app.ts 2.69 KB
Newer Older
Rosanny Sihombing's avatar
Rosanny Sihombing committed
1
2
3
4
5
6
7
8
9
10
11
12
import express from 'express'
import path from 'path'
import passport from 'passport'
import morgan from 'morgan'
import cookieParser from 'cookie-parser'
import bodyParser from 'body-parser'
import session from 'express-session'
import flash from 'express-flash-2'
import fileUpload from 'express-fileupload'
import helmet from 'helmet'
import compression from 'compression'
import methodOverride from 'method-override'
Rosanny Sihombing's avatar
Rosanny Sihombing committed
13

Rosanny Sihombing's avatar
Rosanny Sihombing committed
14
15
16
const env = process.env.NODE_ENV || 'development'
const config = require('./config/config')[env]
const lang = 'DE'
Rosanny Sihombing's avatar
Rosanny Sihombing committed
17

Rosanny Sihombing's avatar
Rosanny Sihombing committed
18
19
20
21
const app = express()
app.set('port', config.app.port)
app.set('views', path.join(__dirname + '/views'))
app.set('view engine', 'pug')
Rosanny Sihombing's avatar
Rosanny Sihombing committed
22
23
24
25

// enable files upload
app.use(fileUpload({
  createParentPath: true,
Rosanny Sihombing's avatar
Rosanny Sihombing committed
26
  limits: {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
27
28
    fileSize: 1000000 // 1 MB max. file size
  }
Rosanny Sihombing's avatar
Rosanny Sihombing committed
29
30
}))
app.use(methodOverride('_method'))
Rosanny Sihombing's avatar
Rosanny Sihombing committed
31
32
33
34
app.use(
  helmet.contentSecurityPolicy({
    useDefaults: true,
    directives: {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
35
36
37
38
39
40
      'font-src': ["'self'", 'https://use.fontawesome.com'],
      'img-src': ["'self'", 'https://transfer.hft-stuttgart.de'],
      'script-src': ["'self'", 'https://code.jquery.com/jquery-3.3.1.min.js', 'https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js',
        'https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js', 'https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js'],
      'style-src': ["'self'", 'https://use.fontawesome.com/releases/v5.8.2/css/all.css'],
      'frame-src': ["'self'"]
Rosanny Sihombing's avatar
Rosanny Sihombing committed
41
    },
Rosanny Sihombing's avatar
Rosanny Sihombing committed
42
    reportOnly: true
Rosanny Sihombing's avatar
Rosanny Sihombing committed
43
  })
Rosanny Sihombing's avatar
Rosanny Sihombing committed
44
)
Rosanny Sihombing's avatar
Rosanny Sihombing committed
45

Rosanny Sihombing's avatar
Rosanny Sihombing committed
46
47
48
49
50
51
app.use(compression())
app.use(morgan('combined'))
app.use(cookieParser(config.app.sessionSecret))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(express.static(path.join(__dirname, 'public')))
Rosanny Sihombing's avatar
Rosanny Sihombing committed
52
app.use((req, res, next) => {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
53
54
  next()
})
Rosanny Sihombing's avatar
Rosanny Sihombing committed
55
56
57
58
59

app.use(session({
  resave: true,
  saveUninitialized: true,
  secret: config.app.sessionSecret
Rosanny Sihombing's avatar
Rosanny Sihombing committed
60
61
62
63
}))
app.use(flash())
app.use(passport.initialize())
app.use(passport.session())
Rosanny Sihombing's avatar
Rosanny Sihombing committed
64
65
66

// caching disabled for every route
// NOTE: Works in Firefox and Opera. Does not work in Edge
Rosanny Sihombing's avatar
Rosanny Sihombing committed
67
68
69
70
app.use(function (req, res, next) {
  res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0')
  next()
})
Rosanny Sihombing's avatar
Rosanny Sihombing committed
71

Rosanny Sihombing's avatar
Rosanny Sihombing committed
72
73
require('./routes/public')(app, config, lang)
require('./routes/account')(app, config, passport, lang)
Rosanny Sihombing's avatar
Rosanny Sihombing committed
74
75

// Handle 404
Rosanny Sihombing's avatar
Rosanny Sihombing committed
76
77
app.use(function (req: any, res: any) {
  res.status(404).render(lang + '/404')
Rosanny Sihombing's avatar
Rosanny Sihombing committed
78
79
80
})

// Handle 500 - any server error
Rosanny Sihombing's avatar
Rosanny Sihombing committed
81
app.use(function (err: any, req: any, res: any, next: any) {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
82
  console.error(err.stack)
Rosanny Sihombing's avatar
Rosanny Sihombing committed
83
  res.status(500).render(lang + '/500', {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
84
85
86
87
88
    error: err
  })
})

app.listen(app.get('port'), function () {
Rosanny Sihombing's avatar
Rosanny Sihombing committed
89
90
  console.log('Express server listening on port ' + app.get('port'))
})