search

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
https://nuxt-security.vercel.app/
MIT License
819 stars 56 forks source link

Export configuration type #263

Closed Tristan971 closed 1 year ago

Tristan971 commented 1 year ago

Is your feature request related to a problem? Please describe.

It's rather difficult to always rely strictly on nuxt schema doing the right thing when it comes to module options typing.

And it more specifically doesn't seem to really work with nuxt-security.

Describe the solution you'd like

Please export the ModuleOptions type, so that we can reasonably statically import it on our end in our configuration.

Describe alternatives you've considered

Making nuxt schemas work reliably. Alas they're notoriously brittle.

Additional context

Running typechecking (nuxi typecheck) over my project after copy-pasting the default headers config yields this beauty:

nuxt.config.ts:288:3 - error TS2322: Type '{ enabled: boolean; allowedMethodsRestricter: { methods: string[]; }; basicAuth: boolean; corsHandler: boolean; csrf: boolean; headers: { crossOriginResourcePolicy: string; crossOriginOpenerPolicy: string; ... 11 more ...; permissionsPolicy: { ...; }; }; ... 6 more ...; xssValidator: boolean; }' is not assignable to type 'Partial<ModuleOptions>'.
  Types of property 'headers' are incompatible.
    Type '{ crossOriginResourcePolicy: string; crossOriginOpenerPolicy: string; crossOriginEmbedderPolicy: string; contentSecurityPolicy: { 'base-uri': string[]; 'font-src': string[]; 'form-action': string[]; ... 5 more ...; 'upgrade-insecure-requests': boolean; }; ... 9 more ...; permissionsPolicy: { ...; }; }' is not assignable to type 'false | SecurityHeaders | undefined'.
      Type '{ crossOriginResourcePolicy: string; crossOriginOpenerPolicy: string; crossOriginEmbedderPolicy: string; contentSecurityPolicy: { 'base-uri': string[]; 'font-src': string[]; 'form-action': string[]; ... 5 more ...; 'upgrade-insecure-requests': boolean; }; ... 9 more ...; permissionsPolicy: { ...; }; }' is not assignable to type 'SecurityHeaders'.
        Types of property 'crossOriginResourcePolicy' are incompatible.
          Type 'string' is not assignable to type 'false | CrossOriginResourcePolicyValue | undefined'.

288   security: securityConfig(process.env.NODE_ENV === "development"),
      ~~~~~~~~

  .nuxt/types/schema.d.ts:8:5
    8     ["security"]?: typeof import("nuxt-security").default extends NuxtModule<infer O> ? Partial<O> : Record<string, any>
          ~~~~~~~~~~~~
    The expected type comes from property 'security' which is declared here on type 'InputConfig<NuxtConfig, ConfigLayerMeta>'

Found 1 error in nuxt.config.ts:288

I'm not entirely sure who's at fault but it'd definitely be easier to handle if we had full typing without relying on nuxt module schemas.

Note that I don't need those types to be stable across versions. That is, I'm not asking for a stable API, just to be able to import them.

Baroshem commented 1 year ago

Hey, this is an interesting idea!

Let's merge this PR and add this functionality to the module to resolve your issue :)

Tristan971 commented 1 year ago

Thanks :)