diff --git a/server/package-lock.json b/server/package-lock.json index f9e7224..dc2b937 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -13,6 +13,7 @@ "cors": "^2.8.5", "dotenv": "^16.0.1", "express": "^4.18.1", + "helmet": "^5.1.0", "sqlite3": "^5.0.8" }, "devDependencies": { @@ -20,7 +21,7 @@ "@types/express": "^4.17.13", "@types/node": "^18.0.0", "@types/sqlite3": "^3.1.8", - "nodemon": "^2.0.16", + "nodemon": "^2.0.18", "prisma": "^4.0.0", "supertest": "^6.2.3", "ts-node": "^10.8.1", @@ -1907,6 +1908,14 @@ "node": ">=8" } }, + "node_modules/helmet": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.1.0.tgz", + "integrity": "sha512-klsunXs8rgNSZoaUrNeuCiWUxyc+wzucnEnFejUg3/A+CaF589k9qepLZZ1Jehnzig7YbD4hEuscGXuBY3fq+g==", + "engines": { + "node": ">=12.0.0" + } + }, "node_modules/hexoid": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz", @@ -2682,9 +2691,9 @@ } }, "node_modules/nodemon": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.16.tgz", - "integrity": "sha512-zsrcaOfTWRuUzBn3P44RDliLlp263Z/76FPoHFr3cFFkOz0lTPAcIw8dCzfdVIx/t3AtDYCZRCDkoCojJqaG3w==", + "version": "2.0.18", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.18.tgz", + "integrity": "sha512-uAvrKipi2zAz8E7nkSz4qW4F4zd5fs2wNGsTx+xXlP8KXqd9ucE0vY9wankOsPboeDyuUGN9vsXGV1pLn80l/A==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -5442,6 +5451,11 @@ "integrity": "sha512-UqBRqi4ju7T+TqGNdqAO0PaSVGsDGJUBQvk9eUWNGRY1CFGDzYhLWoM7JQEemnlvVcv/YEmc2wNW8BC24EnUsw==", "dev": true }, + "helmet": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.1.0.tgz", + "integrity": "sha512-klsunXs8rgNSZoaUrNeuCiWUxyc+wzucnEnFejUg3/A+CaF589k9qepLZZ1Jehnzig7YbD4hEuscGXuBY3fq+g==" + }, "hexoid": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz", @@ -6019,9 +6033,9 @@ } }, "nodemon": { - "version": "2.0.16", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.16.tgz", - "integrity": "sha512-zsrcaOfTWRuUzBn3P44RDliLlp263Z/76FPoHFr3cFFkOz0lTPAcIw8dCzfdVIx/t3AtDYCZRCDkoCojJqaG3w==", + "version": "2.0.18", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.18.tgz", + "integrity": "sha512-uAvrKipi2zAz8E7nkSz4qW4F4zd5fs2wNGsTx+xXlP8KXqd9ucE0vY9wankOsPboeDyuUGN9vsXGV1pLn80l/A==", "dev": true, "requires": { "chokidar": "^3.5.2", diff --git a/server/package.json b/server/package.json index da61934..394158f 100644 --- a/server/package.json +++ b/server/package.json @@ -15,6 +15,7 @@ "cors": "^2.8.5", "dotenv": "^16.0.1", "express": "^4.18.1", + "helmet": "^5.1.0", "sqlite3": "^5.0.8" }, "devDependencies": { @@ -22,7 +23,7 @@ "@types/express": "^4.17.13", "@types/node": "^18.0.0", "@types/sqlite3": "^3.1.8", - "nodemon": "^2.0.16", + "nodemon": "^2.0.18", "prisma": "^4.0.0", "supertest": "^6.2.3", "ts-node": "^10.8.1", diff --git a/server/server.ts b/server/server.ts index 39c6db2..592b351 100644 --- a/server/server.ts +++ b/server/server.ts @@ -3,12 +3,14 @@ import express, { Express, Request, Response } from "express"; import cors from "cors"; import { PrismaClient, EncryptedNote } from "@prisma/client"; import { addDays } from "./util"; +import helmet from "helmet"; // Initialize middleware clients const prisma = new PrismaClient(); const app: Express = express(); app.use(express.json()); +app.use(helmet()); // Allow CORS in dev mode. if (process.env.ENVIRONMENT == "dev") {