import express from 'express'; import path from 'path'; import passport from 'passport'; import morgan from 'morgan'; import cookieParser from 'cookie-parser'; import bodyParser from 'body-parser'; import session from 'express-session'; import flash from 'express-flash-2'; import fileUpload from 'express-fileupload'; import helmet from 'helmet'; import compression from 'compression'; import methodOverride from 'method-override'; import dotenv from 'dotenv' dotenv.config(); var env = process.env.NODE_ENV || 'testing'; const config = require('./config/config')[env]; const lang = 'DE'; var app = express(); app.set('port', config.app.port); app.set('views', path.join( __dirname + '/views')); app.set('view engine', 'pug'); // enable files upload app.use(fileUpload({ createParentPath: true, limits: { fileSize: 1000000 // 1 MB max. file size } })); app.use(methodOverride('_method')); app.use( helmet.contentSecurityPolicy({ useDefaults: true, directives: { "font-src": ["'self'", "https://use.fontawesome.com"], "img-src": ["'self'", "https://transfer.hft-stuttgart.de"], "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js", "https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js"], "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"], "frame-src": ["'self'"] }, reportOnly: true, }) ); app.use(compression()); app.use(morgan('combined')); app.use(cookieParser(config.app.sessionSecret)); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({extended: false})); app.use(express.static(path.join(__dirname, 'public'))); app.use((req, res, next) => { next(); }); app.use(session({ resave: true, saveUninitialized: true, secret: config.app.sessionSecret })); app.use(flash()); app.use(passport.initialize()); app.use(passport.session()); // caching disabled for every route // NOTE: Works in Firefox and Opera. Does not work in Edge app.use(function(req, res, next) { res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'); next(); }); require('./routes/public')(app, config, lang); require('./routes/account')(app, config, passport, lang); // Handle 404 app.use(function (req:any, res:any) { res.status(404).render(lang+'/404') }) // Handle 500 - any server error app.use(function (err:any, req:any, res:any, next:any) { console.error(err.stack) res.status(500).render(lang+'/500', { error: err }) }) app.listen(app.get('port'), function () { console.log('Express server listening on port ' + app.get('port')); });