README.md

Turn-based strategy server.

** WORK IN PROGRESS - DONT'T WASTE YOUR TIME IN THIS **

componenets

security

• hide implementation detail: remove x-powered-by header
• disallows emeding in iframe: set X-Frame-Options: SAMEORIGIN
• read to correct ip: app.set('trust proxy', 'loopback') (assumes we behind reverse proxy, as is the case with heroku)
• redirect to https if x-forwarded-proto: http (again, assumes we behind reverse proxy, as is the case with heroku)

logging

• setup default winston log
• setup morgan to relay to winston info stream

robots

• disallow in development
• disallow static bower folder in production

errors

• forward not found error the error handler
• use devlopment error handler

misc

• compression
• json body parser

License

AGPL © Amit Portnoy