igorpropisnov
/
mvp-ticket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added csp middleware, redirect to https in prod and more security

This commit is contained in:
Igor Hrenowitsch Propisnov 2024-05-03 14:13:15 +02:00
parent 975fbbe3f2
commit 9198d4330c
4 changed files with 44 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/app.module.ts
View File

@ -3,7 +3,9 @@ import { AppController } from './app.controller';
import { AppService } from './app.service';
import { ConfigModule } from '@nestjs/config';
import { DatabaseModule } from './modules/database-module/database.module';
import { CspMiddleware } from './middleware/csp-middleware/csp-middleware';
import { CspMiddleware } from './middleware/csp-middleware/csp.middleware';
import { SecurityHeadersMiddleware } from './middleware/security-middleware/security.middleware';
import { HttpsRedirectMiddleware } from './middleware/https-middlware/https-redirect.middleware';
@Module({
imports: [
@ -18,7 +20,8 @@ import { CspMiddleware } from './middleware/csp-middleware/csp-middleware';
export class AppModule {
configure(consumer: MiddlewareConsumer) {
consumer
.apply(CspMiddleware)
// TODO: Redirect via Reverse Proxy all HTTP requests to HTTPS
.apply(CspMiddleware, SecurityHeadersMiddleware, HttpsRedirectMiddleware)
.forRoutes({ path: '*', method: RequestMethod.ALL });
}
}

1
backend/src/middleware/csp-middleware/csp-middleware.ts → backend/src/middleware/csp-middleware/csp.middleware.ts
View File

@ -1,7 +1,6 @@
import { Injectable, NestMiddleware } from '@nestjs/common';
import { Request, Response, NextFunction } from 'express';
import { ConfigService } from '@nestjs/config';
import { log } from 'console';
@Injectable()
export class CspMiddleware implements NestMiddleware {

19
backend/src/middleware/https-middlware/https-redirect.middleware.ts Normal file
View File

@ -0,0 +1,19 @@
import { Injectable, NestMiddleware } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { NextFunction, Request, Response } from 'express';
@Injectable()
export class HttpsRedirectMiddleware implements NestMiddleware {
constructor(private configService: ConfigService) {}
use(req: Request, res: Response, next: NextFunction) {
if (this.configService.get<string>('NODE_ENV') === 'production') {
if (req.protocol === 'http') {
const httpsUrl = `https://${req.headers.host}${req.url}`;
res.redirect(httpsUrl);
} else {
next();
}
}
}
}

20
backend/src/middleware/security-middleware/security.middleware.ts Normal file
View File

@ -0,0 +1,20 @@
import { Injectable, NestMiddleware } from '@nestjs/common';
import { Request, Response, NextFunction } from 'express';
import { ConfigService } from '@nestjs/config';
@Injectable()
export class SecurityHeadersMiddleware implements NestMiddleware {
constructor(private configService: ConfigService) {}
use(req: Request, res: Response, next: NextFunction): void {
if (this.configService.get<string>('NODE_ENV') === 'production') {
res.setHeader(
'Strict-Transport-Security',
'max-age=63072000; includeSubDomains; preload'
);
}
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
next();
}
}