-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.js
94 lines (74 loc) · 2.59 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
const path = require("path");
const express = require("express");
const dotenv = require("dotenv");
const connectDB = require("./config/db");
const colors = require("colors");
const fileupload = require("express-fileupload");
const mongoSanitize = require("express-mongo-sanitize");
const helmet = require("helmet");
const xss = require("xss-clean");
const rateLimit = require("express-rate-limit");
const hpp = require("hpp");
const cors = require("cors");
const errorHandler = require("./middleware/error");
const cookieParser = require("cookie-parser");
// morgan is middleware npm
const morgan = require("morgan");
// load env vars
dotenv.config({ path: "./config/config.env" });
connectDB();
// import routes for bootcamps
const bootcamps = require("./routes/bootcamps");
const courses = require("./routes/courses");
const auth = require("./routes/auth");
const users = require("./routes/users");
const reviews = require("./routes/reviews");
const app = express();
// body parser/ coookie parser middleware to read json
app.use(express.json());
app.use(cookieParser());
// Dev logger using morgan middleware logger ... (app.use() indicates middleware)
if (process.env.NODE_ENV === "development") {
app.use(morgan("dev"));
}
app.use(fileupload());
// sanitizing data against NoSQL injections
app.use(mongoSanitize());
// set security headers
app.use(helmet());
// Security againt xss attacks on <script> tags
app.use(xss());
// Set limit for the amount of requests per 10 minutes
const limiter = rateLimit({
windowMs: 10 * 60 * 1000, // 10 minutes
max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
});
app.use(limiter);
// set hpp pollution security
app.use(hpp());
app.use(cors());
// Set static folder
app.use(express.static(path.join(__dirname, "public")));
// mount routers
app.use("/api/v1/bootcamps", bootcamps);
app.use("/api/v1/courses", courses);
app.use("/api/v1/auth", auth);
app.use("/api/v1/users", users);
app.use("/api/v1/reviews", reviews);
// calling error handler must come AFTER the route mounters
app.use(errorHandler);
const PORT = process.env.PORT || 5001;
const server = app.listen(
PORT,
console.log(
`Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold
)
);
// GLOBAL handler of rejections from DB, etc
process.on("Unhandled rejection", (err, promise) => {
console.log(`ERROR: ${err.message}`.red.underline);
// close server & exit process
server.close(() => process.exit(1));
});