using helmet + new name for some endpoints

2025-02-15 07:50:37 +01:00 · 2024-03-06 14:49:39 +01:00 · 2024-03-06 14:49:39 +01:00 · 0fe3bc2ec6
commit 0fe3bc2ec6
parent 7dec60a9c4
2 changed files with 15 additions and 9 deletions
--- a/backend/apis/nodejs/src/app.js
+++ b/backend/apis/nodejs/src/app.js
@ -12,29 +12,31 @@
 */

 /*
-===== BEGIN IMPORTING MODULES
+===== BEGIN IMPORTING MODULES =====
 */

 require('dotenv').config();
 const express = require('express');
 const cors = require('cors');
 const rateLimit = require('express-rate-limit');
+const helmet = require('helmet')
 const personRoutes = require('./routes/person_routes.js');
 const organizationRoutes = require('./routes/organization_routes.js');
 const organizationAdminRoutes = require('./routes/organization_admin_routes.js');
 const organizationPostRoutes = require('./routes/organization_post_routes.js');

 /*
-===== END IMPORTING MODULES
+===== END IMPORTING MODULES =====
 */

 /*
-===== BEGIN APPLICATION CONFIGURATION
+===== BEGIN APPLICATION CONFIGURATION =====
 */

 const app = express();
 app.use(express.json()); // Middleware which parses JSON for POST requests
 app.use(cors()); // Enable CORS for all routes
+app.use(helmet()); // Some security settings
 app.use(rateLimit({
  windowMs: process.env.LIMITER_WINDOW,
  max: process.env.LIMITER_MAXIMUM_PER_WINDOW,
@ -44,7 +46,7 @@ app.use(rateLimit({
 })); // Apply the rate limiter middleware to all routes

 /*
-===== END APPLICATION CONFIGURATION
+===== END APPLICATION CONFIGURATION =====
 */

 /*
--- a/backend/apis/nodejs/tests/person.test.js
+++ b/backend/apis/nodejs/tests/person.test.js
@ -2,24 +2,28 @@

 const request = require('supertest');
 const app = require('../src/app');
-require('dotenv').config({ path: '../src/.env' });
+require('dotenv').config({
+  path: '../src/.env'
+});

 describe('Person Tests', () => {
  test('Correct registration', async () => {
    const response = await request(app)
-      .post('/api/register')
+      .post('/api/persons')
      .send({
        email: 'johntestdoe@mail.org',
        password: 'password',
        display_name: 'John Doe'
      });
    expect(response.status).toBe(200);
-    expect(response.body).toEqual({ activationLink: expect.any(String) });
+    expect(response.body).toEqual({
+      activationLink: expect.any(String)
+    });
  });

  test('Incorrect registration', async () => {
    const response = await request(app)
-      .post('/api/register')
+      .post('/api/persons')
      .send({
        email: 'this is not an email',
        password: 'password',