Browse Source

add helmet, generic-ize cookie name

Rich Brown 10 months ago
parent
commit
8da12b9e91
3 changed files with 189 additions and 58 deletions
  1. 173
    57
      package-lock.json
  2. 1
    0
      package.json
  3. 15
    1
      src/index.js

+ 173
- 57
package-lock.json View File

@@ -628,22 +628,22 @@
628 628
     },
629 629
     "babel-plugin-syntax-async-functions": {
630 630
       "version": "6.13.0",
631
-      "resolved": "https://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz",
631
+      "resolved": "http://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz",
632 632
       "integrity": "sha1-ytnK0RkbWtY0vzCuCHI5HgZHvpU="
633 633
     },
634 634
     "babel-plugin-syntax-class-properties": {
635 635
       "version": "6.13.0",
636
-      "resolved": "https://registry.npmjs.org/babel-plugin-syntax-class-properties/-/babel-plugin-syntax-class-properties-6.13.0.tgz",
636
+      "resolved": "http://registry.npmjs.org/babel-plugin-syntax-class-properties/-/babel-plugin-syntax-class-properties-6.13.0.tgz",
637 637
       "integrity": "sha1-1+sjt5oxf4VDlixQW4J8fWysJ94="
638 638
     },
639 639
     "babel-plugin-syntax-exponentiation-operator": {
640 640
       "version": "6.13.0",
641
-      "resolved": "https://registry.npmjs.org/babel-plugin-syntax-exponentiation-operator/-/babel-plugin-syntax-exponentiation-operator-6.13.0.tgz",
641
+      "resolved": "http://registry.npmjs.org/babel-plugin-syntax-exponentiation-operator/-/babel-plugin-syntax-exponentiation-operator-6.13.0.tgz",
642 642
       "integrity": "sha1-nufoM3KQ2pUoggGmpX9BcDF4MN4="
643 643
     },
644 644
     "babel-plugin-syntax-object-rest-spread": {
645 645
       "version": "6.13.0",
646
-      "resolved": "https://registry.npmjs.org/babel-plugin-syntax-object-rest-spread/-/babel-plugin-syntax-object-rest-spread-6.13.0.tgz",
646
+      "resolved": "http://registry.npmjs.org/babel-plugin-syntax-object-rest-spread/-/babel-plugin-syntax-object-rest-spread-6.13.0.tgz",
647 647
       "integrity": "sha1-/WU28rzhODb/o6VFjEkDpZe7O/U="
648 648
     },
649 649
     "babel-plugin-syntax-trailing-function-commas": {
@@ -1285,7 +1285,7 @@
1285 1285
     },
1286 1286
     "browserify-aes": {
1287 1287
       "version": "1.2.0",
1288
-      "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
1288
+      "resolved": "http://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz",
1289 1289
       "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==",
1290 1290
       "requires": {
1291 1291
         "buffer-xor": "^1.0.3",
@@ -1319,7 +1319,7 @@
1319 1319
     },
1320 1320
     "browserify-rsa": {
1321 1321
       "version": "4.0.1",
1322
-      "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
1322
+      "resolved": "http://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
1323 1323
       "integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=",
1324 1324
       "requires": {
1325 1325
         "bn.js": "^4.1.0",
@@ -1364,7 +1364,7 @@
1364 1364
     },
1365 1365
     "buffer": {
1366 1366
       "version": "4.9.1",
1367
-      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
1367
+      "resolved": "http://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
1368 1368
       "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=",
1369 1369
       "requires": {
1370 1370
         "base64-js": "^1.0.2",
@@ -1451,6 +1451,11 @@
1451 1451
       "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-4.1.0.tgz",
1452 1452
       "integrity": "sha1-1UVjW+HjPFQmScaRc+Xeas+uNN0="
1453 1453
     },
1454
+    "camelize": {
1455
+      "version": "1.0.0",
1456
+      "resolved": "https://registry.npmjs.org/camelize/-/camelize-1.0.0.tgz",
1457
+      "integrity": "sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs="
1458
+    },
1454 1459
     "caniuse-lite": {
1455 1460
       "version": "1.0.30000967",
1456 1461
       "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000967.tgz",
@@ -1477,7 +1482,7 @@
1477 1482
     },
1478 1483
     "chalk": {
1479 1484
       "version": "1.1.3",
1480
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
1485
+      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
1481 1486
       "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
1482 1487
       "requires": {
1483 1488
         "ansi-styles": "^2.2.1",
@@ -1727,6 +1732,11 @@
1727 1732
       "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz",
1728 1733
       "integrity": "sha1-DPaLud318r55YcOoUXjLhdunjLQ="
1729 1734
     },
1735
+    "content-security-policy-builder": {
1736
+      "version": "2.0.0",
1737
+      "resolved": "https://registry.npmjs.org/content-security-policy-builder/-/content-security-policy-builder-2.0.0.tgz",
1738
+      "integrity": "sha512-j+Nhmj1yfZAikJLImCvPJFE29x/UuBi+/MWqggGGc515JKaZrjuei2RhULJmy0MsstW3E3htl002bwmBNMKr7w=="
1739
+    },
1730 1740
     "content-type": {
1731 1741
       "version": "1.0.4",
1732 1742
       "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
@@ -1793,7 +1803,7 @@
1793 1803
     },
1794 1804
     "create-hash": {
1795 1805
       "version": "1.2.0",
1796
-      "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
1806
+      "resolved": "http://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
1797 1807
       "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==",
1798 1808
       "requires": {
1799 1809
         "cipher-base": "^1.0.1",
@@ -1805,7 +1815,7 @@
1805 1815
     },
1806 1816
     "create-hmac": {
1807 1817
       "version": "1.1.7",
1808
-      "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
1818
+      "resolved": "http://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz",
1809 1819
       "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==",
1810 1820
       "requires": {
1811 1821
         "cipher-base": "^1.0.3",
@@ -1884,6 +1894,11 @@
1884 1894
         "assert-plus": "^1.0.0"
1885 1895
       }
1886 1896
     },
1897
+    "dasherize": {
1898
+      "version": "2.0.0",
1899
+      "resolved": "https://registry.npmjs.org/dasherize/-/dasherize-2.0.0.tgz",
1900
+      "integrity": "sha1-bYCcnNDPe7iVLYD8hPoT1H3bEwg="
1901
+    },
1887 1902
     "data-urls": {
1888 1903
       "version": "1.1.0",
1889 1904
       "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-1.1.0.tgz",
@@ -2051,7 +2066,7 @@
2051 2066
     },
2052 2067
     "diffie-hellman": {
2053 2068
       "version": "5.0.3",
2054
-      "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
2069
+      "resolved": "http://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz",
2055 2070
       "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==",
2056 2071
       "requires": {
2057 2072
         "bn.js": "^4.1.0",
@@ -2059,6 +2074,11 @@
2059 2074
         "randombytes": "^2.0.0"
2060 2075
       }
2061 2076
     },
2077
+    "dns-prefetch-control": {
2078
+      "version": "0.1.0",
2079
+      "resolved": "https://registry.npmjs.org/dns-prefetch-control/-/dns-prefetch-control-0.1.0.tgz",
2080
+      "integrity": "sha1-YN20V3dOF48flBXwyrsOhbCzALI="
2081
+    },
2062 2082
     "doctrine": {
2063 2083
       "version": "3.0.0",
2064 2084
       "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
@@ -2081,6 +2101,11 @@
2081 2101
         "webidl-conversions": "^4.0.2"
2082 2102
       }
2083 2103
     },
2104
+    "dont-sniff-mimetype": {
2105
+      "version": "1.0.0",
2106
+      "resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.0.0.tgz",
2107
+      "integrity": "sha1-WTKJDcn04vGeXrAqIAJuXl78j1g="
2108
+    },
2084 2109
     "dot-prop": {
2085 2110
       "version": "4.2.0",
2086 2111
       "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz",
@@ -2768,6 +2793,11 @@
2768 2793
         }
2769 2794
       }
2770 2795
     },
2796
+    "expect-ct": {
2797
+      "version": "0.2.0",
2798
+      "resolved": "https://registry.npmjs.org/expect-ct/-/expect-ct-0.2.0.tgz",
2799
+      "integrity": "sha512-6SK3MG/Bbhm8MsgyJAylg+ucIOU71/FzyFalcfu5nY19dH8y/z0tBJU0wrNBXD4B27EoQtqPF/9wqH0iYAd04g=="
2800
+    },
2771 2801
     "express": {
2772 2802
       "version": "4.16.4",
2773 2803
       "resolved": "https://registry.npmjs.org/express/-/express-4.16.4.tgz",
@@ -2980,6 +3010,11 @@
2980 3010
       "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
2981 3011
       "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc="
2982 3012
     },
3013
+    "feature-policy": {
3014
+      "version": "0.3.0",
3015
+      "resolved": "https://registry.npmjs.org/feature-policy/-/feature-policy-0.3.0.tgz",
3016
+      "integrity": "sha512-ZtijOTFN7TzCujt1fnNhfWPFPSHeZkesff9AXZj+UEjYBynWNUIYpC87Ve4wHzyexQsImicLu7WsC2LHq7/xrQ=="
3017
+    },
2983 3018
     "figures": {
2984 3019
       "version": "2.0.0",
2985 3020
       "resolved": "https://registry.npmjs.org/figures/-/figures-2.0.0.tgz",
@@ -3021,7 +3056,7 @@
3021 3056
     },
3022 3057
     "finalhandler": {
3023 3058
       "version": "1.1.1",
3024
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.1.tgz",
3059
+      "resolved": "http://registry.npmjs.org/finalhandler/-/finalhandler-1.1.1.tgz",
3025 3060
       "integrity": "sha512-Y1GUDo39ez4aHAw7MysnUD5JzYX+WaIj8I57kO3aEPT1fFRL4sr7mjei97FgnwhAyyzRYmQZaTHb2+9uZ1dPtg==",
3026 3061
       "requires": {
3027 3062
         "debug": "2.6.9",
@@ -3139,6 +3174,11 @@
3139 3174
         "map-cache": "^0.2.2"
3140 3175
       }
3141 3176
     },
3177
+    "frameguard": {
3178
+      "version": "3.1.0",
3179
+      "resolved": "https://registry.npmjs.org/frameguard/-/frameguard-3.1.0.tgz",
3180
+      "integrity": "sha512-TxgSKM+7LTA6sidjOiSZK9wxY0ffMPY3Wta//MqwmX0nZuEHc8QrkV8Fh3ZhMJeiH+Uyh/tcaarImRy8u77O7g=="
3181
+    },
3142 3182
     "fresh": {
3143 3183
       "version": "0.5.2",
3144 3184
       "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
@@ -3177,8 +3217,7 @@
3177 3217
         },
3178 3218
         "ansi-regex": {
3179 3219
           "version": "2.1.1",
3180
-          "bundled": true,
3181
-          "optional": true
3220
+          "bundled": true
3182 3221
         },
3183 3222
         "aproba": {
3184 3223
           "version": "1.2.0",
@@ -3196,13 +3235,11 @@
3196 3235
         },
3197 3236
         "balanced-match": {
3198 3237
           "version": "1.0.0",
3199
-          "bundled": true,
3200
-          "optional": true
3238
+          "bundled": true
3201 3239
         },
3202 3240
         "brace-expansion": {
3203 3241
           "version": "1.1.11",
3204 3242
           "bundled": true,
3205
-          "optional": true,
3206 3243
           "requires": {
3207 3244
             "balanced-match": "^1.0.0",
3208 3245
             "concat-map": "0.0.1"
@@ -3215,18 +3252,15 @@
3215 3252
         },
3216 3253
         "code-point-at": {
3217 3254
           "version": "1.1.0",
3218
-          "bundled": true,
3219
-          "optional": true
3255
+          "bundled": true
3220 3256
         },
3221 3257
         "concat-map": {
3222 3258
           "version": "0.0.1",
3223
-          "bundled": true,
3224
-          "optional": true
3259
+          "bundled": true
3225 3260
         },
3226 3261
         "console-control-strings": {
3227 3262
           "version": "1.1.0",
3228
-          "bundled": true,
3229
-          "optional": true
3263
+          "bundled": true
3230 3264
         },
3231 3265
         "core-util-is": {
3232 3266
           "version": "1.0.2",
@@ -3329,8 +3363,7 @@
3329 3363
         },
3330 3364
         "inherits": {
3331 3365
           "version": "2.0.3",
3332
-          "bundled": true,
3333
-          "optional": true
3366
+          "bundled": true
3334 3367
         },
3335 3368
         "ini": {
3336 3369
           "version": "1.3.5",
@@ -3340,7 +3373,6 @@
3340 3373
         "is-fullwidth-code-point": {
3341 3374
           "version": "1.0.0",
3342 3375
           "bundled": true,
3343
-          "optional": true,
3344 3376
           "requires": {
3345 3377
             "number-is-nan": "^1.0.0"
3346 3378
           }
@@ -3353,20 +3385,17 @@
3353 3385
         "minimatch": {
3354 3386
           "version": "3.0.4",
3355 3387
           "bundled": true,
3356
-          "optional": true,
3357 3388
           "requires": {
3358 3389
             "brace-expansion": "^1.1.7"
3359 3390
           }
3360 3391
         },
3361 3392
         "minimist": {
3362 3393
           "version": "0.0.8",
3363
-          "bundled": true,
3364
-          "optional": true
3394
+          "bundled": true
3365 3395
         },
3366 3396
         "minipass": {
3367 3397
           "version": "2.3.5",
3368 3398
           "bundled": true,
3369
-          "optional": true,
3370 3399
           "requires": {
3371 3400
             "safe-buffer": "^5.1.2",
3372 3401
             "yallist": "^3.0.0"
@@ -3383,7 +3412,6 @@
3383 3412
         "mkdirp": {
3384 3413
           "version": "0.5.1",
3385 3414
           "bundled": true,
3386
-          "optional": true,
3387 3415
           "requires": {
3388 3416
             "minimist": "0.0.8"
3389 3417
           }
@@ -3456,8 +3484,7 @@
3456 3484
         },
3457 3485
         "number-is-nan": {
3458 3486
           "version": "1.0.1",
3459
-          "bundled": true,
3460
-          "optional": true
3487
+          "bundled": true
3461 3488
         },
3462 3489
         "object-assign": {
3463 3490
           "version": "4.1.1",
@@ -3467,7 +3494,6 @@
3467 3494
         "once": {
3468 3495
           "version": "1.4.0",
3469 3496
           "bundled": true,
3470
-          "optional": true,
3471 3497
           "requires": {
3472 3498
             "wrappy": "1"
3473 3499
           }
@@ -3543,8 +3569,7 @@
3543 3569
         },
3544 3570
         "safe-buffer": {
3545 3571
           "version": "5.1.2",
3546
-          "bundled": true,
3547
-          "optional": true
3572
+          "bundled": true
3548 3573
         },
3549 3574
         "safer-buffer": {
3550 3575
           "version": "2.1.2",
@@ -3574,7 +3599,6 @@
3574 3599
         "string-width": {
3575 3600
           "version": "1.0.2",
3576 3601
           "bundled": true,
3577
-          "optional": true,
3578 3602
           "requires": {
3579 3603
             "code-point-at": "^1.0.0",
3580 3604
             "is-fullwidth-code-point": "^1.0.0",
@@ -3592,7 +3616,6 @@
3592 3616
         "strip-ansi": {
3593 3617
           "version": "3.0.1",
3594 3618
           "bundled": true,
3595
-          "optional": true,
3596 3619
           "requires": {
3597 3620
             "ansi-regex": "^2.0.0"
3598 3621
           }
@@ -3631,13 +3654,11 @@
3631 3654
         },
3632 3655
         "wrappy": {
3633 3656
           "version": "1.0.2",
3634
-          "bundled": true,
3635
-          "optional": true
3657
+          "bundled": true
3636 3658
         },
3637 3659
         "yallist": {
3638 3660
           "version": "3.0.3",
3639
-          "bundled": true,
3640
-          "optional": true
3661
+          "bundled": true
3641 3662
         }
3642 3663
       }
3643 3664
     },
@@ -3724,7 +3745,7 @@
3724 3745
     },
3725 3746
     "got": {
3726 3747
       "version": "6.7.1",
3727
-      "resolved": "https://registry.npmjs.org/got/-/got-6.7.1.tgz",
3748
+      "resolved": "http://registry.npmjs.org/got/-/got-6.7.1.tgz",
3728 3749
       "integrity": "sha1-JAzQV4WpoY5WHcG0S0HHY+8ejbA=",
3729 3750
       "requires": {
3730 3751
         "create-error-class": "^3.0.0",
@@ -3834,6 +3855,56 @@
3834 3855
         "minimalistic-assert": "^1.0.1"
3835 3856
       }
3836 3857
     },
3858
+    "helmet": {
3859
+      "version": "3.18.0",
3860
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-3.18.0.tgz",
3861
+      "integrity": "sha512-TsKlGE5UVkV0NiQ4PllV9EVfZklPjyzcMEMjWlyI/8S6epqgRT+4s4GHVgc25x0TixsKvp3L7c91HQQt5l0+QA==",
3862
+      "requires": {
3863
+        "depd": "2.0.0",
3864
+        "dns-prefetch-control": "0.1.0",
3865
+        "dont-sniff-mimetype": "1.0.0",
3866
+        "expect-ct": "0.2.0",
3867
+        "feature-policy": "0.3.0",
3868
+        "frameguard": "3.1.0",
3869
+        "helmet-crossdomain": "0.3.0",
3870
+        "helmet-csp": "2.7.1",
3871
+        "hide-powered-by": "1.0.0",
3872
+        "hpkp": "2.0.0",
3873
+        "hsts": "2.2.0",
3874
+        "ienoopen": "1.1.0",
3875
+        "nocache": "2.1.0",
3876
+        "referrer-policy": "1.2.0",
3877
+        "x-xss-protection": "1.1.0"
3878
+      },
3879
+      "dependencies": {
3880
+        "depd": {
3881
+          "version": "2.0.0",
3882
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
3883
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
3884
+        }
3885
+      }
3886
+    },
3887
+    "helmet-crossdomain": {
3888
+      "version": "0.3.0",
3889
+      "resolved": "https://registry.npmjs.org/helmet-crossdomain/-/helmet-crossdomain-0.3.0.tgz",
3890
+      "integrity": "sha512-YiXhj0E35nC4Na5EPE4mTfoXMf9JTGpN4OtB4aLqShKuH9d2HNaJX5MQoglO6STVka0uMsHyG5lCut5Kzsy7Lg=="
3891
+    },
3892
+    "helmet-csp": {
3893
+      "version": "2.7.1",
3894
+      "resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.7.1.tgz",
3895
+      "integrity": "sha512-sCHwywg4daQ2mY0YYwXSZRsgcCeerUwxMwNixGA7aMLkVmPTYBl7gJoZDHOZyXkqPrtuDT3s2B1A+RLI7WxSdQ==",
3896
+      "requires": {
3897
+        "camelize": "1.0.0",
3898
+        "content-security-policy-builder": "2.0.0",
3899
+        "dasherize": "2.0.0",
3900
+        "platform": "1.3.5"
3901
+      }
3902
+    },
3903
+    "hide-powered-by": {
3904
+      "version": "1.0.0",
3905
+      "resolved": "https://registry.npmjs.org/hide-powered-by/-/hide-powered-by-1.0.0.tgz",
3906
+      "integrity": "sha1-SoWtZYgfYoV/xwr3F0oRhNzM4ys="
3907
+    },
3837 3908
     "hmac-drbg": {
3838 3909
       "version": "1.0.1",
3839 3910
       "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz",
@@ -3858,6 +3929,26 @@
3858 3929
       "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.7.1.tgz",
3859 3930
       "integrity": "sha512-7T/BxH19zbcCTa8XkMlbK5lTo1WtgkFi3GvdWEyNuc4Vex7/9Dqbnpsf4JMydcfj9HCg4zUWFTL3Za6lapg5/w=="
3860 3931
     },
3932
+    "hpkp": {
3933
+      "version": "2.0.0",
3934
+      "resolved": "https://registry.npmjs.org/hpkp/-/hpkp-2.0.0.tgz",
3935
+      "integrity": "sha1-EOFCJk52IVpdMMROxD3mTe5tFnI="
3936
+    },
3937
+    "hsts": {
3938
+      "version": "2.2.0",
3939
+      "resolved": "https://registry.npmjs.org/hsts/-/hsts-2.2.0.tgz",
3940
+      "integrity": "sha512-ToaTnQ2TbJkochoVcdXYm4HOCliNozlviNsg+X2XQLQvZNI/kCHR9rZxVYpJB3UPcHz80PgxRyWQ7PdU1r+VBQ==",
3941
+      "requires": {
3942
+        "depd": "2.0.0"
3943
+      },
3944
+      "dependencies": {
3945
+        "depd": {
3946
+          "version": "2.0.0",
3947
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
3948
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
3949
+        }
3950
+      }
3951
+    },
3861 3952
     "html-encoding-sniffer": {
3862 3953
       "version": "1.0.2",
3863 3954
       "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-1.0.2.tgz",
@@ -3868,7 +3959,7 @@
3868 3959
     },
3869 3960
     "http-errors": {
3870 3961
       "version": "1.6.3",
3871
-      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
3962
+      "resolved": "http://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
3872 3963
       "integrity": "sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0=",
3873 3964
       "requires": {
3874 3965
         "depd": "~1.1.2",
@@ -3905,6 +3996,11 @@
3905 3996
       "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz",
3906 3997
       "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg=="
3907 3998
     },
3999
+    "ienoopen": {
4000
+      "version": "1.1.0",
4001
+      "resolved": "https://registry.npmjs.org/ienoopen/-/ienoopen-1.1.0.tgz",
4002
+      "integrity": "sha512-MFs36e/ca6ohEKtinTJ5VvAJ6oDRAYFdYXweUnGY9L9vcoqFOU4n2ZhmJ0C4z/cwGZ3YIQRSB3XZ1+ghZkY5NQ=="
4003
+    },
3908 4004
     "ignore": {
3909 4005
       "version": "4.0.6",
3910 4006
       "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
@@ -4207,7 +4303,7 @@
4207 4303
     },
4208 4304
     "is-obj": {
4209 4305
       "version": "1.0.1",
4210
-      "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
4306
+      "resolved": "http://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
4211 4307
       "integrity": "sha1-PkcprB9f3gJc19g6iW2rn09n2w8="
4212 4308
     },
4213 4309
     "is-path-inside": {
@@ -4381,7 +4477,7 @@
4381 4477
     },
4382 4478
     "json5": {
4383 4479
       "version": "0.5.1",
4384
-      "resolved": "https://registry.npmjs.org/json5/-/json5-0.5.1.tgz",
4480
+      "resolved": "http://registry.npmjs.org/json5/-/json5-0.5.1.tgz",
4385 4481
       "integrity": "sha1-Hq3nrMASA0rYTiOWdn6tn6VJWCE="
4386 4482
     },
4387 4483
     "jsprim": {
@@ -4451,7 +4547,7 @@
4451 4547
     },
4452 4548
     "load-json-file": {
4453 4549
       "version": "2.0.0",
4454
-      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-2.0.0.tgz",
4550
+      "resolved": "http://registry.npmjs.org/load-json-file/-/load-json-file-2.0.0.tgz",
4455 4551
       "integrity": "sha1-eUfkIUmvgNaWy/eXvKq8/h/inKg=",
4456 4552
       "requires": {
4457 4553
         "graceful-fs": "^4.1.2",
@@ -4726,7 +4822,7 @@
4726 4822
     },
4727 4823
     "minimist": {
4728 4824
       "version": "0.0.8",
4729
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
4825
+      "resolved": "http://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
4730 4826
       "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
4731 4827
     },
4732 4828
     "mixin-deep": {
@@ -4750,7 +4846,7 @@
4750 4846
     },
4751 4847
     "mkdirp": {
4752 4848
       "version": "0.5.1",
4753
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
4849
+      "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
4754 4850
       "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
4755 4851
       "requires": {
4756 4852
         "minimist": "0.0.8"
@@ -4858,6 +4954,11 @@
4858 4954
       "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==",
4859 4955
       "dev": true
4860 4956
     },
4957
+    "nocache": {
4958
+      "version": "2.1.0",
4959
+      "resolved": "https://registry.npmjs.org/nocache/-/nocache-2.1.0.tgz",
4960
+      "integrity": "sha512-0L9FvHG3nfnnmaEQPjT9xhfN4ISk0A8/2j4M37Np4mcDesJjHgEUfgPhdCyZuFI954tjokaIj/A3NdpFNdEh4Q=="
4961
+    },
4861 4962
     "node-libs-browser": {
4862 4963
       "version": "2.2.0",
4863 4964
       "resolved": "https://registry.npmjs.org/node-libs-browser/-/node-libs-browser-2.2.0.tgz",
@@ -5308,6 +5409,11 @@
5308 5409
         "find-up": "^2.1.0"
5309 5410
       }
5310 5411
     },
5412
+    "platform": {
5413
+      "version": "1.3.5",
5414
+      "resolved": "https://registry.npmjs.org/platform/-/platform-1.3.5.tgz",
5415
+      "integrity": "sha512-TuvHS8AOIZNAlE77WUDiR4rySV/VMptyMfcfeoMgs4P8apaZM3JrnbzBiixKUv+XR6i+BXrQh8WAnjaSPFO65Q=="
5416
+    },
5311 5417
     "pn": {
5312 5418
       "version": "1.1.0",
5313 5419
       "resolved": "https://registry.npmjs.org/pn/-/pn-1.1.0.tgz",
@@ -5478,7 +5584,7 @@
5478 5584
       "dependencies": {
5479 5585
         "minimist": {
5480 5586
           "version": "1.2.0",
5481
-          "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
5587
+          "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
5482 5588
           "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ="
5483 5589
         }
5484 5590
       }
@@ -5510,7 +5616,7 @@
5510 5616
     },
5511 5617
     "readable-stream": {
5512 5618
       "version": "2.3.6",
5513
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
5619
+      "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
5514 5620
       "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
5515 5621
       "requires": {
5516 5622
         "core-util-is": "~1.0.0",
@@ -5532,6 +5638,11 @@
5532 5638
         "readable-stream": "^2.0.2"
5533 5639
       }
5534 5640
     },
5641
+    "referrer-policy": {
5642
+      "version": "1.2.0",
5643
+      "resolved": "https://registry.npmjs.org/referrer-policy/-/referrer-policy-1.2.0.tgz",
5644
+      "integrity": "sha512-LgQJIuS6nAy1Jd88DCQRemyE3mS+ispwlqMk3b0yjZ257fI1v9c+/p6SD5gP5FGyXUIgrNOAfmyioHwZtYv2VA=="
5645
+    },
5535 5646
     "regenerate": {
5536 5647
       "version": "1.4.0",
5537 5648
       "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.0.tgz",
@@ -5957,7 +6068,7 @@
5957 6068
     },
5958 6069
     "sha.js": {
5959 6070
       "version": "2.4.11",
5960
-      "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
6071
+      "resolved": "http://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz",
5961 6072
       "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==",
5962 6073
       "requires": {
5963 6074
         "inherits": "^2.0.1",
@@ -6320,7 +6431,7 @@
6320 6431
     },
6321 6432
     "strip-ansi": {
6322 6433
       "version": "3.0.1",
6323
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
6434
+      "resolved": "http://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
6324 6435
       "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
6325 6436
       "requires": {
6326 6437
         "ansi-regex": "^2.0.0"
@@ -6412,7 +6523,7 @@
6412 6523
     },
6413 6524
     "through": {
6414 6525
       "version": "2.3.8",
6415
-      "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
6526
+      "resolved": "http://registry.npmjs.org/through/-/through-2.3.8.tgz",
6416 6527
       "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=",
6417 6528
       "dev": true
6418 6529
     },
@@ -6579,7 +6690,7 @@
6579 6690
         },
6580 6691
         "yargs": {
6581 6692
           "version": "3.10.0",
6582
-          "resolved": "https://registry.npmjs.org/yargs/-/yargs-3.10.0.tgz",
6693
+          "resolved": "http://registry.npmjs.org/yargs/-/yargs-3.10.0.tgz",
6583 6694
           "integrity": "sha1-9+572FfdfB0tOMDnTvvWgdFDH9E=",
6584 6695
           "requires": {
6585 6696
             "camelcase": "^1.0.2",
@@ -6939,7 +7050,7 @@
6939 7050
     },
6940 7051
     "webpack-node-externals": {
6941 7052
       "version": "1.7.2",
6942
-      "resolved": "https://registry.npmjs.org/webpack-node-externals/-/webpack-node-externals-1.7.2.tgz",
7053
+      "resolved": "http://registry.npmjs.org/webpack-node-externals/-/webpack-node-externals-1.7.2.tgz",
6943 7054
       "integrity": "sha512-ajerHZ+BJKeCLviLUUmnyd5B4RavLF76uv3cs6KNuO8W+HuQaEs0y0L7o40NQxdPy5w0pcv8Ew7yPUAQG0UdCg=="
6944 7055
     },
6945 7056
     "webpack-sources": {
@@ -7024,7 +7135,7 @@
7024 7135
     },
7025 7136
     "wrap-ansi": {
7026 7137
       "version": "2.1.0",
7027
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
7138
+      "resolved": "http://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
7028 7139
       "integrity": "sha1-2Pw9KE3QV5T+hJc8rs3Rz4JP3YU=",
7029 7140
       "requires": {
7030 7141
         "string-width": "^1.0.1",
@@ -7084,6 +7195,11 @@
7084 7195
         "async-limiter": "~1.0.0"
7085 7196
       }
7086 7197
     },
7198
+    "x-xss-protection": {
7199
+      "version": "1.1.0",
7200
+      "resolved": "https://registry.npmjs.org/x-xss-protection/-/x-xss-protection-1.1.0.tgz",
7201
+      "integrity": "sha512-rx3GzJlgEeZ08MIcDsU2vY2B1QEriUKJTSiNHHUIem6eg9pzVOr2TL3Y4Pd6TMAM5D5azGjcxqI62piITBDHVg=="
7202
+    },
7087 7203
     "xdg-basedir": {
7088 7204
       "version": "3.0.0",
7089 7205
       "resolved": "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-3.0.0.tgz",

+ 1
- 0
package.json View File

@@ -21,6 +21,7 @@
21 21
     "dotenv": "^6.0.0",
22 22
     "express": "^4.16.3",
23 23
     "express-session": "^1.16.1",
24
+    "helmet": "^3.18.0",
24 25
     "micropub-helper": "^1.6.1",
25 26
     "multer": "^1.4.1"
26 27
   },

+ 15
- 1
src/index.js View File

@@ -3,6 +3,7 @@ import cors from 'cors';
3 3
 // import compression from 'compression';
4 4
 import session from 'express-session';
5 5
 import CMS from 'connect-mongodb-session';
6
+import helmet from 'helmet';
6 7
 
7 8
 import { blogRouter } from '../routes/blog-router';
8 9
 import { genericRouter } from '../routes/generic-notify';
@@ -15,17 +16,21 @@ import { isMicropubTokenAuthed } from './funcs';
15 16
 const port = 8086;
16 17
 const app = express();
17 18
 
19
+app.use(helmet()); // TODO: new in security branch
20
+
18 21
 const MongoDBStore = CMS(session);
19 22
 const store = new MongoDBStore({
20 23
   uri: `mongodb+srv://colors_admin:${process.env.MONGO_PASSWORD}@cluster0-4udef.mongodb.net/test?retryWrites=true&w=majority`,
21 24
   databaseName: 'notifierDb',
22 25
   collection: 'sessions',
23 26
 }, (error) => {
27
+  // eslint-disable-next-line no-console
24 28
   if (error) console.log('MongoDBStore connection error: ', error);
25 29
 });
26 30
 
27 31
 // Catch errors
28 32
 store.on('error', (error) => {
33
+  // eslint-disable-next-line no-console
29 34
   console.log('store error:', error);
30 35
 });
31 36
 
@@ -35,14 +40,23 @@ const routesArray = ['/create', '/auth'];
35 40
 
36 41
 app.use(routesArray, session({
37 42
   secret: process.env.MONGO_PASSWORD, // dumb
43
+  name: 'sessionId', // TODO: new in security branch
38 44
   store,
39 45
   resave: false,
40 46
   saveUninitialized: false,
41 47
   cookie: { secure: false, maxAge: 1000 * 60 * 60 * 3, sameSite: false },
48
+  // TODO: i think i can't secure cookie bc Apache proxies to http://localhost:8086
42 49
 }));
43 50
 
44 51
 app.use((req, res, next) => {
45
-  console.log(req.session.cookie.expires);
52
+  // TODO: if part is new in security branch
53
+  if (req.session.cookie) {
54
+    // eslint-disable-next-line no-console
55
+    console.log(req.session.cookie.expires);
56
+  } else {
57
+    // eslint-disable-next-line no-console
58
+    console.log('no req.session.cookie');
59
+  }
46 60
   next();
47 61
 });
48 62