Skip to content

Commit 6f60e58

Browse files
kingcodykingcody
committed
Merge pull request #1166 from DaftMonk/lusca
feat(server): add lusca
2 parents 882c0eb + 908f869 commit 6f60e58

File tree

2 files changed

+27
-5
lines changed

2 files changed

+27
-5
lines changed

app/templates/_package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
"compression": "~1.0.1",
1414
"composable-middleware": "^0.3.0",
1515
"lodash": "~2.4.1",
16+
"lusca": "1.3.0",
1617
"babel-core": "^5.6.4",<% if (filters.jade) { %>
1718
"jade": "~1.2.0",<% } %><% if (filters.html) { %>
1819
"ejs": "~0.8.4",<% } %><% if (filters.mongoose) { %>

app/templates/server/config/express.js

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,14 @@ var methodOverride = require('method-override');
1313
var cookieParser = require('cookie-parser');
1414
var errorHandler = require('errorhandler');
1515
var path = require('path');
16+
var lusca = require('lusca');
1617
var config = require('./environment');<% if (filters.auth) { %>
17-
var passport = require('passport');<% } %><% if (filters.twitterAuth) { %>
18+
var passport = require('passport');<% } %>
1819
var session = require('express-session');<% if (filters.mongoose) { %>
1920
var mongoStore = require('connect-mongo')(session);
2021
var mongoose = require('mongoose');<% } else if(filters.sequelize) { %>
2122
var sqldb = require('../sqldb');
22-
var Store = require('express-sequelize-session')(session.Store);<% } %><% } %>
23+
var Store = require('express-sequelize-session')(session.Store);<% } %>
2324

2425
module.exports = function(app) {
2526
var env = app.get('env');
@@ -33,10 +34,11 @@ module.exports = function(app) {
3334
app.use(bodyParser.json());
3435
app.use(methodOverride());
3536
app.use(cookieParser());<% if (filters.auth) { %>
36-
app.use(passport.initialize());<% } %><% if (filters.twitterAuth) { %>
37+
app.use(passport.initialize());<% } %>
3738

3839
// Persist sessions with mongoStore / sequelizeStore
39-
// We need to enable sessions for passport twitter because its an oauth 1.0 strategy
40+
// We need to enable sessions for passport-twitter because it's an
41+
// oauth 1.0 strategy, and Lusca depends on sessions
4042
app.use(session({
4143
secret: config.secrets.session,
4244
resave: true,
@@ -47,7 +49,26 @@ module.exports = function(app) {
4749
})<% } else if(filters.sequelize) { %>,
4850
store: new Store(sqldb.sequelize)<% } %>
4951
}));
50-
<% } %>
52+
53+
/**
54+
* Lusca - express server security
55+
* https://github.com/krakenjs/lusca
56+
*/
57+
if ('test' !== env) {
58+
app.use(lusca({
59+
csrf: {
60+
angular: true
61+
},
62+
xframe: 'SAMEORIGIN',
63+
hsts: {
64+
maxAge: 31536000, //1 year, in seconds
65+
includeSubDomains: true,
66+
preload: true
67+
},
68+
xssProtection: true
69+
}));
70+
}
71+
5172
app.set('appPath', path.join(config.root, 'client'));
5273

5374
if ('production' === env) {

0 commit comments

Comments
 (0)