feat(headers): add helmet

gergelyke · web-flow · commit 80f469d09eca · 2017-05-24T17:32:45.000+02:00
diff --git a/README.md b/README.md
@@ -103,6 +103,11 @@ Returns an Express middleware, which ratelimits
 * `options.loggerFunction`: you can provide a logger function for the middleware to log attacks
   * default: `noop`
 
+#### `protect.express.headers([options])`
+
+The headers object is a reference to the main `helmet` object exported. 
+For docs on the options object, please refer to the [helmet documentation](https://github.com/helmetjs/helmet).
+
 ### Roadmap
 
 * block security scanners
diff --git a/lib/express/index.js b/lib/express/index.js
@@ -2,6 +2,7 @@
 
 const debug = require('debug')('@risingstack/protect:express')
 const Limiter = require('ratelimiter')
+const helmet = require('helmet')
 const rules = require('../rules')
 
 function getBodyAsString (request) {
@@ -119,5 +120,7 @@ function noop () {}
 module.exports = {
   sqlInjection,
   xss,
-  rateLimiter
+  rateLimiter,
+  headers: helmet,
+  helmet
 }
diff --git a/lib/express/index.spec.js b/lib/express/index.spec.js
@@ -4,6 +4,8 @@ const request = require('supertest')
 const express = require('express')
 const bodyParser = require('body-parser')
 const redis = require('redis')
+const expect = require('chai').expect
+const helmet = require('helmet')
 
 const client = redis.createClient()
 const lib = require('../')
@@ -165,4 +167,13 @@ describe('The express object', () => {
         })
     })
   })
+
+  describe('the headers module', () => {
+    it('exposes helmet as headers', () => {
+      expect(lib.express.headers).to.eql(helmet)
+    })
+    it('exposes helmet as helmet', () => {
+      expect(lib.express.helmet).to.eql(helmet)
+    })
+  })
 })
diff --git a/package.json b/package.json
@@ -48,6 +48,7 @@
   },
   "dependencies": {
     "debug": "2.6.6",
+    "helmet": "3.6.1",
     "ratelimiter": "3.0.3"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@`
`48`	`48`	`},`
`49`	`49`	`"dependencies": {`
`50`	`50`	`"debug": "2.6.6",`
	`51`	`+ "helmet": "3.6.1",`
`51`	`52`	`"ratelimiter": "3.0.3"`
`52`	`53`	`}`
`53`	`54`	`}`