added csp middleware, redirect to https in prod and more security
This commit is contained in:
parent
975fbbe3f2
commit
9198d4330c
|
@ -3,7 +3,9 @@ import { AppController } from './app.controller';
|
||||||
import { AppService } from './app.service';
|
import { AppService } from './app.service';
|
||||||
import { ConfigModule } from '@nestjs/config';
|
import { ConfigModule } from '@nestjs/config';
|
||||||
import { DatabaseModule } from './modules/database-module/database.module';
|
import { DatabaseModule } from './modules/database-module/database.module';
|
||||||
import { CspMiddleware } from './middleware/csp-middleware/csp-middleware';
|
import { CspMiddleware } from './middleware/csp-middleware/csp.middleware';
|
||||||
|
import { SecurityHeadersMiddleware } from './middleware/security-middleware/security.middleware';
|
||||||
|
import { HttpsRedirectMiddleware } from './middleware/https-middlware/https-redirect.middleware';
|
||||||
|
|
||||||
@Module({
|
@Module({
|
||||||
imports: [
|
imports: [
|
||||||
|
@ -18,7 +20,8 @@ import { CspMiddleware } from './middleware/csp-middleware/csp-middleware';
|
||||||
export class AppModule {
|
export class AppModule {
|
||||||
configure(consumer: MiddlewareConsumer) {
|
configure(consumer: MiddlewareConsumer) {
|
||||||
consumer
|
consumer
|
||||||
.apply(CspMiddleware)
|
// TODO: Redirect via Reverse Proxy all HTTP requests to HTTPS
|
||||||
|
.apply(CspMiddleware, SecurityHeadersMiddleware, HttpsRedirectMiddleware)
|
||||||
.forRoutes({ path: '*', method: RequestMethod.ALL });
|
.forRoutes({ path: '*', method: RequestMethod.ALL });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
import { Injectable, NestMiddleware } from '@nestjs/common';
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
||||||
import { Request, Response, NextFunction } from 'express';
|
import { Request, Response, NextFunction } from 'express';
|
||||||
import { ConfigService } from '@nestjs/config';
|
import { ConfigService } from '@nestjs/config';
|
||||||
import { log } from 'console';
|
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class CspMiddleware implements NestMiddleware {
|
export class CspMiddleware implements NestMiddleware {
|
|
@ -0,0 +1,19 @@
|
||||||
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
||||||
|
import { ConfigService } from '@nestjs/config';
|
||||||
|
import { NextFunction, Request, Response } from 'express';
|
||||||
|
|
||||||
|
@Injectable()
|
||||||
|
export class HttpsRedirectMiddleware implements NestMiddleware {
|
||||||
|
constructor(private configService: ConfigService) {}
|
||||||
|
|
||||||
|
use(req: Request, res: Response, next: NextFunction) {
|
||||||
|
if (this.configService.get<string>('NODE_ENV') === 'production') {
|
||||||
|
if (req.protocol === 'http') {
|
||||||
|
const httpsUrl = `https://${req.headers.host}${req.url}`;
|
||||||
|
res.redirect(httpsUrl);
|
||||||
|
} else {
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,20 @@
|
||||||
|
import { Injectable, NestMiddleware } from '@nestjs/common';
|
||||||
|
import { Request, Response, NextFunction } from 'express';
|
||||||
|
import { ConfigService } from '@nestjs/config';
|
||||||
|
|
||||||
|
@Injectable()
|
||||||
|
export class SecurityHeadersMiddleware implements NestMiddleware {
|
||||||
|
constructor(private configService: ConfigService) {}
|
||||||
|
|
||||||
|
use(req: Request, res: Response, next: NextFunction): void {
|
||||||
|
if (this.configService.get<string>('NODE_ENV') === 'production') {
|
||||||
|
res.setHeader(
|
||||||
|
'Strict-Transport-Security',
|
||||||
|
'max-age=63072000; includeSubDomains; preload'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
res.setHeader('X-Content-Type-Options', 'nosniff');
|
||||||
|
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue