module.exports = function (app) { app.enable('trust proxy'); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet()); app.use(helmet.frameguard({ action: 'allow-from', domain: 'https://watson-experience.mybluemix.net/' })); // 3. rate limiting var limiter = rateLimit({ windowMs: 30 * 1000, // seconds delayMs: 0, max: 20, message: JSON.stringify({ error:'Too many requests, please try again in 30 seconds.', code: 429 }), }); app.use('/api/', limiter); };
module.exports = function(app) { app.enable('trust proxy'); // 1. helmet with defaults app.use(helmet({ cacheControl: false })); // Allow from a specific host: app.use(helmet.frameguard({ action: 'allow-from', domain: 'https://watson-experience.mybluemix.net/' })); // 2. rate-limit to /api/ app.use('/api/', rateLimit({ windowMs: 30 * 1000, // seconds delayMs: 0, max: 10 })); // 3. csrf var csrfProtection = csrf({ cookie: true }); app.get('/*', csrfProtection, function(req, res, next) { res.locals = { ga: process.env.GOOGLE_ANALYTICS, ct: req.csrfToken() }; next(); }); };
module.exports = function (app) { app.enable('trust proxy'); // 1. helmet with defaults app.use(helmet({ cacheControl: false })); // 2. rate limiting app.use('/api/', rateLimit({ windowMs: 30 * 1000, // seconds delayMs: 0, max: 6, message: JSON.stringify({ error:'Too many requests, please try again in 30 seconds.', code: 429 }), })); // 3. setup cookies var secret = Math.random().toString(36).substring(7); app.use(cookieParser(secret)); // 4. csrf var csrfProtection = csrf({ cookie: true }); app.get('/', csrfProtection, function(req, res, next) { console.log(req.csrfToken()); req._csrfToken = req.csrfToken(); next(); }); };
module.exports = function (app) { // 1. helmet with defaults app.use(helmet()); // 2. allow iframes app.use(helmet.frameguard('allow-from', 'https://example-app-name.mybluemix.net')); // 3. rate limiting var limiter = rateLimit({ windowMs: 30 * 1000, // seconds delayMs: 0, max: 3, message: JSON.stringify({ error:'Too many requests, please try again in 30 seconds.', code: 429 }), }); // 4. csrf var csrfProtection = csrf({ cookie: true }); app.get('/*', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); // 5. captcha var captchaKeys = { site: process.env.CAPTCHA_SITE || '<captcha-site>', secret: process.env.CAPTCHA_SECRET || '<captcha-secret>', }; var checkCaptcha = function(req, res, next) { if (req.body && req.body.recaptcha) { request({ url: 'https://www.google.com/recaptcha/api/siteverify', method: 'POST', form: { secret: captchaKeys.secret, response: req.body.recaptcha, remoteip: req.ip }, json: true }, function(error, response, body) { if (body.success) { limiter.resetIp(req.ip); next(); } else { next({ code: 'EBADCSRFTOKEN', error: 'Wrong captcha' }); } }); } else { next(); } }; app.use('/api/', csrfProtection, checkCaptcha, limiter); };
module.exports = function (app) { app.enable('trust proxy'); // 1. helmet with defaults app.use(helmet({ cacheControl: false })); app.use(helmet.frameguard('sameorigin')); // 2. rate-limit to /api/ app.use('/api/', rateLimit({ windowMs: 60 * 1000, // seconds delayMs: 0, max: 10 })); // 3. setup cookies var secret = Math.random().toString(36).substring(7); app.use(cookieParser(secret)); // 4. csrf var csrfProtection = csrf({ cookie: true }); app.get('/*', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); };
module.exports = function(app) { app.enable('trust proxy'); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet()); // 3. setup cookies var secret = Math.random().toString(36).substring(7); app.use(cookieParser(secret)); // 4. csrf // part 1: generate a csrf token for homepage views var csrfProtection = csrf({cookie: true}); app.get('/', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); // part 2: require token on /api/* requests app.use('/api/', csrfProtection); // 5. rate limiting. app.use('/api/', rateLimit({ windowMs: 30 * 1000, // seconds delayMs: 0, max: 3, message: JSON.stringify({ error:'Too many requests, please try again in 30 seconds.', code: 429 }) })); };
app.get('/api/baselayers/:layer', function(req, res, next) { // Limit full/simple geom requests in production environmentes only if ('production' === app.get('env')) { switch (req.query.geom) { case 'simple': case 'full': return baseLayerFullGeomLimiter(req, res, next); } } next(); }, function(req, res) {
module.exports = function (app) { app.use(secure()); app.use(helmet()); app.use('/api/', rateLimit({ windowMs: 60 * 1000, // seconds delayMs: 0, max: 10, message: JSON.stringify({ error: 'Too many requests, please try again in 30 seconds.', code: 429, }), })); };
module.exports = function (app) { app.enable('trust proxy'); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet({ cacheControl: false })); // 3. rate-limit to /api/ app.use('/api/', rateLimit({ windowMs: 60 * 1000, // seconds delayMs: 0, max: 15 })); };
module.exports = function (app) { app.use(secure()); app.use(helmet({ frameguard: false, noCache: false })); const limiter = rateLimit({ windowMs: 60 * 1000, // seconds delayMs: 0, max: 10, message: JSON.stringify({ error: 'Too many requests, please try again in 30 seconds.', code: 429 }) }); app.use('/api/', limiter); };
module.exports = function(app) { app.enable('trust proxy'); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet()); // 5. rate limiting. app.use('/api/', rateLimit({ windowMs: 30 * 1000, // 30 seconds delayMs: 0, max: 3, message: JSON.stringify({ error:'Too many requests, please try again in 30 seconds.', code: 429 }) })); };
module.exports = function (app) { app.enable('trust proxy'); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet({ cacheControl: false })); // 3. rate-limit to /api/ app.use('/api/', rateLimit({ windowMs: 60 * 1000, // seconds delayMs: 0, max: 15 })); // 4. csrf var csrfProtection = csrf({ cookie: true }); app.get('/', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); console.log(req.csrfToken()); next(); }); app.get('/test', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); app.get('/train', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); app.get('/use', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); };
module.exports = function (app) { app.enable('trust proxy'); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet()); // Allow from a specific host: app.use(helmet.frameguard({ action: 'allow-from', domain: 'https://watson-experience.mybluemix.net/' })); // 3. rate-limit to /api/ app.use('/api/', rateLimit({ windowMs: 20 * 1000, // seconds delayMs: 0, max: 3 })); };
var serviceClient = serviceSDK({ discoveryServers: DISCOVERY_SERVICE_URLS }); var app = express(); app.enable('trust proxy'); app.use(responseTime(function(req, res, time){ console.log('LOG: ' + req.method + ',' + req.url + ',' + res.statusCode + ',' + time); })); app.use(function(req, res, next){ res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT'); res.header('Access-Control-Allow-Headers', 'Content-Type'); next(); }); app.use(rateLimit({ windowMs: 60000, delayMs: REQUEST_THROTTLE_MS, max: MAX_REQUEST_PER_MINUTE, global: true })); app.use(bodyParser.json()); var catalogItems = []; var contractItems = []; var catalogServiceBreaker = new CircuitBreaker({ timeoutDuration: 1000, volumeThreshold: 1, errorThreshold: 50 }); retryReplicate();
request = require('request'), bodyParser = require('body-parser'), compression = require('compression'), RateLimit = require('express-rate-limit'), hatchet = require("hatchet"); Habitat.load(); var app = express(), env = new Habitat(); app.enable('trust proxy'); var limiter = RateLimit({ windowMs: 60 * 1000, delayMs: 1000, max: 5, global: false }); app.configure(function() { app.use(compression()); app.use(express.static(__dirname + '/public', {maxAge: 3600000})); app.use(bodyParser.json()); app.use(function(err, req, res, next) { res.send(err); }); }); app.post('/add-session', limiter, function (req, res) { var sessionName = req.body.sessionName; var firstName = req.body.firstName;
}); }); router.route('/karma') .get(function(req, res) { Post.where('user').equals(req.query.user).select('ups downs').exec(function(err, posts) { if (err) res.send(err); var karma = 0; for (var i = 0; i < posts.length; i++) { karma = karma + posts[i].ups - posts[i].downs; } res.json({ karma: karma }); }); }); // REGISTER ROUTES // ############################################################################# app.use('/', router); // Set rate limiter on token requests (deprecated) app.get('/token', rateLimit(config.limiter), function(req, res) { res.json({ token: 'foo' }); }); // START SERVER // ############################################################################# app.listen(config.port); console.log('Listening on port', config.port);
* limitations under the License. */ 'use strict'; var express = require('express'), app = express(), extend = require('extend'), watson = require('watson-developer-cloud'), RateLimit = require('express-rate-limit'); app.enable('trust proxy'); var translateLimiter = RateLimit({ windowMs: 60 * 1000, delayMs: 1, max: 10, global: false }); var identifyLimiter = RateLimit({ windowMs: 60 * 1000, delayMs: 1, max: 10, global: false }); // Bootstrap application settings require('./config/express')(app); var language_translation = watson.language_translation({ url: 'https://gateway.watsonplatform.net/language-translation/api',
} from './env'; const app = express(); const server = http.Server(app); const io = socket(server); app.set('socket', io); if (NODE_ENV === 'production') Raven.config(SENTRY_DSN).install(); /** * @name middleware-functions */ app.use(helmet()); app.use(cors()); app.use(rateLimit({ max: Number(RATE_LIMIT), windowMs: 15 * 60 * 1000 })); app.use(compression()); app.use(morgan('tiny')); app.use(express.json()); app.use(express.urlencoded({ extended: false })); app.use(session({ store: new (connectRedis(session))({ client: redis }), name: 'sid', resave: true, saveUninitialized: true, secret: SECRET, })); app.use(passport.initialize()); app.use(passport.session()); io.origins(['*:*']);
module.exports = function (app) { app.enable('trust proxy'); // 0. setup the logger var logStream = fs.createWriteStream(__dirname + '/../access.log', {flags: 'a'}); app.use('/api/', morgan('combined', {stream: logStream})); // 1. redirects http to https app.use(secure()); // 2. helmet with defaults app.use(helmet()); // 3. setup cookies var secret = Math.random().toString(36).substring(7); app.use(cookieParser(secret)); // 4. csrf var csrfProtection = csrf({ cookie: true }); app.get('/', csrfProtection, function(req, res, next) { req._csrfToken = req.csrfToken(); next(); }); // 5. rate limiting var limiter = rateLimit({ windowMs: 30 * 1000, // seconds delayMs: 0, max: 6, message: JSON.stringify({ error:'Too many requests, please try again in 30 seconds.', code: 429 }), }); // 6. captcha var captchaKeys = { site: process.env.CAPTCHA_SITE || '<captcha-site>', secret: process.env.CAPTCHA_SECRET || '<captcha-secret>', }; var checkCaptcha = function(req, res, next) { if (req.body && req.body.recaptcha) { request({ url: 'https://www.google.com/recaptcha/api/siteverify', method: 'POST', form: { secret: captchaKeys.secret, response: req.body.recaptcha, remoteip: req.ip }, json: true }, function(error, response, body) { if (body.success) { limiter.resetIp(req.ip); next(); } else { next({ code: 'EBADCSRFTOKEN', error: 'Wrong captcha' }); } }); } else { next(); } }; app.use('/api/', csrfProtection, checkCaptcha, limiter); };