aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-02-09 19:56:27 -0600
committerMatt Strapp <matt@mattstrapp.net>2022-02-09 19:56:27 -0600
commitab01c1121edd3240b1a5692d7616945b10c12ae2 (patch)
tree93ebd49f5efd7ac3821f6d6193b3da0344a7f35b /src
parentStart rewriting the entire app (diff)
downloadee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar
ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.gz
ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.bz2
ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.lz
ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.xz
ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.zst
ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.zip
Add some security stuffs
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src')
-rw-r--r--src/index.ts37
1 files changed, 34 insertions, 3 deletions
diff --git a/src/index.ts b/src/index.ts
index 09126ca..e6e083b 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,23 +1,54 @@
import express, { Request, Response } from 'express';
+import session from 'express-session';
+import rateLimit from 'express-rate-limit';
+import slowDown from 'express-slow-down';
import path from 'path';
import { env } from 'process';
+import helmet from 'helmet';
+import csurf from 'csurf';
const app = express();
-const port = env.PORT || 2000;
+// Middleware
+const port: string = env.PORT || '2000';
+const csrf = csurf({ cookie: false });
+const rateLimiter = rateLimit({
+ windowMs: 1 * 60 * 1000, // 1 minute
+ max: 30, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
+ standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+ legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+});
+const speedLimiter = slowDown({
+ windowMs: 15 * 60 * 1000, // 15 minutes
+ delayAfter: 100, // allow 100 requests per 15 minutes, then...
+ delayMs: 500 // begin adding 500ms of delay per request above 100:
+ // request # 101 is delayed by 500ms
+ // request # 102 is delayed by 1000ms
+ // request # 103 is delayed by 1500ms
+ // etc.
+});
+// This will be run behind an nginx proxy
+app.enable('trust proxy');
+// apply to all requests
+app.use(speedLimiter);
+app.use('/api', rateLimiter);
+app.use(helmet());
+
+// Add ejs as view engine
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views/pages'));
+
app.use('/public', express.static(path.join(__dirname, 'public')));
-app.get('/', (req: Request, res: Response) => {
+app.get('/', csrf, (req: Request, res: Response) => {
res.render('index', {
errors: [],
});
});
-app.get('/about', (req: Request, res: Response) => {
+app.get('/about', csrf, (req: Request, res: Response) => {
res.render('about');
});