@safez/axios-safez v1.0.0

Overview of Axios-safez

Axios-safez is a middleware for Axios, designed to seamlessly encrypt and decrypt HTTP requests and responses, ensuring the security of data in transit by applying robust encryption algorithms. It acts as a vital layer of security for web applications, safeguarding sensitive data from unauthorized access.

By integrating with Axios, it provides an easy-to-use solution for developers looking to enhance their application's security. The middleware automatically encrypts data before sending it from the client and decrypts received data, ensuring that sensitive information remains protected throughout the transmission process.

Axios-safez is highly configurable, offering developers the flexibility to set up custom encryption settings based on their specific security requirements. This adaptability makes it suitable for a wide range of applications, from those requiring high levels of data protection to those needing basic encryption for general security enhancement.

• Supports various encryption standards, ensuring that data is securely encrypted during transit.
• Helps mitigate the risk of data breaches and cyberattacks by providing an additional layer of security.

Integrating Axios-safez into web applications is straightforward, enhancing security measures without complicating the development process.

Installation

Integrate Axios-safez into your project using the following command:

npm install @safez/axios-safez or yarn add @safez/axios-safez

Setup and Configuration

Configure Axios-safez with your Axios instance to encrypt and decrypt requests and responses:

import {safezAxios} from '@safez/axios-safex'

Usage

All Axios requests and responses will automatically be encrypted and decrypted after configuring Axios-safez.

Customizing Encryption per Request

Customize the encryption type for specific requests using the x-ss-token header:

safezAxios(axios,{enableSafez:true,safezSaavi:'dummysecretkeyab', cryptoType: 'field'});

The optional values inside safezAxios are crypto type, configurable values are 'full', 'field', 'none'. When safezEnable is true, default value is full. When configured the safez, all your payload will be encrypted

Customizing request to be encrypted as an object

    const payload = {
        name: 'safez',
        product: 'security',
    }
    const config = {
        cryptoType: 'none',
        encryptErrorCodes: []
    }
    const headers = {
       'x-ss-token': JSON.stringify(config)
    }
    const response = await axios.post('http://example.url/api/post', payload, {
       headers: headers
    });
    // payload will be {encryptedData: 'encrypted string'}

Customizing request not to be encrypted

    const config = {
        cryptoType: 'none',
        encryptErrorCodes: []
    }
    const headers = {
       'x-ss-token': JSON.stringify(config)
    }
   
    const response = await axios.post('http://example.url/api/post', payload, {
       headers: headers
    });

Customizing request payload is not encrypted as whole object, but only values of the object

    const payload = {
        name: 'safez',
        product: 'security',
    }
    const config = {
        cryptoType: 'field',
        encryptErrorCodes: []
      }
      const headers = {
        'x-ss-token': JSON.stringify(config)
      }
   
      const response = await axios.post('http://example.url/api/post', payload, {
          headers: headers
      });
      // payload will be {name: 'encrypted string', product: 'encrypted string'}

Handling Errors

When utilizing encrypted data communication, it's crucial to handle errors effectively, especially in scenarios involving encrypted error messages. Axios-safez provides the tools necessary to intercept, decrypt, and process error messages securely, ensuring your application can respond to errors appropriately.

Best Practices for Secure Error Handling

• Encryption Secret Management: It's vital to protect your encryption secret, ensuring it's never exposed in client-side code or to unauthorized individuals. Use secure storage solutions, like environment variables or secret management services, and restrict access to the encryption secret as much as possible.
• Optimize Encryption Use: While encryption adds a layer of security, it also introduces complexity and potential performance implications. Use the x-sz-token header to selectively enable or disable encryption for specific requests, balancing security needs with application performance.

Troubleshooting Common Encryption Issues

• Encryption/Decryption Failures: Ensure that the encryption keys or secrets used on the client and server are identical. Mismatches can prevent successful decryption, leading to errors. Regularly audit and synchronize encryption configurations across your infrastructure.
• Axios Interceptor Conflicts: Axios-safez operates by intercepting requests and responses. If other interceptors are used within your Axios configuration, ensure they do not conflict or override the functionality of Axios-safez. Testing interceptor compatibility in development environments is recommended to identify and resolve potential conflicts.

By following these best practices and troubleshooting tips, you can ensure that your application securely handles encrypted error messages and maintains robust data security protocols.

Frequently Asked Questions (FAQ)

Below are answers to some of the most common questions about Axios-safez, providing further insights into its functionality and integration.

• Can Axios-safez be used with any Axios instance?

  Yes. Axios-safez is designed to be compatible with any Axios instance, making it a versatile tool for enhancing the security of HTTP requests and responses across various applications.

• How can I exclude specific requests from encryption?

  To bypass encryption for particular requests, use the x-sz-token header with a value of 'none'. This tells Axios-safez to skip encryption for those requests, offering flexibility in how encryption is applied.