-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
93 lines (74 loc) · 2.89 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
require("dotenv").config();
const express = require("express");
const cors = require("cors");
const path = require("path");
const helmet = require("helmet");
const mongoose = require("mongoose");
const cookieParser = require("cookie-parser");
const { logger } = require("./middleware/logEvents.middleware");
// const errorHandler = require('./middleware/errorHandler')
const corsOptions = require("./config/corsOptions");
const connectDB = require("./config/dbConn");
const restrictDirectoryAccess = require("./middleware/uploads.middleware");
const expressSession = require("./middleware/espressSession.middleware");
const csrfProtection = require("./middleware/csrf.middleware");
const limiter = require("./middleware/rateLimit.middleware");
const PORT = process.env.PORT || 3000;
const app = express();
//Connect to database
connectDB();
app.use(logger);
//Cross Origin Resource Sharing
app.use(cors(corsOptions));
app.use(helmet()); // Add security headers to HTTP responses
// Middleware to parse x-www-form-urlencoded data
app.use(express.urlencoded({ extended: true, limit: process.env.REQ_LIMIT }));
//built in middleware for json
app.use(express.json());
//middleware for cookies
app.use(cookieParser());
// Apply session middleware
app.use(expressSession);
// Apply CSRF middleware (after express session)
app.use(csrfProtection);
// Middleware to restrict access to the directory itself
app.use("/api/v1/uploads", restrictDirectoryAccess);
//serve static files
app.use("/api/v1", express.static(path.join(__dirname, "/public")));
app.use(
"/api/v1/uploads",
express.static(path.join(__dirname, "public/uploads"))
);
app.get("/api/v1/csrf-token", csrfProtection, (req, res) => {
res.status(200).json({ csrfToken: req.csrfToken() });
});
//routes
app.use("/api/v1", require("./routes/root"));
app.use("/api/v1/user", require("./routes/user.route"));
app.use("/api/v1/role", require("./routes/roles.route"));
app.use("/api/v1/address", require("./routes/address.route"));
app.use("/api/v1/category", require("./routes/category.route"));
app.use("/api/v1/tag", require("./routes/tag.route"));
app.use("/api/v1/attribute", require("./routes/attribute.route"));
app.use("/api/v1/product", require("./routes/product.route"));
app.use("/api/v1/variation", require("./routes/variation.route"));
app.use("/api/v1/cart", require("./routes/cart.route"));
app.all("*", limiter("15m", 100), (req, res) => {
// res.redirect("/404.html")
if (req.accepts("html")) {
res.status(404).sendFile(path.join(__dirname, "views", "404.html"));
} else if (req.accepts("json")) {
res.json({ error: "404 Not found" });
} else {
res.type("txt").send("404 not found");
}
});
// app.use(errorHandler);
mongoose.connection.once("open", () => {
app.on("error", (error) => {
console.error("Error Connecting to server", error.message);
});
app.listen(PORT, () => {
console.log(`Server started on port ${PORT}`);
});
});