-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathindex.js
More file actions
88 lines (71 loc) · 2.21 KB
/
index.js
File metadata and controls
88 lines (71 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import express from "express";
import bodyParser from "body-parser";
import mongoose from "mongoose";
import cors from "cors";
import cookieParser from "cookie-parser";
import dotenv from "dotenv";
import swaggerUi from "swagger-ui-express";
import helmet from "helmet";
import userRoutes from "./routes/users.js";
import swaggerSpec from "./utils/swagger.js";
import { errorHandler } from "./middleware/errorMiddleware.js";
import { sanitizeInput } from "./middleware/sanitizeMiddleware.js";
const app = express();
dotenv.config();
app.use(bodyParser.json({ limit: "30mb", extended: true }));
app.use(bodyParser.urlencoded({ limit: "30mb", extended: true }));
const corsOptions = {
origin: process.env.DEFAULT_CLIENT_URL || process.env.INTERNET_SERVER,
credentials: false,
};
const CONNECTION_URL = process.env.CONNECTION_URL;
const PORT = process.env.PORT;
const DB_NAME = process.env.DB_NAME;
app.use(cors(corsOptions));
app.use(cookieParser());
app.use(
helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "cdn.jsdelivr.net"],
styleSrc: ["'self'", "'unsafe-inline'", "cdn.jsdelivr.net"],
imgSrc: ["'self'", "data:", "cdn.jsdelivr.net"],
connectSrc: ["'self'", process.env.INTERNET_SERVER],
},
},
})
);
// Ensure trust for reverse proxies (e.g., Nginx or cloud hosting)
app.set("trust proxy", true);
app.use(sanitizeInput);
app.use("/api/user", userRoutes);
app.use(
"/users/api-docs",
swaggerUi.serve,
swaggerUi.setup(swaggerSpec, {
customSiteTitle: "User Management API",
})
);
// Serve frontend
if (process.env.NODE_ENV === "production") {
app.get("/", (req, res) => {
res.redirect(process.env.DEFAULT_CLIENT_URL);
});
} else {
app.get("/", (req, res) => res.send("Backend is running."));
}
app.use(errorHandler);
app.get("/healthz", (req, res) => {
res.status(200).send("OK");
});
export default app;
const startServer = () => {
mongoose
.connect(CONNECTION_URL, { dbName: DB_NAME })
.then(() => app.listen(PORT, () => console.log(`Server running on port: ${PORT}`)))
.catch((error) => console.log(error.message));
};
if (process.env.NODE_ENV !== "test") {
startServer();
}