Logo

Security Guide

XyPriss includes comprehensive security features to protect your application from common vulnerabilities. This guide covers basic configuration, security levels, and best practices.

Basic Security Configuration

Enable core security features globally in your server options:

typescript
import { createServer } from "xypriss";

const server = createServer({
    security: {
        enabled: true,
        csrf: true,
        rateLimit: {
            max: 100,
            windowMs: 15 * 60 * 1000, // 100 requests per 15 minutes
        },
    },
});

Security Levels

XyPriss offers three pre-defined security levels to quickly configure your application's defensive posture.

Basic

  • Essential security headers
  • Basic CORS protection
  • Request logging

Enhanced

  • All basic features
  • CSRF protection
  • Rate limiting
  • Input sanitization
  • XSS protection

Maximum

  • All enhanced features
  • Strict CSP policies
  • Advanced rate limiting
  • IP whitelisting/blacklisting
  • Request signature validation
typescript
const server = createServer({
    security: {
        enabled: true,
        level: "enhanced", // "basic" | "enhanced" | "maximum"
    },
});

Security Headers

XyPriss automatically sets secure HTTP headers using Helmet. You can customize these directives in your configuration:

typescript
const server = createServer({
    security: {
        helmet: {
            contentSecurityPolicy: {
                directives: {
                    defaultSrc: ["'self'"],
                    styleSrc: ["'self'", "'unsafe-inline'"],
                    scriptSrc: ["'self'"],
                    imgSrc: ["'self'", "data:", "https:"],
                },
            },
            hsts: {
                maxAge: 31536000,
                includeSubDomains: true,
                preload: true,
            },
        },
    },
});

Security Best Practices

Always enable HTTPS in production
Use environment variables for sensitive data
Implement rate limiting on auth endpoints
Validate and sanitize all user inputs
Keep dependencies updated regularly
Use CSRF protection for state-changing ops
Implement proper authentication
Log security events for monitoring

Monitoring & Logging

Enable security event logging to monitor for suspicious activity:

typescript
const server = createServer({
    logging: {
        enabled: true,
        level: "info",
        components: {
            security: true,
        },
    },
    security: {
        enabled: true,
        logSecurityEvents: true,
    },
});
XyPriss Security Shield
For projects requiring advanced protection, install the optional security shield:
bash
xfpm install xypriss-security
Environment Shield

Secure your server by preventing unauthorized access to sensitive system files and directories.