UNPKG

@misterzik/espressojs

Version:

EspressoJS Introducing Espresso.JS, your ultimate Express configuration starting point and boilerplate. With its simplicity and lack of opinionation, EspressoJS offers plug-and-play configurations built on top of Express.

github.com/misterzik/Espresso.js

misterzik/Espresso.js

61 lines (54 loc) 1.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/* * _| _| _| _| _|_|_| * _| _| _|_| _|_| _| _| * _| _| _| _| _| _| _| * _| _| _| _| _| _| * _| _| _| _|_|_| * EspressoJS - Security Middleware */ const helmet = require("helmet"); const rateLimit = require("express-rate-limit"); const helmetConfig = () => { return helmet({ contentSecurityPolicy: { directives: { defaultSrc: ["'self'"], styleSrc: ["'self'", "'unsafe-inline'"], scriptSrc: ["'self'", "'unsafe-inline'"], imgSrc: ["'self'", "data:", "https:"], }, }, crossOriginEmbedderPolicy: false, crossOriginResourcePolicy: { policy: "cross-origin" }, }); }; const rateLimiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 100, message: "Too many requests from this IP, please try again later.", standardHeaders: true, legacyHeaders: false, }); const strictRateLimiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 10, message: "Too many requests from this IP, please try again later.", standardHeaders: true, legacyHeaders: false, }); const apiRateLimiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 200, message: { status: "error", message: "Too many API requests from this IP, please try again later.", }, standardHeaders: true, legacyHeaders: false, }); module.exports = { helmetConfig, rateLimiter, strictRateLimiter, apiRateLimiter, };