-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathinit.js
117 lines (101 loc) · 3.49 KB
/
init.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
const express = require('express');
const mustacheExpress = require('mustache-express');
const crypto = require('crypto');
const { faker } = require('./randomizer');
module.exports = (app) => {
app.logger.info('Init -> Starting the server config');
const exp = express();
app.logger.info(
'Init -> Configuring required middlewares (sessions, bodyparser)'
);
if (
app.config.disableBuiltIn &&
app.config.disableBuiltIn.includes('cookies')
) {
app.logger.info(
'Init',
'Config: Disable cookies -> Skipping session & cookies management'
);
//simulating session for one request period
exp.use(function (req, res, next) {
req.session = {};
next();
});
} else {
const session = require('express-session');
const cookieParser = require('cookie-parser');
app.logger.info('Init -> Add session cookies');
//configure session
exp.set('trust proxy', 1); // trust first proxy
exp.use(
session({
secret: process.env.APP_KEY || crypto.randomUUID(),
resave: false,
saveUninitialized: true,
name: faker.internet.domainWord(),
//cookie: { secure: true } //production only ssl
})
);
exp.use(cookieParser());
}
exp.use(express.json()); // for parsing application/json
exp.use(express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
app.logger.info('Init -> Configure datadog logger');
const middlewareLogger = function (req, res, next) {
exp.logger = (id, title, info) => {
const payload = {
type: 'malicious',
templateId: id,
info,
http: {
client_ip: req.ip,
host: req.headers.host,
method: req.method,
path: req.path,
},
request: {
query: req.query || {},
params: req.params || {},
body: req.body || {},
headers: {
...req.headers,
...{
cookie_parsed: req.cookies,
},
},
},
}
app.logger.warn(
'HASH: ' + req.method + ' ' + req.originalUrl + ': ' + title,
payload
);
app.tracer.appsec.trackCustomEvent('malicious.trap', {
type: 'malicious',
templateId: id
})
};
next();
};
exp.use(middlewareLogger);
app.logger.info('Init -> Configure template engine');
exp.engine('mustache', mustacheExpress());
exp.set('view engine', 'mustache');
exp.set('views', __dirname + '/../views');
//remove signature
exp.disable('x-powered-by');
exp.disable('etag');
if (app.config.headers && Object.keys(app.config.headers).length > 0) {
app.logger.info(
'Init -> Expose global headers ' +
JSON.stringify(app.config.headers)
);
//add global headers if any
exp.use(function (req, res, next) {
for (const header in app.config.headers) {
res.setHeader(header, app.config.headers[header]);
}
next();
});
}
return exp;
};