-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathapp.js
More file actions
114 lines (80 loc) · 2.79 KB
/
app.js
File metadata and controls
114 lines (80 loc) · 2.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
const express = require('express');
const helmet = require('helmet');
const routes = require('./routes/index');
const bodyParser = require('body-parser');
const expressValidator = require('express-validator');
const cookieParser = require('cookie-parser');
const session = require('express-session');
const path = require('path');
const mongoose = require('mongoose');
const MongoStore = require('connect-mongo')(session);
const csurf = require('csurf');
const helpers = require('./helpers');
const errorHandlers = require('./handlers/errorHandlers');
const flash = require('connect-flash');
const passport = require('passport');
const app = express();
// secure app by setting http headers
app.use(helmet());
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
// serves up static files from the public folder.
app.use(express.static(path.join(__dirname, 'public')));
// retrieve information from POST requests
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
// exposes a bunch of methods for validating data. used heavily in userController
app.use(expressValidator());
// populate req.cookies with any cookies that come along with the request
app.use(cookieParser());
// store data on visitors from request to request and keep them logged in
const sess = {
secret: process.env.SECRET,
key: process.env.KEY,
resave: false,
saveUninitialized: false,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
maxAge: 3600000
}
};
// use secure cookies in production
if (app.get('env') === 'production') {
// trust first proxy
app.set('trust proxy', 1);
// serve cookies only when the browser connection is HTTPS
sess.cookie.secure = true;
}
app.use(session(sess));
// initialize passport and use persistent login sessions
app.use(passport.initialize());
app.use(passport.session());
// protect site from Cross Site Request Forgery
app.use(csurf());
// flash messages to user screen
app.use(flash());
// expose helper variables to templates
app.use((req, res, next) => {
res.locals.h = helpers;
res.locals.csrfToken = req.csrfToken();
res.locals.flashes = req.flash();
res.locals.user = req.user || null;
next();
});
// load routes
app.use('/', routes);
// if routes don't work, 404 them and forward to error handler
app.use(errorHandlers.notFound);
// see if these errors are just validation errors
app.use(errorHandlers.flashValidationErrors);
// csurf Token errors
app.use(errorHandlers.csurfErrors);
// Otherwise it was a really bad error we didn't expect
if (app.get('env') === 'development') {
// development error handler: prints stack trace
app.use(errorHandlers.developmentErrors);
}
// production error handler
app.use(errorHandlers.productionErrors);
module.exports = app;