-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
142 lines (116 loc) · 4.19 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
const express = require('express');
const morgan = require('morgan');
const rateLimit = require('express-rate-limit');
const helmet = require('helmet'); // Helmet helps secure Express apps by setting HTTP response headers.
const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');
const hpp = require('hpp'); // Express middleware to protect against HTTP Parameter Pollution attacks
const cors = require('cors'); // CORS is a node.js package for providing a Connect/Express middleware that can be used to enable CORS with various options.
const cookieParser = require('cookie-parser');
const compression = require('compression');
const AppError = require('./utils/appError');
const globalErrorHandler = require('./controllers/errorController');
const newsRouter = require('./routes/newsRoutes');
const userRouter = require('./routes/userRoutes');
const commentRouter = require('./routes/commentRoutes');
const bookingRouter = require('./routes/bookingRoutes');
const bookingController = require('./controllers/bookingController');
const subscriptionRouter = require('./routes/subscriptionRoutes');
const newsletterRouter = require('./routes/newsletterRoutes');
const statsRouter = require('./routes/statsRoutes');
const historyRouter = require('./routes/historyRoutes');
const app = express();
app.enable('trust proxy'); // adding for heroku for secure connections
// 1) GLOBAL MIDDLAWARES
// Implement CORS
app.use(cors());
// Access-Control-Allow-Origin *
// app.use(
// cors({
// origin: 'https://gpt-chat-news-generator.netlify.app'
// })
// );
app.options('*', cors());
// app.options('/api/v1/news/:id', cors()); // for preflight phase for delete, patch or put
// Set security HTTP headers
app.use(
helmet({
crossOriginOpenerPolicy: false,
crossOriginResourcePolicy: false
})
);
// Development logging
if (process.env.NODE_ENV === 'development') app.use(morgan('dev'));
// Limit requests from same API
const limiter = rateLimit({
max: 100,
windowMs: 60 * 60 * 1000,
message: 'Too many requests from this IP. Please try again in a hour!'
});
app.use('/api', limiter);
app.post(
'/webhook-checkout',
// bodyParser({ type: 'application/json' }),
express.raw({ type: '*/*' }),
bookingController.webhookCheckout
);
// Body parser, reading data from body into req.ody
app.use(express.json({ limit: '10kb' }));
app.use(cookieParser());
// Data sanitization against NoSQL query injection
app.use(mongoSanitize());
// Data sanitization against XSS
app.use(xss());
// Prevent parametr pollution
app.use(hpp({ whitelist: ['type', 'ratingsAverage', 'ratingsQuantity'] }));
app.use((req, res, next) => {
console.log('Hi from middleware');
next();
});
// Serving static files
// app.use(express.static(`${__dirname}/public`));
app.use(compression());
// Test middleware
app.use((req, res, next) => {
req.requestTime = new Date().toISOString();
// console.log(req.headers);
// console.log(req.cookies);
next();
});
// 2) ROUTE HANDLERS
// app.get('/api/v1/news', getAllNews);
// app.post('/api/v1/news', createNews);
// app.get('/api/v1/news/:id', getNews);
// app.patch('/api/v1/news/:id', updateNews);
// app.delete('/api/v1/news/:id', deleteNews);
// 3) ROUTES
app.use('/api/v1/news', newsRouter);
app.use('/api/v1/users', userRouter);
app.use('/api/v1/comments', commentRouter);
app.use('/api/v1/bookings', bookingRouter);
app.use('/api/v1/subscriptions', subscriptionRouter);
app.use('/api/v1/newsletters', newsletterRouter);
app.use('/api/v1/stats', statsRouter);
app.use('/api/v1/history', historyRouter);
app.all('*', (req, res, next) => {
// res.status(404).json({
// status: 'fail',
// message: `Can't find ${req.originalUrl} on this server!`
// });
// const err = new Error(`Can't find ${req.originalUrl} on this server!`);
// err.status = 'fail';
// err.statusCode = 404;
// next(err);
next(new AppError(`Can't find ${req.originalUrl} on this server!`));
});
// app.use((err, req, res, next) => {
// err.statusCode = err.statusCode || 500;
// err.status = err.status || 'error';
// res.status(err.statusCode).json({
// status: err.status,
// message: err.message
// });
// });
app.use(globalErrorHandler);
// 4) START SERVER
module.exports = app;