From e515ecf06e02b7bff8fdeca3bbe72a5590062e1b Mon Sep 17 00:00:00 2001 From: iverly Date: Sun, 3 Dec 2023 12:47:09 +0100 Subject: [PATCH] feat(api): add security plugins Signed-off-by: iverly --- apps/api/src/main.ts | 7 +++++++ package.json | 3 +++ pnpm-lock.yaml | 43 ++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/apps/api/src/main.ts b/apps/api/src/main.ts index f053bcc..11657a6 100644 --- a/apps/api/src/main.ts +++ b/apps/api/src/main.ts @@ -18,6 +18,8 @@ import { import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger'; import { ResponseFormatterInterceptor } from '@nx-next-nest-prisma-ory-template/utils'; import { Logger } from 'nestjs-pino'; +import helmet from '@fastify/helmet'; +import csrf from '@fastify/csrf-protection'; async function bootstrap() { if (otelEnabled) { @@ -38,6 +40,11 @@ async function bootstrap() { const httpAdapter = app.getHttpAdapter(); + // Security plugins + app.enableCors(); + await app.register(helmet); + await app.register(csrf); + // Validation pipe app.useGlobalPipes( new ValidationPipe({ diff --git a/package.json b/package.json index efe3ce6..716eb3c 100644 --- a/package.json +++ b/package.json @@ -20,6 +20,9 @@ "postinstall": "pnpm prisma:generate" }, "dependencies": { + "@fastify/cors": "^8.4.1", + "@fastify/csrf-protection": "^6.4.1", + "@fastify/helmet": "^11.1.1", "@fastify/static": "^6.12.0", "@nestjs/common": "^10.2.10", "@nestjs/config": "^3.1.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 154eabf..e0a8582 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -5,6 +5,15 @@ settings: excludeLinksFromLockfile: false dependencies: + '@fastify/cors': + specifier: ^8.4.1 + version: 8.4.1 + '@fastify/csrf-protection': + specifier: ^6.4.1 + version: 6.4.1 + '@fastify/helmet': + specifier: ^11.1.1 + version: 11.1.1 '@fastify/static': specifier: ^6.12.0 version: 6.12.0 @@ -1776,6 +1785,18 @@ packages: mnemonist: 0.39.5 dev: false + /@fastify/csrf-protection@6.4.1: + resolution: {integrity: sha512-nP1xjruddvWMvqjxTVzpLqWVLAX7P/XWkeTaARg3bXVrVmpDWjDMN7KfV3swIT/XexjDooMo+QG/n0n6ynZaiw==} + dependencies: + '@fastify/csrf': 6.3.0 + '@fastify/error': 3.4.1 + fastify-plugin: 4.5.1 + dev: false + + /@fastify/csrf@6.3.0: + resolution: {integrity: sha512-6w0gZZf4an8SGRYUS0nECTJb8eI45h/YIFkf2GJnba+mS+aJg0ArpS6Y8HXgLVvPxUGtQZYNB2z+UpISJ3v3Ug==} + dev: false + /@fastify/deepmerge@1.3.0: resolution: {integrity: sha512-J8TOSBq3SoZbDhM9+R/u77hP93gz/rajSA+K2kGyijPpORPWUXHUpTaleoj+92As0S9uPRP7Oi8IqMf0u+ro6A==} dev: false @@ -1797,6 +1818,13 @@ packages: fastify-plugin: 4.5.1 dev: false + /@fastify/helmet@11.1.1: + resolution: {integrity: sha512-pjJxjk6SLEimITWadtYIXt6wBMfFC1I6OQyH/jYVCqSAn36sgAIFjeNiibHtifjCd+e25442pObis3Rjtame6A==} + dependencies: + fastify-plugin: 4.5.1 + helmet: 7.1.0 + dev: false + /@fastify/middie@8.3.0: resolution: {integrity: sha512-h+zBxCzMlkEkh4fM7pZaSGzqS7P9M0Z6rXnWPdUEPfe7x1BCj++wEk/pQ5jpyYY4pF8AknFqb77n7uwh8HdxEA==} dependencies: @@ -2520,6 +2548,14 @@ packages: - nx dev: true + /@nrwl/devkit@17.1.3(nx@17.1.3): + resolution: {integrity: sha512-8HfIY7P3yIYfQ/XKuHoq0GGLA9GpwWtBlI9kPQ0ygjuJ9BkpiGMtQvO6003zs7c6vpc2vNeG+Jmi72+EKvoN5A==} + dependencies: + '@nx/devkit': 17.1.3(nx@17.1.3) + transitivePeerDependencies: + - nx + dev: true + /@nrwl/eslint-plugin-nx@17.1.2(@swc-node/register@1.6.8)(@swc/core@1.3.99)(@types/node@18.14.2)(@typescript-eslint/parser@6.12.0)(eslint-config-prettier@9.0.0)(eslint@8.46.0)(nx@17.1.2)(typescript@5.2.2): resolution: {integrity: sha512-6Mw33BV7hVlWlncGxs002/Q3IEAFm6AYINgK9Gkqpkpj2VVLuwRjucCuYwiZDnoWXEWPBKAcv9F4sAiWWMWVyg==} dependencies: @@ -2848,7 +2884,7 @@ packages: peerDependencies: nx: '>= 16 <= 18' dependencies: - '@nrwl/devkit': 17.1.3(nx@17.1.2) + '@nrwl/devkit': 17.1.3(nx@17.1.3) ejs: 3.1.9 enquirer: 2.3.6 ignore: 5.3.0 @@ -8529,6 +8565,11 @@ packages: hasBin: true dev: true + /helmet@7.1.0: + resolution: {integrity: sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==} + engines: {node: '>=16.0.0'} + dev: false + /hexer@1.5.0: resolution: {integrity: sha512-dyrPC8KzBzUJ19QTIo1gXNqIISRXQ0NwteW6OeQHRN4ZuZeHkdODfj0zHBdOlHbRY8GqbqK57C9oWSvQZizFsg==} engines: {node: '>= 0.10.x'}