🔐[Security]: Initiate Helmet and Rate-Limiters

 Merge pull request #92 from krishna-y2000/75-issue

Author: kothariji

backend/server/index.js

@@ -3,14 +3,16 @@ const server = require("http").createServer(app);
 const cors = require("cors");
 const Rooms = require("./Utils/Rooms");
 const io = require("socket.io")(server, { origins: "*:*" });
-
+const helmet = require('helmet');
+const rateLimiter = require('./rateLimiter');
 // instantiate a new rooms object to store all clients in the room
 const rooms = new Rooms();
+app.use(helmet());
 
 // io.origins(["http://localhost:3000"]);
 app.use(cors());
 
-io.on("connection", (socket) => {
+io.on("connection" , (socket) => {
   let roomId = 0;
   let userName = "";
   let userId = 1;
@@ -65,7 +67,7 @@ io.on("connection", (socket) => {
   });
 });
 
-app.get("/", (req, res) => {
+app.get("/",rateLimiter ,  (req, res) => {
   res.send({ response: "Server is up and Running." }).status(200);
 });
 

backend/server/package-lock.json

@@ -12,6 +12,8 @@
   "dependencies": {
     "cors": "^2.8.5",
     "express": "^4.17.1",
+    "express-rate-limit": "^5.2.6",
+    "helmet": "^4.4.1",
     "nodemon": "^2.0.6",
     "socket.io": "^2.4.1"
   }

backend/server/package.json

@@ -0,0 +1,10 @@
+const rateLimit = require('express-rate-limit');
+
+const limit = rateLimit({
+    windowMs: 1 * 60 * 1000,
+    max: 100, 
+    message:
+      "Too many requests created from this IP, please try again after an hour"
+  });
+
+  module.exports = limit;