From 0fd3252e4e2f04ebd11b9dcfd7e7c3d23848a8cb Mon Sep 17 00:00:00 2001
From: NecroBread <mariovyordanov@gmail.com>
Date: Thu, 14 Dec 2023 16:33:07 +0200
Subject: [PATCH] add helmet and local env"

---
 .env.local.example | 7 +++++++
 .gitignore         | 2 +-
 package-lock.json  | 9 +++++++++
 package.json       | 1 +
 src/app.ts         | 2 ++
 src/index.ts       | 1 +
 6 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 .env.local.example

diff --git a/.env.local.example b/.env.local.example
new file mode 100644
index 0000000..1766758
--- /dev/null
+++ b/.env.local.example
@@ -0,0 +1,7 @@
+NODE_ENV=development
+PORT=5000
+ALLOW_ORIGIN="*"
+ALLOW_METHODS="GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS"
+ALLOW_HEADERS="Content-Type,Cache-Control,Expires"
+JWT_SECRET=SUPERSECRET
+CONNECTION_STRING="mongodb://localhost:27017/express-template"
diff --git a/.gitignore b/.gitignore
index 7b80dcf..682cb28 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 .env
-.env.dev
+.env.local
 dist
 node_modules
 .npm
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index 32d901f..7de3197 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
         "cors": "^2.8.5",
         "dotenv": "^16.3.1",
         "express": "^4.18.2",
+        "helmet": "^7.1.0",
         "joi": "^17.11.0",
         "jsonwebtoken": "^9.0.2",
         "mongoose": "^8.0.2",
@@ -3895,6 +3896,14 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/helmet": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz",
+      "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==",
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/hexoid": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz",
diff --git a/package.json b/package.json
index 084876d..6162b92 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
+    "helmet": "^7.1.0",
     "joi": "^17.11.0",
     "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.0.2",
diff --git a/src/app.ts b/src/app.ts
index e9510d4..ede54de 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -8,6 +8,7 @@ import loggerMiddleware from "./middleware/logger-middleware";
 import getConfig from "./config/get-config";
 import * as swaggerDoc from "../swagger.json";
 import swagger from "swagger-ui-express";
+import helmet from "helmet";
 
 /**
  * The ExpressJS app
@@ -21,6 +22,7 @@ app.enable("trust proxy");
 
 const config = getConfig();
 
+app.use(helmet());
 app.use(
   cors({
     origin: config.ALLOW_ORIGIN?.split(",").map((x) => x.trim()),
diff --git a/src/index.ts b/src/index.ts
index f142204..38d9bad 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -8,6 +8,7 @@ import { AppError } from "./utils/app-error";
  * Load enviroment variables
  */
 dotenv.config();
+dotenv.config({ path: `.env.local`, override: true });
 
 const config = getConfig();
 const port: number = config.PORT ? parseInt(config.PORT) : 5000;