import express, { Request, Response } from 'express'; import session from 'express-session'; import rateLimit from 'express-rate-limit'; import slowDown from 'express-slow-down'; import { env } from 'process'; import helmet from 'helmet'; import csurf from 'csurf'; const app = express(); // Middleware const port: string = env.PORT || '2000'; const csrf = csurf({ cookie: false }); app.use(session({ secret: 'keyboard cat', resave: false, saveUninitialized: true, cookie: { secure: false, maxAge: 1000 * 60 * 60 * 24 * 7, }, })); const rateLimiter = rateLimit({ windowMs: 1 * 60 * 1000, // 1 minute max: 30, // Limit each IP to 100 requests per `window` (here, per 15 minutes) standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers legacyHeaders: false, // Disable the `X-RateLimit-*` headers }); const speedLimiter = slowDown({ windowMs: 15 * 60 * 1000, // 15 minutes delayAfter: 100, // allow 100 requests per 15 minutes, then... delayMs: 500 // begin adding 500ms of delay per request above 100: // request # 101 is delayed by 500ms // request # 102 is delayed by 1000ms // request # 103 is delayed by 1500ms // etc. }); // This will be run behind an nginx proxy app.enable('trust proxy'); // apply to all requests app.use(speedLimiter); app.use('/api', rateLimiter); app.use(helmet()); // Add ejs as view engine app.set('view engine', 'ejs'); app.set('views', 'views/pages'); app.use('/public', express.static('public')); app.get('/', csrf, (req: Request, res: Response) => { res.render('index', { errors: [], }); }); app.get('/about', csrf, (req: Request, res: Response) => { res.render('about'); }); app.listen(port, () => { console.log(`Server is listening on port ${port}`); });