24 lines
691 B
Text
24 lines
691 B
Text
|
|
# Security middleware and RBAC policy path
|
||
|
|
#
|
||
|
|
# SecurityConfig drives CSRF protection, rate limiting, and bcrypt cost.
|
||
|
|
# RbacNclConfig.ncl_path points to the hot-reloadable RBAC policy file —
|
||
|
|
# only the PATH is declared here; the file content is never inlined so that
|
||
|
|
# the rbac-watcher can reload it without a server restart.
|
||
|
|
|
||
|
|
let C = import "server/contracts.ncl" in
|
||
|
|
let SC = import "security/contracts.ncl" in
|
||
|
|
|
||
|
|
{
|
||
|
|
security = {
|
||
|
|
enable_csrf = false,
|
||
|
|
csrf_token_name = "csrf_token",
|
||
|
|
rate_limit_requests = 100,
|
||
|
|
rate_limit_window = 60,
|
||
|
|
bcrypt_cost = 12,
|
||
|
|
} | SC.SecurityConfig,
|
||
|
|
|
||
|
|
rbac = {
|
||
|
|
ncl_path = "site/rbac.ncl",
|
||
|
|
} | C.RbacNclConfig,
|
||
|
|
}
|