app.ts 2.75 KB
Newer Older
Rosanny Sihombing's avatar
Rosanny Sihombing committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import express from 'express';
import path from 'path';
import passport from 'passport';
import morgan from 'morgan';
import cookieParser from 'cookie-parser';
import bodyParser from 'body-parser';
import session from 'express-session';
import flash from 'express-flash-2';
import fileUpload from 'express-fileupload';
import helmet from 'helmet';
import compression from 'compression';
import methodOverride from 'method-override';
import dotenv from 'dotenv'

dotenv.config();

var env = process.env.NODE_ENV || 'testing';
const config = require('./config/config')[env];
const lang = 'DE';

var app = express();
app.set('port', config.app.port);
app.set('views', path.join( __dirname + '/views'));
app.set('view engine', 'pug');

// enable files upload
app.use(fileUpload({
  createParentPath: true,
  limits: { 
    fileSize: 1000000 // 1 MB max. file size
  }
}));
app.use(methodOverride('_method'));
app.use(
  helmet.contentSecurityPolicy({
    useDefaults: true,
    directives: {
      "font-src": ["'self'", "https://use.fontawesome.com"],
      "img-src": ["'self'", "https://transfer.hft-stuttgart.de"],
      "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", 
        "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js", "https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js"],
      "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"],
      "frame-src": ["'self'"]
    },
    reportOnly: true,
  })
);

app.use(compression());
app.use(morgan('combined'));
app.use(cookieParser(config.app.sessionSecret));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(express.static(path.join(__dirname, 'public')));
app.use((req, res, next) => {
  next();
});

app.use(session({
  resave: true,
  saveUninitialized: true,
  secret: config.app.sessionSecret
}));
app.use(flash());
app.use(passport.initialize());
app.use(passport.session());

// caching disabled for every route
// NOTE: Works in Firefox and Opera. Does not work in Edge
app.use(function(req, res, next) {
  res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
  next();
});

require('./routes/public')(app, config, lang);
require('./routes/account')(app, config, passport, lang);

// Handle 404
app.use(function (req:any, res:any) {
  res.status(404).render(lang+'/404')
})

// Handle 500 - any server error
app.use(function (err:any, req:any, res:any, next:any) {
  console.error(err.stack)
  res.status(500).render(lang+'/500', {
    error: err
  })
})

app.listen(app.get('port'), function () {
  console.log('Express server listening on port ' + app.get('port'));
});