/** * Input Validation Example * Demonstrates how to use the comprehensive input validation system */ import { InputValidator, MemoryRateLimitStore, RateLimiter } from './index'; import type { ValidationSchema } from './types'; // Example 1: Basic Input Validation function basicValidationExample() { console.log('=== Basic Input Validation Example ==='); const validator = new InputValidator(); // Define validation schema const userSchema: ValidationSchema = { name: [ validator.getRule('required')!, validator.getRule('maxLength')! ], email: [ validator.getRule('required')!, validator.getRule('email')!, validator.getRule('noXss')! ], age: [ validator.getRule('numeric')! ] }; // Valid data const validUser = { name: 'John Doe', email: 'john@example.com', age: '25' }; const validResult = validator.validate(validUser, userSchema); console.log('Valid user result:', validResult); // Invalid data with XSS attempt const maliciousUser = { name: 'Hacker', email: '', age: 'not-a-number' }; const invalidResult = validator.validate(maliciousUser, userSchema); console.log('Malicious user result:', invalidResult); } // Example 2: SQL Injection Prevention function sqlInjectionExample() { console.log('\n=== SQL Injection Prevention Example ==='); const validator = new InputValidator(); // Test various SQL injection attempts const inputs = [ "John Doe", // Safe input "'; DROP TABLE users; --", // SQL injection attempt "1' OR '1'='1", // Boolean-based injection "UNION SELECT * FROM passwords" // Union-based injection ]; inputs.forEach(input => { const result = validator.validateSqlInput(input); console.log(`Input: "${input}"`); console.log(`Valid: ${result.isValid}`); console.log(`Sanitized: "${result.sanitized}"`); console.log(`Threats: ${result.threats.join(', ')}`); console.log('---'); }); } // Example 3: Path Traversal Prevention function pathTraversalExample() { console.log('\n=== Path Traversal Prevention Example ==='); const validator = new InputValidator(); const paths = [ 'documents/file.txt', // Safe path '../../../etc/passwd', // Path traversal attempt 'C:\\Windows\\System32\\config\\SAM', // Windows system path 'images/photo.jpg' // Safe path ]; paths.forEach(path => { const result = validator.validatePath(path); console.log(`Path: "${path}"`); console.log(`Valid: ${result.isValid}`); console.log(`Errors: ${result.errors.join(', ')}`); console.log('---'); }); } // Example 4: Rate Limiting async function rateLimitingExample() { console.log('\n=== Rate Limiting Example ==='); const store = new MemoryRateLimitStore(); const rateLimiter = new RateLimiter({ windowMs: 60000, // 1 minute maxRequests: 3 // 3 requests per minute }, store); const mockRequest = { ip: '127.0.0.1' }; // Make several requests for (let i = 1; i <= 5; i++) { const result = await rateLimiter.checkLimit(mockRequest); console.log(`Request ${i}:`); console.log(`Allowed: ${result.allowed}`); console.log(`Remaining: ${result.remaining}`); if (result.retryAfter) { console.log(`Retry after: ${result.retryAfter} seconds`); } console.log('---'); } store.destroy(); } // Example 5: Custom Validation Rules function customRulesExample() { console.log('\n=== Custom Validation Rules Example ==='); const validator = new InputValidator(); // Create a custom password strength rule const strongPasswordRule = validator.createRule( 'strongPassword', (value: string) => { if (!value) return false; return value.length >= 8 && /[A-Z]/.test(value) && /[a-z]/.test(value) && /[0-9]/.test(value) && /[!@#$%^&*]/.test(value); }, 'Password must be at least 8 characters with uppercase, lowercase, numbers, and special characters' ); const passwordSchema: ValidationSchema = { password: [ validator.getRule('required')!, strongPasswordRule ] }; const passwords = [ 'weak', 'StrongPass123!', 'NoNumbers!', 'nonumbers123!' ]; passwords.forEach(password => { const result = validator.validate({ password }, passwordSchema); console.log(`Password: "${password}"`); console.log(`Valid: ${result.isValid}`); if (!result.isValid) { console.log(`Errors: ${result.errors.map(e => e.message).join(', ')}`); } console.log('---'); }); } // Example 6: Comprehensive Security Validation function comprehensiveExample() { console.log('\n=== Comprehensive Security Validation Example ==='); const validator = new InputValidator({ enableSqlInjectionPrevention: true, enableXssProtection: true, enablePathTraversalPrevention: true, sanitizationDefaults: { maxLength: 1000, trimWhitespace: true, escapeHtml: true } }); // Define a comprehensive schema for user input const schema: ValidationSchema = { username: [ validator.getRule('required')!, validator.getRule('noXss')!, validator.getRule('noSqlInjection')! ], bio: [ validator.getRule('noXss')!, validator.getRule('maxLength')! ], website: [ validator.getRule('url')!, validator.getRule('noXss')! ], profileImage: [ validator.getRule('safePath')! ] }; const userInput = { username: '', bio: 'I am a developer who loves coding and "; DROP TABLE users; --', website: 'javascript:alert("xss")', profileImage: '../../../etc/passwd' }; const result = validator.validate(userInput, schema); console.log('Comprehensive validation result:'); console.log('Valid:', result.isValid); console.log('Errors:', result.errors); console.log('Sanitized data:', result.sanitizedData); } // Run all examples async function runExamples() { basicValidationExample(); sqlInjectionExample(); pathTraversalExample(); await rateLimitingExample(); customRulesExample(); comprehensiveExample(); } // Export for use in other files export { basicValidationExample, comprehensiveExample, customRulesExample, pathTraversalExample, rateLimitingExample, runExamples, sqlInjectionExample }; // Run examples if this file is executed directly if (require.main === module) { runExamples().catch(console.error); }