-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
330ed12
commit 8973a1d
Showing
16 changed files
with
3,546 additions
and
373 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
import fs from "fs"; | ||
import path from "path"; | ||
import xss from "xss"; | ||
const filesServer = __dirname + "/../src/"; | ||
const path_pages = filesServer + "pages/"; | ||
const forbiddenFilePath = path.join(path_pages, "forbidden.html"); | ||
|
||
const checkHeaderMiddleware = (req, res, next) => { | ||
const origin = req.headers.referer || req.headers.referrer; | ||
const keyHeader = req.headers["authorization"]; | ||
const blockedRoutes = JSON.parse( | ||
fs.readFileSync("data/blockedRoutes.json", "utf8") | ||
); | ||
const blockRoutesPresent = blockedRoutes.some((route) => { | ||
// Trata rotas com curingas | ||
const regex = new RegExp(`^${route.replace(/\*/g, ".*")}$`); | ||
return regex.test(req.path); | ||
}); | ||
const payload = JSON.stringify(req.body, null, 2); | ||
const keys = [ | ||
"snve072509ç$", | ||
"snve072509ç$", | ||
"snve072509&Aplication" | ||
]; | ||
const validKey = keys.some((key) => keyHeader === key); | ||
const auth = blockRoutesPresent && !validKey; | ||
|
||
console.log("-------------------------"); | ||
console.log("SISTEMA <CHECK> <OBTER>: " + req.url); | ||
console.log("SISTEMA <ORIGEM>: " + origin); | ||
console.log("SISTEMA <PAYLOAD>: " + payload); | ||
keys.forEach((key) => { | ||
const auth = keyHeader === key; | ||
print(keyHeader, key, auth); | ||
}); | ||
for (const key in req.body) { | ||
req.body[key] = xss(req.body[key]); | ||
} | ||
if (auth) { | ||
// Se estiver solicitando das rotas bloqueadas E não conter key, bloquea a solicitação | ||
forbidden(res); | ||
} else { | ||
// Cabeçalho "solicitador" presente ou rota não bloqueada, permite o acesso | ||
next(); | ||
} | ||
}; | ||
|
||
function forbidden(res) { | ||
res.status(403); | ||
res.sendFile(forbiddenFilePath); | ||
} | ||
|
||
function conversorSimEnao(value) { | ||
if (value) { | ||
return "✔Voce foi autorizado, esta tudo correto"; | ||
} | ||
return "⚠Esta faltando algo ou não foi autorizado!"; | ||
} | ||
|
||
// functions basicas | ||
function print(keyHeader, key, auth) { | ||
console.log("SISTEMA <VERIFICAÇÃO>: " + keyHeader + " == " + key); | ||
console.log("SISTEMA <AUTORIZAÇÃO>: " + conversorSimEnao(!auth)); | ||
console.log("----------------------------"); | ||
} | ||
|
||
export default checkHeaderMiddleware; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
import cors from "cors" | ||
import helmet from "helmet" | ||
|
||
const httpsSecurityMiddleware = (req, res, next) => { | ||
const corsOptions = { | ||
origin: [/^https:\/\/.+/], | ||
methods: "GET,PUT,POST,DELETE", | ||
optionsSuccessStatus: 204, | ||
}; | ||
|
||
cors(corsOptions)(req, res, () => { }); // Executa o middleware cors | ||
helmet.hsts({ | ||
maxAge: 365 * 24 * 60 * 60, | ||
includeSubDomains: true, | ||
preload: true, | ||
})(req, res, next); // Executa o middleware helmet | ||
}; | ||
|
||
export default httpsSecurityMiddleware; |
Oops, something went wrong.