adamp/cookie-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cookie-tracker/server/index.js
adamp a4ef21d099 Add security headers via helmet and improve rate limiting 
Add helmet middleware for security headers (CSP, X-Content-Type-Options,
X-Frame-Options, HSTS, Referrer-Policy) and disable X-Powered-By. Add a
global API rate limiter (100 req/min/IP) using express-rate-limit. Replace
the hand-rolled in-memory login rate limiter (~25 lines) with a dedicated
express-rate-limit instance (5 attempts/min/IP) on the login route.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 22:06:55 -06:00

68 lines
2.0 KiB
JavaScript
Raw Blame History

require('dotenv').config({ path: require('path').join(__dirname, '..', '.env') });
const express = require('express');
const cookieParser = require('cookie-parser');
const path = require('path');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const authRouter = require('./routes/auth');
const { authMiddleware } = require('./middleware/auth');
const productsRouter = require('./routes/products');
const customersRouter = require('./routes/customers');
const ordersRouter = require('./routes/orders');
const dashboardRouter = require('./routes/dashboard');
const reportsRouter = require('./routes/reports');
const app = express();
const PORT = process.env.PORT || 3002;
app.set('trust proxy', 1);
app.use(helmet());
if (process.env.NODE_ENV !== 'production') {
const cors = require('cors');
app.use(cors({ origin: 'http://localhost:5173', credentials: true }));
}
app.use(express.json());
app.use(cookieParser());
const apiLimiter = rateLimit({
windowMs: 60 * 1000,
max: 100,
standardHeaders: true,
legacyHeaders: false,
});
app.use('/api', apiLimiter);
app.use('/api/auth', authRouter);
app.use('/api', authMiddleware);
app.use('/api/products', productsRouter);
app.use('/api/customers', customersRouter);
app.use('/api/orders', ordersRouter);
app.use('/api/dashboard', dashboardRouter);
app.use('/api/reports', reportsRouter);
if (process.env.NODE_ENV === 'production') {
app.use(express.static(path.join(__dirname, '..', 'client', 'dist')));
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname, '..', 'client', 'dist', 'index.html'));
});
}
// Global error handler
app.use((err, req, res, next) => {
console.error(err.stack || err.message || err);
if (res.headersSent) return next(err);
res.status(500).json({ error: process.env.NODE_ENV === 'production' ? 'Internal server error' : err.message });
});
process.on('unhandledRejection', (reason) => {
console.error('Unhandled rejection:', reason);
});
app.listen(PORT, () => {
console.log(`Server running on http://localhost:${PORT}`);
});
Reference in New Issue View Git Blame Copy Permalink