arshadpatel · Mugunth140 · Oct 18, 2024 · Oct 18, 2024
diff --git a/backend/.env.example b/backend/.env.example
diff --git a/backend/app.js b/backend/app.js
@@ -4,27 +4,50 @@ import connectDB from './config/db.js';
 import courseRoutes from './routes/courseRoutes.js';
 import userRoutes from './routes/userRoutes.js';
 import morgan from 'morgan';
+import rateLimit from 'express-rate-limit';
+import helmet from 'helmet';
+import cors from 'cors';
+import xssClean from 'xss-clean';
+import hpp from 'hpp';
+import { notFound, errorHandler } from './middlewares/errorMiddleware.js';
+
 dotenv.config();
 const app = express();
 
-// Notice: Use bcryptjs or argon2 for hashing instead of bcrypt  to prevent error in docker enviornment
+// Use bcryptjs or argon2 for password hashing to avoid issues in Docker environments
 
 const PORT = process.env.PORT || 5000;
-const DB_URI = process.env.DB_URI;
+
 // Connect Database
 connectDB();
 
+// Rate Limiting (Apply to all API requests)
+const apiLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // Limit each IP to 100 requests per windowMs
+  message: 'Too many requests from this IP, please try again after 15 minutes.',
+});
+
+// Apply security middleware
+app.use(helmet()); // Helps secure Express apps by setting HTTP headers
+app.use(cors()); // Enable CORS for all routes
+app.use(xssClean()); // Protect against XSS attacks
+app.use(hpp()); // Prevent HTTP parameter pollution
+
 // Middleware
 app.use(express.json()); // For parsing application/json
-app.use(morgan('dev'));
+app.use(morgan('dev')); // Logs HTTP requests
 app.use(express.urlencoded({ extended: true }));
 
+// Apply rate limiting to all routes
+app.use(apiLimiter);
+
 // API Routes
 app.use('/api', courseRoutes);
 app.use('/api/user', userRoutes);
 
 // Healthcheck route for development
-app.get("/healtcheck", (_, res) => {
+app.get("/healthcheck", (_, res) => {
   res.send("Everything is fine & server is listening on port " + PORT);
 });
 
@@ -33,6 +56,10 @@ app.use("*", (req, res) => {
   res.status(404).json({ success: false, message: "Route not found" });
 });
 
+// Error Handling Middleware
+app.use(notFound);
+app.use(errorHandler);
+
 app.listen(PORT, () => {
   console.log(`Server running on port ${PORT}`);
 });
diff --git a/backend/middlewares/errorHandler.js b/backend/middlewares/errorHandler.js
@@ -3,3 +3,4 @@ const errorHandler = (err, req, res, next) => {
 };
 
 export default errorHandler;
+``
diff --git a/backend/middlewares/errorMiddleware.js b/backend/middlewares/errorMiddleware.js
@@ -0,0 +1,16 @@
+export const notFound = (req, res, next) => {
+    const error = new Error(`Not Found - ${req.originalUrl}`);
+    res.status(404);
+    next(error);
+  };
+
+  export const errorHandler = (err, req, res, next) => {
+    const statusCode = res.statusCode === 200 ? 500 : res.statusCode;
+    res.status(statusCode);
+    res.json({
+      success: false,
+      message: err.message,
+      stack: process.env.NODE_ENV === 'production' ? null : err.stack,
+    });
+  };
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,3 +3,4 @@ const errorHandler = (err, req, res, next) => {
		};

		export default errorHandler;
		``