How to use the koa-helmet function in koa-helmet

export default function middleware (app) {
  return compose([
    logger(),
    helmet(),
    KoaStatic('.'),
    // 跨域处理
    convert(cors({
      origin: function (request) {
        let host = request.header.origin
        let isIncludes = false
        // console.log('host', request.header)
        // FIXME 安全起见，上线时需注掉如下判断
        if (!host) {
          return '*'
        }
        for (let i in SystemConfig.accessHost) {
          if (host.includes(SystemConfig.accessHost[i])) {
            isIncludes = true
            break
          }

});

process.on('unhandledRejection', (error, promise) => {
    console.error('unhandled promise rejection:', { // eslint-disable-line no-console
        error,
        promise,
    });
});

app.use(koaMount('/healthcare', healthcare));

// XmlHttpRequest shim for IE
app.use(xdomainRoute);

// Security headers
app.use(koaHelmet());
app.use(koaHelmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"] } }));
app.use(koaHelmet.frameguard('deny'));
app.use(koaCors({
    credentials: true,
    exposeHeaders: [
        'Authorization',
        'Content-Disposition',
        'Content-Type',
        'X-Entities',
    ],
    allowHeaders: [
        'Authorization',
        'Content-Disposition',
        'Content-Type',
        'X-Entities',
    ],

import winston from 'winston';
import slack from 'node-slack';
require('winston-daily-rotate-file');

// Setup logging
winston.remove(winston.transports.Console);
winston.add(winston.transports.Console, { colorize: true, timestamp: true, prettyPrint: true });
var slackAPIKey = process.env.SLACK_HOOK_URL;
var mySlack = new slack(slackAPIKey, {});
// Create Koa Application
const app = new Koa();

app
  .use(logger())
  .use(bodyParser())
  .use(helmet())
  .use(cors());

routing(app);

// Start the application
app.listen(port, () => logToSlack(`Lighthouse API server is running at http://localhost:${port}/`));

export default app;

export function logToSlack (message) {
  winston.log('info', 'SentToSlack: ' + message);
  mySlack.send({
    text      : message,
    channel   : '#lighthouse-status',
    username  : 'Lighthouse',
    icon_emoji: 'lighthouse',

export const securityLayer = (app: Object) => {
  app.keys = [process.env.SECRET_KEY];

  const csrf = new CSRF();

  app
    .use(session({ maxAge: 86400000 }, app)) // https://github.com/koajs/session
    .use((ctx, next) => {
      // don't check csrf for request coming from the server
      if (ctx.get("x-app-secret") === process.env.SECRET_KEY) {
        return next();
      }

      return csrf(ctx, next);
    }) // https://github.com/koajs/csrf
    .use(helmet()); // https://github.com/venables/koa-helmet
};

import Router from 'koa-router'
import convert from 'koa-convert'

import router from './router'
import config from '../internals/config/private'
import { apiPrefix } from '../internals/config/public'

const app = new Koa()
const env = process.env.NODE_ENV || 'development'

// add header `X-Response-Time`
app.use(responseTime())
app.use(convert(logger()))

// various security headers
app.use(helmet())

const cacheOpts = { maxAge: 86400000, gzip: true }
app.use(favicon(path.join(__dirname, '../app/images/favicon.ico')))

if (env === 'production') {
  // set debug env to `koa` only
  // must be set programmaticaly for windows
  debug.enable('koa')

  // load production middleware
  app.use(require('koa-conditional-get')())
  app.use(convert(require('koa-etag')()))
  app.use(require('koa-compress')())

  app.use(mount('/assets', staticCache(path.join(__dirname, '../dist'), cacheOpts)))
  // mount static folder for SW

import Koa from 'koa'
import logger from 'koa-logger'
import helmet from 'koa-helmet'
import bodyParser from 'koa-bodyparser'

import './core/cleanup'
import './core/db'
import './subscribers/project'
import routes from './routes'

const app = new Koa()
app.use(logger())
app.use(helmet())
app.use(bodyParser())

app.use(routes)

app.on('error', err => console.error('e: ', err))

const port = process.env.PORT || 3020
app.listen(port)

export default app.listen()

const nextApp = next({
  dev,
  conf,
  dir:'./src'
});

const handle = nextApp.getRequestHandler();
router.ssrCache(nextApp)
router.nextRoute(handle);
const app = new Koa();

!dev ? app.use(logger()) : '';
app.use(bodyParser());
app.use(requestId());
app.use(helmet());
app.use(cors({
  exposeHeaders: ['X-Request-Id']
}));
app.use(responseHandler());

if (!module.parent) {
  nextApp.prepare()
    .then(() => {
      app.use(router.routes());
      app.use(router.allowedMethods());
      (async () => {
          let port = await getPort({port: [config[env].port, 3000, 3001, 3002]})
          app.listen(port, config[env].host, () => {
            log.info(`API server listening on ${config[env].host}:${port}, in ${env}`);
          });
      })();

*/

import Koa from 'koa'
import bodyParser from 'koa-bodyparser'
import helmet from 'koa-helmet'
import router from './routes'
import { errorHandler } from './middleware'

const app = new Koa()

if (app.env === 'development') {
  app.proxy = true
}

app.use(errorHandler())
app.use(helmet())
app.use(bodyParser())
app.use(router)

export default app

const ConfiguredKoa = ({
  maxApiRequestLimitForm,
  maxApiRequestLimitJson,
  loggingConfiguration,
}: Partial) =>
  new Koa()
    .use(errorHandling())
    .use(logger(createModuleLogger(loggingConfiguration)))
    .use(helmet(securityHeaders))
    .use(
      cors({
        origin: (ctx: any, next: any) => '*',
      }),
    )
    .use(
      bodyParser({
        formLimit: maxApiRequestLimitForm,
        jsonLimit: maxApiRequestLimitJson,
      }),
    )

helmet(config){
    if (config) {
      this.koa.use(helmet(config));
    }
    return this
  }