@theriot.dev/middleware v0.1.5
@theriot.dev/middleware
This project provides a set of middleware to provide configurable functionality to an express app, including security protections, authentication, rate limiting, and internal error handling
Installation
npm install express # express is a peer dependency
npm install @theriot.dev/middleware
Import
import {
applyOne, # Used to apply one middleware
applyMany, # Used to apply an array of middleware
auth,
catch_errors,
cors,
csrf,
rate_limit,
session
} from '@theriot.dev/middleware'
Overview
applyOne:
Applies one piece of middleware to the express app
const app = express();
applyOne(app, cors());
applyMany:
Applies an array of middleware to the express app
const app = express();
applyMany(app, [
cors(),
catch_errors()
]);
auth
Allows routes to be protected using:
passport.authenticate('google-one-tap')
and to sign in using the callback route /oauth2/callback
The auth middleware has the following options:
serializeFn
: A function to serialize a user into the sessiondeserializeFn
: A function to deserialize a user from the sessionclientID
: Your google client idclientSecret
: Your google client secretverifyFn
: A function to authenticate a user from a google profile
import express from 'express';
import { applyOne auth } from '@theriot.dev/middleware';
const app = express();
applyOne(app, auth({
serializeFn: () => {...},
deserializeFn: () => {...},
clientID: '...',
clientSecret: '...',
verifyFn: () => {...}
}));
catch-errors
Allows errors to be captured and a default error response to be sent
The catch_errors middleware has the following options:
status
: The status code to send (default is500
)message
: The message to send (default isInternal Server Error
)
import express from 'express';
import { applyOne, catch_errors } from '@theriot.dev/middleware';
const app = express();
applyOne(app, catch_errors());
cors
A wrapper for the cors
middleware, takes only a single parameter defining a list of regex defining allowed origins
import express from 'express';
import { applyOne, cors } from '@theriot.dev/middleware';
const app = express();
applyOne(app, cors([
/localhost/,
/https?:\/\/my.domain.com(:4200)?/
]));
csrf
A wrapper for the csurf
middleware, takes a single parameter defining the route for the csrf cookie generator. This must be provided as /<your-route>:_form
, where :_form
is required verbatim
import express from 'express';
import { applyOne, csrf } from '@theriot.dev/middleware';
const app = express();
// $.get('/csrfForSubmit')
// $.post('...', {_csrf, _form: 'Submit'})
applyOne(app, csrf('/csrfFor:_form'));
rate-limit
A wrapper for the express-rate-limit
middleware, takes two parameters for
limit
: The amount of requests to allow (100
by default)windowMs
: The amount of time to create the window for, in milliseconds (1000
by default)
import express from 'express';
import { applyOne, rate_limit } from '@theriot.dev/middleware';
const app = express();
applyOne(app, rate_limit());
session
A wrapper for the express-session
middleware, and has the following options
secret
: The secret to encrypt the sessionstore
: The store implementation to use instead of the default MemoryStoresecure
: Whether the app is securing its cookies (https and httpOnly)
import express from 'express';
import { applyOne, session } from '@theriot.dev/middleware';
const app = express();
applyOne(app, session({
secret: '...',
store: new Store(...),
secure: true
}));
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago