-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
164 lines (133 loc) · 4.35 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
//Module imports
if (process.env.NODE_ENV !== "production") {
require('dotenv').config();
}
const mongoose = require('mongoose')
const express = require('express')
const app = express()
const path = require('path')
const methodOverride = require('method-override')
const expressLayouts = require('express-ejs-layouts')
const session = require('express-session')
const ExpressError = require('./utils/ExpressError')
const campgroundRoutes = require('./routes/campgrounds')
const userRoutes = require('./routes/users')
const User = require('./models/user')
const flash = require('connect-flash')
const passport = require('passport')
const mongoSanitize = require('express-mongo-sanitize')
const helmet = require('helmet')
const MongoStore = require('connect-mongo');
//Database connection
mongoose.connect(process.env.DB_CONNECTION)
const db = mongoose.connection
db.on('error', console.error.bind(console, 'Connection error:'))
db.once('open', () => console.log('Connected to DB'))
//Session
const store = MongoStore.create({
mongoUrl: process.env.DB_CONNECTION,
touchAfter: 24 * 3600 //Time period in seconds
})
const sessionConfig = {
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
store: store,
cookie: {
name: 'session',
httpOnly: true,
expires: Date.now() + 1000 * 60 * 60 * 24 * 7, //Miliseconds, seconds, minutes, hours, days - So it expires 7 days from now
maxAge: 1000 * 60 * 60 * 24 * 7
}
}
//Express middleware
app.use(session(sessionConfig))
app.use(expressLayouts)
app.use(express.static(path.join(__dirname, 'public')))
app.use(express.urlencoded({ extended: true }))
app.use(express.json())
app.use(methodOverride('_method'))
app.use(flash())
app.use(passport.initialize())
app.use(passport.session())
app.use(mongoSanitize({ allowDots: true }))
//Helmet configuration with content security policy
const scriptSrcUrls = [
"https://stackpath.bootstrapcdn.com/",
"https://api.tiles.mapbox.com/",
"https://api.mapbox.com/",
"https://kit.fontawesome.com/",
"https://cdnjs.cloudflare.com/",
"https://cdn.jsdelivr.net",
]
const styleSrcUrls = [
"https://kit-free.fontawesome.com/",
"https://stackpath.bootstrapcdn.com/",
"https://api.mapbox.com/",
"https://api.tiles.mapbox.com/",
"https://fonts.googleapis.com/",
"https://use.fontawesome.com/",
"https://cdn.jsdelivr.net",
]
const connectSrcUrls = [
"https://api.mapbox.com/",
"https://a.tiles.mapbox.com/",
"https://b.tiles.mapbox.com/",
"https://events.mapbox.com/",
]
const fontSrcUrls = [];
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: [],
connectSrc: ["'self'", ...connectSrcUrls],
scriptSrc: ["'unsafe-inline'", "'self'", ...scriptSrcUrls],
styleSrc: ["'self'", "'unsafe-inline'", ...styleSrcUrls],
workerSrc: ["'self'", "blob:"],
objectSrc: [],
imgSrc: [
"'self'",
"blob:",
"data:",
"https://res.cloudinary.com/rvstestcloud/",
"https://images.unsplash.com/",
],
fontSrc: ["'self'", ...fontSrcUrls],
},
crossOriginEmbedderPolicy: false
})
)
//Passport configuration (new createStrategy version- see passport-local-mongoose documentation)
passport.use(User.createStrategy());
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
//Add the flash object and current user to the res.locals object
app.use((req, res, next) => {
res.locals.currentUser = req.user
res.locals.success = req.flash('success')
res.locals.error = req.flash('error')
next()
})
//Express configuration
app.set('view engine', 'ejs')
app.set('views', path.join(__dirname, 'views'))
app.set('layout', 'layouts/layout')
//Routes
app.use('/', userRoutes)
app.use('/campgrounds', campgroundRoutes)
app.get('/', (req, res) => {
res.render('home', { layout: false })
})
//404 route handling
app.all('*', (req, res, next) => {
next(new ExpressError('Page not found', 404))
})
//Error handling
app.use((err, req, res, next) => {
const { status = 500 } = err
res.status(status).render('error', { error: err })
})
//Server
app.listen(process.env.PORT, () => {
console.log('App listening on port:', process.env.PORT)
})