Added helmet secure headers and HTTPS redirection.

2025-07-18 01:21:07 +05:30
parent 351f57229c
commit 001727ab85
1 changed files with 11 additions and 0 deletions
@@ -1,6 +1,7 @@
 const express = require("express");
 const cors = require("cors");
 const cookieParser = require("cookie-parser");
+const helmet = require("helmet");

 const userRoute = require("./Routes/user.routes.js");
 const farmRoute = require("./Routes/farm.routes.js");
@@ -17,6 +18,8 @@ dotenv.config({

 const app = express();

+app.use(helmet()); // Secure headers
+
 const corsOptions = {
  origin: process.env.FRONTEND_URI,
  methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
@@ -43,4 +46,12 @@ app.use("/api/v1/finance", financeRoute);

 app.use("/api/v1/task", taskRoute);

+// Redirect HTTP to HTTPS (works behind proxy)
+app.use((req, res, next) => {
+  if (req.headers["x-forwarded-proto"] !== "https" && process.env.NODE_ENV === "production") {
+    return res.redirect(`https://${req.headers.host}${req.url}`);
+  }
+  next();
+});
+
 module.exports = app;