Add user dashboard

2 files changed, 244 insertions, 0 deletions

diff --git a/config/session.js b/config/session.js
new file mode 100644
index 0000000..f49b9b7
--- /dev/null
+++ b/config/session.js
@@ -0,0 +1,99 @@
+'use strict'
+
+const Env = use('Env')
+
+module.exports = {
+  /*
+  |--------------------------------------------------------------------------
+  | Session Driver
+  |--------------------------------------------------------------------------
+  |
+  | The session driver to be used for storing session values. It can be
+  | cookie, file or redis.
+  |
+  | For `redis` driver, make sure to install and register `@adonisjs/redis`
+  |
+  */
+  driver: Env.get('SESSION_DRIVER', 'cookie'),
+
+  /*
+  |--------------------------------------------------------------------------
+  | Cookie Name
+  |--------------------------------------------------------------------------
+  |
+  | The name of the cookie to be used for saving session id. Session ids
+  | are signed and encrypted.
+  |
+  */
+  cookieName: 'adonis-session',
+
+  /*
+  |--------------------------------------------------------------------------
+  | Clear session when browser closes
+  |--------------------------------------------------------------------------
+  |
+  | If this value is true, the session cookie will be temporary and will be
+  | removed when browser closes.
+  |
+  */
+  clearWithBrowser: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | Session age
+  |--------------------------------------------------------------------------
+  |
+  | This value is only used when `clearWithBrowser` is set to false. The
+  | age must be a valid https://npmjs.org/package/ms string or should
+  | be in milliseconds.
+  |
+  | Valid values are:
+  |  '2h', '10d', '5y', '2.5 hrs'
+  |
+  */
+  age: '2h',
+
+  /*
+  |--------------------------------------------------------------------------
+  | Cookie options
+  |--------------------------------------------------------------------------
+  |
+  | Cookie options defines the options to be used for setting up session
+  | cookie
+  |
+  */
+  cookie: {
+    httpOnly: true,
+    path: '/',
+    sameSite: false
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Sessions location
+  |--------------------------------------------------------------------------
+  |
+  | If driver is set to file, we need to define the relative location from
+  | the temporary path or absolute url to any location.
+  |
+  */
+  file: {
+    location: 'sessions'
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Redis config
+  |--------------------------------------------------------------------------
+  |
+  | The configuration for the redis driver.
+  |
+  */
+  redis: {
+    host: '127.0.0.1',
+    port: 6379,
+    password: null,
+    db: 0,
+    keyPrefix: ''
+  }
+}
diff --git a/config/shield.js b/config/shield.js
new file mode 100644
index 0000000..3d4526a
--- /dev/null
+++ b/config/shield.js
@@ -0,0 +1,145 @@
+'use strict'
+
+module.exports = {
+  /*
+  |--------------------------------------------------------------------------
+  | Content Security Policy
+  |--------------------------------------------------------------------------
+  |
+  | Content security policy filters out the origins not allowed to execute
+  | and load resources like scripts, styles and fonts. There are wide
+  | variety of options to choose from.
+  */
+  csp: {
+    /*
+    |--------------------------------------------------------------------------
+    | Directives
+    |--------------------------------------------------------------------------
+    |
+    | All directives are defined in camelCase and here is the list of
+    | available directives and their possible values.
+    |
+    | https://content-security-policy.com
+    |
+    | @example
+    | directives: {
+    |   defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
+    | }
+    |
+    */
+    directives: {
+    },
+    /*
+    |--------------------------------------------------------------------------
+    | Report only
+    |--------------------------------------------------------------------------
+    |
+    | Setting `reportOnly=true` will not block the scripts from running and
+    | instead report them to a URL.
+    |
+    */
+    reportOnly: false,
+    /*
+    |--------------------------------------------------------------------------
+    | Set all headers
+    |--------------------------------------------------------------------------
+    |
+    | Headers staring with `X` have been depreciated, since all major browsers
+    | supports the standard CSP header. So its better to disable deperciated
+    | headers, unless you want them to be set.
+    |
+    */
+    setAllHeaders: false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Disable on android
+    |--------------------------------------------------------------------------
+    |
+    | Certain versions of android are buggy with CSP policy. So you can set
+    | this value to true, to disable it for Android versions with buggy
+    | behavior.
+    |
+    | Here is an issue reported on a different package, but helpful to read
+    | if you want to know the behavior. https://github.com/helmetjs/helmet/pull/82
+    |
+    */
+    disableAndroid: true
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | X-XSS-Protection
+  |--------------------------------------------------------------------------
+  |
+  | X-XSS Protection saves from applications from XSS attacks. It is adopted
+  | by IE and later followed by some other browsers.
+  |
+  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+  |
+  */
+  xss: {
+    enabled: true,
+    enableOnOldIE: false
+  },
+
+  /*
+  |--------------------------------------------------------------------------
+  | Iframe Options
+  |--------------------------------------------------------------------------
+  |
+  | xframe defines whether or not your website can be embedded inside an
+  | iframe. Choose from one of the following options.
+  | @available options
+  | DENY, SAMEORIGIN, ALLOW-FROM http://example.com
+  |
+  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  */
+  xframe: 'DENY',
+
+  /*
+  |--------------------------------------------------------------------------
+  | No Sniff
+  |--------------------------------------------------------------------------
+  |
+  | Browsers have a habit of sniffing content-type of a response. Which means
+  | files with .txt extension containing Javascript code will be executed as
+  | Javascript. You can disable this behavior by setting nosniff to false.
+  |
+  | Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  |
+  */
+  nosniff: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | No Open
+  |--------------------------------------------------------------------------
+  |
+  | IE users can execute webpages in the context of your website, which is
+  | a serious security risk. Below option will manage this for you.
+  |
+  */
+  noopen: true,
+
+  /*
+  |--------------------------------------------------------------------------
+  | CSRF Protection
+  |--------------------------------------------------------------------------
+  |
+  | CSRF Protection adds another layer of security by making sure, actionable
+  | routes does have a valid token to execute an action.
+  |
+  */
+  csrf: {
+    enable: true,
+    methods: ['POST', 'PUT', 'DELETE'],
+    filterUris: [],
+    cookieOptions: {
+      httpOnly: false,
+      sameSite: true,
+      path: '/',
+      maxAge: 7200
+    }
+  }
+}