UNPKG

@devotis/bouquet

Version:

A bouquet of little functions, wrappers and libraries that I use across projects and clients 💐

github.com/devotis/bouquet

devotis/bouquet

49 lines (42 loc) 1.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
const createError = require('http-errors'); const csrf = require('csurf'); const csrfProtection = csrf({ ignoreMethods: ['HEAD', 'OPTIONS'] }); const { NODE_ENV, WITH_STATIC } = process.env; const withProtection = NODE_ENV === 'production' || !!WITH_STATIC; const ensureAuthenticated = (req, res, next) => { if (req.isAuthenticated()) { next(); } else { next(createError(401, 'server.401')); } }; const ensureCsrfProtected = (req, res, next) => { if (withProtection) { csrfProtection(req, res, next); } else { next(); } }; const ensureNocache = (req, res, next) => { // zoals https://github.com/helmetjs/nocache res.setHeader('Surrogate-Control', 'no-store'); res.setHeader( 'Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate' ); res.setHeader('Pragma', 'no-cache'); res.setHeader('Expires', '0'); next(); }; const ensureTraceProtected = (req, res, next) => { if (withProtection && req.method === 'TRACE') { return next(createError(405, 'server.405')); } next(); }; module.exports = { ensureAuthenticated, ensureCsrfProtected, ensureNocache, ensureTraceProtected, };