INSTALL
npm install @btpns/security
please add file in => src/config/config.json
HTTP HELMET
HTTP Helmet
helps you secure your apps by setting various HTTP headers. For more information: https://github.com/helmetjs/helmet
CONFIG
please add string httpHelmet
as key object. Module exist in httpHelmet
:
Module | Default |
---|---|
contentSecurityPolicy for setting Content Security Policy | |
crossdomain for handling Adobe products' crossdomain requests | |
dnsPrefetchControl controls browser DNS prefetching | ✓ |
expectCt for handling Certificate Transparency | |
featurePolicy to limit your site's features | |
noCache to disable client-side caching |
HOW TO USE
apply in as global middleware in nest:
app.use(helmet())
RATE LIMITER
Rate Limiter
to protect your applications from brute-force attacks. For more information: https://github.com/nfriedly/express-rate-limit
PARAMETER
--handler
(optional) The function to handle requests once the max limit is exceeded. It receives the request and the response objects. The next
param is available if you need to pass to the next middleware. The req.rateLimit object has limit, current, and remaining number of requests and, if the store provides it, a resetTime Date object. Defaults to:
function (req, res, next) {
res.status(429).send(message);
}
### CONFIG
please add string `rateLimiter` as key object. Variable in rateLimiter:
--`max` (must be number) => max connection during windowMs milliseconds before sending http sattus 429 response. Defaults to 5. Set 0 disable.
--`windowMs` (must be number) => how long in milliseconds to keep records of requests in memory. Defaults to 60000 (1 minute).
--`message` (must be string OR json object) => error message that sent when max is exceeded. Defaults to 'Too many requests, please try again later.'
HOW TO USE
apply in as global middleware in nest:
app.use(rateLimiter())
CSRF
CSRF
helps you to secure unauthorized commands are transmitted from a user that the web application trusts. For more information: https://github.com/expressjs/csurf
HOW TO USE
apply in as global middleware in nest:
app.use(csrf())