diff options
| author | Matt Strapp <matt@mattstrapp.net> | 2022-02-09 19:56:27 -0600 |
|---|---|---|
| committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-09 19:56:27 -0600 |
| commit | ab01c1121edd3240b1a5692d7616945b10c12ae2 (patch) | |
| tree | 93ebd49f5efd7ac3821f6d6193b3da0344a7f35b /src | |
| parent | Start rewriting the entire app (diff) | |
| download | ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.gz ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.bz2 ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.lz ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.xz ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.tar.zst ee4511w-web-ab01c1121edd3240b1a5692d7616945b10c12ae2.zip | |
Add some security stuffs
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src')
| -rw-r--r-- | src/index.ts | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/src/index.ts b/src/index.ts index 09126ca..e6e083b 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,23 +1,54 @@ import express, { Request, Response } from 'express'; +import session from 'express-session'; +import rateLimit from 'express-rate-limit'; +import slowDown from 'express-slow-down'; import path from 'path'; import { env } from 'process'; +import helmet from 'helmet'; +import csurf from 'csurf'; const app = express(); -const port = env.PORT || 2000; +// Middleware +const port: string = env.PORT || '2000'; +const csrf = csurf({ cookie: false }); +const rateLimiter = rateLimit({ + windowMs: 1 * 60 * 1000, // 1 minute + max: 30, // Limit each IP to 100 requests per `window` (here, per 15 minutes) + standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers + legacyHeaders: false, // Disable the `X-RateLimit-*` headers +}); +const speedLimiter = slowDown({ + windowMs: 15 * 60 * 1000, // 15 minutes + delayAfter: 100, // allow 100 requests per 15 minutes, then... + delayMs: 500 // begin adding 500ms of delay per request above 100: + // request # 101 is delayed by 500ms + // request # 102 is delayed by 1000ms + // request # 103 is delayed by 1500ms + // etc. +}); +// This will be run behind an nginx proxy +app.enable('trust proxy'); +// apply to all requests +app.use(speedLimiter); +app.use('/api', rateLimiter); +app.use(helmet()); + +// Add ejs as view engine app.set('view engine', 'ejs'); app.set('views', path.join(__dirname, 'views/pages')); + app.use('/public', express.static(path.join(__dirname, 'public'))); -app.get('/', (req: Request, res: Response) => { +app.get('/', csrf, (req: Request, res: Response) => { res.render('index', { errors: [], }); }); -app.get('/about', (req: Request, res: Response) => { +app.get('/about', csrf, (req: Request, res: Response) => { res.render('about'); }); |