const path = require( 'path' );
const express = require('express');
const cors = require('cors');
const helmet = require('helmet');
const dbClientInstance_ = require('./db/mongo.js');
const todoRoutes = require('./routes/todo');
const userRoutes = require('./routes/user');
const errorRoutes = require('./routes/error');
const envRoute = require('./routes/env.js');
const healthRoute = require('./routes/health.js');
let cookieParser = require('cookie-parser');
const app = express();
const port = process.env.PORT || 3002;
const whitelist = [`http://localhost:${ port }`, `http://freefalk.tk`]
const corsOptions = {
credentials: true,
origin: function(origin, callback){
// allow requests with no origin
if(!origin) return callback(null, true);
if(whitelist.indexOf(origin) === -1){
var message = "The CORS policy for this origin doesn't " +
`allow access from the particular origin. (Origin: ${origin})`;
return callback(new Error(message), false);
}
return callback(null, true);
}
};
app.use(express.json());
app.use(cors(corsOptions));
app.use(cookieParser());
app.use(helmet());
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'self' 'unsafe-inline' 'https://font.googleapis.com'"],
scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"]
}
}));
app.use(todoRoutes);
app.use(userRoutes);
app.use('/', express.static(path.resolve(__dirname, `./public`)));
// IMPORTANT: Educational purpose only! Possibly exposes sensitive data.
app.use(envRoute);
app.use(healthRoute);
// NOTE: must be last one, because is uses a wildcard (!) that behaves aa
// fallback and catches everything else
app.use(errorRoutes);
(async function main(){
try{
await new Promise( (__ful, rej__ )=>{
app.listen(port, function(){
console.log(`todo-app-backend is up on port ${ port }`);
__ful();
}).on( 'error', rej__);
});
process.on( 'SIGINT', ()=>{
process.exit( 2 );
});
}catch( err ){
console.error( err );
process.exit( 1 );
}
})();