-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathapp.js
More file actions
79 lines (63 loc) · 2.08 KB
/
app.js
File metadata and controls
79 lines (63 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
const dotEnv = require('dotenv').config()
const express = require('express')
const bodyParser = require('body-parser')
const morgan = require('morgan')
const cors = require('cors')
const helmet = require('helmet')
const compression = require('compression')
const routes = require('./routes/index')
const { errorHandler, notFoundHandler } = require('./utils/errorHandler')
const app = express()
/* server configuration */
// Body size limits (configurable via env)
// - Not set: defaults to 10kb (secure)
// - Set to value (e.g., '1mb'): uses that limit
// - Set to 'false': no limit (trust Cloudflare)
const bodyLimitConfig = process.env.BODY_SIZE_LIMIT
const shouldApplyLimit = bodyLimitConfig !== 'false'
const bodyLimit = shouldApplyLimit ? (bodyLimitConfig || '10kb') : undefined
const jsonParserOptions = {
strict: true,
...(shouldApplyLimit && { limit: bodyLimit })
}
const urlencodedParserOptions = {
extended: false,
...(shouldApplyLimit && { limit: bodyLimit })
}
app.use(bodyParser.json(jsonParserOptions))
app.use(bodyParser.urlencoded(urlencodedParserOptions))
// Logging configuration
if (process.env.NODE_ENV === 'prod') {
app.use(morgan('combined'))
} else {
app.use(morgan('dev'))
}
// CORS - Cloudflare handles origin restrictions at edge
app.use(cors())
// Basic security headers - Cloudflare adds comprehensive headers at edge
app.use(helmet())
app.use(compression())
routes.disable('x-powered-by')
// app.use(express.static(__dirname + '/public'));
app.use(express.static(`${process.cwd()}/frontend/dashboard/dist/dashboard/`))
app.use(express.static(`${process.cwd()}/out/`))
app.use('/', routes)
if (dotEnv.error) {
console.log(dotEnv.error)
}
// Handle 404 errors
app.use(notFoundHandler)
// Global error handler - sanitizes errors and prevents information leakage
app.use(errorHandler)
/** @global
* @function
* @name app.listen
* @desc Api initialization
* @param port
* @default 3000
*
* @param callback
*
* @return `server on port 3000 or port`
* */
app.listen(process.env.PORT_HTTP || 3000, () => console.log(`server on port ${process.env.PORT_HTTP || 3000}`))