81 lines
2.3 KiB
Python
81 lines
2.3 KiB
Python
"""
|
|
Sicherheitskonfiguration für die MYP Platform
|
|
"""
|
|
|
|
# Sicherheits-Headers für HTTP-Responses
|
|
SECURITY_HEADERS = {
|
|
'Content-Security-Policy': (
|
|
"default-src 'self'; "
|
|
"script-src 'self' 'unsafe-eval' 'unsafe-inline'; "
|
|
"script-src-elem 'self' 'unsafe-inline'; "
|
|
"style-src 'self' 'unsafe-inline'; "
|
|
"font-src 'self'; "
|
|
"img-src 'self' data:; "
|
|
"connect-src 'self'; "
|
|
"worker-src 'self' blob:; "
|
|
"frame-src 'none'; "
|
|
"object-src 'none'; "
|
|
"base-uri 'self'; "
|
|
"form-action 'self'; "
|
|
"frame-ancestors 'none';"
|
|
),
|
|
'X-Content-Type-Options': 'nosniff',
|
|
'X-Frame-Options': 'DENY',
|
|
'X-XSS-Protection': '1; mode=block',
|
|
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
|
|
'Referrer-Policy': 'strict-origin-when-cross-origin',
|
|
'Permissions-Policy': 'geolocation=(), microphone=(), camera=()'
|
|
}
|
|
|
|
# Rate Limiting Konfiguration
|
|
RATE_LIMITS = {
|
|
'default': "200 per day, 50 per hour",
|
|
'login': "5 per minute",
|
|
'api': "100 per hour",
|
|
'admin': "500 per hour"
|
|
}
|
|
|
|
# Session-Sicherheit
|
|
SESSION_CONFIG = {
|
|
'SESSION_COOKIE_SECURE': False, # Für Offline-Betrieb auf False setzen
|
|
'SESSION_COOKIE_HTTPONLY': True,
|
|
'SESSION_COOKIE_SAMESITE': 'Lax',
|
|
'PERMANENT_SESSION_LIFETIME': 3600 # 1 Stunde
|
|
}
|
|
|
|
# CSRF-Schutz
|
|
CSRF_CONFIG = {
|
|
'CSRF_ENABLED': True,
|
|
'CSRF_SESSION_KEY': 'csrf_token',
|
|
'CSRF_TIME_LIMIT': 3600
|
|
}
|
|
|
|
class SecurityConfig:
|
|
"""Sicherheitskonfiguration für die Anwendung"""
|
|
|
|
def __init__(self):
|
|
self.headers = SECURITY_HEADERS
|
|
self.rate_limits = RATE_LIMITS
|
|
self.session_config = SESSION_CONFIG
|
|
self.csrf_config = CSRF_CONFIG
|
|
|
|
def get_headers(self):
|
|
"""Gibt die Sicherheits-Headers zurück"""
|
|
return self.headers
|
|
|
|
def get_rate_limits(self):
|
|
"""Gibt die Rate-Limiting-Konfiguration zurück"""
|
|
return self.rate_limits
|
|
|
|
def get_session_config(self):
|
|
"""Gibt die Session-Konfiguration zurück"""
|
|
return self.session_config
|
|
|
|
def get_csrf_config(self):
|
|
"""Gibt die CSRF-Konfiguration zurück"""
|
|
return self.csrf_config
|
|
|
|
|
|
def get_security_headers():
|
|
"""Gibt die Sicherheits-Headers zurück"""
|
|
return SECURITY_HEADERS |