Skip to content

Commit

Permalink
new secure measures
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeancarlos-cpu
jeancarlos-cpu committed Dec 10, 2019
1 parent a3c70ee commit cb34f5f
Show file tree
Hide file tree
Showing 8 changed files with 222 additions and 96 deletions.
174 changes: 174 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,13 @@
"apollo-server": "^2.9.12",
"apollo-server-express": "^2.9.12",
"bcryptjs": "^2.4.3",
"compression": "^1.7.4",
"cors": "^2.8.5",
"env-cmd": "^10.0.1",
"express": "^4.17.1",
"express-rate-limit": "^5.0.0",
"graphql": "^14.5.8",
"helmet": "^3.21.2",
"jsonwebtoken": "^8.5.1",
"path": "^0.12.7",
"prisma-client-lib": "^1.34.10"
Expand Down
2 changes: 2 additions & 0 deletions resolvers/mutation.resolver.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ const Mutation = {
createUser: async (parent, { data }, { prisma }, info) => {
const emailTaken = await prisma.$exists.user({ email: data.email });
if (emailTaken) throw new Error("Email taken.");
if (data.name.length < 3 || data.password.length < 3)
throw new Error("credentials must have at least 3 char");
const hash = await hashPassword(data.password);
const user = await prisma.createUser({ ...data, password: hash });
return {
Expand Down
48 changes: 41 additions & 7 deletions src/apollo-sever.js
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,41 @@
const { ApolloServer } = require("apollo-server");
const { ApolloServer } = require("apollo-server-express");
const express = require("express");
const cors = require("cors");
const helmet = require("helmet");
const compression = require("compression");
const rateLimit = require("express-rate-limit");
const { resolvers } = require("../resolvers/index.resolver");
const { prisma } = require("../prisma/generated/prisma-client/index");
const { schema } = require("./squema");

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
});

const csp = helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'seft'"]
}
});

const whitelist = ["https://jeancarlos-cpu.github.io/blog"];

const corsOptions = {
origin: (origin, callback) =>
whitelist.indexOf(origin) !== -1
? callback(null, true)
: callback(new Error("Cross-origin resource sharing not allowed!"))
};

const app = express();
app.use(helmet());
app.use(csp);
app.use(cors(corsOptions));
app.use(limiter);
app.use(compression());

const server = new ApolloServer({
typeDefs: schema,
resolvers,
Expand All @@ -12,9 +45,12 @@ const server = new ApolloServer({
})
});

server
.listen({ port: process.env.PORT || 4000 })
.then(console.log("its working!"));
server.applyMiddleware({ app });
app.listen(4000, () => console.log("server up."));

// server
// .listen({ port: process.env.PORT || 4000 })
// .then(console.log("its working!"));

// const app = express();
// // app.use("/text", (res, req) => {
Expand All @@ -28,7 +64,5 @@ server
// console.log(err);
// res.download("src/files/enade.pdf", "enade.pdf");
// });

// })
// server.applyMiddleware({ app });
// app.listen(4000, () => console.log("server up."));
Loading

0 comments on commit cb34f5f

Please sign in to comment.