Adding code to prevent attacks (#153)

Author: pranjals149

app.js

@@ -4,13 +4,15 @@ const morgan = require('morgan')
 const cookieParser = require('cookie-parser')
 const createError = require('http-errors')
 const path = require('path')
+
 const socket = require('socket.io')
 const multer = require('multer')
 const bodyParser = require('body-parser')
 const cors = require('cors')
 var winston = require('./config/winston')
 const fileConstants = require('./config/fileHandlingConstants')
 
+
 const indexRouter = require('./app/routes/index')
 const authRouter = require('./app/routes/auth')
 const usersRouter = require('./app/routes/user')
@@ -47,6 +49,26 @@ io.on('connection', (socket) => {
   io.emit('user connected')
 })
 
+app.use(helmet());
+app.use(hpp());
+
+const csrfMiddleware = csurf({
+  cookie: true
+});
+
+app.use(session({
+  secret: 'codeuino',
+  resave: false,
+  saveUninitialized: true,
+  cookie: {
+      secure: true,
+      httpOnly: true
+  }
+}));
+
+app.use(cookieParser());
+app.use(csrfMiddleware);
+
 // view engine setup
 app.set('views', path.join(__dirname, 'views'))
 app.set('view engine', 'ejs')