'use strict'; const express = require('express'); //const morgan = require('morgan'); const bodyParser = require('body-parser'); const compress = require('compression'); const responseTime = require('response-time'); const methodOverride = require('method-override'); const cors = require('cors'); const helmet = require('helmet'); const passport = require('passport'); const config = require('../config'); const router = require('./router'); const error = require('../middlewares/error'); /** * Express instance * @public */ const app = express(); // request logging. dev: console | production: file //app.use(morgan(logs)); // parse body params and attache them to req.body app.use(bodyParser.json({ limit: '5mb' })); app.use(bodyParser.urlencoded({ limit: '5mb', extended: true })); // set up the response-time middleware app.use(responseTime()); // gzip compression app.use(compress()); // lets you use HTTP verbs such as PUT or DELETE // in places where the client doesn't support it app.use(methodOverride()); // secure apps by setting various HTTP headers app.use(helmet()); // enable CORS - Cross Origin Resource Sharing app.use(cors({ origin: '*', exposeHeaders: [ "WWW-Authenticate", "Server-Authorization", "Content-Disposition", "Content-Type", "Content-Length" ], maxAge: 31536000, credentials: true, allowMethods: [ "GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD" ], allowHeaders: [ "Content-Type", "X-CSRF-Token", "X-Requested-With", "Accept", "Accept-Version", "Content-Length", "Content-MD5", "Date", "X-Api-Version", "X-File-Name", "Authorization", "X-Frame-Options", "Origin", ], })); // Access validator app.use(passport.initialize()); require('./passport'); // Set routes app.use('/api', router()); // if error is not an instanceOf APIError, convert it. app.use(error.converter); // catch 404 and forward to error handler app.use(error.notFound); // error handler, send stacktrace only during development app.use(error.handler); module.exports = app;