-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.js
More file actions
133 lines (100 loc) · 3.21 KB
/
app.js
File metadata and controls
133 lines (100 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
const express = require("express");
const mongoose = require("mongoose");
const path = require("path");
const cors = require("cors");
const helmet = require("helmet");
const cookieParser = require("cookie-parser");
const rateLimit = require("express-rate-limit");
const csrf = require("csurf");
const morgan = require("morgan");
const xssClean = require("xss-clean");
const session = require("express-session");
const MongoStore = require("connect-mongo");
require("dotenv").config();
// const conditionalRateLimit = require("./middlewares/conditionalRateLimit");
// Import routes
// Example: const authRoute = require("./routes/authRoute");
const authRoute = require("./routes/auth.route")
// ---------------------- END of Importing Routes
const app = express();
// ===== Middleware Setup =====
// Security headers (with file policy for image loading)
app.use(
helmet({
crossOriginResourcePolicy: { policy: "cross-origin" },
})
);
// CORS config
app.use(
cors({
origin: process.env.FRONTEND_URL || "http://localhost:5173",
credentials: true,
})
);
// JSON parsing
app.use(express.json({ limit: "10mb" }));
app.use(express.urlencoded({ extended: true })); // Added to handle URL-encoded form data
app.use(cookieParser());
app.use(morgan("combined"));
// app.use((req, res, next) => {
// req.body = mongoSanitize(req.body);
// req.query = mongoSanitize(req.query);
// req.params = mongoSanitize(req.params);
// next();
// });
// app.use(xss());
// uncomment for RateLimite
// app.use(conditionalRateLimit);
// const limiter = rateLimit({
// windowMs: 15 * 60 * 1000, // 15 minutes
// max: 150, // limit each IP to 150 requests per window
// message: "Too many requests from this IP, please try again later.",
// });
// app.use(limiter);
// ---------------------------- END of RateLimite --------------------
// ===== Session Management =====
app.use(
session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.MONGO_URI,
collectionName: "sessions",
}),
cookie: {
secure: process.env.NODE_ENV === "production",
httpOnly: true,
maxAge: 24 * 60 * 60 * 1000, // 1 day
},
})
);
// ===== CSRF Protection =====
// const csrfProtection = csrf({
// cookie: true,
// });
// app.use(csrfProtection);
// ===== Static Files =====
app.use("/uploads", express.static(path.join(__dirname, "uploads")));
// --------------- START routes -------------------
// eg: app.use('/api/route_name)
// auth route
// app.use('/api/auth', authRoute)
app.use('/api/auth', authRoute)
// -------------- END routes-----------------------
// ===== Health Checks =====
app.get("/api", (req, res) => {
res.status(200).send(`✅ API Server running securely`);
});
app.get("/", (req, res) => {
res.status(200).send(`✅ Root Server running securely`);
});
// ===== Error Handling =====
app.use((err, req, res, next) => {
console.error("❌ Error:", err.stack);
res.status(err.status || 500).json({
success: false,
message: err.message || "Internal Server Error",
});
});
module.exports = app;