From 93bea192e7c2500a03dd591751a1e27034db1821 Mon Sep 17 00:00:00 2001 From: tokebe <43009413+tokebe@users.noreply.github.com> Date: Thu, 10 Aug 2023 12:29:37 -0400 Subject: [PATCH] fix: trust certain proxy ranges --- src/config/index.js | 196 ++++++++++++++++++++++---------------------- 1 file changed, 100 insertions(+), 96 deletions(-) diff --git a/src/config/index.js b/src/config/index.js index 0acd33d9..e831e010 100644 --- a/src/config/index.js +++ b/src/config/index.js @@ -1,112 +1,116 @@ -const compression = require('compression') +const compression = require("compression"); const cors = require("cors"); -var bodyParser = require('body-parser'); +var bodyParser = require("body-parser"); const rateLimit = require("express-rate-limit"); const helmet = require("helmet"); const dotenv = require("dotenv"); -const Sentry = require('@sentry/node'); - +const Sentry = require("@sentry/node"); module.exports = class Config { - constructor(app) { - this.app = app; - } + constructor(app) { + this.app = app; + } + + setConfig() { + this.setSentry(); + this.setTrustProxy(); + this.setDotEnv(); + this.setNodeEnv(); + this.setBodyParser(); + this.setCors(); + this.setCompression(); + this.setHttpHeaders(); + this.setLimiter(); + return this.app; + } + + setDotEnv() { + dotenv.config(); + } - setConfig() { - this.setSentry(); - this.setDotEnv(); - this.setNodeEnv(); - this.setBodyParser(); - this.setCors(); - this.setCompression(); - this.setHttpHeaders(); - this.setLimiter(); - return this.app; - } + setNodeEnv() { + process.env.NODE_ENV = process.env.NODE_ENV || "development"; + } - setDotEnv() { - dotenv.config(); - } + setTrustProxy() { + this.app.set("trust proxy", ["loopback", "linklocal", "uniquelocal"]); + } - setNodeEnv() { - process.env.NODE_ENV = process.env.NODE_ENV || 'development'; - } + setBodyParser() { + // support application/json type post data + this.app.use(bodyParser.json({ limit: "50mb" })); + //support application/x-www-form-urlencoded post data + this.app.use(bodyParser.urlencoded({ limit: "50mb", extended: true })); + return this.app; + } - setBodyParser() { - // support application/json type post data - this.app.use(bodyParser.json({ limit: '50mb' })); - //support application/x-www-form-urlencoded post data - this.app.use(bodyParser.urlencoded({ limit: '50mb', extended: true })); - return this.app; - } + setCors() { + const options = { + allowedHeaders: ["Origin", "X-Requested-With", "Content-Type", "Accept", "X-Access-Token", "Authorization"], + credentials: true, + methods: "GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE", + origin: "*", + preflightContinue: false, + }; + this.app.use(cors(options)); + } - setCors() { - const options = { - allowedHeaders: ["Origin", "X-Requested-With", "Content-Type", "Accept", "X-Access-Token", "Authorization"], - credentials: true, - methods: "GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE", - origin: "*", - preflightContinue: false - }; - this.app.use(cors(options)); - } + setCompression() { + this.app.use(compression()); + } - setCompression() { - this.app.use(compression()); - } + setHttpHeaders() { + this.app.use( + helmet({ + contentSecurityPolicy: false, + }), + ); + } - setHttpHeaders() { - this.app.use( - helmet({ - contentSecurityPolicy: false, - }) - ) - } + setLimiter() { + const slowLimiter = rateLimit({ + windowMs: 1 * 60 * 1000, //1min + max: process.env.MAX_QUERIES_PER_MIN || 15, + }); + const medLimiter = rateLimit({ + windowMs: 1 * 60 * 1000, //1min + max: process.env.MAX_QUERIES_PER_MIN || 30, + }); + const fastLimiter = rateLimit({ + windowMs: 1 * 60 * 1000, //1min + max: process.env.MAX_QUERIES_PER_MIN || 60, + }); + this.app.use("/v1/query", slowLimiter); + this.app.use("/v1/team/:team_name/query", slowLimiter); + this.app.use("/v1/team/:team_name/query", slowLimiter); + this.app.use("/v1/meta_knowledge_graph", medLimiter); + this.app.use("/v1/team/:teamName/meta_knowledge_graph", medLimiter); + this.app.use("/v1/smartapi/:smartapiID/meta_knowledge_graph", medLimiter); + } - setLimiter() { - const slowLimiter = rateLimit({ - windowMs: 1 * 60 * 1000, //1min - max: process.env.MAX_QUERIES_PER_MIN || 15 - }); - const medLimiter = rateLimit({ - windowMs: 1 * 60 * 1000, //1min - max: process.env.MAX_QUERIES_PER_MIN || 30 - }); - const fastLimiter = rateLimit({ - windowMs: 1 * 60 * 1000, //1min - max: process.env.MAX_QUERIES_PER_MIN || 60 - }); - this.app.use("/v1/query", slowLimiter); - this.app.use("/v1/team/:team_name/query", slowLimiter); - this.app.use("/v1/team/:team_name/query", slowLimiter); - this.app.use("/v1/meta_knowledge_graph", medLimiter); - this.app.use("/v1/team/:teamName/meta_knowledge_graph", medLimiter); - this.app.use("/v1/smartapi/:smartapiID/meta_knowledge_graph", medLimiter); - } + setSentry() { + // use SENTRY_DSN environment variable + Sentry.init({ + // dsn: "https://5297933ef0f6487c9fd66532bb1fcefe@o4505444772806656.ingest.sentry.io/4505449737420800", + integrations: [ + // enable HTTP calls tracing + new Sentry.Integrations.Http({ tracing: true }), + // enable Express.js middleware tracing + new Sentry.Integrations.Express({ app: this.app }), + // Automatically instrument Node.js libraries and frameworks + ...Sentry.autoDiscoverNodePerformanceMonitoringIntegrations(), + ], - setSentry() { - // use SENTRY_DSN environment variable - Sentry.init({ - // dsn: "https://5297933ef0f6487c9fd66532bb1fcefe@o4505444772806656.ingest.sentry.io/4505449737420800", - integrations: [ - // enable HTTP calls tracing - new Sentry.Integrations.Http({ tracing: true }), - // enable Express.js middleware tracing - new Sentry.Integrations.Express({ app: this.app }), - // Automatically instrument Node.js libraries and frameworks - ...Sentry.autoDiscoverNodePerformanceMonitoringIntegrations(), - ], - - // Set tracesSampleRate to 1.0 to capture 100% - // of transactions for performance monitoring. - // We recommend adjusting this value in production - tracesSampleRate: process.env.EXPRESS_SAMPLE_RATE ? parseFloat(process.env.EXPRESS_SAMPLE_RATE) : 1.0, - }); + // Set tracesSampleRate to 1.0 to capture 100% + // of transactions for performance monitoring. + // We recommend adjusting this value in production + tracesSampleRate: process.env.EXPRESS_SAMPLE_RATE ? parseFloat(process.env.EXPRESS_SAMPLE_RATE) : 1.0, + }); - // RequestHandler creates a separate execution context, so that all - // transactions/spans/breadcrumbs are isolated across requests - this.app.use(Sentry.Handlers.requestHandler({user: false})); - // TracingHandler creates a trace for every incoming request - this.app.use(Sentry.Handlers.tracingHandler()); - } -} + // RequestHandler creates a separate execution context, so that all + // transactions/spans/breadcrumbs are isolated across requests + this.app.use(Sentry.Handlers.requestHandler({ user: false })); + // TracingHandler creates a trace for every incoming request + this.app.use(Sentry.Handlers.tracingHandler()); + } +};