import express from 'express' import path from 'path' import passport from 'passport' import morgan from 'morgan' import cookieParser from 'cookie-parser' import bodyParser from 'body-parser' import session from 'express-session' import flash from 'express-flash-2' import fileUpload from 'express-fileupload' import helmet from 'helmet' import compression from 'compression' import methodOverride from 'method-override' const env = process.env.NODE_ENV ?? 'testing' const config = require('./config/config')[env] const lang = 'DE' const app = express() app.set('port', config.app.port) app.set('views', path.join(path.join(__dirname, '/views'))) app.set('view engine', 'pug') // enable files upload app.use(fileUpload({ createParentPath: true, limits: { fileSize: 1000000 // 1 MB max. file size } })) app.use(methodOverride('_method')) app.use( helmet.contentSecurityPolicy({ useDefaults: true, directives: { 'font-src': ["'self'", 'https://use.fontawesome.com'], 'img-src': ["'self'", 'https://transfer.hft-stuttgart.de'], 'script-src': ["'self'", 'https://code.jquery.com/jquery-3.3.1.min.js', 'https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js', 'https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js', 'https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js'], 'style-src': ["'self'", 'https://use.fontawesome.com/releases/v5.8.2/css/all.css'], 'frame-src': ["'self'"] }, reportOnly: true }) ) app.use(compression()) app.use(morgan('combined')) app.use(cookieParser(config.app.sessionSecret)) app.use(bodyParser.json()) app.use(bodyParser.urlencoded({ extended: false })) app.use(express.static(path.join(__dirname, 'public'))) app.use((req: any, res: any, next: any) => { next() }) app.use(session({ resave: true, saveUninitialized: true, secret: config.app.sessionSecret })) app.use(flash()) app.use(passport.initialize()) app.use(passport.session()) // caching disabled for every route // NOTE: Works in Firefox and Opera. Does not work in Edge app.use(function (req: any, res: any, next: any) { res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0') next() }) require('./routes/public')(app, config, lang) require('./routes/account')(app, config, passport, lang) // Handle 404 app.use(function (req: any, res: any) { res.status(404).render(lang + '/404') }) // Handle 500 - any server error app.use(function (err: any, req: any, res: any, next: any) { console.error(err.stack) res.status(500).render(lang + '/500', { error: err }) }) app.listen(app.get('port'), function () { console.log('Express server listening on port ' + app.get('port')) })