This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Remove server identifiers to help against enumeration | |
server_tokens off; | |
# Add some protection headers for ClickJacking | |
add_header X-Frame-Options DENY; | |
add_header X-Content-Type-Options nosniff; | |
# Redirect to https | |
server { | |
listen 80; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*filter | |
# Default policy is to drop all traffic | |
-P INPUT DROP | |
-P FORWARD DROP | |
-P OUTPUT DROP | |
# Allow all loopback traffic | |
-A INPUT -i lo -j ACCEPT | |
-A OUTPUT -o lo -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*filter | |
# Reject all IPv6 on all chains. | |
-A INPUT -j DROP | |
-A FORWARD -j DROP | |
-A OUTPUT -j DROP | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
let http = require('http'); | |
http.createServer(function (req, res) { | |
res.writeHead(200, {'Content-Type': 'text/html'}); | |
res.end('hello'); | |
}).listen(2765); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Our cool Node.js App | |
After=network.target | |
[Service] | |
Type=forking | |
Restart=always | |
User=fooapp | |
ExecStart=/var/appdata/fooapp/node_modules/pm2/bin/pm2 start /var/appdata/fooapp/app.js | |
ExecStop=/var/appdata/fooapp/node_modules/pm2/bin/pm2 stop /var/appdata/fooapp/app.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
let roles = { | |
manager: { | |
can: ['read', 'write', 'publish'] | |
}, | |
writer: { | |
can: ['read', 'write'] | |
}, | |
guest: { | |
can: ['read'] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class RBAC { | |
constructor(roles) { | |
if(typeof roles !== 'object') { | |
throw new TypeError('Expected an object as input'); | |
} | |
this.roles = roles; | |
} | |
can(role, operation) { | |
return this.roles[role] && this.roles[role].can.indexOf(operation) !== -1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
let roles = { | |
manager: { | |
can: ['publish'], | |
inherits: ['writer'] | |
}, | |
writer: { | |
can: ['write'], | |
inherits: ['guest'] | |
}, | |
guest: { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
can(role, operation) { | |
// Check if role exists | |
if(!this.roles[role]) { | |
return false; | |
} | |
let $role = this.roles[role]; | |
// Check if this role has access | |
if($role.can.indexOf(operation) !== -1) { | |
return true; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
let roles = { | |
manager: { | |
can: ['publish'], | |
inherits: ['writer'] | |
}, | |
writer: { | |
can: ['write', { | |
name: 'edit', | |
when: function (params) { | |
return params.user.id === params.post.owner; |
OlderNewer