-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
app.js
130 lines (114 loc) · 3.68 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
var express = require('express')
var path = require('path')
var favicon = require('serve-favicon')
var cookieParser = require('cookie-parser')
var bodyParser = require('body-parser')
var fs = require('fs')
var stripJsonComments = require('strip-json-comments')
var routes = require('./routes/index')
routes.publicFolderNm = 'public'
routes.combineJs = process.env.UNIPPEAR_COMBINE_JS ? (process.env.UNIPPEAR_COMBINE_JS == 'true') : true
var app = express()
// uncomment follow block to minify JS and CSS assets using express-minify
/*
var minify = require('express-minify')
app.use(function(req, res, next) {
res._uglifyMangle = false
res._uglifyCompress = false
next()
});
app.use(minify())
*/
// view engine setup
app.set('views', path.join(__dirname, routes.publicFolderNm))
app.set('view engine', 'ejs')
// trust proxy
app.set('trust proxy', true)
// app.use(favicon(__dirname + '/public/img/favicon.ico'))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({
extended: true
}))
app.use(cookieParser())
//CORS and Referer validation
var clientWhiteList = path.join(__dirname, 'client-whitelist.json')
var validClients = [/.*/]
var parseWhiteList = function () {
try {
validClients = JSON.parse(stripJsonComments(fs.readFileSync(clientWhiteList).toString())).map(function (v) {
return new RegExp(v)
})
} catch (err) {}
}
parseWhiteList()
fs.watchFile(clientWhiteList, function (curr, prev) {
if (curr.mtime.getTime() > prev.mtime.getTime()) {
parseWhiteList()
}
})
app.use(function (req, res, next) {
// Referer
if (req.headers.referer) {
if (!validClients.some(function (v) {
return v.test(req.headers.referer)
}) && req.headers.referer.indexOf(req.protocol + "://" + req.hostname) !== 0) {
return res.status(403).end()
}
}
if (req.headers.origin) {
if (validClients.some(function (v) {
return v.test(req.headers.origin)
}) || req.headers.origin.indexOf(req.protocol + "://" + req.hostname) === 0) {
res.header('Access-Control-Allow-Origin', req.headers.origin)
if (req.headers['access-control-request-method']) {
res.header('Access-Control-Allow-Methods', req.headers['access-control-request-method'])
}
if (req.headers['access-control-request-headers']) {
res.header('Access-Control-Allow-Headers', req.headers['access-control-request-headers'])
}
// preflight caching age set to 1 day
res.header('Access-Control-Max-Age', 86400)
// intercept preflight OPTIONS method
if (req.method === 'OPTIONS') {
return res.status(200).end()
}
} else {
return res.status(403).end()
}
}
next()
})
app.use(express.static(path.join(__dirname, routes.publicFolderNm, 'assets'), {
'index': false
}))
app.use('/', routes)
/// catch 404 and forward to error handler
app.use(function (req, res, next) {
var err = new Error('Not Found')
err.status = 404
next(err)
})
/// error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
app.use(function (err, req, res, next) {
res.status(err.status || 500)
res.render('api/error', {
message: err.message,
error: err,
title: 'error'
})
})
}
// production error handler
// no stacktraces leaked to user
app.use(function (err, req, res, next) {
res.status(err.status || 500)
res.render('api/error', {
message: err.message,
error: {},
title: 'error'
})
})
module.exports = app