enableFor (app: express.Express) {
app.use(helmet())
app.use(/^\/(?!js|img|pdf|stylesheets).*$/, helmet.noCache())
new ContentSecurityPolicy(this.developmentMode).enableFor(app)
if (this.config.referrerPolicy) {
new ReferrerPolicy(this.config.referrerPolicy).enableFor(app)
}
if (this.config.hpkp) {
new HttpPublicKeyPinning(this.config.hpkp).enableFor(app)
}
}
/*===== End of MODULES ======*/
/**
* Orchestrates the middleware tools for the Express Application
* @param {Object} app Express Application
*/
export default function Middleware(app: express.Express) {
const env = process.env.NODE_ENV;
/*=============================================>>>>>
= IMPORT DATABASE TABLES ORM =
===============================================>>>>>*/
const Models = new db();
const Users = Models.Users;
/*= End of IMPORT DATABASE TABLES ORM =*/
/*=============================================<<<<<*/
const sess = {
name: 'nodeStarter.sid',
genid: (req: express.Request) => {
// use UUIDs for session IDs
return uuid.v4();
},
resave: true,
rolling: true,
saveUninitialized: false,
secret: process.env.SECRET,
store: sessionStore
};
if (env === 'development' || env === 'staging') {
app.use(errorhandler({log: (err: Error, str: string, req: express.Request) => {
log.debug('===== SHOWING ERROR =====');
log.debug(str);
log.debug(req.method);
log.debug(req.url);
log.debug('===== END ERROR DISPLAY =====');
}}));
} else {
// trust first proxy
app.set('trust proxy', 1);
// sess.cookie.secure = true; // serve secure cookies
/* Turn on View Caching */
app.set('view cache', true);
}
/*=============================================>>>>>
= SECURITY MIDDLEWARE =
===============================================>>>>>*/
/* Prevent XSS Attacks */
app.use(helmet.xssFilter());
/* Prevents click jacking */
app.use(helmet.frameguard('deny'));
/* Enforces users to use HTTPS (requires HTTPS/TLS/SSL) */
// app.use(helmet.hsts({ maxAge: process.env.APP_HTTPS_TIMEOUT }));
/* Hides x-powered-by header */
app.use(helmet.hidePoweredBy());
/* Prevent MIME type sniffing */
app.use(helmet.noSniff());
/* Disable Caching */
app.use(helmet.noCache());
/* Prevent Parameter Pollution */
app.use(hpp());
/*= End of SECURITY MIDDLEWARE =*/
/*=============================================<<<<<*/
/*=============================================>>>>>
= SERVER MIDDLEWARE =
===============================================>>>>>*/
/* Enables CORS Headers */
app.use(cors());
/* Establishes an Express Session */
app.use(session(sess));
/* Imports Passport Middleware */
app.use(passport.initialize());
/* Manages the same Cookie Session */
app.use(passport.session());
/* Parses the request body */
app.use(bodyParser.urlencoded({ extended: false }));
/* Returns request body as JSON */
app.use(bodyParser.json());
/* GZIP everything */
app.use(compression());
/* Establishes CORS headers */
app.options(process.env.CORS, cors());
/*= End of SERVER MIDDLEWARE =*/
/*=============================================<<<<<*/
passport.serializeUser((user: any, done: Function) => {
done(null, user.token);
});
passport.deserializeUser((token: any, done: Function) => {
Users.findOne({
where: { token: token }
}).then((user: any) => {
done(null, _.omit(user.toJSON(), 'password'));
});
});
/*===============================================
= LOCAL PASSPORT STRATEGY =
===============================================*/
var localStrategy: LocalStrategy.Strategy = new LocalStrategy.Strategy({
usernameField: 'email',
passwordField: 'password'
}, (username: string, password: string, done: Function) => {
// Fetch matching user by email
Users.findOne({
where: { email: username }
}).then((user: any) => {
// check password
if(user !== null) {
if(Security.cryptCompare(password, user.get('password'))) {
// Password Success
user.set('token', uuid.v4()).save().then(() => {
return done(null, { id: user.get('id'), token: user.get('token') });
});
} else {
// Password Failed
return done(null, false, { message: 'Password Failed' });
}
} else {
// No User Found
return done(null, false, { message: `No User exists with Email: ${username}` });
}
}).catch((err: sequelize.BaseError) => {
return done(null, false, { message: err });
});
});
passport.use(localStrategy);
/*===== End of LOCAL PASSPORT STRATEGY ======*/
/*= End of MODULES =*/
/*=============================================<<<<<*/
}
import * as helmet from 'helmet';
import * as morgan from 'morgan';
import * as cors from 'cors';
// Import our middlewares to add to the express chain
import { oauth } from './middlewares';
// Import all routes
import { DefaultRoutes, GraphQLRoutes } from './routes';
// Create a new express app
const app = Server.init();
// Helmet helps you secure your Express apps by setting various HTTP headers
app.use(helmet());
app.use(helmet.noCache());
app.use(helmet.hsts({
maxAge: 31536000,
includeSubdomains: true
}));
// Enable cors for all routes and origins
app.use(cors());
// Adds winston logger to the express framework
app.use(morgan('dev', debugStream));
app.use(morgan('combined', winstonStream));
// Our custom oauth middleware
app.use(oauth({}));
public use(req: express.Request, res: express.Response, next: express.NextFunction): any {
return helmet.noCache()(req, res, next);
}