app.ts 2.62 KB
Newer Older
Rosanny Sihombing's avatar
Rosanny Sihombing committed
1
2
3
4
5
6
7
8
9
10
11
12
import express from 'express'
import path from 'path'
import passport from 'passport'
import morgan from 'morgan'
import cookieParser from 'cookie-parser'
import bodyParser from 'body-parser'
import session from 'express-session'
import flash from 'express-flash-2'
import fileUpload from 'express-fileupload'
import helmet from 'helmet'
import compression from 'compression'
import methodOverride from 'method-override'
Rosanny Sihombing's avatar
Rosanny Sihombing committed
13

Rosanny Sihombing's avatar
Rosanny Sihombing committed
14
const env = process.env.NODE_ENV ?? 'testing'
Rosanny Sihombing's avatar
Rosanny Sihombing committed
15
16
const config = require('./config/config')[env]
const lang = 'DE'
Rosanny Sihombing's avatar
Rosanny Sihombing committed
17

Rosanny Sihombing's avatar
Rosanny Sihombing committed
18
const app = express()
Rosanny Sihombing's avatar
Rosanny Sihombing committed
19
app.set('views', path.join(path.join(__dirname, '/views')))
Rosanny Sihombing's avatar
Rosanny Sihombing committed
20
app.set('view engine', 'pug')
Rosanny Sihombing's avatar
Rosanny Sihombing committed
21
22
23
24

// enable files upload
app.use(fileUpload({
  createParentPath: true,
Rosanny Sihombing's avatar
Rosanny Sihombing committed
25
  limits: {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
26
27
    fileSize: 1000000 // 1 MB max. file size
  }
Rosanny Sihombing's avatar
Rosanny Sihombing committed
28
29
}))
app.use(methodOverride('_method'))
Rosanny Sihombing's avatar
Rosanny Sihombing committed
30
31
32
33
app.use(
  helmet.contentSecurityPolicy({
    useDefaults: true,
    directives: {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
34
35
36
37
38
39
      'font-src': ["'self'", 'https://use.fontawesome.com'],
      'img-src': ["'self'", 'https://transfer.hft-stuttgart.de'],
      'script-src': ["'self'", 'https://code.jquery.com/jquery-3.3.1.min.js', 'https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js',
        'https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js', 'https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js'],
      'style-src': ["'self'", 'https://use.fontawesome.com/releases/v5.8.2/css/all.css'],
      'frame-src': ["'self'"]
Rosanny Sihombing's avatar
Rosanny Sihombing committed
40
    },
Rosanny Sihombing's avatar
Rosanny Sihombing committed
41
    reportOnly: true
Rosanny Sihombing's avatar
Rosanny Sihombing committed
42
  })
Rosanny Sihombing's avatar
Rosanny Sihombing committed
43
)
Rosanny Sihombing's avatar
Rosanny Sihombing committed
44

Rosanny Sihombing's avatar
Rosanny Sihombing committed
45
46
47
48
49
50
app.use(compression())
app.use(morgan('combined'))
app.use(cookieParser(config.app.sessionSecret))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(express.static(path.join(__dirname, 'public')))
Rosanny Sihombing's avatar
Rosanny Sihombing committed
51
app.use((req: any, res: any, next: any) => {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
52
53
  next()
})
Rosanny Sihombing's avatar
Rosanny Sihombing committed
54
55
56
57
58

app.use(session({
  resave: true,
  saveUninitialized: true,
  secret: config.app.sessionSecret
Rosanny Sihombing's avatar
Rosanny Sihombing committed
59
60
61
62
}))
app.use(flash())
app.use(passport.initialize())
app.use(passport.session())
Rosanny Sihombing's avatar
Rosanny Sihombing committed
63
64
65

// caching disabled for every route
// NOTE: Works in Firefox and Opera. Does not work in Edge
Rosanny Sihombing's avatar
Rosanny Sihombing committed
66
app.use(function (req: any, res: any, next: any) {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
67
68
69
  res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0')
  next()
})
Rosanny Sihombing's avatar
Rosanny Sihombing committed
70

Rosanny Sihombing's avatar
Rosanny Sihombing committed
71
72
require('./routes/public')(app, config, lang)
require('./routes/account')(app, config, passport, lang)
Rosanny Sihombing's avatar
Rosanny Sihombing committed
73
74

// Handle 404
Rosanny Sihombing's avatar
Rosanny Sihombing committed
75
76
app.use(function (req: any, res: any) {
  res.status(404).render(lang + '/404')
Rosanny Sihombing's avatar
Rosanny Sihombing committed
77
78
79
})

// Handle 500 - any server error
Rosanny Sihombing's avatar
Rosanny Sihombing committed
80
app.use(function (err: any, req: any, res: any, next: any) {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
81
  console.error(err.stack)
Rosanny Sihombing's avatar
Rosanny Sihombing committed
82
  res.status(500).render(lang + '/500', {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
83
84
85
86
    error: err
  })
})

Rosanny Sihombing's avatar
Rosanny Sihombing committed
87
88
// export { app }
module.exports = app