Security Plugins

The Security class provides factory methods for registering common security-related Fastify plugins. Pass them to app.security().

Usage

main.ts TypeScript 
import { Security } from '@abrahambass/nova';

await app.security([
  Security.cors(),
  Security.helmet(),
  Security.rateLimit(),
  Security.compress(),
]);

Available Plugins

Security.cors(options?)

Registers @fastify/cors for cross-origin resource sharing.

DefaultValue
origintrue (reflect request origin)
credentialstrue
Example TypeScript 
Security.cors({
  origin: ['https://myapp.com', 'https://admin.myapp.com'],
  methods: ['GET', 'POST', 'PUT', 'DELETE'],
  credentials: true,
})

Security.helmet(options?)

Registers @fastify/helmet for security headers (XSS protection, HSTS, etc.).

DefaultValue
globaltrue

Security.rateLimit(options?)

Registers @fastify/rate-limit to prevent abuse.

DefaultValue
max100 requests per window
timeWindow'1 minute'
Example TypeScript 
Security.rateLimit({
  max: 50,
  timeWindow: '30 seconds',
})

Security.cookies(options?)

Registers @fastify/cookie for cookie parsing and setting.

Security.csrf(options?)

Registers @fastify/csrf-protection for cross-site request forgery protection.

Security.compress(options?)

Registers @fastify/compress for response compression (gzip, brotli).

DefaultValue
globaltrue

Security.staticFiles(options?)

Registers @fastify/static for serving static files from a directory.

Example TypeScript 
import path from 'path';

Security.staticFiles({
  root: path.join(__dirname, 'public'),
  prefix: '/public/',
})

Plugin Summary

MethodUnderlying PluginOptions Required
Security.cors()@fastify/corsOptional
Security.helmet()@fastify/helmetOptional
Security.rateLimit()@fastify/rate-limitOptional
Security.cookies()@fastify/cookieOptional
Security.csrf()@fastify/csrf-protectionOptional
Security.compress()@fastify/compressOptional
Security.staticFiles()@fastify/staticOptional
Previous ← Authentication