-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindexorig.js
89 lines (74 loc) · 2.38 KB
/
indexorig.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
require("dotenv").config()
const express = require("express");
const app = express();
const path = require("path");
const methodOverride = require("method-override");
const sequelize = require("./src/models/db.js");
const model = require("./src/models/User");
const modelCart = require("./src/models/Cart");
const session = require("cookie-session");
app.use(session({
keys: ["2f63f1edd8b2c3926f52154eb4672e43a0563f0fcc36c98166f829f1c77bac6e", "d6a7cd2a7371b1a15d543196979ff74fdb027023ebf187d5d329be11055c77fd"]
}));
const isLogin = (req, res, next) => {
if (!req.session.userId) {
req.session.returnTo = req.originalUrl;
return res.redirect("/auth/login");
} else {
next();
}
};
const isAdmin = async (req, res, next) => {
try {
const user = await model.findOne({
where: {
id: req.session.userId,
}
});
if (user) {
user.admin == true ? next() : res.send("No tienes permisos para acceder a esta página");
}
}
catch (error) {
res.send(error)
console.log(error)
}
};
const helmet = require('helmet');
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "cdn.jsdelivr.net"],
styleSrc: ["'self'", "'unsafe-inline'", "cdn.jsdelivr.net"],
imgSrc: ["'self'", "data:"],
connectSrc: ["'self'", "cdn.jsdelivr.net"],
fontSrc: ["'self'"],
objectSrc: ["'none'"],
mediaSrc: ["'self'"],
frameSrc: ["'none'"],
baseUri: ["'self'"],
formAction: ["'self'"],
frameAncestors: ["'none'"]
}
}));
app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "/src/views"));
app.use(methodOverride("_method"));
app.use(express.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, "/public")));
app.use(require("./src/routes/mainRoutes.js"));
app.use("/admin/", isLogin, isAdmin, require("./src/routes/admin/productsRoutes.js"));
app.use("/shop", require("./src/routes/shop/shopRoutes.js"));
app.use("/auth", require("./src/routes/auth/authRoutes.js"));
app.use((req, res) => {
res.status(404).render('error');
});
const PORT = process.env.PORT || 3000;
app.listen (PORT, async () => {
try {
await sequelize.sync({ alter: true });
} catch (error) {
console.log(error)
}
console.log(`http://localhost:${PORT}`);
} );