Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const coverageStyle = serveStatic(fs.dappPath('coverage/'));
const main = serveStatic(this.buildDir, {'index': ['index.html', 'index.htm']});
this.app = express();
const expressWs = expressWebSocket(this.app);
// Assign Logging Function
this.app.use(function(req, res, next) {
if (self.logging) {
if (!req.headers.upgrade) {
console.log('Webserver> ' + req.method + " " + req.originalUrl);
}
}
next();
});
this.app.use(helmet.noCache());
this.app.use(cors());
this.app.use(main);
this.app.use('/coverage', coverage);
this.app.use(coverageStyle);
this.app.use(express.static(path.join(fs.dappPath(this.dist)), {'index': ['index.html', 'index.htm']}));
this.app.use('/embark', express.static(path.join(__dirname, '../../../embark-ui/build')));
this.app.use(bodyParser.json()); // support json encoded bodies
this.app.use(bodyParser.urlencoded({extended: true})); // support encoded bodies
this.app.ws('/logs', function(ws, _req) {
self.events.on("log", function(logLevel, logMsg) {
ws.send(JSON.stringify({msg: logMsg, msg_clear: logMsg.stripColors, logLevel: logLevel}), () => {});
});
});
function initViewEngine(app) {
// Set view folder
app.set("views", path.join(serverFolder, "views"));
app.set("view engine", "pug");
// Environment dependent middleware
if (config.isDevMode()) {
app.set("showStackError", true);
// Disable views cache
app.set("view cache", false);
app.use(helmet.noCache());
// Jade options: Don't minify html, debug intrumentation
app.locals.pretty = true;
//app.locals.compileDebug = true;
} else {
app.locals.cache = "memory";
app.set("view cache", true);
}
}
private middleware(): void {
this.express.use(passport.initialize());
// required for passport to initlize it
this.express.use(expressSession({ secret: 'bla bla' }));
this.express.use(passport.session());
// initlize session
this.express.use(logger('dev'));
this.express.disable('x-powered-by');
this.express.disable('etag');
this.express.use(helmet());
this.express.use(boom());
this.express.use(helmet.noCache({ noEtag: true })); // set Cache-Control header
this.express.use(helmet.noSniff()); // set X-Content-Type-Options header
this.express.use(helmet.frameguard()); // set X-Frame-Options header
this.express.use(helmet.xssFilter()); // set X-XSS-Protection header
// logger logs on console
this.express.use(bodyParser.urlencoded({ extended: false, limit: '5mb' })); // parse application/x-www-form-urlencoded
this.express.use(bodyParser.json()); // parse application/json
// enable CORS
this.express.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET, POST, DELETE, PUT, PATCH, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, api_key, Authorization, Referer');
next();
});
// register all custom Middleware
this.express.use(cors({ optionsSuccessStatus: 200 }));
this.express.use(cookieParser()); // cookies-parser
public main(): void {
// Helmet helps you secure your Express apps by setting various HTTP headers
this.express.use(helmet());
this.express.use(helmet.noCache());
this.express.use(helmet.hsts({
maxAge: 31536000,
includeSubdomains: true
}));
// Enable cors for all routes and origins
this.express.use(cors());
// Adds winston logger to the express framework
this.express.use(morgan('dev', debugStream));
this.express.use(morgan('combined', winstonStream));
// Our custom oauth middleware
this.express.use(oauth({}));
// Requests to /graphql redirect to /
{ model: models.UserRole, as: 'roles' },
],
});
if (!user) {
throw new Error('User not found');
}
done(null, models.User.toClientFormat(user, sessionType));
} catch (e) {
done(e);
}
});
app.use(helmet());
app.use(helmet.noCache()); // noCache disabled by default
if (appConfig.standalone) {
app.use(morgan('dev'));
}
const validConnectSrc = appConfig.isDev ? ['*'] : ["'self'"];
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
connectSrc: validConnectSrc,
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'"],
},
}));
const mime = require('mime');
const { distDir } = this.config;
middlewares.initial.push(helmet());
middlewares.files.push(
express.static(distDir, {
maxAge: '1y',
setHeaders: (res, filePath) => {
const { noCache } = res.locals || {};
if (noCache || mime.getType(filePath) === 'text/html') {
helmet.noCache()(null, res, () => {});
}
},
redirect: false,
})
);
middlewares.postfiles.push(helmet.noCache());
if (typeof this.getLogger === 'function') {
const loggerMiddleware = require('../lib/log');
app.use(loggerMiddleware(this.getLogger()));
}
}
}
inspectServer(server) {
private initializeSecurity() {
this.app.use(helmet.noCache());
this.app.use(helmet.frameguard());
this.app.use(helmet.hidePoweredBy());
this.app.use(helmet.hsts());
this.app.use(helmet.ieNoOpen());
this.app.use(helmet.noSniff());
this.app.use(helmet.xssFilter());
}
private initCaching() {
if (this.config.SERVER.DEVELOPMENT) {
this.app.use(helmet.noCache());
} else {
this.app.use((req, res, next) => {
const milliSeconds = 1000;
res.header('Cache-Control', `public, max-age=${this.config.SERVER.CACHE_DURATION_SECONDS}`);
res.header(
'Expires',
new Date(Date.now() + this.config.SERVER.CACHE_DURATION_SECONDS * milliSeconds).toUTCString(),
);
next();
});
}
}
const sequelize = new Sequelize(
dbConfig.database,
dbConfig.username,
dbConfig.password,
dbConfig
);
app.use((req, res, next) => {
res.header('Access-Control-Allow-Methods', 'GET,POST,HEAD,OPTIONS,PUT,PATCH,DELETE');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
res.header('Access-Control-Allow-Origin', '*');
next();
});
app.use(helmet.noCache());
app.use(bodyParser.json());
workflowTransitionHistory(sequelize).
then(({ add, search }) => {
app.post('/history', (req, res) => add(req.body).
then(entry => res.json(entry))
);
app.get('/history', (req, res) => {
const {
businessObjType,
businessObjId,
user,
finishedOnGt,
finishedOnGte,
finishedOnLt,