From 50cc9cc145966a0e764f658c7d86aa48be613496 Mon Sep 17 00:00:00 2001
From: Kaushik <rknarayan02@gmail.com>
Date: Thu, 21 Jul 2022 22:44:27 +0530
Subject: [PATCH] added helmet middleware

---
 controllers/auth.js |  2 +-
 index.js            |  4 ++++
 package-lock.json   | 14 ++++++++++++++
 package.json        |  1 +
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/controllers/auth.js b/controllers/auth.js
index 84f1a23..fe20aae 100644
--- a/controllers/auth.js
+++ b/controllers/auth.js
@@ -50,7 +50,7 @@ const callback = async (req, res) => {
 			return res.redirect(409, '/');
 		} else if (error) {
 			logger.error('callback error', { authError: error });
-			return res.status(401).send(`Error: ${error}`);
+			return res.status(401).send({ message: `Auth callback error` });
 		} else {
 			// get auth tokens
 			res.clearCookie(stateKey);
diff --git a/index.js b/index.js
index 768ce7a..00d9721 100644
--- a/index.js
+++ b/index.js
@@ -3,6 +3,7 @@ const express = require('express');
 const session = require("express-session");
 const cors = require('cors');
 const cookieParser = require('cookie-parser');
+const helmet = require("helmet");
 
 const app = express();
 
@@ -21,6 +22,9 @@ const corsOptions = {
 app.use(cors(corsOptions));
 app.use(cookieParser());
 
+app.use(helmet());
+app.disable('x-powered-by')
+
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 
diff --git a/package-lock.json b/package-lock.json
index d108fc0..f47a797 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,6 +17,7 @@
         "express-session": "^1.17.3",
         "express-validator": "^6.14.2",
         "got": "^12.1.0",
+        "helmet": "^5.1.0",
         "winston": "^3.8.1"
       },
       "devDependencies": {
@@ -922,6 +923,14 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/helmet": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.1.0.tgz",
+      "integrity": "sha512-klsunXs8rgNSZoaUrNeuCiWUxyc+wzucnEnFejUg3/A+CaF589k9qepLZZ1Jehnzig7YbD4hEuscGXuBY3fq+g==",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
     "node_modules/http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
@@ -2493,6 +2502,11 @@
       "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
       "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A=="
     },
+    "helmet": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.1.0.tgz",
+      "integrity": "sha512-klsunXs8rgNSZoaUrNeuCiWUxyc+wzucnEnFejUg3/A+CaF589k9qepLZZ1Jehnzig7YbD4hEuscGXuBY3fq+g=="
+    },
     "http-cache-semantics": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz",
diff --git a/package.json b/package.json
index 5f465be..6716b79 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
     "express-session": "^1.17.3",
     "express-validator": "^6.14.2",
     "got": "^12.1.0",
+    "helmet": "^5.1.0",
     "winston": "^3.8.1"
   },
   "devDependencies": {