├── .gitignore ├── public └── style.css ├── .gitpod.yml ├── README.md ├── package.json ├── views └── index.html ├── myApp.js └── server.js /.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ -------------------------------------------------------------------------------- /public/style.css: -------------------------------------------------------------------------------- 1 | body { 2 | background-color: #ddd; 3 | color: #333; 4 | font-family: sans-serif; 5 | text-align: center; 6 | } -------------------------------------------------------------------------------- /.gitpod.yml: -------------------------------------------------------------------------------- 1 | image: gitpod/workspace-node-lts 2 | 3 | ports: 4 | - port: 3000 5 | onOpen: open-preview 6 | visibility: public 7 | 8 | tasks: 9 | - init: npm install 10 | command: npm run start 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Information Security with HelmetJS 2 | 3 | This is the boilerplate for the Information Security lessons. Instructions for completing these lessons start at https://www.freecodecamp.org/learn/information-security/information-security-with-helmetjs/ 4 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "fcc-infosec-challenges", 3 | "version": "0.0.1", 4 | "description": "fcc backend boilerplate", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node myApp.js" 8 | }, 9 | "dependencies": { 10 | "express": "^4.14.0", 11 | "helmet": "3.21.3" 12 | }, 13 | "keywords": [ 14 | "node", 15 | "hyperdev", 16 | "express", 17 | "freecodecamp" 18 | ], 19 | "license": "MIT" 20 | } 21 | -------------------------------------------------------------------------------- /views/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Infosec Challenges 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |

15 |

16 | 4. Free Code Camp - Applied InfoSec Challenges 17 |

18 |

19 | 20 |

21 |

22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /myApp.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const app = express(); 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | module.exports = app; 51 | const api = require('./server.js'); 52 | app.use(express.static('public')); 53 | app.disable('strict-transport-security'); 54 | app.use('/_api', api); 55 | app.get("/", function (request, response) { 56 | response.sendFile(__dirname + '/views/index.html'); 57 | }); 58 | let port = process.env.PORT || 3000; 59 | app.listen(port, () => { 60 | console.log(`Your app is listening on port ${port}`); 61 | }); 62 | -------------------------------------------------------------------------------- /server.js: -------------------------------------------------------------------------------- 1 | /******************************************** 2 | * DO NOT EDIT THIS FILE 3 | * the verification process may break 4 | *******************************************/ 5 | 6 | var express = require("express"); 7 | var app = express(); 8 | app.disable("x-powered-by"); 9 | var fs = require("fs"); 10 | var path = require("path"); 11 | 12 | app.use(function (req, res, next) { 13 | res.set({ 14 | "Access-Control-Allow-Origin": "*", 15 | "Access-Control-Allow-Headers": 16 | "Origin, X-Requested-With, content-type, Accept", 17 | }); 18 | app.disable("x-powered-by"); 19 | next(); 20 | }); 21 | 22 | app.get("/file/*?", function (req, res, next) { 23 | if (req.params[0] === ".env") { 24 | return next({ status: 401, message: "ACCESS DENIED" }); 25 | } 26 | fs.readFile(path.join(__dirname, req.params[0]), function (err, data) { 27 | if (err) { 28 | return next(err); 29 | } 30 | res.type("txt").send(data.toString()); 31 | }); 32 | }); 33 | 34 | var main = require("./myApp.js"); 35 | app.get("/app-info", function (req, res) { 36 | // list middlewares mounted on the '/' camper's app 37 | var appMainRouteStack = main._router.stack 38 | .filter((s) => s.path === "") 39 | .map((l) => l.name) 40 | // filter out express default middlewares 41 | .filter( 42 | (n) => !(n === "query" || n === "expressInit" || n === "serveStatic") 43 | ); 44 | 45 | // filter out CORS Headers 46 | var hs = Object.keys(res.getHeaders()).filter( 47 | (h) => !h.match(/^access-control-\w+/) 48 | ); 49 | var hObj = {}; 50 | hs.forEach((h) => { 51 | hObj[h] = res.getHeaders()[h]; 52 | }); 53 | delete res.get("strict-transport-security"); 54 | res.json({ headers: hObj, appStack: appMainRouteStack }); 55 | }); 56 | 57 | app.get("/package.json", function (req, res, next) { 58 | fs.readFile(__dirname + "/package.json", function (err, data) { 59 | if (err) return next(err); 60 | res.type("txt").send(data.toString()); 61 | }); 62 | }); 63 | 64 | app.use(function (req, res, next) { 65 | res.status(404).type("txt").send("Not Found"); 66 | }); 67 | 68 | module.exports = app; 69 | 70 | /******************************************** 71 | * DO NOT EDIT THIS FILE 72 | * the verification process may break 73 | *******************************************/ 74 | --------------------------------------------------------------------------------