API安全加固指南 - 身份验证、速率限制、输入验证完整解决方案

api-security-hardening by aj-geddes/useful-ai-prompts

323 周安装量

141 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill api-security-hardening

Node.js API 安全

🇨🇳中文介绍

API 安全加固

概述

实施全面的 API 安全措施，包括身份验证、授权、速率限制、输入验证和攻击防护，以防范常见漏洞。

使用场景

新 API 开发
安全审计修复
生产环境 API 加固
合规性要求
高流量 API 保护
公开 API 暴露

快速开始

最小化工作示例：

// secure-api.js - Comprehensive API security
const express = require("express");
const helmet = require("helmet");
const rateLimit = require("express-rate-limit");
const mongoSanitize = require("express-mongo-sanitize");
const xss = require("xss-clean");
const hpp = require("hpp");
const cors = require("cors");
const jwt = require("jsonwebtoken");
const validator = require("validator");

class SecureAPIServer {
  constructor() {
    this.app = express();
    this.setupSecurityMiddleware();
    this.setupRoutes();
  }

  setupSecurityMiddleware() {
    // 1. Helmet - Set security headers
    this.app.use(
      helmet({
        contentSecurityPolicy: {
          directives: {
            defaultSrc: ["'self'"],
// ... (see reference guides for full implementation)

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

指南	内容
Node.js/Express API 安全	Node.js/Express API 安全
Python FastAPI 安全	Python FastAPI 安全
API 网关安全配置	API 网关安全配置

🇺🇸English

API Security Hardening

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive API security measures including authentication, authorization, rate limiting, input validation, and attack prevention to protect against common vulnerabilities.

When to Use

New API development
Security audit remediation
Production API hardening
Compliance requirements
High-traffic API protection
Public API exposure

Quick Start

Minimal working example:

// secure-api.js - Comprehensive API security
const express = require("express");
const helmet = require("helmet");
const rateLimit = require("express-rate-limit");
const mongoSanitize = require("express-mongo-sanitize");
const xss = require("xss-clean");
const hpp = require("hpp");
const cors = require("cors");
const jwt = require("jsonwebtoken");
const validator = require("validator");

class SecureAPIServer {
  constructor() {
    this.app = express();
    this.setupSecurityMiddleware();
    this.setupRoutes();
  }

  setupSecurityMiddleware() {
    // 1. Helmet - Set security headers
    this.app.use(
      helmet({
        contentSecurityPolicy: {
          directives: {
            defaultSrc: ["'self'"],
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Node.js/Express API Security	Node.js/Express API Security
Python FastAPI Security	Python FastAPI Security
API Gateway Security Configuration	API Gateway Security Configuration

Best Practices

✅ DO

Use HTTPS everywhere
Implement rate limiting
Validate all inputs
Use security headers
Log security events
Implement CORS properly
Use strong authentication
Version your APIs

❌ DON'T

Expose stack traces
Return detailed errors
Trust user input
Use HTTP for APIs
Skip input validation
Ignore rate limiting

Weekly Installs

280

Repository

aj-geddes/usefu…-prompts

GitHub Stars

127

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode243

gemini-cli226

codex223

claude-code221

cursor215

github-copilot200

API安全加固指南 - 身份验证、速率限制、输入验证完整解决方案

🇨🇳中文介绍

API 安全加固

目录

概述

使用场景

快速开始

相关 Skills

参考指南

最佳实践

✅ 建议

❌ 不建议