I want to prevent my app for SQL-Injection attack in Node.js,for that i am using sql-inection package of NPM.
My app.js File
var app = express();
var sqlinjection = require('sql-injection');
app.use(sqlinjection);
With this configuration i am directly sending request to server.
But with each request to the server the api does not send any response and gives no error or Warning.
I am using this Npm package sql injection npm js
Please guide me to how to use sql-injection in node.js and express.js project.
Thanks.
Please include following lines in your app.js file
app.use('/wordcloud',wordcloud);
app.use('/profanityfilter',profanityfilter);
app.use('/api/notification',notification);
app.use('/api/badge',badgecount);
app.use('/api/csrf',csrfRoute);
app.use(sqlinjection);
After requiring the npm package you must use this sql-injection package at the end of all your router.
and it will work fine.
Related
I have react-boilerplate application. I want to start using database so I installed:
npm install mysql
npm install mysqljs/mysql
As shown in mysql webpage: https://www.npmjs.com/package/mysql
Now I get errors when I go to localhost in a browser:
Can't resolve 'fs' in '....node_modules\mysql\lib\protocol\sequences'
Can't resolve 'net' in '....node_modules\mysql\lib'
Can't resolve 'tls' in '....node_modules\mysql\lib'
I am using redux-saga combination.
I figured out that I get the error when I write:
const mysql = require('mysql');
in saga.js file
How can I fix these errors?
You can't use a MySQL client library within a browser app.
The errors you're seeing is the client library attempting to require() Node.js standard libraries for file system, network and encryption (TLS) access, which don't exist in the browser.
Hej there.
I have a app using Node.js/Electron/Angular2 (TypeScript). Using socket.io I created a WebSocket. Everything works fine, as long as I'm not inside my Angular2 app.
I tried the whole day to get this running, without luck. I downloaded a working tutorial, but can't find the missing link. Drives me crazy!
This is my electron.js starting the app, creating the websocket server side
This is my index.html with working websocket, but as native JavaScript code
This is my root component of Angular2 trying to get the websocket running
The error - wich does not stop the compilation - I get, is root.component.ts(14,17): error TS2304: Cannot find name 'io'..
How can I get rid of that error? Or better: What's the best practice for this websocket communication inside Angular2?
Thanks in advance.
Now I solved this issue this way:
Installed socket.io-client typings $ tsd install socket.io-client and
added a typings reference to my main.ts file ///<reference path="../../typings/socket.io-client/socket.io-client.d.ts"/>.
Installed socket.io-client Node.js module $ npm install --save socket.io-client and
added this module to my index.html <script src="../node_modules/socket.io-client/socket.io.js"></script>
Now I can simply work with the socket inside any Angular2 component, without adding any extra lines.
socket = null;
constructor() {
this.socket = io('http://localhost:8181');
this.socket.on('news', function (data) {
console.log(data);
});
}
And for reference, this is my server socket code inside my main Electron .js file:
var server = require('http').createServer(function(req, res) {})
socket = require('socket.io')(server, {});
server.listen(8181);
socket.on('connection', function(socket) {
socket.emit('news', {hello: 'world'});
socket.on('my other event', function(data) {
console.log(data);
});
});
Hope this helps anyone later. Thank to Thierry Templier and dvlsg for the help.
I would note that if you're using electron that you shouldn't really consider electron.js to be server side. It's more of a client launcher / bootstrap, and must be running on each client. You'd have to have a separate node application (and I would strongly suggest it, in the case of socket.io) to truly make your code server side.
As for your question, you could try adding import io from 'socket.io-client' or var io = require('socket.io-client') in your root component (after you npm install socket.io-client, if necessary).
You need to install the socket.io typings (see this link: https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/socket.io/socket.io.d.ts) using the command:
$ tsd install socket.io
Then you need import it:
import * as io from 'socket.io';
I was attempting to follow along with g00glen00b's meteor/twitter walkthrough (http://g00glen00b.be/meteor-twitter-streaming/) when i got this persistent error. any help or hints would be much obliged.
things i tried
uninstall/reinstall npm
uninstall/reinstall twitter package
uninstall/reinstall cookies
searching for hidden characters
my deployed app
(htp://dbcmarch.meteor.com)
meteor error
=> Errors prevented startup:
While building the application:
node_modules/twitter/node_modules/cookies/test/express.js:1:15: Unexpected token ILLEGAL
node_modules/twitter/node_modules/cookies/test/http.js:1:15: Unexpected token ILLEGAL
express.js
#!/usr/bin/env node
var assert = require("assert"),
express = require("express"),
http.js
#!/usr/bin/env node
var assert = require("assert"),
http = require("http"),
meteor includes npm, and its perfectly acceptable to run 'mrt add npm' however npm should not be used to install its packages (e.g. npm install twitter) into a meteor project. you can require them via a packages.json file.
in order to avoid the illegal token error and get the server up running, i deleted the primary node_module dir in my project folder.
check the meteor google group for advice!
This is driving me crazy... while I have a working version of Express + Socket.io, I can't seem to reproduce it with out-of-the-box NPM installs in a new project folder. Can anyone point out what I'm missing...? Here's my process:
I create a node_modules folder in my project directory (pwd), then do:
npm install express
npm install socket.io
Running those two commands puts the packages in my project's node_modules folder as expected. Now I set up my server with the following:
var express = require('express'),
server = express.createServer().use( express.static(__dirname+'./public') ).listen( 8080 ),
io = require('socket.io').listen(server);
My public folder contains static assets for my application. My public index HTML page includes a script tag for:
<script src="/socket.io/socket.io.js"></script>
Finally, I run my server script and go to the application in a web browser. My static public files are all served properly, however I get a 404 for /socket.io/socket.io.js. Now, I can swap in an express package from another old project and have this whole system work. Somehow that package instance is configured differently, but I can't figure out how to reproduce that. The Express website mentions something about installing dependencies, although running npm install -d doesn't seem to help (is there a specific pwd that I need to be in while running npm install -d?). I figure I must be missing something important about configuring a new Express instance after installing it with NPM.
Thanks for any and all insight!
Okay, so my example was actually an abbreviation of my code, and that example code does actually work. My real code with problems was a bit more cluttered, like so:
var server = express.createServer();
server
.use( server.router )
.use( express.static(__dirname+'/../public') )
.get('/api', function(req, res) {
res.write('API');
});
server.listen(8080);
var io = require('socket.io').listen(server);
I fixed the above code by doing the following:
server = server.listen(8080);
Apparently the listen command wraps the server object with some additional functionality. My originally posted shorthand example actually does work because listen is chained onto the final return into the server variable. Interesting little nuance.
Express and connect appeared to have removed their gzip functions because they were too inefficient. Are there any reliable solutions to gzip with express-js currently?
Express 3.0 now has compress() support:
var app = express();
// gzip
app.use(express.compress());
// static
app.use("/public", express.static(__dirname + '/public'));
// listen
app.listen(80);
EDIT
for Express 4.0, compress become the separate middleware. So you have to install and import to use it:
var compress = require('compression');
app.use(compress());
Connect 2.0 has added support for compress() middleware based on the new zlib stuff with that has just come out in Node Core API.
You can make use of this in your express server by adding a dependency to connect 2.0 in your package.json file:
{
...
dependencies: {
"connect" : "2.x",
"express" : "2.x",
// etc..
}
}
And then apply the following logic into your express app configuration:
// Create static file server with gzip support
var app = express.createServer(express.logger());
app.use(connect.compress());
app.use(express.static(__dirname + '/public'));
app.listen(80);
Please note that this stuff is still pretty new and while I could get it to work locally, my Heroku cloud application complained about the dependency on Compress 2.x during the pre-commit hook when deploying via git:
-----> Heroku receiving push
-----> Node.js app detected
-----> Resolving engine versions
Using Node.js version: 0.4.7
Using npm version: 1.0.106
-----> Fetching Node.js binaries
-----> Vendoring node into slug
-----> Installing dependencies with npm
npm ERR! Error: No compatible version found: connect#'>=2.0.0- <3.0.0-'
As you can see, they're still using an old version of node (0.4.7).
UPDATE:
Actually, I could get Heroku to deploy this by adding the corresponding engines section in the package.json:
{
...
"engines": {
"node": ">= 0.6.0 < 0.7.0"
}
}
And these are the results when using a http compression tester:
UPDATE June 2014
Hiya, if you are reading this now. Dont forget that the stuff above is only relevant to Express 2.0.
Express 3.0 and 4.0 use different syntax for enabling http compression, see post by gasolin just below.
I have also searched npm and found for example:
https://github.com/tomgallacher/gzippo
gzippo pronounced g-zippo is a gzip
middleware for Connect using Compress
for better performance.
Gzippo has recently been developed(2 days ago) which I think is a good thing. I can't tell you about production usage. You should test/benchmark it yourself. I would also probably use a CDN for a live site or Nginx to host my static files instead of some nodejs module.
Connect will support the new zlib stuff in Node in the next release
If you've searched the npm you may have come across node-compress.
It shouldn't be too hard to inject it as middleware into express.