1.0.1 • Published 4 years ago

vigor-node-security v1.0.1

Weekly downloads
-
License
MIT
Repository
bitbucket
Last release
4 years ago

vigor-node-security

What is this repository for?

  • Used to register cors, helmet, helmet-csp and other security middleware.
  • 1.0.0

How do I get set up?

Installation

To get started, simply NPM Install the module in the appropriate NodeJs Application using Express:

# Run the following commands in your terminal
# Navigate to the root directory of your application (fake path provided below)
cd ~/Repos/most-amazing-app-ever

# Install vigor-helmet-js as a project dependency and add it package.json
npm install --save @onevigor/vigor-node-security

Now that you have the dependency installed, you're ready to configure it with your application.

Configuration

Basic Configuration

Configuring vigor-node-securiy couldn't be easier, most of the time it will only require a single line of code.

Navigate to the file where your app initializes the application instance of express. Most often, it can be found within the root directory for your project and is likely named app.js. In some cases, the express may have been initialized inside server.js, both of these file names are conventional within the NodeJS community.

Some vigor repositories may also have initialized the express applicataion in app-init.js. If none of these files exist, run a search for express() and you should find what you're looking for.

After you have located the file where our application initializes an instance of an express application, we can wire-up vigor-node-security to ensure we protect our servers and clients from a number of malicous attacks.

Example: app.js

// Dependencies - NodeJS
const dotenv = require('dotenv').config()
const express = require('express')
const router = require('./router')

// Depenencies - vigor-node-security 
const vigorNodeSecurity = require('vigor-node-security')

// App Conifiguration
const PORT = process.PORT || 7000
const ENVIRONMENT = process.NODE_ENV || 'development'
const app = express()

/******** Register vigorNodeSecurity Middleware ********/
// Sets up CORS & Helmet for you
vigorNodeSecurity.init(app)

// Add any additional middleware you need 
// Routing
app.use('/', router)

/******** Register vigorNodeSecurityErrors Middleware ********/
// vigor-node-security throws Errors when CORS fails
// Register Error Handling Middleware included in the package
// OR write your own Error handler using the built Express
// Error Handling Middleware signature `(err, res, req, next) => {}`
vigorNodeSecurity.errors(app)

const server = app.listen(PORT, () => {
  console.log('************ SAMPLE SERVER ************')
  console.log('Test application of with vigor-node-security middleware succeeded')
})

module.exports = server

We must pass the application context to vigor-node-security as it invokes a number methods provided by the express.app() instance.

Advanced Configuration

The vigor-node-security module exports a function with the following CommonJS signature:

/**
  * @param app {expressApp} - Instance of an express application
  * @param config {Object} - A configuration object that will override the
  * default configuration of vigor-node-security
  * @param customRegistry {func} - An anonymous function that recieces one
  * argument, which is passed a reference to express.app()
*/
module.export = function(app, config, custumRegistry) {
  ...
}
config Object

The configuration object allows clients to override the default configuration and extend vigor-node-security with additional security-related middleware.

Dependencies

vigor-node-security uses a number of third-party security middleware modules, inlcuding:

  • cors
  • helmet
  • helmet-csp

Who do I talk to?

The repository owner at OneVigor is Matt Valli

onevigornodesecuritycorshelmet
corsdotenvexpressexpress-associationhelmet
1.0.2

4 years ago

1.0.1

4 years ago

1.0.0

4 years ago