大変素晴らしいミドルウェアが利用できるので一例を紹介。
NoSQL Injection 対策
express-mongo-sanitize
GitHub – fiznool/express-mongo-sanitize: Sanitize your express payload…https://github.com
セキュリティヘッダの設定
helmetjs
Helmethttps://helmetjs.github.io
XSS攻撃対策
xss-clean
GitHub – jsonmaur/xss-clean: Middleware to sanitize user inputhttps://github.com
http param pollutions 対策
hpp
GitHub – analog-nico/hpp: Express middleware to protect against HTTP P…https://github.com
レート制限
express-rate-limit
GitHub – nfriedly/express-rate-limit: Basic rate-limiting middleware f…https://github.com
ミドルウェアの使用
server.ts
import express from "express";
import mongoSanitize from "express-mongo-sanitize";
import helmet from "helmet";
import xss from "xss-clean";
import hpp from "hpp";
import rateLimit from "express-rate-limit";
// サーバインスタンス
const app = express();
// Prevent NoSQL Injection
app.use(mongoSanitize());
// Set Security Headers
app.use(helmet());
// Prevent XSS Attacks
app.use(xss());
// Prevent http param pollutions
app.use(hpp());
// Rate Limiting
const limiter = rateLimit({
windowMs: 10 * 60 * 1000, // 10 minutes
max: 60, // limit each IP to 60 requests per windowMs
});
app.use(limiter);