Uecko_ERP/apps/server/src/app.ts

import { globalErrorHandler } from "@erp/core/api";
import cors, { CorsOptions } from "cors";
import express, { Application } from "express";
import helmet from "helmet";
import responseTime from "response-time";
// ❗️ No cargamos dotenv aquí. Debe hacerse en el entrypoint o en ./config.
// dotenv.config();
import { ENV } from "./config";
import { logger } from "./lib/logger";

export function createApp(): Application {
  const app = express();
  app.set("port", process.env.SERVER_PORT ?? 3002);

  // Oculta la cabecera x-powered-by
  app.disable("x-powered-by");

  // Desactiva ETag correctamente a nivel de Express
  app.set("etag", false);

  // ───────────────────────────────────────────────────────────────────────────
  // Parsers
  app.use(express.json());
  app.use(express.text());
  app.use(express.urlencoded({ extended: true }));

  // Métrica de tiempo de respuesta
  app.use(responseTime());

  // ───────────────────────────────────────────────────────────────────────────
  // CORS
  const devCors: CorsOptions = {
    // En desarrollo reflejamos el Origin entrante (permite credenciales)
    origin: true,
    credentials: true,
    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
    exposedHeaders: [
      "Content-Disposition",
      "Content-Type",
      "Content-Length",
      "X-Total-Count",
      "Pagination-Count",
      "Pagination-Page",
      "Pagination-Limit",
    ],
  };

  const prodCors: CorsOptions = {
    origin: ENV.FRONTEND_URL,
    credentials: true,
    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
    exposedHeaders: [
      "Content-Disposition",
      "Content-Type",
      "Content-Length",
      "X-Total-Count",
      "Pagination-Count",
      "Pagination-Page",
      "Pagination-Limit",
    ],
  };

  app.use(cors(ENV.NODE_ENV === "development" ? devCors : prodCors));

  // ───────────────────────────────────────────────────────────────────────────
  // Seguridad HTTP
  app.use(helmet());

  // ───────────────────────────────────────────────────────────────────────────
  // Política de caché por defecto (no almacenamiento)
  app.use((_, res, next) => {
    res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
    res.setHeader("Pragma", "no-cache");
    res.setHeader("Expires", "0");
    next();
  });

  // Inicializar Auth Provider (placeholder)
  app.use((_, __, next) => {
    // authProvider.initialize();
    next();
  });

  // Logging de cada request
  app.use((req, _, next) => {
    logger.info(`▶️ Incoming request ${req.method} to ${req.path}`);
    next();
  });

  // Gestión global de errores.
  // Siempre al final de la cadena de middlewares
  // y después de las rutas.
  app.use(globalErrorHandler);

  return app;
}
Gestión global de errores 2025-11-06 16:14:49 +00:00			`import { globalErrorHandler } from "@erp/core/api";`
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`import cors, { CorsOptions } from "cors";`
. 2025-01-29 16:01:17 +00:00			`import express, { Application } from "express";`
			`import helmet from "helmet";`
. 2025-01-30 10:45:31 +00:00			`import responseTime from "response-time";`
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// ❗️ No cargamos dotenv aquí. Debe hacerse en el entrypoint o en ./config.`
			`// dotenv.config();`
			`import { ENV } from "./config";`
Clientes y Facturas de cliente 2025-10-30 18:26:57 +00:00			`import { logger } from "./lib/logger";`
. 2025-01-29 16:01:17 +00:00
			`export function createApp(): Application {`
			`const app = express();`
Dockers 2025-11-04 09:12:05 +00:00			`app.set("port", process.env.SERVER_PORT ?? 3002);`
. 2025-01-29 16:01:17 +00:00
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// Oculta la cabecera x-powered-by`
. 2025-01-29 16:01:17 +00:00			`app.disable("x-powered-by");`

Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// Desactiva ETag correctamente a nivel de Express`
			`app.set("etag", false);`

			`// ───────────────────────────────────────────────────────────────────────────`
			`// Parsers`
. 2025-01-29 16:01:17 +00:00			`app.use(express.json());`
			`app.use(express.text());`
			`app.use(express.urlencoded({ extended: true }));`

Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// Métrica de tiempo de respuesta`
			`app.use(responseTime());`
. 2025-01-29 16:01:17 +00:00
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// ───────────────────────────────────────────────────────────────────────────`
			`// CORS`
			`const devCors: CorsOptions = {`
			`// En desarrollo reflejamos el Origin entrante (permite credenciales)`
			`origin: true,`
			`credentials: true,`
			`methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],`
			`exposedHeaders: [`
			`"Content-Disposition",`
			`"Content-Type",`
			`"Content-Length",`
			`"X-Total-Count",`
			`"Pagination-Count",`
			`"Pagination-Page",`
			`"Pagination-Limit",`
			`],`
			`};`
. 2025-06-17 16:18:25 +00:00
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`const prodCors: CorsOptions = {`
			`origin: ENV.FRONTEND_URL,`
			`credentials: true,`
			`methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],`
			`exposedHeaders: [`
			`"Content-Disposition",`
			`"Content-Type",`
			`"Content-Length",`
			`"X-Total-Count",`
			`"Pagination-Count",`
			`"Pagination-Page",`
			`"Pagination-Limit",`
			`],`
			`};`
. 2025-06-17 16:18:25 +00:00
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`app.use(cors(ENV.NODE_ENV === "development" ? devCors : prodCors));`

			`// ───────────────────────────────────────────────────────────────────────────`
			`// Seguridad HTTP`
. 2025-04-01 15:32:53 +00:00			`app.use(helmet());`

Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// ───────────────────────────────────────────────────────────────────────────`
			`// Política de caché por defecto (no almacenamiento)`
			`app.use((_, res, next) => {`
. 2025-04-01 15:32:53 +00:00			`res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");`
			`res.setHeader("Pragma", "no-cache");`
			`res.setHeader("Expires", "0");`
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`next();`
. 2025-04-01 15:32:53 +00:00			`});`

Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// Inicializar Auth Provider (placeholder)`
			`app.use((_, __, next) => {`
			`// authProvider.initialize();`
. 2025-02-05 20:40:59 +00:00			`next();`
			`});`
. 2025-02-01 21:48:13 +00:00
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			`// Logging de cada request`
. 2025-02-03 13:12:36 +00:00			`app.use((req, _, next) => {`
Reestructurar servidor y configuración 2025-08-12 15:09:04 +00:00			logger.info(`▶️ Incoming request ${req.method} to ${req.path}`);
. 2025-02-03 13:12:36 +00:00			`next();`
			`});`

Gestión global de errores 2025-11-06 16:14:49 +00:00			`// Gestión global de errores.`
			`// Siempre al final de la cadena de middlewares`
			`// y después de las rutas.`
			`app.use(globalErrorHandler);`

. 2025-01-29 16:01:17 +00:00			`return app;`
			`}`