Commit 956a5367 by Johan

Release 0.0.1

============= 1. Add helmet to set sane defaults 2. Add rate limiting to limit requests to 100 per hour per ip address 3. Enable CORS
parent 4f6954f8
......@@ -26,6 +26,8 @@
"eth-sig-util": "^1.4.2",
"express": "^4.16.3",
"express-force-ssl": "^0.3.2",
"express-limiter": "^1.6.1",
"helmet": "^3.13.0",
"hyperdb": "^3.1.2",
"js-sha256": "^0.9.0",
"md5": "^2.2.1",
......@@ -34,6 +36,7 @@
"multer": "^1.3.0",
"parse-domain": "^2.0.0",
"particles.js": "^2.0.0",
"redis": "^2.8.0",
"rotating-file-stream": "^1.3.6",
"sha1": "^1.1.1",
"socket.io": "^2.1.0",
......
......@@ -68,7 +68,23 @@ app.set("forceSSLOptions", {
const secureServer = https.createServer(sslOptions, app);
// Add helmet to set sane defaults
const helmet = require("helmet");
app.use(helmet());
// Add rate limiting
const redisClient = require("redis").createClient();
const limiter = require("express-limiter")(app, redisClient);
limiter({
lookup: ["connection.remoteAddress"],
total: 100,
expire: 1000 * 60 * 60
});
app.use((req, res, next) => {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
if (req.headers.host === domainName && req.headers.host.indexOf("www.") !== 0) {
res.redirect(301, "https://www." + req.headers.host + ":" + sslPort + req.originalUrl);
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment