From 9c2840ac8946803c2d0624a87239144cc98d627d Mon Sep 17 00:00:00 2001 From: Khaled Garbaya Date: Mon, 6 Nov 2017 11:54:19 +0100 Subject: [PATCH] feat: Add helmet and force SSL --- app.js | 11 +++++++++++ package.json | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/app.js b/app.js index 1f3fc11..6f4a0d7 100644 --- a/app.js +++ b/app.js @@ -5,6 +5,7 @@ const cookieParser = require('cookie-parser') const express = require('express') const logger = require('morgan') const querystring = require('querystring') +const helmet = require('helmet') // Load environment variables using dotenv require('dotenv').config({ path: 'variables.env' }) @@ -24,12 +25,22 @@ app.set('views', path.join(__dirname, 'views')) app.set('view engine', 'pug') app.use(logger('dev')) +app.use(helmet()) app.use(bodyParser.json()) app.use(bodyParser.urlencoded({ extended: false })) app.use(cookieParser()) app.use(express.static(path.join(__dirname, 'public'))) app.use(breadcrumb()) +// Force all requests on production to be served over https +app.use(function (req, res, next) { + if (!req.secure && process.env.NODE_ENV === 'production') { + var secureUrl = 'https://' + req.headers['host'] + req.url + res.writeHead(301, { 'Location': secureUrl }) + res.end() + } + next() +}) // Set our application state based on environment variables or query parameters app.use(async function (request, response, next) { // Set default settings based on environment variables diff --git a/package.json b/package.json index 17627b4..23a4662 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,8 @@ "private": true, "scripts": { "start:watch": "nodemon ./bin/www --ignore public/", - "start": "node ./bin/www", + "start:dev": "node ./bin/www", + "start:production": "NODE_ENV=production node ./bin/www", "lint": "eslint ./app.js routes", "format": "eslint --fix . bin --ignore public node_modules", "test": "echo 'test'", @@ -22,6 +23,7 @@ "cookie-parser": "~1.4.3", "dotenv": "^4.0.0", "express": "~4.14.0", + "helmet": "^3.9.0", "marked": "^0.3.6", "morgan": "~1.7.0", "pug": "~2.0.0-beta6"