Moved middleware/ & schemas/ into api/.
This commit is contained in:
17
api/middleware/mustBeAuthenticated.js
Normal file
17
api/middleware/mustBeAuthenticated.js
Normal file
@@ -0,0 +1,17 @@
|
||||
const mustBeAuthenticated = (req, res, next) => {
|
||||
if (process.env.NODE_ENV == "development") {
|
||||
console.info(`Restricted endpoint ${req.originalUrl}, but running in dev mode.`)
|
||||
return next();
|
||||
}
|
||||
|
||||
if (!req.isAuthenticated()) {
|
||||
return res.status(401).send({
|
||||
success: false,
|
||||
message: "Du må være logget inn."
|
||||
});
|
||||
}
|
||||
|
||||
return next();
|
||||
};
|
||||
|
||||
module.exports = mustBeAuthenticated;
|
||||
6
api/middleware/setAdminHeaderIfAuthenticated.js
Normal file
6
api/middleware/setAdminHeaderIfAuthenticated.js
Normal file
@@ -0,0 +1,6 @@
|
||||
const setAdminHeaderIfAuthenticated = (req, res, next) => {
|
||||
res.set("Vinlottis-Admin", req.isAuthenticated());
|
||||
return next();
|
||||
};
|
||||
|
||||
module.exports = setAdminHeaderIfAuthenticated;
|
||||
6
api/middleware/setupCORS.js
Normal file
6
api/middleware/setupCORS.js
Normal file
@@ -0,0 +1,6 @@
|
||||
const openCORS = (req, res, next) => {
|
||||
res.set("Access-Control-Allow-Origin", "*")
|
||||
return next();
|
||||
};
|
||||
|
||||
module.exports = openCORS;
|
||||
37
api/middleware/setupHeaders.js
Normal file
37
api/middleware/setupHeaders.js
Normal file
@@ -0,0 +1,37 @@
|
||||
const camelToKebabCase = str => str.replace(/[A-Z]/g, letter => `-${letter.toLowerCase()}`);
|
||||
|
||||
const mapFeaturePolicyToString = (features) => {
|
||||
return Object.entries(features).map(([key, value]) => {
|
||||
key = camelToKebabCase(key)
|
||||
value = value == "*" ? value : `'${ value }'`
|
||||
return `${key} ${value}`
|
||||
}).join("; ")
|
||||
}
|
||||
|
||||
const setupHeaders = (req, res, next) => {
|
||||
res.set("Access-Control-Allow-Headers", "Content-Type")
|
||||
|
||||
// Security
|
||||
res.set("X-Content-Type-Options", "nosniff");
|
||||
res.set("X-XSS-Protection", "1; mode=block");
|
||||
res.set("X-Frame-Options", "SAMEORIGIN");
|
||||
res.set("X-DNS-Prefetch-Control", "off");
|
||||
res.set("X-Download-Options", "noopen");
|
||||
res.set("Strict-Transport-Security", "max-age=15552000; includeSubDomains")
|
||||
|
||||
// Feature policy
|
||||
const features = {
|
||||
fullscreen: "*",
|
||||
payment: "none",
|
||||
microphone: "none",
|
||||
camera: "self",
|
||||
speaker: "*",
|
||||
syncXhr: "self"
|
||||
}
|
||||
const featureString = mapFeaturePolicyToString(features);
|
||||
res.set("Feature-Policy", featureString)
|
||||
|
||||
return next();
|
||||
}
|
||||
|
||||
module.exports = setupHeaders;
|
||||
Reference in New Issue
Block a user