app.ts

import express from 'express'
import path from 'path'
//import passport from 'passport'
import morgan from 'morgan'
import cookieParser from 'cookie-parser'
import bodyParser from 'body-parser'
//import session from 'express-session'
//import flash from 'express-flash'
//import fileUpload from 'express-fileupload'
import helmet from 'helmet'
import compression from 'compression'

var env = process.env.NODE_ENV || 'testing'
const config = require('./config/config')[env]
const lang = 'DE';

var app = express()
app.set('port', config.app.port)
app.set('views', __dirname + '/views')
app.set('view engine', 'pug')

app.use(
    helmet.contentSecurityPolicy({
        useDefaults: true,
        directives: {
            "font-src": ["'self'", "https://use.fontawesome.com"],
            "img-src": ["'self'", "https://transfer.hft-stuttgart.de"],
            "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"],
            "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"],
            "frame-src": ["'self'"]
        },
        reportOnly: true,
    })
);
app.use(compression())
app.use(morgan('combined'))
app.use(cookieParser())
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended: false}))
app.use(express.static(path.join(__dirname, 'public')))
/*app.use(session(
    {
        resave: true,
        saveUninitialized: true,
        //secret: config.app.sessionSecret
        secret: 'thisisasecret-thisisasecret-thisisasecret'
    }
))
app.use(passport.initialize())
app.use(passport.session()) */
/*app.use(flash())
app.use((req, res, next) => {
    res.locals.errors = req.flash("error")
    res.locals.successes = req.flash("success")
    next()
}) */
// enable files upload
/*app.use(fileUpload({
    createParentPath: true,
    limits: { 
      fileSize: 1000000 // 1 MB max. file size
    }
})) */
// caching disabled for every route
// NOTE: Works in Firefox and Opera. Does not work in Edge
app.use(function(req, res, next) {
    res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0')
    next()
})
  
require('./routes/project')(app, lang)
  
// Handle 404
app.use(function (req:any, res:any) {
    res.status(404).render(lang+'/404')
})
  
// Handle 500 - any server error
app.use(function (err:any, req:any, res:any, next:any) {
    console.error(err.stack)
    res.status(500).render(lang+'/500', {
      error: err
    })
})
  
app.listen(app.get('port'), function () {
    console.log('Project Page listening on port ' + app.get('port'))
    console.log(__dirname)
})