process.env.RATE_LIMIT_WINDOW || '900000'),
RATE_LIMIT_MAX_REQUESTS: parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '100'),
RATE_LIMIT_WEBSOCKET: parseInt(process.env.RATE_LIMIT_WEBSOCKET || '1000'),
RATE_LIMIT_WINDOW: parseInt(process.env.RATE_LIMIT_WINDOW || "900000"),
RATE_LIMIT_MAX_REQUESTS: parseInt(
process.env.RATE_LIMIT_MAX_REQUESTS || "100",
),
RATE_LIMIT_WEBSOCKET: parseInt(process.env.RATE_LIMIT_WEBSOCKET || "1000"),
TOKEN_MIN_LENGTH: parseInt(process.env.TOKEN_MIN_LENGTH || '32'),
MAX_FAILED_ATTEMPTS: parseInt(process.env.MAX_FAILED_ATTEMPTS || '5'),
LOCKOUT_DURATION: parseInt(process.env.LOCKOUT_DURATION || '900000'),
TOKEN_MIN_LENGTH: parseInt(process.env.TOKEN_MIN_LENGTH || "32"),
MAX_FAILED_ATTEMPTS: parseInt(process.env.MAX_FAILED_ATTEMPTS || "5"),
LOCKOUT_DURATION: parseInt(process.env.LOCKOUT_DURATION || "900000"),
CORS_ORIGINS: (process.env.CORS_ORIGINS || 'http://localhost:3000,http://localhost:8123')
.split(',')
.map(origin => origin.trim()),
CORS_METHODS: (process.env.CORS_METHODS || 'GET,POST,PUT,DELETE,OPTIONS')
.split(',')
.map(method => method.trim()),
CORS_ALLOWED_HEADERS: (process.env.CORS_ALLOWED_HEADERS || 'Content-Type,Authorization,X-Requested-With')
.split(',')
.map(header => header.trim()),
CORS_EXPOSED_HEADERS: (process.env.CORS_EXPOSED_HEADERS || '')
.split(',')
.filter(Boolean)
.map(header => header.trim()),
CORS_CREDENTIALS: process.env.CORS_CREDENTIALS !== 'false',
CORS_MAX_AGE: parseInt(process.env.CORS_MAX_AGE || '86400'),
CORS_ORIGINS: (
process.env.CORS_ORIGINS || "http://localhost:3000,http://localhost:8123"
)
.split(",")
.map((origin) => origin.trim()),
CORS_METHODS: (process.env.CORS_METHODS || "GET,POST,PUT,DELETE,OPTIONS")
.split(",")
.map((method) => method.trim()),
CORS_ALLOWED_HEADERS: (
process.env.CORS_ALLOWED_HEADERS ||
"Content-Type,Authorization,X-Requested-With"
)
.split(",")
.map((header) => header.trim()),
CORS_EXPOSED_HEADERS: (process.env.CORS_EXPOSED_HEADERS || "")
.split(",")
.filter(Boolean)
.map((header) => header.trim()),
CORS_CREDENTIALS: process.env.CORS_CREDENTIALS !== "false",
CORS_MAX_AGE: parseInt(process.env.CORS_MAX_AGE || "86400"),
CSP_ENABLED: process.env.CSP_ENABLED !== 'false',
CSP_REPORT_ONLY: process.env.CSP_REPORT_ONLY === 'true',
CSP_REPORT_URI: process.env.CSP_REPORT_URI,
CSP_ENABLED: process.env.CSP_ENABLED !== "false",
CSP_REPORT_ONLY: process.env.CSP_REPORT_ONLY === "true",
CSP_REPORT_URI: process.env.CSP_REPORT_URI,
REQUIRE_HTTPS: process.env.REQUIRE_HTTPS !== 'false' && process.env.NODE_ENV === 'production',
HSTS_MAX_AGE: parseInt(process.env.HSTS_MAX_AGE || '31536000'),
HSTS_INCLUDE_SUBDOMAINS: process.env.HSTS_INCLUDE_SUBDOMAINS !== 'false',
HSTS_PRELOAD: process.env.HSTS_PRELOAD !== 'false',
REQUIRE_HTTPS:
process.env.REQUIRE_HTTPS !== "false" &&
process.env.NODE_ENV === "production",
HSTS_MAX_AGE: parseInt(process.env.HSTS_MAX_AGE || "31536000"),
HSTS_INCLUDE_SUBDOMAINS: process.env.HSTS_INCLUDE_SUBDOMAINS !== "false",
HSTS_PRELOAD: process.env.HSTS_PRELOAD !== "false",
COOKIE_SECRET: process.env.COOKIE_SECRET,
COOKIE_SECURE: process.env.COOKIE_SECURE !== 'false' && process.env.NODE_ENV === 'production',
COOKIE_HTTP_ONLY: process.env.COOKIE_HTTP_ONLY !== 'false',
COOKIE_SAME_SITE: (process.env.COOKIE_SAME_SITE || 'Strict') as 'Strict' | 'Lax' | 'None',
COOKIE_SECRET: process.env.COOKIE_SECRET,
COOKIE_SECURE:
process.env.COOKIE_SECURE !== "false" &&
process.env.NODE_ENV === "production",
COOKIE_HTTP_ONLY: process.env.COOKIE_HTTP_ONLY !== "false",
COOKIE_SAME_SITE: (process.env.COOKIE_SAME_SITE || "Strict") as
| "Strict"
| "Lax"
| "None",
MAX_REQUEST_SIZE: parseInt(process.env.MAX_REQUEST_SIZE || '1048576'),
MAX_REQUEST_FIELDS: parseInt(process.env.MAX_REQUEST_FIELDS || '1000'),
};
MAX_REQUEST_SIZE: parseInt(process.env.MAX_REQUEST_SIZE || "1048576"),
MAX_REQUEST_FIELDS: parseInt(process.env.MAX_REQUEST_FIELDS || "1000"),
};
return securityConfigSchema.parse(config);
return securityConfigSchema.parse(config);
};
// Export the validated configuration
export const SECURITY_CONFIG = parseEnvConfig();
// Export types
export type SecurityConfig = z.infer<typeof securityConfigSchema>;
export type SecurityConfig = z.infer<typeof securityConfigSchema>;