github.com/muhammedhassanm/blockchain@v0.0.0-20200120143007-697261defd4d/build-blockchain-insurance-app-master/web/www/config/security.js

github.com/muhammedhassanm/blockchain@v0.0.0-20200120143007-697261defd4d/build-blockchain-insurance-app-master/web/www/config/security.js (about)

     1  'use strict';
     2  
     3  import expressRateLimit from 'express-rate-limit';
     4  import csrf from 'csurf';
     5  import helmet from 'helmet';
     6  
     7  export default function(app) {
     8    app.enable('trust proxy');
     9  
    10    app.use(helmet({
    11      noCache: false,
    12      frameguard: false
    13    }));
    14  
    15    app.use(['shop/api/', 'police/api/', 'repair-shop/api/', 'insurance/api/'],
    16    expressRateLimit({
    17      windowMs: 30 * 1000,
    18      delayMs: 0,
    19      max: 50
    20    }));
    21  
    22    const csrfProtection = csrf({
    23      cookie: true
    24    });
    25  
    26    app.get('/*', csrfProtection, (req, res, next) => {
    27      if (!res.locals) {
    28        res.locals = {};
    29      }
    30      res.locals.ct = req.csrfToken();
    31      next();
    32    });
    33  
    34  }