#121 Added rate limiting and secure cookie settings
parent
fa3a24fdbf
commit
3af3d9aa96
|
@ -2122,13 +2122,10 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"express-better-ratelimit": {
|
"express-request-limit": {
|
||||||
"version": "1.1.2",
|
"version": "1.0.2",
|
||||||
"resolved": "https://registry.npmjs.org/express-better-ratelimit/-/express-better-ratelimit-1.1.2.tgz",
|
"resolved": "https://registry.npmjs.org/express-request-limit/-/express-request-limit-1.0.2.tgz",
|
||||||
"integrity": "sha1-quiTO4NhyvPyY2cMGuz5eJby6dw=",
|
"integrity": "sha1-gVjPr8A5VFEAjH3Hm/2zYTaDSB4="
|
||||||
"requires": {
|
|
||||||
"ipchecker": "0.0.2"
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
"extend": {
|
"extend": {
|
||||||
"version": "3.0.1",
|
"version": "3.0.1",
|
||||||
|
@ -3684,11 +3681,6 @@
|
||||||
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.5.2.tgz",
|
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.5.2.tgz",
|
||||||
"integrity": "sha1-1LUFvemUaYfM8PxY2QEP+WB+P6A="
|
"integrity": "sha1-1LUFvemUaYfM8PxY2QEP+WB+P6A="
|
||||||
},
|
},
|
||||||
"ipchecker": {
|
|
||||||
"version": "0.0.2",
|
|
||||||
"resolved": "https://registry.npmjs.org/ipchecker/-/ipchecker-0.0.2.tgz",
|
|
||||||
"integrity": "sha1-lgbr97s80jQZsUmnBOF8FTLwtnk="
|
|
||||||
},
|
|
||||||
"is-absolute-url": {
|
"is-absolute-url": {
|
||||||
"version": "2.1.0",
|
"version": "2.1.0",
|
||||||
"resolved": "https://registry.npmjs.org/is-absolute-url/-/is-absolute-url-2.1.0.tgz",
|
"resolved": "https://registry.npmjs.org/is-absolute-url/-/is-absolute-url-2.1.0.tgz",
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
"css-loader": "^0.28.7",
|
"css-loader": "^0.28.7",
|
||||||
"debug": "^2.6.9",
|
"debug": "^2.6.9",
|
||||||
"express": "^4.15.5",
|
"express": "^4.15.5",
|
||||||
"express-better-ratelimit": "^1.1.2",
|
"express-request-limit": "^1.0.2",
|
||||||
"helmet": "^3.12.0",
|
"helmet": "^3.12.0",
|
||||||
"jquery": "^3.2.1",
|
"jquery": "^3.2.1",
|
||||||
"load-google-maps-api": "^1.0.0",
|
"load-google-maps-api": "^1.0.0",
|
||||||
|
|
15
server.js
15
server.js
|
@ -3,7 +3,7 @@
|
||||||
/* IMPORTS */
|
/* IMPORTS */
|
||||||
const express = require('express')
|
const express = require('express')
|
||||||
const helmet = require('helmet')
|
const helmet = require('helmet')
|
||||||
const ratelimiter = require('express-better-ratelimit')
|
const rateLimit = require('express-request-limit')
|
||||||
const bodyParser = require('body-parser')
|
const bodyParser = require('body-parser')
|
||||||
const cookieParser = require('cookie-parser')
|
const cookieParser = require('cookie-parser')
|
||||||
const cookieSession = require('cookie-session')
|
const cookieSession = require('cookie-session')
|
||||||
|
@ -59,7 +59,7 @@ let ready_promise_list = []
|
||||||
app.use(cookieParser(env.cookie))
|
app.use(cookieParser(env.cookie))
|
||||||
app.use(cookieSession({
|
app.use(cookieSession({
|
||||||
cookie: {
|
cookie: {
|
||||||
maxAge: 60000,
|
maxAge: 1000 * 60 * 60 * 24 * 7, // 1 week
|
||||||
secure: true,
|
secure: true,
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
domain: env.url.substring(env.url.indexOf('//')+2),
|
domain: env.url.substring(env.url.indexOf('//')+2),
|
||||||
|
@ -73,10 +73,6 @@ let ready_promise_list = []
|
||||||
extended: true
|
extended: true
|
||||||
}))
|
}))
|
||||||
app.use(flash())
|
app.use(flash())
|
||||||
app.use(ratelimiter({
|
|
||||||
max: 20,
|
|
||||||
duration: 120000, // 2 minutes
|
|
||||||
}))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Auth */ {
|
/* Auth */ {
|
||||||
|
@ -92,6 +88,13 @@ let ready_promise_list = []
|
||||||
// Default locals available to all views (keep this after static files)
|
// Default locals available to all views (keep this after static files)
|
||||||
app.get('*', (req, res, next) => {
|
app.get('*', (req, res, next) => {
|
||||||
|
|
||||||
|
// Rate limit
|
||||||
|
rateLimit({
|
||||||
|
timeout: 1000 * 60 * 30, // 30 minutes
|
||||||
|
exactPath: true,
|
||||||
|
cleanUpInterval: 1000 * 60 * 60 * 24 * 7, // 1 week
|
||||||
|
})
|
||||||
|
|
||||||
// User account
|
// User account
|
||||||
res.locals.user = req.user
|
res.locals.user = req.user
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue