-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathserver.js
More file actions
94 lines (77 loc) · 2.72 KB
/
server.js
File metadata and controls
94 lines (77 loc) · 2.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
const express = require('express');
const connectDB = require('./config/db');
const cors = require('cors');
const session = require('express-session');
const bodyParser = require('body-parser');
const path = require('path');
const status = require('express-status-monitor');
const rateLimit = require("express-rate-limit");
const swaggerUi = require('swagger-ui-express');
const swaggerDocs = require('./swaggerConfig');
const { allowedOrigins } = require('./constants');
const supertokens = require("supertokens-node");
const { middleware, errorHandler } = require("supertokens-node/framework/express");
const EmailPassword = require("supertokens-node/recipe/emailpassword");
const Session = require("supertokens-node/recipe/session");
require('dotenv').config();
require('./supertoken-config');
// Apply rate limiting to all requests
const limiter = rateLimit({
windowMs: 1 * 60 * 1000,
max: 500, // Limit each IP to 500 requests per minute (as student on collage wifi share the same public IP address)
message: "Too many requests, please try again later.",
headers: true,
});
const app = express();
connectDB();
app.use(express.json());
app.set('trust proxy', 1); // Makes vercel work with express-rate-limit
app.use(limiter);
app.use(cors({
origin: function (origin, callback) {
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
callback(new Error(`Not allowed by CORS: ${origin}`));
}
},
credentials: true,
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
}));
app.use(middleware());
app.use(errorHandler());
// Middleware
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: { secure: false }
}));
app.use('/public', express.static('public'));
// Documentation
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocs));
app.use((req, res, next) => {
res.setHeader(
"Content-Security-Policy",
"default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"
);
next();
});
// @route GET home/:name
// @desc home page render
// @access private
app.get('/', (req, res) => {
res.send('Staging Server is running');
});
// Set EJS as the view engine
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views'));
// Use the routes
app.use('/api/anubhav/', require('./routes/blog/blogs'));
app.use('/api/anubhav/', require('./routes/feedbacks'));
app.use('/api/anubhav/', require('./routes/reqarticle'));
app.use('/api/anubhav/', require('./routes/writeArticle'));
app.use('/admin/', require('./routes/admin/controlCenter'));
module.exports = app;