This Express.js server provides a REST API for the TradeFlow-Core smart contracts and includes security headers via Helmet.js.
- Node.js 18+ and npm installed
- Clone the TradeFlow-Core repository
- Install dependencies:
npm install- Create environment file:
cp .env.example .env- Start the server:
# Development mode
npm run dev
# Production mode
npm startThis server implements the following security measures via Helmet.js:
- XSS Protection: Prevents cross-site scripting attacks
- Content Security Policy: Restricts resource loading
- HSTS: Enforces HTTPS connections
- X-Frame-Options: Prevents clickjacking
- X-Content-Type-Options: Prevents MIME type sniffing
- Referrer Policy: Controls referrer information
GET /health
Returns server status and timestamp.
GET /api/contracts
Returns deployed contract IDs for Invoice NFT and Lending Pool contracts.
PORT: Server port (default: 3000)NODE_ENV: Environment (development/production)
All responses include security headers thanks to Helmet.js middleware. You can verify this by checking the response headers in your browser's developer tools.
The server is configured for development with:
- Hot reload via nodemon
- CORS enabled
- Comprehensive error handling
- Detailed logging