-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathapp.js
133 lines (110 loc) · 3.64 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
'use strict';
// load module dependencies
const express = require('express'),
bodyParser = require('body-parser'),
cors = require('cors'),
allowMethods = require('allow-methods'),
helmet = require('helmet');
// load internal dependencies
const models = require('./models'),
config = require('./config'),
{ validateContentType, validateAccept } = require('./controllers/security'),
authenticate = require('./controllers/authenticate'),
deserialize = require('./controllers/deserialize'),
sanitizer = require('./controllers/validators/sanitizer');
// configure the database for all the models
models.connect(config.database);
const app = express();
app.set('env', process.env.NODE_ENV || 'development');
// Protect against some web vulnerabilities by setting some headers with Helmet
// https://expressjs.com/en/advanced/best-practice-security.html
app.use(helmet({
frameguard: {
action: 'deny'
}
}));
// Cross Origin Resource Sharing
app.use(cors(config.cors));
// set Content-Type header for all responses to JSON API type
app.use(function (req, res, next) {
res.contentType('application/vnd.api+json');
return next();
});
// whitelist allowed methods
app.use(allowMethods(config.cors.methods));
// validate content-type header
app.use(validateContentType);
// validate accept (content-types) header
app.use(validateAccept);
app.use(bodyParser.json({ type: 'application/vnd.api+json' }));
// we set Content-Type header of all requests to JSON API
app.use(function (req, res, next) {
res.contentType('application/vnd.api+json');
return next();
});
// here we deserialize JSON API requests
app.use(deserialize);
// here we sanitize all string properties in request body
app.use(sanitizer);
// authentication
// set req.auth object with info about user rights
app.use(authenticate);
// actual routes
app.use('/users', require('./routes/users'));
app.use('/tags', require('./routes/tags'));
app.use('/auth', require('./routes/auth'));
app.use('/messages', require('./routes/messages'));
app.use('/account', require('./routes/account'));
app.use('/contacts', require('./routes/contacts'));
app.use('/ideas', require('./routes/ideas'));
// vote for ideas, ...
app.use('/ideas', require('./routes/votes'));
app.use('/comments', require('./routes/votes'));
// following are route factories
// they need to know what is the primary object (i.e. idea, comment, etc.)
app.use('/ideas', require('./routes/primary-comments')('idea'));
app.use('/comments', require('./routes/comments')(''));
app.use('/comments', require('./routes/primary-comments')('comment'));
app.use('/reactions', require('./routes/comments')('comment'));
// catch 404 and forward to error handler
app.use(function(req, res, next) {
const err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handlers
/**
* Validation Error Handler
*/
app.use(require('./controllers/validators/error-handler'));
// development error handler
// will print stacktrace
if (app.get('env') === 'development' || app.get('env') === 'test') {
app.use(function(err, req, res, next) { // eslint-disable-line no-unused-vars
if (!err.status) {
console.error(err); // eslint-disable-line no-console
}
res.status(err.status || 500).json({
errors: [
{
message: err.message,
error: err
}
]
});
});
}
// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) { // eslint-disable-line no-unused-vars
res.status(err.status || 500)
.json({
errors: [
{
message: err.message,
error: err
}
]
});
});
module.exports = app;