Skip to content
Snippets Groups Projects

Adding toDo app functionability

Merged Jesus Galaz Reyes requested to merge 2-build-javascript-core-functionality into main
All threads resolved!
+ 15
0
@@ -2,6 +2,7 @@ const express = require('express');
const path = require('path');
const connectDB = require('./mongodb');
const session = require('express-session');
const url = require('url');
const app = express();
@@ -9,6 +10,20 @@ const app = express();
app.use(express.json());
app.use(express.static(path.join(__dirname, 'public')));
// Allow only localhost for SSRF protection
function validateLocalhost(req, res, next) {
const remoteAddress = req.connection.remoteAddress;
// Allow requests only from localhost (IPv4 and IPv6)
if (remoteAddress !== '127.0.0.1' && remoteAddress !== '::1') {
return res.status(403).send('External requests are forbidden');
}
next();
}
app.use(validateLocalhost); // Add the middleware
// Session configuration
app.use(
session({
Loading