feat: add helment to enhance security

chertik77 · chertik77 · commit 9829b710539c · 2025-07-25T01:50:46.000+01:00
diff --git a/app/app.ts b/app/app.ts
@@ -1,5 +1,6 @@
 import express from 'express'
 import cors from 'cors'
+import helmet from 'helmet'
 import logger from 'morgan'
 
 import { env } from './config'
@@ -8,10 +9,10 @@ import { apiRouter } from './routes'
 
 export const app = express()
 
-app.use(logger(env.NODE_ENV === 'development' ? 'dev' : 'combined'))
+app.use(helmet())
 app.use(cors({ origin: env.ALLOWED_ORIGINS }))
+app.use(logger(env.NODE_ENV === 'development' ? 'dev' : 'combined'))
 app.use(express.json())
-app.disable('x-powered-by')
 
 app.use(env.API_PREFIX, apiRouter)
 
diff --git a/package.json b/package.json
@@ -24,6 +24,7 @@
     "dotenv": "^17.0.1",
     "express": "^5.1.0",
     "google-auth-library": "^10.1.0",
+    "helmet": "^8.1.0",
     "http-errors": "^2.0.0",
     "ioredis": "^5.6.1",
     "jose": "^6.0.11",
diff --git a/yarn.lock b/yarn.lock
@@ -1952,6 +1952,11 @@ hast-util-whitespace@^3.0.0:
   dependencies:
     "@types/hast" "^3.0.0"
 
+helmet@^8.1.0:
+  version "8.1.0"
+  resolved "https://registry.yarnpkg.com/helmet/-/helmet-8.1.0.tgz#f96d23fedc89e9476ecb5198181009c804b8b38c"
+  integrity sha512-jOiHyAZsmnr8LqoPGmCjYAaiuWwjAPLgY8ZX2XrmHawt99/u1y6RgrZMTeoPfpUbV96HOalYgz1qzkRbw54Pmg==
+
 html-void-elements@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/html-void-elements/-/html-void-elements-3.0.0.tgz#fc9dbd84af9e747249034d4d62602def6517f1d7"
