Simplify security middleware configuration

- Replaced detailed Helmet configuration with default settings
- Added rate limiting middleware with standard configuration
- Streamlined security middleware chain for improved readability and maintainability

src/security/index.ts

@@ -178,32 +178,11 @@ export function errorHandler(err: Error, req: Request, res: Response, next: Next
 
 // Export security middleware chain
 export const securityMiddleware = [
-    helmet({
+    helmet(),
-        contentSecurityPolicy: {
+    rateLimit({
-            directives: {
+        windowMs: 15 * 60 * 1000,
-                defaultSrc: ["'self'"],
+        max: 100
-                scriptSrc: ["'self'", "'unsafe-inline'"],
-                styleSrc: ["'self'", "'unsafe-inline'"],
-                imgSrc: ["'self'", 'data:', 'https:'],
-                connectSrc: ["'self'", process.env.HASS_HOST || ''],
-                upgradeInsecureRequests: true
-            }
-        },
-        dnsPrefetchControl: true,
-        frameguard: {
-            action: 'deny'
-        },
-        hidePoweredBy: true,
-        hsts: {
-            maxAge: 31536000,
-            includeSubDomains: true,
-            preload: true
-        },
-        noSniff: true,
-        referrerPolicy: { policy: 'no-referrer' },
-        xssFilter: true
     }),
-    rateLimiter,
     validateRequest,
     sanitizeInput,
     errorHandler