Skip to content

Commit

Permalink
install and setup standard and applicable non-standard helmet middlew…
Browse files Browse the repository at this point in the history 
…ares
  • Loading branch information
Jonas Verhoelen committed May 21, 2019
1 parent ae39ad9 commit 10efe54
Show file tree
Hide file tree
Showing 4 changed files with 174 additions and 12 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@ coverage
.vscode
.isomorphic-loader-config.json
.idea
*.iml
144 changes: 144 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 14 additions & 12 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "node-express-typescript-recipes",
"name": "node-express-typescript-boilerplate",
"version": "0.0.1",
"description": "A cookbook full of recipes for developing web apps with Node.js and Express.js in TypeScript",
"main": "service/server/index.ts",
Expand All @@ -22,28 +22,30 @@
"client:statistics": "NODE_ENV=production webpack --profile --json > service/www/webpack-stats.json && webpack-bundle-analyzer service/www/webpack-stats.json"
},
"dependencies": {
"express": "^4.16.2",
"compression": "^1.7.2",
"cookie-parser": "^1.4.3",
"http-status-codes": "^1.3.0",
"connect-datadog": "^0.0.6",
"hot-shots": "^4.7.0",
"cookie-parser": "^1.4.3",
"express": "^4.16.2",
"fs-extra": "7.0.1",
"helmet": "^3.18.0",
"hot-shots": "^4.7.0",
"http-status-codes": "^1.3.0",
"supertest": "^3.0.0",
"tslib": "^1.9.3"
},
"devDependencies": {
"@types/chai": "4.1.7",
"@types/chai-as-promised": "7.1.0",
"@types/chai-string": "1.4.1",
"@types/fs-extra": "5.0.0",
"@types/chai-subset": "1.3.1",
"@types/compression": "0.0.35",
"@types/cookie-parser": "1.4.1",
"@types/express": "4.11.1",
"@types/supertest": "2.0.4",
"@types/fs-extra": "5.0.0",
"@types/helmet": "0.0.43",
"@types/mocha": "5.2.5",
"@types/sinon-chai": "3.2.2",
"@types/supertest": "2.0.4",
"@types/webpack": "^4.4.22",
"@types/webpack-dev-middleware": "^2.0.2",
"@types/webpack-hot-middleware": "^2.16.4",
Expand All @@ -53,18 +55,18 @@
"chai-shallow-deep-equal": "1.4.6",
"chai-string": "1.5.0",
"chai-subset": "1.6.0",
"core-js": "2.6.1",
"expressmocks": "^0.1.3",
"nodemon": "^1.19.0",
"mocha": "5.2.0",
"isomorphic-loader": "^2.0.2",
"mocha-better-spec-reporter": "3.1.0",
"mini-css-extract-plugin": "^0.5.0",
"mocha": "5.2.0",
"mocha-better-spec-reporter": "3.1.0",
"nodemon": "^1.19.0",
"prettier": "^1.9.2",
"sinon": "7.2.2",
"sinon-chai": "3.3.0",
"ts-node": "6.1.1",
"typescript": "3.1.1",
"core-js": "2.6.1",
"webpack": "^4.30.0",
"webpack-bundle-analyzer": "^3.0.3",
"webpack-cli": "^3.2.0",
Expand All @@ -75,7 +77,7 @@
"author": "Jonas Verhoelen <[email protected]>",
"repository": {
"type": "git",
"url": "[email protected]:jverhoelen/node-express-typescript-recipes.git"
"url": "[email protected]:jverhoelen/node-express-typescript-boilerplate.git"
},
"license": "MIT"
}
15 changes: 15 additions & 0 deletions service/server/ExpressServer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { Express, NextFunction, Response, Request } from 'express'
import { Server } from 'http'
import * as fse from 'fs-extra'
import * as compress from 'compression'
import * as helmet from 'helmet'
import * as bodyParser from 'body-parser'
import * as cookieParser from 'cookie-parser'

Expand All @@ -28,6 +29,7 @@ export class ExpressServer {

public async setup(port: number) {
const server = express()
this.setupSecurityMiddlewares(server)
this.setupStandardMiddlewares(server)
this.applyWebpackDevMiddleware(server)
this.setupTelemetry(server)
Expand All @@ -49,6 +51,19 @@ export class ExpressServer {
if (this.httpServer) this.httpServer.close()
}

private setupSecurityMiddlewares(server: Express) {
server.use(helmet())
server.use(helmet.referrerPolicy({ policy: 'same-origin' }))
server.use(helmet.noCache())
server.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'unsafe-inline'"],
scriptSrc: ["'unsafe-inline'", "'self'"]
}
}))
}

private setupStandardMiddlewares(server: Express) {
server.use(bodyParser.json())
server.use(cookieParser())
Expand Down

0 comments on commit 10efe54

Please sign in to comment.