📝 Commit Details:

2025-05-31 22:40:29 +02:00
parent 91b1886dde
commit df8fb197c0
14061 changed files with 997277 additions and 103548 deletions
--- a/backend/config/security.py
+++ b/backend/config/security.py
@@ -0,0 +1,81 @@
+"""
+Sicherheitskonfiguration für die MYP Platform
+"""
+
+# Sicherheits-Headers für HTTP-Responses
+SECURITY_HEADERS = {
+    'Content-Security-Policy': (
+        "default-src 'self'; "
+        "script-src 'self' 'unsafe-eval' 'unsafe-inline'; "
+        "script-src-elem 'self' 'unsafe-inline'; "
+        "style-src 'self' 'unsafe-inline'; "
+        "font-src 'self'; "
+        "img-src 'self' data:; "
+        "connect-src 'self'; "
+        "worker-src 'self' blob:; "
+        "frame-src 'none'; "
+        "object-src 'none'; "
+        "base-uri 'self'; "
+        "form-action 'self'; "
+        "frame-ancestors 'none';"
+    ),
+    'X-Content-Type-Options': 'nosniff',
+    'X-Frame-Options': 'DENY',
+    'X-XSS-Protection': '1; mode=block',
+    'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
+    'Referrer-Policy': 'strict-origin-when-cross-origin',
+    'Permissions-Policy': 'geolocation=(), microphone=(), camera=()'
+}
+
+# Rate Limiting Konfiguration
+RATE_LIMITS = {
+    'default': "200 per day, 50 per hour",
+    'login': "5 per minute",
+    'api': "100 per hour",
+    'admin': "500 per hour"
+}
+
+# Session-Sicherheit
+SESSION_CONFIG = {
+    'SESSION_COOKIE_SECURE': False,  # Für Offline-Betrieb auf False setzen
+    'SESSION_COOKIE_HTTPONLY': True,
+    'SESSION_COOKIE_SAMESITE': 'Lax',
+    'PERMANENT_SESSION_LIFETIME': 3600  # 1 Stunde
+}
+
+# CSRF-Schutz
+CSRF_CONFIG = {
+    'CSRF_ENABLED': True,
+    'CSRF_SESSION_KEY': 'csrf_token',
+    'CSRF_TIME_LIMIT': 3600
+}
+
+class SecurityConfig:
+    """Sicherheitskonfiguration für die Anwendung"""
+    
+    def __init__(self):
+        self.headers = SECURITY_HEADERS
+        self.rate_limits = RATE_LIMITS
+        self.session_config = SESSION_CONFIG
+        self.csrf_config = CSRF_CONFIG
+    
+    def get_headers(self):
+        """Gibt die Sicherheits-Headers zurück"""
+        return self.headers
+    
+    def get_rate_limits(self):
+        """Gibt die Rate-Limiting-Konfiguration zurück"""
+        return self.rate_limits
+    
+    def get_session_config(self):
+        """Gibt die Session-Konfiguration zurück"""
+        return self.session_config
+    
+    def get_csrf_config(self):
+        """Gibt die CSRF-Konfiguration zurück"""
+        return self.csrf_config
+
+
+def get_security_headers():
+    """Gibt die Sicherheits-Headers zurück"""
+    return SECURITY_HEADERS