2019-04-15 10:13:17 +00:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const express = require('express');
|
|
|
|
|
//const morgan = require('morgan');
|
|
|
|
|
const bodyParser = require('body-parser');
|
|
|
|
|
const compress = require('compression');
|
|
|
|
|
const responseTime = require('response-time');
|
|
|
|
|
const methodOverride = require('method-override');
|
|
|
|
|
const cors = require('cors');
|
|
|
|
|
const helmet = require('helmet');
|
|
|
|
|
const passport = require('passport');
|
|
|
|
|
|
2019-05-09 16:23:54 +00:00
|
|
|
const config = require('../config');
|
2019-04-15 10:13:17 +00:00
|
|
|
const router = require('./router');
|
|
|
|
|
const error = require('../middlewares/error');
|
2019-04-24 21:01:54 +00:00
|
|
|
|
2019-04-15 15:58:58 +00:00
|
|
|
/**
|
|
|
|
|
* Express instance
|
|
|
|
|
* @public
|
|
|
|
|
*/
|
|
|
|
|
const app = express();
|
|
|
|
|
|
|
|
|
|
// request logging. dev: console | production: file
|
|
|
|
|
//app.use(morgan(logs));
|
|
|
|
|
|
|
|
|
|
// parse body params and attache them to req.body
|
2019-08-06 17:46:45 +00:00
|
|
|
app.use(bodyParser.json({ limit: '5mb' }));
|
2019-04-15 15:58:58 +00:00
|
|
|
app.use(bodyParser.urlencoded({
|
2019-08-06 17:46:45 +00:00
|
|
|
limit: '5mb', extended: true
|
2019-04-15 15:58:58 +00:00
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// set up the response-time middleware
|
|
|
|
|
app.use(responseTime());
|
|
|
|
|
|
|
|
|
|
// gzip compression
|
|
|
|
|
app.use(compress());
|
|
|
|
|
|
|
|
|
|
// lets you use HTTP verbs such as PUT or DELETE
|
|
|
|
|
// in places where the client doesn't support it
|
|
|
|
|
app.use(methodOverride());
|
|
|
|
|
|
|
|
|
|
// secure apps by setting various HTTP headers
|
|
|
|
|
app.use(helmet());
|
|
|
|
|
|
|
|
|
|
// enable CORS - Cross Origin Resource Sharing
|
2019-09-13 14:27:43 +00:00
|
|
|
//var allowedOrigins = ['http://localhost:8080', 'http://127.0.0.1:8080', 'https://adminapp2.loquedeverdadimporta.org'];
|
2019-08-18 21:15:34 +00:00
|
|
|
|
2019-09-13 14:27:43 +00:00
|
|
|
// enable CORS - Cross Origin Resource Sharing
|
2019-04-15 15:58:58 +00:00
|
|
|
app.use(cors({
|
2019-09-13 14:27:43 +00:00
|
|
|
exposedHeaders: ['Content-Disposition', 'Content-Type', 'Content-Length'],
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*app.use(cors({
|
2019-09-05 15:09:25 +00:00
|
|
|
origin: function (origin, callback) {
|
|
|
|
|
// allow requests with no origin
|
2019-08-18 21:15:34 +00:00
|
|
|
// (like mobile apps or curl requests)
|
2019-09-05 15:09:25 +00:00
|
|
|
return callback(null, true);
|
2019-09-13 14:27:43 +00:00
|
|
|
|
2019-08-18 21:15:34 +00:00
|
|
|
if (!origin) {
|
|
|
|
|
return callback(null, true);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-05 14:53:33 +00:00
|
|
|
console.log('origin =>', origin);
|
|
|
|
|
|
2019-08-18 21:15:34 +00:00
|
|
|
if (allowedOrigins.indexOf(origin) === -1) {
|
|
|
|
|
var msg = 'The CORS policy for this site does not ' +
|
|
|
|
|
'allow access from the specified Origin.';
|
|
|
|
|
return callback(new Error(msg), false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return callback(null, true);
|
|
|
|
|
}
|
2019-09-13 14:27:43 +00:00
|
|
|
}));*/
|
2019-08-18 21:15:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*app.use(cors({
|
2019-08-07 13:56:25 +00:00
|
|
|
origin: '*',
|
2019-04-15 15:58:58 +00:00
|
|
|
exposeHeaders: [
|
|
|
|
|
"WWW-Authenticate",
|
2019-04-24 21:01:54 +00:00
|
|
|
"Server-Authorization",
|
|
|
|
|
"Content-Disposition",
|
2019-08-07 13:56:25 +00:00
|
|
|
"Content-Type",
|
2019-04-24 21:01:54 +00:00
|
|
|
"Content-Length"
|
2019-04-15 15:58:58 +00:00
|
|
|
],
|
|
|
|
|
maxAge: 31536000,
|
|
|
|
|
credentials: true,
|
|
|
|
|
allowMethods: [
|
|
|
|
|
"GET",
|
|
|
|
|
"POST",
|
|
|
|
|
"PUT",
|
|
|
|
|
"PATCH",
|
|
|
|
|
"DELETE",
|
|
|
|
|
"OPTIONS",
|
|
|
|
|
"HEAD"
|
|
|
|
|
],
|
|
|
|
|
allowHeaders: [
|
2019-08-18 21:15:34 +00:00
|
|
|
"Access-Control-Allow-Origin",
|
2019-04-15 15:58:58 +00:00
|
|
|
"Content-Type",
|
2019-08-07 13:56:25 +00:00
|
|
|
"X-CSRF-Token",
|
|
|
|
|
"X-Requested-With",
|
|
|
|
|
"Accept",
|
|
|
|
|
"Accept-Version",
|
|
|
|
|
"Content-Length",
|
|
|
|
|
"Content-MD5",
|
|
|
|
|
"Date",
|
|
|
|
|
"X-Api-Version",
|
|
|
|
|
"X-File-Name",
|
2019-04-15 15:58:58 +00:00
|
|
|
"Authorization",
|
|
|
|
|
"X-Frame-Options",
|
2019-08-07 13:56:25 +00:00
|
|
|
"Origin",
|
2019-04-15 15:58:58 +00:00
|
|
|
],
|
2019-08-18 21:15:34 +00:00
|
|
|
}));*/
|
2019-04-15 15:58:58 +00:00
|
|
|
|
|
|
|
|
|
2019-08-07 13:56:25 +00:00
|
|
|
|
2019-04-15 15:58:58 +00:00
|
|
|
// Access validator
|
|
|
|
|
app.use(passport.initialize());
|
2019-04-24 21:01:54 +00:00
|
|
|
require('./passport');
|
2019-04-15 15:58:58 +00:00
|
|
|
|
|
|
|
|
// Set routes
|
|
|
|
|
app.use('/api', router());
|
|
|
|
|
|
|
|
|
|
// if error is not an instanceOf APIError, convert it.
|
|
|
|
|
app.use(error.converter);
|
|
|
|
|
|
|
|
|
|
// catch 404 and forward to error handler
|
|
|
|
|
app.use(error.notFound);
|
|
|
|
|
|
|
|
|
|
// error handler, send stacktrace only during development
|
|
|
|
|
app.use(error.handler);
|
|
|
|
|
|
|
|
|
|
module.exports = app;
|
