vigor-node-security v1.0.1
vigor-node-security
What is this repository for?
- Used to register
cors
,helmet
,helmet-csp
and other security middleware. - 1.0.0
How do I get set up?
Installation
To get started, simply NPM Install the module in the appropriate NodeJs
Application using Express
:
# Run the following commands in your terminal
# Navigate to the root directory of your application (fake path provided below)
cd ~/Repos/most-amazing-app-ever
# Install vigor-helmet-js as a project dependency and add it package.json
npm install --save @onevigor/vigor-node-security
Now that you have the dependency installed, you're ready to configure it with your application.
Configuration
Basic Configuration
Configuring vigor-node-securiy couldn't be easier, most of the time it will only require a single line of code.
Navigate to the file where your app initializes the application instance of express
. Most often, it can be found within
the root directory for your project and is likely named app.js
. In some cases, the express
may have been initialized
inside server.js
, both of these file names are conventional within the NodeJS community.
Some vigor
repositories may also have initialized the express
applicataion in app-init.js
. If none of these files
exist, run a search for express()
and you should find what you're looking for.
After you have located the file where our application initializes an instance of an express
application, we can wire-up
vigor-node-security
to ensure we protect our servers and clients from a number of malicous attacks.
Example: app.js
// Dependencies - NodeJS
const dotenv = require('dotenv').config()
const express = require('express')
const router = require('./router')
// Depenencies - vigor-node-security
const vigorNodeSecurity = require('vigor-node-security')
// App Conifiguration
const PORT = process.PORT || 7000
const ENVIRONMENT = process.NODE_ENV || 'development'
const app = express()
/******** Register vigorNodeSecurity Middleware ********/
// Sets up CORS & Helmet for you
vigorNodeSecurity.init(app)
// Add any additional middleware you need
// Routing
app.use('/', router)
/******** Register vigorNodeSecurityErrors Middleware ********/
// vigor-node-security throws Errors when CORS fails
// Register Error Handling Middleware included in the package
// OR write your own Error handler using the built Express
// Error Handling Middleware signature `(err, res, req, next) => {}`
vigorNodeSecurity.errors(app)
const server = app.listen(PORT, () => {
console.log('************ SAMPLE SERVER ************')
console.log('Test application of with vigor-node-security middleware succeeded')
})
module.exports = server
We must pass the application context to vigor-node-security
as it invokes a number methods provided by the express.app()
instance.
Advanced Configuration
The vigor-node-security
module exports a function with the following CommonJS signature:
/**
* @param app {expressApp} - Instance of an express application
* @param config {Object} - A configuration object that will override the
* default configuration of vigor-node-security
* @param customRegistry {func} - An anonymous function that recieces one
* argument, which is passed a reference to express.app()
*/
module.export = function(app, config, custumRegistry) {
...
}
config Object
The configuration object allows clients to override the default configuration and extend vigor-node-security
with additional
security-related middleware.
Dependencies
vigor-node-security
uses a number of third-party security middleware modules, inlcuding:
- cors
- helmet
- helmet-csp
Who do I talk to?
The repository owner at OneVigor is Matt Valli