-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
125 lines (95 loc) · 4.31 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
const express = require('express')
const { port, windowRequest, maxRequestByIp, urlDB } = require('./config/config.js');
const rateLimit = require("express-rate-limit");
const mongoose = require('mongoose');
const ops = require('./controller/operateursFuneraires.js');
const opsGeo = require('./controller/operateursFunerairesGeo')
const swaggerUi = require('swagger-ui-express');
const YAML = require('yamljs');
const swaggerDocument = YAML.load('./swagger.yaml');
var healthCheck = require('express-healthcheck');
var morgan = require('morgan')
const app = express()
app.use(express.json())
//log
app.use(morgan(':remote-addr - :remote-user [:date[iso]] ":method :url HTTP/:http-version" :status :res[content-length]'));
let options = { useNewUrlParser: true, useUnifiedTopology: true };
//console.log(urlDB);
mongoose.connect(urlDB, options);
var myDB = mongoose.connection;
if (process.env.NODE_ENV != 'production') {
mongoose.set("debug", true);
}
myDB.on('open', function() {
console.log("Connexion à la base OK");
});
// limit access by IP
const limiter = rateLimit({
windowMs: windowRequest,
max: maxRequestByIp, //limit each IP to 100 requests per windowMs
message: "trop d'appels réalisés, veuillez essayer dans quelques minutes"
});
//Middleware
// handle the limiter only for the api
app.use("/api", limiter);
// Serve Favicon
var favicon = require('serve-favicon');
app.use(favicon('favicon.ico'));
app.use(function(req, res, next) {
// recommendations owasp http headers
// @link https://owasp.org/www-project-secure-headers/#div-bestpractices
res.set('Strict-Transport-Security','max-age=31536000; includeSubDomains');
res.set('X-Frame-Options', 'deny');
res.set('X-Content-Type-Options','nosniff');
res.set('Content-Security-Policy',"'default-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests'");
res.set('Permissions-Policy','accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()');
res.set('X-Permitted-Cross-Domain-Policies','none');
res.set('Referrer-Policy','no-referrer');
res.set('Clear-Site-Data','"cache","cookies","storage"');
res.set('Cross-Origin-Embedder-Policy','require-corp');
res.set('Cross-Origin-Opener-Policy','same-origin');
res.set('Cross-Origin-Resource-Policy','same-origin');
res.removeHeader('X-Powered-By');
next();
});
// ressource de type /search?q=
app.get('/api/v1/operateurs_funeraires/search', ops.getOperateursFunerairesBySearch, (req, res, next) => {
res.set('Content-Type', 'application/json;charset=utf-8');
res.send();
});
// ressource et filtre paramètres
app.get('/api/v1/operateurs_funeraires', ops.getOperateursFunerairesByParam, (req, res, next) => {
res.set('Content-Type', 'application/json;charset=utf-8');
res.send();
});
// ressource de recherche par coordonnées géographiques
app.post('/api/v1/operateurs_funeraires/geo/', opsGeo.getOperateursFunerairesByGeo, (req, res, next) => {
res.set('Content-Type', 'application/json;charset=utf-8');
res.send();
});
// Middleware
// swagger api operateurs funéraires
app.use('/api/v1/operateurs_funeraires/api-docs', function(req, res, next) {
swaggerDocument.host = req.get('host');
req.swaggerDoc = swaggerDocument;
next();
}, swaggerUi.serve, swaggerUi.setup());
//healthcheck
const serverStatus = () => {
return {
etat: 'up',
base: mongoose.STATES[mongoose.connection.readyState],
date: new Date()
}
};
app.use('/api/v1/operateurs_funeraires/healthcheck', require('express-healthcheck')({
healthy: serverStatus
}));
// ressource par identifiant technique
app.get('/api/v1/operateurs_funeraires/:id', ops.getOperateursFunerairesById, (req, res, next) => {
res.set('Content-Type', 'application/json;charset=utf-8');
res.send();
});
app.listen(port, () => {
console.log("Serveur à l'écoute sur le port " + port)
});