This repository has been archived by the owner on Sep 28, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
139 lines (125 loc) · 4.25 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
/**
* server.js - where backend is, starting of our backend
*
* @version 1.0.0
* @author [Yayen Lin](https://github.com/yayen-lin)
*/
// ----------------------- dependencies -----------------------
const path = require("path");
const express = require("express");
// enable environment variable to be read
require("dotenv").config();
// enable cross-origin resource sharing in express
const cors = require("cors");
// mysql
const mysql = require("mysql");
// (authorization)
// hasing and salting
const bcrypt = require("bcrypt");
// const saltRounds = 10;
// parsing req.body element from the frontend
const bodyParser = require("body-parser");
// parse cookie
const cookieParser = require("cookie-parser");
// creating session and maintaining (keeps users logged in)
const session = require("express-session");
// store session data in mysql
const mysqlStore = require("express-mysql-session")(session);
// (authentication)
// json web token, needed for logged in users to make every api requests
const jwt = require("jsonwebtoken");
// ----------------------- settings -----------------------
// default env setting
const {
PORT = 3000,
SESSION_NAME = "sid",
SESSION_LIFETIME = 2, // two hours
NODE_ENV = "development",
} = process.env;
const IN_PROD = NODE_ENV === "production";
var sessionStore = new mysqlStore({
// db config
host: "taipeinerd.com",
user: "ggdabhmy_admin",
password: process.env.DB_PASSWORD,
database: "ggdabhmy_carmax168",
// store setting
expiration: 1000 * 60 * 60 * 12, // session cookie expires in 12 hrs
createDatabaseTable: true,
clearExpired: true,
checkExpirationInterval: 900000, // clear expired session every 15 mins
connectionLimit: 1,
endConnectionOnClose: true,
// charset: "utf8mb4_bin",
schema: {
tableName: "sessions_table",
columnNames: {
session_id: "session_id",
expires: "expires",
data: "data",
},
},
});
// default value is { path: '/', httpOnly: true, secure: false, maxAge: null }
const sessOptions = {
name: process.env.SESSION_NAME,
secret: process.env.SESSION_SECRET,
resave: false, // not to store the session back to storage if they were never modified in the request
saveUninitialized: false, // not to save any uninitialized session that has no data
store: sessionStore, // session data is stored in mysql db
cookie: {
maxAge: 1000 * 60 * 60 * process.env.SESSION_LIFETIME,
sameSite: true, // or 'strict', same effect
secure: IN_PROD,
}, // session cookie expires in 12 hrs
};
// ----------------------- init -----------------------
const app = express();
app.use(express.json());
// app.use(cors(corsOptions));
app.use(cors({ origin: true, credentials: true }));
app.use((req, res, next) => {
const allowedOrigins = [
"https://www.carmax168.com",
"http://localhost:8081",
"http://127.0.0.1:8081",
];
const origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
res.setHeader("Access-Control-Allow-Origin", origin);
}
res.header(
"Access-Control-Allow-Headers",
"x-access-token, Origin, X-Requested-With, Content-Type, Accept, Authorization"
);
res.header("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
res.header("Access-Control-Allow-Credentials", true);
next();
});
app.use(cookieParser());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(session(sessOptions));
// bad practice to use global in JS
// global.jwt = jwt;
// global.bcrypt = bcrypt;
// ----------------------- import routes -----------------------
const authRoutes = require("./backend/routes/auth.routes");
app.use("/", authRoutes);
// ----------------------- production build -----------------------
// Express only serves static assets in production
if (IN_PROD) {
app.use(express.static("frontend/build"));
app.set("trust proxy", 1); // trust first proxy
sess.cookie.secure = true; // serve secure cookies
app.get("*", (req, res) => {
res.sendFile(path.resolve(__dirname, "frontend", "build", "index.html"));
});
}
// ----------------------- url not found -----------------------
app.get("/*", function (req, res) {
res.json({ message: "404 Not found" });
});
// ----------------------- app listen -----------------------
app.listen(PORT, () => {
console.log(`YOYOYO\! Server listening on ${PORT}`);
});