From f05cb943060f7c880b0776ac2d25009993ef0d50 Mon Sep 17 00:00:00 2001 From: jikrana Date: Sun, 28 Jun 2026 18:30:44 +0530 Subject: [PATCH] Feature #141: Added Helmet middleware via config/helmet.js to improve API security --- backend/config/helmet.js | 9 ++++++++ backend/node_modules/.package-lock.json | 28 +++++++++++-------------- backend/package-lock.json | 13 ++++++++++++ backend/package.json | 1 + backend/server.js | 3 +++ 5 files changed, 38 insertions(+), 16 deletions(-) create mode 100644 backend/config/helmet.js diff --git a/backend/config/helmet.js b/backend/config/helmet.js new file mode 100644 index 0000000..7b40e2d --- /dev/null +++ b/backend/config/helmet.js @@ -0,0 +1,9 @@ + +const helmet = require('helmet'); + + +const helmetMiddleware = helmet({ + crossOriginEmbedderPolicy: false, +}); + +module.exports = helmetMiddleware; \ No newline at end of file diff --git a/backend/node_modules/.package-lock.json b/backend/node_modules/.package-lock.json index f268ec0..83f5d3f 100644 --- a/backend/node_modules/.package-lock.json +++ b/backend/node_modules/.package-lock.json @@ -572,22 +572,6 @@ "node": ">= 0.8" } }, - "node_modules/fsevents": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", - "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", - "dev": true, - "hasInstallScript": true, - "ideallyInert": true, - "license": "MIT", - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, "node_modules/function-bind": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", @@ -693,6 +677,18 @@ "node": ">= 0.4" } }, + "node_modules/helmet": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-8.2.0.tgz", + "integrity": "sha512-DRgTIUgnWcJ62KyarxxziuqYxKGnR6Rgg19BlbucN/dpmJbl1XOit6qvoOX0ZT+HhWe5OUVhU/a1zpGyc1xA0Q==", + "license": "MIT", + "engines": { + "node": ">=18.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/EvanHahn" + } + }, "node_modules/http-errors": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", diff --git a/backend/package-lock.json b/backend/package-lock.json index 20d303d..d9f9d83 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -14,6 +14,7 @@ "cors": "^2.8.5", "dotenv": "^17.2.3", "express": "^5.2.1", + "helmet": "^8.2.0", "jsonwebtoken": "^9.0.3", "mongoose": "^9.4.1", "multer": "^2.1.1", @@ -712,6 +713,18 @@ "node": ">= 0.4" } }, + "node_modules/helmet": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-8.2.0.tgz", + "integrity": "sha512-DRgTIUgnWcJ62KyarxxziuqYxKGnR6Rgg19BlbucN/dpmJbl1XOit6qvoOX0ZT+HhWe5OUVhU/a1zpGyc1xA0Q==", + "license": "MIT", + "engines": { + "node": ">=18.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/EvanHahn" + } + }, "node_modules/http-errors": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", diff --git a/backend/package.json b/backend/package.json index c3e5698..2adcddd 100644 --- a/backend/package.json +++ b/backend/package.json @@ -16,6 +16,7 @@ "cors": "^2.8.5", "dotenv": "^17.2.3", "express": "^5.2.1", + "helmet": "^8.2.0", "jsonwebtoken": "^9.0.3", "mongoose": "^9.4.1", "multer": "^2.1.1", diff --git a/backend/server.js b/backend/server.js index 4a92e3c..ac1d03f 100644 --- a/backend/server.js +++ b/backend/server.js @@ -13,9 +13,12 @@ const noticeRoutes = require("./routes/noticeRoutes.js"); const applicationRoutes = require("./routes/applicationRoutes"); const contactRoutes = require("./routes/contactRoutes.js"); const teacherRoutes = require("./routes/teacherRoutes.js"); + +const helmetMiddleware = require("./config/helmet.js"); dotenv.config(); const app = express(); app.use(cors({ origin: "http://localhost:5173", credentials: true })); +app.use(helmetMiddleware); app.use(express.json()); validateEnv(); app.use(cookieParser());