-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
96 lines (79 loc) · 2.5 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// load env variables first
require('dotenv').config();
const express = require('express');
const app = express();
const debug = require('debug')('app');
const bodyParser = require('body-parser');
const morgan = require('morgan');
const favicon = require('serve-favicon');
const path = require('path');
const http = require('http');
const helmet = require('helmet');
//app.use(helmet());
/** hemlet security features */
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());
// needs to be loaded before the DB models
const passport = require('passport');
// connect to the Mongo database
require('./api_server/models/db');
require('./api_server/models/api');
require('./api_server/models/post');
require('./api_server/models/settings');
// needs to be loaded after the DB models
require('./api_server/config/passport');
// constants
const port = process.env.PORT;
const routerApi = require('./api_server/routes/index');
const routerApp = require('./app_server/routes/index');
// set up view engine
app.set('view engine', 'ejs');
app.set('views', 'app_server/views');
app.use(morgan('tiny'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static('public/css'));
app.use(express.static('public/images'));
app.use(express.static('public/js'));
app.use(favicon(path.join(__dirname, 'public/images', 'favicon.ico')));
// initialize passport after static routes
app.use(passport.initialize());
/*
* ROUTING
*/
app.use('/api', routerApi);
app.use('/', routerApp);
// allow CORS
app.use('/api', (req, res, next) => {
res.header('Access-Control-Allow-Origin', 'http://localhost:5000');
res.header(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With-Content-Type, Accept, Authorization'
);
next();
});
// catch all errors
app.use((err, req, res, next) => {
if (err.name === 'UnauthorizedError') {
res.status(401).json({ message: 'Forbidden' });
}
});
// heroku hack to prevent free tier from idling
setInterval(function () {
http.get('http://www.nomadcoder.io');
}, 300000);
if (process.env.NODE_ENV === 'production') {
app.listen(port, () => debug(`listening on ${process.env.API_SERVER}`));
} else {
app.listen(port, () =>
debug(`listening on ${process.env.API_SERVER}:${port}`)
);
}