forked from GEOLYTIX/xyz
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexpress.js
More file actions
126 lines (88 loc) · 2.98 KB
/
express.js
File metadata and controls
126 lines (88 loc) · 2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/**
@module express
@description
# express.js 🚅
[Express](https://expressjs.com) is a minimal and flexible Node.js web application framework that provides a robust
set of features for web and mobile applications.
Our implementation provides the following endpoints and features:
- SAML authentication endpoints for Single Sign-On
- Rate-limited API endpoints for provider interactions
- Static file serving for documentation
- Security enhancements including header protection
The server implements the following core features:
- Rate limiting: 1000 requests per 1 min per IP
- Cookie parsing for session management
- JSON body parsing with 5MB limit for POST requests
- Static file serving with HTML extension support
## Security 🔐
- X-Powered-By header disabled
- Rate limiting enabled
- SAML authentication required for protected routes
## env
```env
PORT - Server port (default: 3000)
DIR - Base directory for routes
RATE_LIMIT - Maximum requests per window (default: 1000)
RATE_LIMIT_WINDOW - Time window in ms (default: 1 min)
```
@requires express Web application framework
@requires cookie-parser HTTP cookie parsing middleware
@requires express-rate-limit Rate limiting middleware
*/
import './mod/utils/processEnv.js';
import cookieParser from 'cookie-parser';
import express from 'express';
import rateLimit from 'express-rate-limit';
import api from './api/api.js';
if (process.versions.node.split('.')[0] < 22) {
console.warn(`Process Node version below 22.`);
}
const app = express();
app.disable('x-powered-by');
const limiter = rateLimit({
legacyHeaders: false,
limit: xyzEnv.RATE_LIMIT,
standardHeaders: 'draft-8',
windowMs: xyzEnv.RATE_LIMIT_WINDOW,
validate: { xForwardedForHeader: false },
});
app.use(limiter);
app.use(
'/xyz',
express.static('docs', {
extensions: ['html'],
}),
);
app.use(`${xyzEnv.DIR}/public`, express.static('public'));
app.use(xyzEnv.DIR, express.static('public'));
app.use(`${xyzEnv.DIR}/tests`, express.static('tests'));
app.use(xyzEnv.DIR, express.static('tests'));
app.use(cookieParser());
app.get(`${xyzEnv.DIR}/api/provider{/:provider}`, api);
app.post(
`${xyzEnv.DIR}/api/provider{/:provider}`,
express.json({ limit: '5mb' }),
api,
);
app.get(`${xyzEnv.DIR || ''}/api/sign{/:signer}`, api);
app.get(`${xyzEnv.DIR}/api/query{/:template}`, api);
app.post(
`${xyzEnv.DIR}/api/query{/:template}`,
express.json({ limit: '5mb' }),
api,
);
app.get(`${xyzEnv.DIR}/api/workspace{/:key}`, api);
app.get(`${xyzEnv.DIR}/api/user{/:method}{/:key}`, api);
app.post(
`${xyzEnv.DIR}/api/user{/:method}`,
[express.urlencoded({ extended: true }), express.json({ limit: '5mb' })],
api,
);
app.get(`${xyzEnv.DIR}/saml/metadata`, api);
app.get(`${xyzEnv.DIR}/saml/logout`, api);
app.get(`${xyzEnv.DIR}/saml/login`, api);
app.post(`${xyzEnv.DIR}/saml/acs`, express.urlencoded({ extended: true }), api);
app.get(`${xyzEnv.DIR}/view{/:template}`, api);
app.get(`${xyzEnv.DIR}{/:locale}`, api);
app.get(`/`, api);
app.listen(xyzEnv.PORT);