-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
120 lines (98 loc) · 3.2 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
const path = require("path");
const express = require("express");
const mongoose = require("mongoose");
const cors = require("cors");
const cookieParser = require("cookie-parser");
const helmet = require("helmet");
const morgan = require("morgan");
const compression = require("compression");
require("dotenv").config();
const connectDB = require("./config/dbConn");
const credentials = require("./middleware/credentials");
const corsOptions = require("./config/corsOptions");
const allowedOrigins = require("./config/allowedOrigins");
const errorHandler = require("./middleware/errorHandler");
const verifyJWT = require("./middleware/verifyJWT");
const postController = require("./controllers/postController");
const commentController = require("./controllers/commentController");
const app = express();
const PORT = process.env.PORT || 8000;
mongoose.set("strictQuery", false);
// connect to MongoDB
connectDB();
// custom middleware logger
// app.use(logger);
// adding Helmet to enhance your API's security
app.use(helmet.crossOriginResourcePolicy({ policy: "cross-origin" }));
// Handle options credentials check - before CORS!
// and fetch cookies credentials requirement
app.use(credentials);
// cors
app.use(
cors({
credentials: true,
origin: function (origin, callback) {
// allow requests with no origin
// (like mobile apps or curl requests)
if (!origin) return callback(null, true);
if (allowedOrigins.indexOf(origin) === -1) {
var msg =
"The CORS policy for this site does not " +
"allow access from the specified Origin.";
return callback(new Error(msg), false);
}
return callback(null, true);
},
})
);
// Built-in middleware to handle urlencoded form data:
app.use(express.urlencoded({ extended: false }));
// built-in middleware for json
app.use(express.json());
// middleware for cookies
app.use(cookieParser());
// adding morgan to log HTTP requests
app.use(morgan("combined"));
app.use(compression()); // Compress all routes
// serve static files
app.use(
"/",
express.static(path.join(__dirname, "/public"), {
cacheControl: true,
maxAge: "365d",
immutable: true,
})
);
app.use(
"/uploads",
express.static("uploads", {
cacheControl: true,
maxAge: "365d",
immutable: true,
})
);
app.use("/auth", require("./routes/auth"));
app.use("/refresh", require("./routes/refresh"));
app.use("/logout", require("./routes/logout"));
app.use("/contact", require("./routes/contact"));
// have access without access token
app.get("/posts", postController.getAllPosts);
app.get("/posts/comments", commentController.getLastComments);
app.get("/posts/tags", postController.getLastTags);
app.get("/posts/:id", postController.getPost);
app.get("/posts/:postId/comments", commentController.getAllComments);
app.get("/tags/:tag", postController.getTag);
app.use("/upload", require("./routes/api/upload"));
// verify JWT
app.use(verifyJWT);
// Now we have access
app.use("/auth/me", require("./routes/api/user"));
app.use("/users", require("./routes/api/users"));
app.use("/posts", require("./routes/api/posts"));
app.use(errorHandler);
mongoose.connection.once("open", () => {
console.log("Connected to MongoDB");
app.listen(PORT, () => {
console.log(`Server running on port: ${PORT}`);
});
});