4 лет назад · b987e5f092
--- a/packages/slackbot-proxy/package.json
+++ b/packages/slackbot-proxy/package.json
@@ -33,6 +33,7 @@
 
				     "cookie-parser": "^1.4.5",
			
 
				     "cross-env": "^7.0.0",
			
 
				     "dotenv-flow": "^3.2.0",
			
 
				+    "helmet": "^4.6.0",
			
 
				     "method-override": "^3.0.0",
			
 
				     "mysql2": "^2.2.5",
			
 
				     "typeorm": "^0.2.31",
			
--- a/packages/slackbot-proxy/src/Server.ts
+++ b/packages/slackbot-proxy/src/Server.ts
@@ -1,16 +1,24 @@
 
				 import { Configuration, Inject, InjectorService } from '@tsed/di';
			
 
				 import { PlatformApplication } from '@tsed/common';
			
 
				 import '@tsed/platform-express'; // /!\ keep this import
			
 
				+
			
 
				 import bodyParser from 'body-parser';
			
 
				 import compress from 'compression';
			
 
				 import cookieParser from 'cookie-parser';
			
 
				 import methodOverride from 'method-override';
			
 
				+import helmet from 'helmet';
			
 
				+
			
 
				 import '@tsed/swagger';
			
 
				 import { TypeORMService } from '@tsed/typeorm';
			
 
				+
			
 
				 import { ConnectionOptions } from 'typeorm';
			
 
				 
			
 
				+import swaggerSettingsForDev from '~/config/swagger/config.dev';
			
 
				+import swaggerSettingsForProd from '~/config/swagger/config.prod';
			
 
				+
			
 
				 
			
 
				 export const rootDir = __dirname;
			
 
				+const isProduction = process.env.NODE_ENV === 'production';
			
 
				 
			
 
				 const connectionOptions: ConnectionOptions = {
			
 
				   // The 'name' property must be set. Otherwise, the 'name' will be '0' and won't work well. -- 2021.04.05 Yuki Takei
			
@@ -25,6 +33,17 @@ const connectionOptions: ConnectionOptions = {
 
				   synchronize: true,
			
 
				 } as ConnectionOptions;
			
 
				 
			
 
				+const swaggerSettings = isProduction ? swaggerSettingsForProd : swaggerSettingsForDev;
			
 
				+const helmetOptions = isProduction ? {} : {
			
 
				+  contentSecurityPolicy: {
			
 
				+    directives: {
			
 
				+      defaultSrc: ['\'self\''],
			
 
				+      styleSrc: ['\'self\'', '\'unsafe-inline\''],
			
 
				+      imgSrc: ['\'self\'', 'data:', 'validator.swagger.io'],
			
 
				+      scriptSrc: ['\'self\'', 'https: \'unsafe-inline\''],
			
 
				+    },
			
 
				+  },
			
 
				+};
			
 
				 
			
 
				 @Configuration({
			
 
				   rootDir,
			
@@ -37,6 +56,9 @@ const connectionOptions: ConnectionOptions = {
 
				       `${rootDir}/middlewares/*.ts`,
			
 
				     ],
			
 
				   },
			
 
				+  middlewares: [
			
 
				+    helmet(helmetOptions),
			
 
				+  ],
			
 
				   componentsScan: [
			
 
				     `${rootDir}/services/*.ts`,
			
 
				   ],
			
@@ -54,12 +76,7 @@ const connectionOptions: ConnectionOptions = {
 
				       ],
			
 
				     } as ConnectionOptions,
			
 
				   ],
			
 
				-  swagger: [
			
 
				-    {
			
 
				-      path: '/docs',
			
 
				-      specVersion: '3.0.1',
			
 
				-    },
			
 
				-  ],
			
 
				+  swagger: swaggerSettings,
			
 
				   exclude: [
			
 
				     '**/*.spec.ts',
			
 
				   ],
			
--- a/packages/slackbot-proxy/src/config/swagger/config.dev.ts
+++ b/packages/slackbot-proxy/src/config/swagger/config.dev.ts
@@ -0,0 +1,10 @@
 
				+import { SwaggerSettings } from '@tsed/swagger';
			
 
				+
			
 
				+const settings: SwaggerSettings[] = [
			
 
				+  {
			
 
				+    path: '/docs',
			
 
				+    specVersion: '3.0.1',
			
 
				+  },
			
 
				+];
			
 
				+
			
 
				+export default settings;
			
--- a/packages/slackbot-proxy/src/config/swagger/config.prod.ts
+++ b/packages/slackbot-proxy/src/config/swagger/config.prod.ts
@@ -0,0 +1,5 @@
 
				+import { SwaggerSettings } from '@tsed/swagger';
			
 
				+
			
 
				+const settings: SwaggerSettings[] = [];
			
 
				+
			
 
				+export default settings;
			
--- a/yarn.lock
+++ b/yarn.lock
@@ -9352,6 +9352,11 @@ helmet@^3.13.0:
 
				     referrer-policy "1.1.0"
			
 
				     x-xss-protection "1.1.0"
			
 
				 
			
 
				+helmet@^4.6.0:
			
 
				+  version "4.6.0"
			
 
				+  resolved "https://registry.yarnpkg.com/helmet/-/helmet-4.6.0.tgz#579971196ba93c5978eb019e4e8ec0e50076b4df"
			
 
				+  integrity sha512-HVqALKZlR95ROkrnesdhbbZJFi/rIVSoNq6f3jA/9u6MIbTsPh3xZwihjeI5+DO/2sOV6HMHooXcEOuwskHpTg==
			
 
				+
			
 
				 hex-color-regex@^1.1.0:
			
 
				   version "1.1.0"
			
 
				   resolved "https://registry.yarnpkg.com/hex-color-regex/-/hex-color-regex-1.1.0.tgz#4c06fccb4602fe2602b3c93df82d7e7dbf1a8a8e"