akanealw
eec8c28fb3
Some checks are pending
Go Benchmark / Performance Regression Check (push) Waiting to run
Cerberus Integration / Cerberus Security Stack Integration (push) Waiting to run
Upload Coverage to Codecov / Backend Codecov Upload (push) Waiting to run
Upload Coverage to Codecov / Frontend Codecov Upload (push) Waiting to run
CodeQL - Analyze / CodeQL analysis (go) (push) Waiting to run
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Waiting to run
CrowdSec Integration / CrowdSec Bouncer Integration (push) Waiting to run
Docker Build, Publish & Test / build-and-push (push) Waiting to run
Docker Build, Publish & Test / Security Scan PR Image (push) Blocked by required conditions
Quality Checks / Auth Route Protection Contract (push) Waiting to run
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Waiting to run
Quality Checks / Backend (Go) (push) Waiting to run
Quality Checks / Frontend (React) (push) Waiting to run
Rate Limit integration / Rate Limiting Integration (push) Waiting to run
Security Scan (PR) / Trivy Binary Scan (push) Waiting to run
Supply Chain Verification (PR) / Verify Supply Chain (push) Waiting to run
WAF integration / Coraza WAF Integration (push) Waiting to run
72 lines
2.9 KiB
Go
Executable File
72 lines
2.9 KiB
Go
Executable File
package models
|
|
|
|
import (
|
|
"time"
|
|
)
|
|
|
|
// SecurityHeaderProfile stores reusable security header configurations.
|
|
// Users can create profiles and assign them to proxy hosts.
|
|
type SecurityHeaderProfile struct {
|
|
ID uint `json:"-" gorm:"primaryKey"`
|
|
UUID string `json:"uuid" gorm:"uniqueIndex;not null"`
|
|
Name string `json:"name" gorm:"index;not null"`
|
|
|
|
// HSTS Configuration
|
|
HSTSEnabled bool `json:"hsts_enabled" gorm:"default:true"`
|
|
HSTSMaxAge int `json:"hsts_max_age" gorm:"default:31536000"` // 1 year in seconds
|
|
HSTSIncludeSubdomains bool `json:"hsts_include_subdomains" gorm:"default:true"`
|
|
HSTSPreload bool `json:"hsts_preload" gorm:"default:false"`
|
|
|
|
// Content-Security-Policy
|
|
CSPEnabled bool `json:"csp_enabled" gorm:"default:false"`
|
|
CSPDirectives string `json:"csp_directives" gorm:"type:text"` // JSON object of CSP directives
|
|
CSPReportOnly bool `json:"csp_report_only" gorm:"default:false"`
|
|
CSPReportURI string `json:"csp_report_uri"`
|
|
|
|
// X-Frame-Options
|
|
XFrameOptions string `json:"x_frame_options" gorm:"default:DENY"` // DENY, SAMEORIGIN, or empty
|
|
|
|
// X-Content-Type-Options
|
|
XContentTypeOptions bool `json:"x_content_type_options" gorm:"default:true"` // nosniff
|
|
|
|
// Referrer-Policy
|
|
ReferrerPolicy string `json:"referrer_policy" gorm:"default:strict-origin-when-cross-origin"`
|
|
|
|
// Permissions-Policy (formerly Feature-Policy)
|
|
PermissionsPolicy string `json:"permissions_policy" gorm:"type:text"` // JSON array of policies
|
|
|
|
// Cross-Origin Headers
|
|
CrossOriginOpenerPolicy string `json:"cross_origin_opener_policy" gorm:"default:same-origin"`
|
|
CrossOriginResourcePolicy string `json:"cross_origin_resource_policy" gorm:"default:same-origin"`
|
|
CrossOriginEmbedderPolicy string `json:"cross_origin_embedder_policy"` // require-corp or empty
|
|
|
|
// X-XSS-Protection (legacy but still useful)
|
|
XSSProtection bool `json:"xss_protection" gorm:"default:true"`
|
|
|
|
// Cache-Control for security
|
|
CacheControlNoStore bool `json:"cache_control_no_store" gorm:"default:false"`
|
|
|
|
// Computed Security Score (0-100)
|
|
SecurityScore int `json:"security_score" gorm:"default:0"`
|
|
|
|
// Metadata
|
|
IsPreset bool `json:"is_preset" gorm:"default:false"` // System presets can't be deleted
|
|
PresetType string `json:"preset_type"` // "basic", "strict", "paranoid", or empty for custom
|
|
Description string `json:"description" gorm:"type:text"`
|
|
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
// CSPDirective represents a single CSP directive for the builder
|
|
type CSPDirective struct {
|
|
Directive string `json:"directive"` // e.g., "default-src", "script-src"
|
|
Values []string `json:"values"` // e.g., ["'self'", "https:"]
|
|
}
|
|
|
|
// PermissionsPolicyItem represents a single Permissions-Policy entry
|
|
type PermissionsPolicyItem struct {
|
|
Feature string `json:"feature"` // e.g., "camera", "microphone"
|
|
Allowlist []string `json:"allowlist"` // e.g., ["self"], ["*"], []
|
|
}
|