This Gist has been moved to https://github.com/lbgists/gh-trend.py.
iArnaud
- Don't run as root.
- For sessions, set
httpOnly(andsecuretotrueif running over SSL) when setting cookies. - Use the Helmet for secure headers: https://github.com/evilpacket/helmet
- Enable
csrffor preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf - Don't use the deprecated
bodyParser()and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use thedeferproperty andpipe()the multipart upload stream to the intended destination.
cerebrl
/ express-https
Created
September 5, 2013 18:09
How to enable https in Node/Express. From http://stackoverflow.com/questions/5998694/how-to-create-an-https-server-in-express-js-node-js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var express = require('express'); | |
| var https = require('https'); | |
| var http = require('http'); | |
| var fs = require('fs'); | |
| // This line is from the Node.js HTTPS documentation. | |
| var options = { | |
| key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), | |
| cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') | |
| }; |
jasonrudolph
/ 00-about-search-api-examples.md
Last active
January 3, 2025 03:54
5 entertaining things you can find with the GitHub Search API
Let's have some command-line fun with curl, [jq][1], and the [new GitHub Search API][2].
Today we're looking for:
mastergenius
/ backendDevelopmentBookmarks.md
Created
June 23, 2013 10:51
— forked from dypsilon/backendDevelopmentBookmarks.md
- node.js
- Installation paths: use one of these techniques to install node and npm without having to sudo.
- Node.js HOWTO: Install Node+NPM as user (not root) under Unix OSes
- Felix's Node.js Guide
- Creating a REST API using Node.js, Express, and MongoDB
- Node Cellar Sample Application with Backbone.js, Twitter Bootstrap, Node.js, Express, and MongoDB
- JavaScript Event Loop
- Node.js for PHP programmers
paulirish
/ gist:5842309
Last active
July 10, 2024 15:13
I wrote this in early January 2012, but never finished it. The research and thinking in this area led to a lot of the design of Yeoman and talks like "Javascript Development Workflow of 2013", "Web Application Development Workflow" and "App development stack for JS developers" (surpisingly little overlap in those talks, btw).
Now it's June 2013 and the state of web app tooling has matured quite a bit. But here's a snapshot of the story from 18 months ago, even if a little ugly and incomplete. :p
- Intro to tooling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| ## This nginx.conf servers as the main config file for webflow reverse proxy | |
| ## | |
| ## RCS: | |
| ## https://gist.github.com/sansmischevia/5617402 | |
| ## | |
| ## Hardening tips: | |
| ## http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html | |
| ## |
benvium
/ smartReadFile.php
Created
September 19, 2012 12:08
PHP File to allow seeking in HTML5 <audio> tag. NOTE: I did not write this, check links in code for credits.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Reads the requested portion of a file and sends its contents to the client with the appropriate headers. | |
| * | |
| * This HTTP_RANGE compatible read file function is necessary for allowing streaming media to be skipped around in. | |
| * | |
| * @param string $location | |
| * @param string $filename | |
| * @param string $mimeType | |
| * @return void |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| require('relations.php'); | |
| $database = 'relations'; | |
| header('Content-Type: text/plain; charset="UTF-8"'); | |
| $relations = relations($database); |
schakko
/ glibberish-aes-256-cbc-decrypt.js
Created
May 7, 2012 16:11
Using AES-256-CBC with OpenSSL, node.js and PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Doing AES-256-CBC (salted) decryption with node.js. | |
| // This code is based on http://php.net/manual/de/function.openssl-decrypt.php and works with PHP sqAES. | |
| // | |
| // Create your encrypted data with | |
| // echo -n 'Hello world' | openssl aes-256-cbc -a -e | |
| var crypto = require('crypto'); | |
| var password = 'password'; | |
| var edata = 'U2FsdGVkX18M7K+pELP06c4d5gz7kLM1CcqJBbubW/Q='; |