Uecko/Uecko_ERP
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55a6b1fbaf
Uecko_ERP/apps/server/src/app.ts
david 71b98fb6c2 v0.4.7
2026-02-12 15:46:47 +01:00

101 lines
3.3 KiB
TypeScript
Raw Blame History

import cors, { type CorsOptions } from "cors";
import express, { type Application } from "express";
import helmet from "helmet";
import responseTime from "response-time";
import type { ConfigType } from "./config";
// ❗️ No cargamos dotenv aquí. Debe hacerse en el entrypoint o en ./config.
// dotenv.config();
import { logger } from "./lib/logger";
export function createApp(config: ConfigType): Application {
const app = express();
// ───────────────────────────────────────────────────────────────────────────
// CORS
const devCors: CorsOptions = {
// En desarrollo reflejamos el Origin entrante (permite credenciales)
origin: true,
credentials: true,
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
exposedHeaders: [
"Content-Disposition",
"Content-Type",
"Content-Length",
"X-Total-Count",
"Pagination-Count",
"Pagination-Page",
"Pagination-Limit",
],
};
const prodCors: CorsOptions = {
origin: config.server.frontendUrl,
credentials: true,
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
exposedHeaders: [
"Content-Disposition",
"Content-Type",
"Content-Length",
"X-Total-Count",
"Pagination-Count",
"Pagination-Page",
"Pagination-Limit",
],
};
app.use(cors(config.flags.isDev ? devCors : prodCors));
app.options("*", cors(config.flags.isDev ? devCors : prodCors));
app.set("port", config.server.port ?? 3002);
// Oculta la cabecera x-powered-by
app.disable("x-powered-by");
// Desactiva ETag correctamente a nivel de Express
app.set("etag", false);
// ───────────────────────────────────────────────────────────────────────────
// Parsers
app.use(express.json());
app.use(express.text());
app.use(express.urlencoded({ extended: true }));
// Métrica de tiempo de respuesta
app.use(responseTime());
// ───────────────────────────────────────────────────────────────────────────
// Seguridad HTTP
app.use(helmet());
// ───────────────────────────────────────────────────────────────────────────
// Política de caché por defecto (no almacenamiento)
app.use((_, res, next) => {
res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
res.setHeader("Pragma", "no-cache");
res.setHeader("Expires", "0");
next();
});
// Inicializar Auth Provider (placeholder)
app.use((_, __, next) => {
// authProvider.initialize();
next();
});
// Logging de cada request
app.use((req, _, next) => {
logger.info(`▶️ Incoming request ${req.method} to ${req.path}`);
next();
});
// Gestión global de errores.
// Siempre al final de la cadena de middlewares
// y después de las rutas.
//app.use(globalErrorHandler);
return app;
}
Reference in New Issue View Git Blame Copy Permalink