Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure #129

Closed
wants to merge 4 commits into from
Closed

Secure #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6a7a38a
feat : rate limiter
Puskar-Roy May 18, 2024
4f0a65c
feat : mongo sanitize
Puskar-Roy May 18, 2024
38faddf
feat : hpp
Puskar-Roy May 18, 2024
fd55de7
feat : helmet
Puskar-Roy May 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 38 additions & 1 deletion index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,17 @@ const dotenv = require(`dotenv`);
const mongoose = require('mongoose');
const cookieParser = require("cookie-parser");
const bodyParser = require("body-parser");

const { rateLimit } = require("express-rate-limit");
const mongoSanitize = require("express-mongo-sanitize");
const hpp = require("hpp");
const helmet = require('helmet');
const errorMiddleware = require("./middlewares/error.js");






// dotenv.config({path : `.env`})
require('dotenv').config();
const PORT = process.env.PORT || 8080;
Expand All @@ -19,6 +27,32 @@ const MONGO_URL = process.env.MONGO_URL ;
const cors=require("cors");
app.use(cors())


const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
standardHeaders: "draft-7", // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
// store: ... , // Redis, Memcached, etc. See below.
});

// Apply the rate limiting middleware to all requests.
app.use(limiter);


// Or, to sanitize data that only contains $, without .(dot)
// Can be useful for letting data pass that is meant for querying nested documents.
app.use(
mongoSanitize({
replaceWith: "_",
})
);


//Helmet helps secure Express apps by setting HTTP response headers.
app.use(helmet());


// Check if MONGO_URL is defined
if (!MONGO_URL) {
console.error("MONGO_URL is not defined in the environment variables.");
Expand All @@ -42,6 +76,9 @@ app.use(express.json());
app.use(cookieParser());
app.use(bodyParser.urlencoded({ extended: true }));

//HPP puts array parameters in req.query and/or req.body aside and just selects the last parameter value. You add the middleware and you are done.
app.use(hpp()); // Make sure the body is parsed beforehand.


// Route Imports
const customer = require("./routes/customerRoutes.js");
Expand Down
89 changes: 63 additions & 26 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@
"disposable-email-domains": "^1.0.62",
"dotenv": "^16.4.5",
"express": "^4.19.2",
"express-mongo-sanitize": "^2.2.0",
"express-rate-limit": "^7.2.0",
"helmet": "^7.1.0",
"hpp": "^0.2.3",
"jsonwebtoken": "^9.0.2",
"mongoose": "^7.6.11",
"nodemailer": "^6.9.3",
Expand Down