tessl/npm-koa-helmet

Security header middleware collection for Koa applications that wraps Helmet.js

1.04x

Overview

Eval results

Files

Security Configuration Service

Name: tessl/npm-koa-helmet
Rating: 0.91 (1 reviews)
Author: tessl

Build a configuration service for a web application that applies different security header policies based on route types. The service should support both strict security for sensitive routes and relaxed policies for public content.

@generates

Requirements

Route-Based Security Profiles

The service must provide three distinct security profiles:

Strict Profile: For admin and authentication routes
- Deny all frame embedding
- Enforce HTTPS with 1-year max-age
- Disable Content Security Policy (as it will be handled separately)
- Enable all other default security headers
API Profile: For API endpoints
- Disable Content Security Policy
- Disable frameguard
- Keep HSTS with default settings
- Enable all other default security headers
Public Profile: For public content routes
- Allow same-origin frame embedding
- Use short HSTS duration (30 days)
- Keep Content Security Policy enabled with defaults
- Enable all other default security headers

Configuration Functions

Implement three functions that return appropriate middleware:

getStrictSecurityMiddleware(): Returns middleware for strict security profile
getApiSecurityMiddleware(): Returns middleware for API profile
getPublicSecurityMiddleware(): Returns middleware for public profile

Each function should return middleware that can be directly used with app.use().

Test Cases

The strict profile disables CSP, denies framing, and sets HSTS to 31536000 seconds @test
The API profile disables both CSP and frameguard @test
The public profile allows same-origin framing and sets HSTS maxAge to 2592000 seconds @test

API

/**
 * Returns middleware configured with strict security settings
 * @returns {Function} Koa middleware function
 */
function getStrictSecurityMiddleware() {
  // Implementation here
}

/**
 * Returns middleware configured for API endpoints
 * @returns {Function} Koa middleware function
 */
function getApiSecurityMiddleware() {
  // Implementation here
}

/**
 * Returns middleware configured for public content
 * @returns {Function} Koa middleware function
 */
function getPublicSecurityMiddleware() {
  // Implementation here
}

module.exports = {
  getStrictSecurityMiddleware,
  getApiSecurityMiddleware,
  getPublicSecurityMiddleware,
};

Dependencies { .dependencies }

koa-helmet { .dependency }

Provides security header middleware for Koa applications.

helmet { .dependency }

Required peer dependency for koa-helmet.

Install with Tessl CLI

npx tessl i tessl/npm-koa-helmet