server/validate_nginx.ts

String-based nginx config validator for fuz_app deploy configs.
Checks consumer NGINX_CONFIG template strings for required security
properties. This is pattern matching on template strings, not a real
nginx parser — it catches common security omissions but won't catch
all possible misconfigurations.

Declarations
#

2 declarations

view source

NginxValidationResult
#

server/validate_nginx.ts view source

NginxValidationResult

Result of validating an nginx config template string.

`ok`

True when no errors were detected. Warnings do not affect this flag.

type boolean

`warnings`

Non-fatal issues — missing optional headers, weakened defaults, etc.

type Array<string>

`errors`

Fatal issues — missing /api block, missing required security headers, etc.

type Array<string>

validate_nginx_config
#

server/validate_nginx.ts view source

(config: string): NginxValidationResult

Validate an nginx config template string for security properties.
Checks for required security headers, Authorization stripping in /api
blocks, and the nginx add_header inheritance gotcha. Designed for
fuz_app consumer deploy configs (zap.ts NGINX_CONFIG constants).
Limitations: string pattern matching, not a real nginx parser. Catches
common omissions in fuz_app deploy configs but won't catch all possible
misconfigurations.

`config`

type string

returns

NginxValidationResult