app2-api/core/express.js

'use strict';

const express = require('express');
//const morgan = require('morgan');
const bodyParser = require('body-parser');
const compress = require('compression');
const responseTime = require('response-time');
const methodOverride = require('method-override');
const cors = require('cors');
const helmet = require('helmet');
const passport = require('passport');

const config = require('../config');
const router = require('./router');
const error = require('../middlewares/error');

/**
 * Express instance
 * @public
 */
const app = express();

// request logging. dev: console | production: file
//app.use(morgan(logs));

// parse body params and attache them to req.body
app.use(bodyParser.json({ limit: '5mb' }));
app.use(bodyParser.urlencoded({
    limit: '5mb', extended: true
}));

// set up the response-time middleware
app.use(responseTime());

// gzip compression
app.use(compress());

// lets you use HTTP verbs such as PUT or DELETE
// in places where the client doesn't support it
app.use(methodOverride());

// secure apps by setting various HTTP headers
app.use(helmet());

// enable CORS - Cross Origin Resource Sharing
var allowedOrigins = ['http://localhost:8080', 'http://127.0.0.1:8080', 'https://adminapp2.loquedeverdadimporta.org'];

app.use(cors({
    origin: function (origin, callback) {    // allow requests with no origin 
        // (like mobile apps or curl requests)
        if (!origin) {
            return callback(null, true);
        }

        console.log('origin =>', origin);

        if (allowedOrigins.indexOf(origin) === -1) {
            var msg = 'The CORS policy for this site does not ' +
                'allow access from the specified Origin.';
            return callback(new Error(msg), false);
        } 

        return callback(null, true);
    }
}));


/*app.use(cors({
    origin: '*',
    exposeHeaders: [
        "WWW-Authenticate",
        "Server-Authorization",
        "Content-Disposition", 
        "Content-Type",         
        "Content-Length"
    ],
    maxAge: 31536000,
    credentials: true,
    allowMethods: [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE",
        "OPTIONS",
        "HEAD"
    ],
    allowHeaders: [
        "Access-Control-Allow-Origin",
        "Content-Type",
        "X-CSRF-Token", 
        "X-Requested-With", 
        "Accept", 
        "Accept-Version",
        "Content-Length", 
        "Content-MD5", 
        "Date", 
        "X-Api-Version", 
        "X-File-Name",
        "Authorization",
        "X-Frame-Options",
        "Origin",
    ],
}));*/


// Access validator
app.use(passport.initialize());
require('./passport');

// Set routes
app.use('/api', router());

// if error is not an instanceOf APIError, convert it.
app.use(error.converter);

// catch 404 and forward to error handler
app.use(error.notFound);

// error handler, send stacktrace only during development
app.use(error.handler);

module.exports = app;
. 2019-04-15 10:13:17 +00:00			`'use strict';`

			`const express = require('express');`
			`//const morgan = require('morgan');`
			`const bodyParser = require('body-parser');`
			`const compress = require('compression');`
			`const responseTime = require('response-time');`
			`const methodOverride = require('method-override');`
			`const cors = require('cors');`
			`const helmet = require('helmet');`
			`const passport = require('passport');`

. 2019-05-09 16:23:54 +00:00			`const config = require('../config');`
. 2019-04-15 10:13:17 +00:00			`const router = require('./router');`
			`const error = require('../middlewares/error');`
. 2019-04-24 21:01:54 +00:00
.. 2019-04-15 15:58:58 +00:00			`/**`
			`* Express instance`
			`* @public`
			`*/`
			`const app = express();`

			`// request logging. dev: console \| production: file`
			`//app.use(morgan(logs));`

			`// parse body params and attache them to req.body`
. 2019-08-06 17:46:45 +00:00			`app.use(bodyParser.json({ limit: '5mb' }));`
.. 2019-04-15 15:58:58 +00:00			`app.use(bodyParser.urlencoded({`
. 2019-08-06 17:46:45 +00:00			`limit: '5mb', extended: true`
.. 2019-04-15 15:58:58 +00:00			`}));`

			`// set up the response-time middleware`
			`app.use(responseTime());`

			`// gzip compression`
			`app.use(compress());`

			`// lets you use HTTP verbs such as PUT or DELETE`
			`// in places where the client doesn't support it`
			`app.use(methodOverride());`

			`// secure apps by setting various HTTP headers`
			`app.use(helmet());`

			`// enable CORS - Cross Origin Resource Sharing`
Update express.js 2019-08-30 10:56:52 +00:00			`var allowedOrigins = ['http://localhost:8080', 'http://127.0.0.1:8080', 'https://adminapp2.loquedeverdadimporta.org'];`
. 2019-08-18 21:15:34 +00:00
.. 2019-04-15 15:58:58 +00:00			`app.use(cors({`
. 2019-08-18 21:15:34 +00:00			`origin: function (origin, callback) { // allow requests with no origin`
			`// (like mobile apps or curl requests)`
			`if (!origin) {`
			`return callback(null, true);`
			`}`

. 2019-09-05 14:53:33 +00:00			`console.log('origin =>', origin);`

. 2019-08-18 21:15:34 +00:00			`if (allowedOrigins.indexOf(origin) === -1) {`
			`var msg = 'The CORS policy for this site does not ' +`
			`'allow access from the specified Origin.';`
			`return callback(new Error(msg), false);`
			`}`

			`return callback(null, true);`
			`}`
			`}));`


			`/*app.use(cors({`
. 2019-08-07 13:56:25 +00:00			`origin: '*',`
.. 2019-04-15 15:58:58 +00:00			`exposeHeaders: [`
			`"WWW-Authenticate",`
. 2019-04-24 21:01:54 +00:00			`"Server-Authorization",`
			`"Content-Disposition",`
. 2019-08-07 13:56:25 +00:00			`"Content-Type",`
. 2019-04-24 21:01:54 +00:00			`"Content-Length"`
.. 2019-04-15 15:58:58 +00:00			`],`
			`maxAge: 31536000,`
			`credentials: true,`
			`allowMethods: [`
			`"GET",`
			`"POST",`
			`"PUT",`
			`"PATCH",`
			`"DELETE",`
			`"OPTIONS",`
			`"HEAD"`
			`],`
			`allowHeaders: [`
. 2019-08-18 21:15:34 +00:00			`"Access-Control-Allow-Origin",`
.. 2019-04-15 15:58:58 +00:00			`"Content-Type",`
. 2019-08-07 13:56:25 +00:00			`"X-CSRF-Token",`
			`"X-Requested-With",`
			`"Accept",`
			`"Accept-Version",`
			`"Content-Length",`
			`"Content-MD5",`
			`"Date",`
			`"X-Api-Version",`
			`"X-File-Name",`
.. 2019-04-15 15:58:58 +00:00			`"Authorization",`
			`"X-Frame-Options",`
. 2019-08-07 13:56:25 +00:00			`"Origin",`
.. 2019-04-15 15:58:58 +00:00			`],`
. 2019-08-18 21:15:34 +00:00			`}));*/`
.. 2019-04-15 15:58:58 +00:00

. 2019-08-07 13:56:25 +00:00
.. 2019-04-15 15:58:58 +00:00			`// Access validator`
			`app.use(passport.initialize());`
. 2019-04-24 21:01:54 +00:00			`require('./passport');`
.. 2019-04-15 15:58:58 +00:00
			`// Set routes`
			`app.use('/api', router());`

			`// if error is not an instanceOf APIError, convert it.`
			`app.use(error.converter);`

			`// catch 404 and forward to error handler`
			`app.use(error.notFound);`

			`// error handler, send stacktrace only during development`
			`app.use(error.handler);`

			`module.exports = app;`