app2-api/core/express.js

'use strict';

const express = require('express');
//const morgan = require('morgan');
const bodyParser = require('body-parser');
const compress = require('compression');
const responseTime = require('response-time');
const methodOverride = require('method-override');
const cors = require('cors');
const helmet = require('helmet');
const passport = require('passport');

const config = require('../config');
const router = require('./router');
const error = require('../middlewares/error');

/**
 * Express instance
 * @public
 */
const app = express();

// request logging. dev: console | production: file
//app.use(morgan(logs));

// parse body params and attache them to req.body
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
    extended: true
}));

// set up the response-time middleware
app.use(responseTime());

// gzip compression
app.use(compress());

// lets you use HTTP verbs such as PUT or DELETE
// in places where the client doesn't support it
app.use(methodOverride());

// secure apps by setting various HTTP headers
app.use(helmet());

// enable CORS - Cross Origin Resource Sharing
app.use(cors({
    exposeHeaders: [
        "WWW-Authenticate",
        "Server-Authorization",
        "Content-Disposition", 
        "Content-Type", 
        "Content-Length"
    ],
    maxAge: 31536000,
    credentials: true,
    allowMethods: [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE",
        "OPTIONS",
        "HEAD"
    ],
    allowHeaders: [
        "Content-Type",
        "Authorization",
        "X-Frame-Options",
        "Origin"
    ],
}));


// Access validator
app.use(passport.initialize());
require('./passport');

// Set routes
app.use('/api', router());

// if error is not an instanceOf APIError, convert it.
app.use(error.converter);

// catch 404 and forward to error handler
app.use(error.notFound);

// error handler, send stacktrace only during development
app.use(error.handler);

module.exports = app;