Nearsighted Prank Master

    sh-loopback4-helmet
    TypeScript icon, indicating that this package has built-in type declarations

    1.0.1 • Public • Published

    sh-loopback4-helmet

    A simple loopback-4 extension for helmetjs integration in loopback applications.

    Install

    npm install sh-loopback4-helmet

    Usage

    In order to use this component into your LoopBack application, please follow below steps.

    • Add component to application.
    this.component(Loopback4HelmetComponent);
    • By default, helmet will be initialized with only the default middlewares enabled as per here. However, you can override any of the middleware settings using the Config Binding like below.
    this.bind(HelmetSecurityBindings.CONFIG).to({
      referrerPolicy: {
        policy: 'same-origin',
      },
      contentSecurityPolicy: {
        directives: {
          frameSrc: ["'self'"],
        },
      },
    });
    • The component exposes a sequence action which can be added to your server sequence class. Adding this will trigger helmet middleware for all the requests passing through.
    export class MySequence implements SequenceHandler {
      constructor(
        @inject(SequenceActions.FIND_ROUTE) protected findRoute: FindRoute,
        @inject(SequenceActions.PARSE_PARAMS) protected parseParams: ParseParams,
        @inject(SequenceActions.INVOKE_METHOD) protected invoke: InvokeMethod,
        @inject(SequenceActions.SEND) public send: Send,
        @inject(SequenceActions.REJECT) public reject: Reject,
        @inject(HelmetSecurityBindings.HELMET_SECURITY_ACTION)
        protected helmetAction: HelmetAction,
      ) {}
    
      async handle(context: RequestContext) {
        const requestTime = Date.now();
        try {
          const {request, response} = context;
          const route = this.findRoute(request);
          const args = await this.parseParams(request, route);
    
          // Helmet Action here
          await this.helmetAction(request, response);
    
          const result = await this.invoke(route, args);
          this.send(response, result);
        } catch (err) {
          ...
        } finally {
          ...
        }
      }
    }

    Install

    npm i sh-loopback4-helmet

    DownloadsWeekly Downloads

    1

    Version

    1.0.1

    License

    none

    Unpacked Size

    26.6 kB

    Total Files

    34

    Last publish

    Collaborators

    • sh_abjagtap