add helmet and use const instead of var

Author: madhums

app/models/user.js

@@ -2,14 +2,14 @@
  * Module dependencies
  */
 
-var mongoose = require('mongoose');
-var Schema = mongoose.Schema;
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
 
 /**
  * User schema
  */
 
-var UserSchema = new Schema({
+const UserSchema = new Schema({
   name: { type: String, default: '' },
   email: { type: String, default: '' },
   hashed_password: { type: String, default: '' },

config/env/development.js

@@ -3,21 +3,5 @@
  */
 
 module.exports = {
-  db: process.env.MONGODB_URL || 'mongodb://localhost/my_app_development',
-  facebook: {
-    clientID: 'APP_ID',
-    clientSecret: 'SECRET',
-    callbackURL: 'http://localhost:3000/auth/facebook/callback',
-    scope: ['email', 'user_about_me', 'user_friends']
-  },
-  google: {
-    clientID: 'APP_ID',
-    clientSecret: 'SECRET',
-    callbackURL: 'http://localhost:3000/auth/google/callback',
-    scope: [
-      'https://www.googleapis.com/auth/userinfo.profile',
-      'https://www.googleapis.com/auth/userinfo.email',
-      'https://www.google.com/m8/feeds'
-    ]
-  }
+  db: process.env.MONGODB_URL || 'mongodb://localhost/my_app_development'
 };

config/env/production.js

@@ -3,21 +3,5 @@
  */
 
 module.exports = {
-  db: process.env.MONGODB_URL || 'mongodb://localhost/my_app_production',
-  facebook: {
-    clientID: 'APP_ID',
-    clientSecret: 'SECRET',
-    callbackURL: 'http://localhost:3000/auth/facebook/callback',
-    scope: ['email', 'user_about_me', 'user_friends']
-  },
-  google: {
-    clientID: 'APP_ID',
-    clientSecret: 'SECRET',
-    callbackURL: 'http://localhost:3000/auth/google/callback',
-    scope: [
-      'https://www.googleapis.com/auth/userinfo.profile',
-      'https://www.googleapis.com/auth/userinfo.email',
-      'https://www.google.com/m8/feeds'
-    ]
-  }
+  db: process.env.MONGODB_URL || 'mongodb://localhost/my_app_production'
 };

config/express.js

@@ -2,30 +2,33 @@
  * Module dependencies.
  */
 
-var express = require('express');
-var session = require('express-session');
-var compression = require('compression');
-var morgan = require('morgan');
-var cookieParser = require('cookie-parser');
-var cookieSession = require('cookie-session');
-var bodyParser = require('body-parser');
-var methodOverride = require('method-override');
-var csrf = require('csurf');
-
-var mongoStore = require('connect-mongo')(session);
-var flash = require('connect-flash');
-var winston = require('winston');
-var helpers = require('view-helpers');
-var config = require('./');
-var pkg = require('../package.json');
-
-var env = process.env.NODE_ENV || 'development';
+const express = require('express');
+const session = require('express-session');
+const compression = require('compression');
+const morgan = require('morgan');
+const cookieParser = require('cookie-parser');
+const cookieSession = require('cookie-session');
+const bodyParser = require('body-parser');
+const methodOverride = require('method-override');
+const csrf = require('csurf');
+const helmet = require('helmet');
+
+const mongoStore = require('connect-mongo')(session);
+const flash = require('connect-flash');
+const winston = require('winston');
+const helpers = require('view-helpers');
+const config = require('./');
+const pkg = require('../package.json');
+
+const env = process.env.NODE_ENV || 'development';
 
 /**
  * Expose
  */
 
 module.exports = function(app, passport) {
+  app.use(helmet());
+
   // Compression middleware (should be placed before express.static)
   app.use(
     compression({
@@ -37,7 +40,7 @@ module.exports = function(app, passport) {
   app.use(express.static(config.root + '/public'));
 
   // Use winston on production
-  var log;
+  let log;
   if (env !== 'development') {
     log = {
       stream: {
@@ -74,7 +77,7 @@ module.exports = function(app, passport) {
     methodOverride(function(req) {
       if (req.body && typeof req.body === 'object' && '_method' in req.body) {
         // look in urlencoded POST bodies and delete it
-        var method = req.body._method;
+        const method = req.body._method;
         delete req.body._method;
         return method;
       }

config/index.js

@@ -2,11 +2,11 @@
  * Module dependencies.
  */
 
-var path = require('path');
-var development = require('./env/development');
-var test = require('./env/test');
-var production = require('./env/production');
-var defaults = {
+const path = require('path');
+const development = require('./env/development');
+const test = require('./env/test');
+const production = require('./env/production');
+const defaults = {
   root: path.normalize(__dirname + '/..')
 };
 

config/passport/local.js

@@ -2,9 +2,9 @@
  * Module dependencies.
  */
 
-var mongoose = require('mongoose');
-var LocalStrategy = require('passport-local').Strategy;
-var User = mongoose.model('User');
+const mongoose = require('mongoose');
+const LocalStrategy = require('passport-local').Strategy;
+const User = mongoose.model('User');
 
 /**
  * Expose
@@ -16,7 +16,7 @@ module.exports = new LocalStrategy(
     passwordField: 'password'
   },
   function(email, password, done) {
-    var options = {
+    const options = {
       criteria: { email: email }
     };
     User.load(options, function(err, user) {