Skip to content

Commit

Permalink
chore:
Browse files Browse the repository at this point in the history 
1. security update, added csrf middleware

Signed-off-by: Sukanya Rath <sukanyarath1987@gmail.com>
  • Loading branch information
@sukanya-rath
sukanya-rath committed Dec 21, 2023
1 parent 3091bf7 commit 9f751b3
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 0 deletions.
20 changes: 20 additions & 0 deletions backend/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions backend/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
"http-status-codes": "^2.3.0",
"jsonwebtoken": "^9.0.2",
"lodash": "^4.17.21",
"lusca": "^1.7.0",
"memory-cache": "^0.2.0",
"moment": "^2.29.4",
"morgan": "^1.10.0",
Expand Down
3 changes: 3 additions & 0 deletions backend/src/app.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ import prom from 'prom-client';
import prisma from './v1/prisma/prisma-client';
import { logger } from './logger';
import { rateLimit } from 'express-rate-limit';
import lusca from 'lusca';
const csrf = lusca.csrf;
const register = new prom.Registry();
prom.collectDefaultMetrics({ register });
const app = express();
Expand Down Expand Up @@ -70,6 +72,7 @@ if ('production' === config.get('environment')) {
app.set('trust proxy', 1);
}
app.use(session(sess));
app.use(csrf());
//initialize routing and session. Cookies are now only reachable via requests (not js)
app.use(passport.initialize());
app.use(passport.session());
Expand Down

0 comments on commit 9f751b3

Please sign in to comment.