Skip to content

Commit 3f453d0

Browse files
ephcodingephcoding
committed
SECURITY/add security middlware
1 parent 0397862 commit 3f453d0

File tree

2 files changed

+28
-15
lines changed

2 files changed

+28
-15
lines changed

package.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"license": "ISC",
44
"name": "tornado-api",
55
"version": "0.1.0",
6-
"description": "Storm Prediction stats for every tornado recorded since 1950.",
6+
"description": "Stats for every recorded U.S. tornado since 1950.",
77
"main": "src/server.js",
88
"keywords": [
99
"api",
@@ -20,9 +20,14 @@
2020
"csvtojson": "^2.0.10",
2121
"dotenv": "^16.3.1",
2222
"express": "^4.18.1",
23+
"express-mongo-sanitize": "^2.2.0",
24+
"express-rate-limit": "^6.9.0",
25+
"helmet": "^7.0.0",
26+
"hpp": "^0.2.3",
2327
"mongodb": "^4.8.1",
2428
"mongoose": "^7.3.0",
25-
"morgan": "^1.10.0"
29+
"morgan": "^1.10.0",
30+
"xss-clean": "^0.1.4"
2631
},
2732
"devDependencies": {
2833
"nodemon": "^2.0.16"

server.js

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,43 @@
1+
const morgan = require("morgan");
2+
const xss = require("xss-clean");
3+
const express = require("express");
4+
const httpParamPollution = require("hpp");
5+
const helmetSecurityHeaders = require("helmet");
6+
const sanitize = require("express-mongo-sanitize");
7+
const expressRateLimit = require("express-rate-limit");
18
require("dotenv").config({
29
path: "./config/config.env",
310
});
4-
const express = require("express");
5-
const morgan = require("morgan");
11+
612
const { errorHandler } = require("./middleWare/error-handler");
7-
const connectDB = require("./config/database");
813

14+
const connectDB = require("./config/database");
915
connectDB();
1016

11-
const tornadoesRouter = require("./routes/tornadoes");
17+
const expressApp = express();
18+
expressApp.use(xss());
19+
expressApp.use(sanitize());
20+
expressApp.use(express.json());
21+
expressApp.use(expressRateLimit());
22+
expressApp.use(httpParamPollution());
23+
expressApp.use(helmetSecurityHeaders());
1224

13-
const app = express();
14-
app.use(express.json());
25+
const tornadoesRouter = require("./routes/tornadoes");
1526

1627
if ((process.env.NODE_ENV = "development")) {
17-
app.use(morgan("dev"));
28+
expressApp.use(morgan("dev"));
1829
}
1930

20-
// TODO: add security & CORS here -- X
21-
2231
const PORT = process.env.PORT || 5001;
23-
app.use("/v1/tornadoes", tornadoesRouter);
32+
expressApp.use("/v1/tornadoes", tornadoesRouter);
2433

25-
app.listen(
34+
expressApp.listen(
2635
PORT,
2736
console.log(
2837
`Server up in ${process.env.NODE_ENV} mode running on port ${PORT}`
2938
)
3039
);
31-
32-
app.use(errorHandler);
40+
expressApp.use(errorHandler);
3341

3442
process.on("unhandledRejection", (error, promise) => {
3543
console.log(`>> ERROR >>\n`, error.message);

0 commit comments

Comments
 (0)