/** * Security Module * * Provides security-related utilities including CSRF, XSS protection, and CSP helpers. * * Usage: * - Add data-module="security" to enable global security features * - Or import and use directly: import { SecurityManager } from './modules/security/index.js' * * Features: * - CSRF token management and auto-refresh * - XSS protection helpers * - Content Security Policy helpers * - Security headers validation */ import { Logger } from '../../core/logger.js'; import { SecurityManager } from './SecurityManager.js'; import { CsrfManager } from './CsrfManager.js'; const SecurityModule = { name: 'security', securityManager: null, init(config = {}, state = null) { Logger.info('[SecurityModule] Module initialized'); // Create security manager this.securityManager = SecurityManager.create(config); // Expose globally for easy access if (typeof window !== 'undefined') { window.SecurityManager = this.securityManager; window.CsrfManager = this.securityManager.csrfManager; } return this; }, /** * Get security manager instance */ getSecurityManager() { return this.securityManager || SecurityManager.create(); }, /** * Get CSRF token */ getCsrfToken() { return this.securityManager?.getCsrfToken() || null; }, /** * Refresh CSRF token */ async refreshCsrfToken() { if (this.securityManager) { return await this.securityManager.refreshCsrfToken(); } }, destroy() { if (this.securityManager) { this.securityManager.destroy(); this.securityManager = null; } if (typeof window !== 'undefined') { delete window.SecurityManager; delete window.CsrfManager; } Logger.info('[SecurityModule] Module destroyed'); } }; // Export for direct usage export { SecurityManager, CsrfManager }; // Export as default for module system export default SecurityModule; // Export init function for module system export const init = SecurityModule.init.bind(SecurityModule);