🤨 What is this?
The MSEC framework is a helper that adds further security for applications running Vapor. This includes recommended security headers, helper extensions and middlewares.
| Name | Minimum version | | ------------- | --------------- | | Swift | 4.1 | | Vapor | 3.0 |
Add the following to your SPM file:
.package(url: "https://github.com/menly/msec-vapor.git", from: "1.0.0")
TODO: Write usage.
Import the framework to use it's content.
Start by adding the msec headers to the configuration.
If the server is an api backend, then you can use the
.default() static method, but if it's a web server, that serves static content, then you should create your own configuration based on how you serve those files. For more info, see the CSP configuration object.
// 1. add the middleware to the services: services.register(MSECHeaderMiddleware.default()) // 2. then add the middleware to the middleware config var middlewares = MiddlewareConfig() middlewares.use(MSECHeaderMiddleware.self) ... services.register(middlewares)
IMPORTANT: please remember that the msec headers should be added FIRST in the middleware, so it's always applied, even in the case of errors.
API key middleware
To use the API key middleware, you must make sure that you have an environment variable named ...
This middleware should be used on a per route group basis like:
let internalRoutes = clients.grouped("private").grouped(APIKeyMiddleware())
Then the following requests to this endpoint must have the API key in the bearer token authorization header field.
The names and logos for Menly and their products are trademarks of Menly ApS.
Copyright (c) Menly ApS 2016-present.
See the license file for more information.