shimapan/server.js

const https = require('https');
const fs = require('fs');
const express = require('express');
const bodyParser = require('body-parser');
const methodOverride = require('method-override');
const mongoose = require('mongoose');
const morgan = require('morgan');
const passport = require('passport');
const session = require('express-session');
const sanitizer = require('express-sanitizer');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');

const app = express();
const config = require('config');

// MongoDB
const dbHost = config.get('Database.host');
let db;
mongoose.connect(dbHost, {useNewUrlParser: true})
    .then(() => {
        console.log('Connected to database ' + dbHost + '\n');
        db = mongoose.connection;
    });

const MongoStore = require('connect-mongo')(session);
const mongoStore = new MongoStore({url: dbHost});

// HTTP Request Logging
if (config.get('Log.http'))
    app.use(morgan(config.get('Log.httpLevel')));

// Session setup
app.use(helmet());
app.set('trust proxy', 1);
app.use(session({
    secret: 'secret',
    name: 'session.id',
    resave: false,
    saveUninitialized: false,
    store: mongoStore,
    cookie: {
        //secure: true,
        httpOnly: true,
        //domain: 'shimapan.rocks',
        maxAge: 1000 * 60 * 60
    }
}));

// Middleware
app.use(passport.initialize(null));
app.use(passport.session(null));
app.use(bodyParser.json());
app.use(bodyParser.json({ type: 'application/*+json' }));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.text());
app.use(sanitizer());
app.use(methodOverride('X-HTTP-Method-Override'));

// Rate limiter
const global_limiter = rateLimit({
    windowMs: 60 * 1000, // 1 minute
    max: 60 // limit to 1 request/second
});

if (config.get('RateLimit.enable'))
    app.use(global_limiter);

// Static directories and favicon
//app.use(favicon(__dirname + '/public/img/favicon.ico'));
app.use(express.static(__dirname + '/public'));

// Install routes and configure authentication strategy
require('./app/routes/routes.js')(app);
require('./config/passport.js');

// Error handler
app.use((err, req, res, next) => {
    console.error(err.stack);
    res.status(500).json({'message': 'Internal server error.'});
});

app.set('trust proxy', config.get('Server.trustProxy'));

// Start app
const port = config.get('Server.port');

let server;
if (config.get('Server.tls')) {
    const options = {
        cert: fs.readFileSync('./cert.pem'),
        key: fs.readFileSync('./privkey.pem'),
    };
    server = https.createServer(options, app).listen(port, () =>
        console.log(`Listening on port ${port}...`));
} else {
    server = app.listen(port, () =>
        console.log(`Listening on port ${port}...`));
}

// Expose app
module.exports.app = app;
module.exports.server = server;
Add TLS support 2018-12-26 13:30:02 -05:00			`const https = require('https');`
			`const fs = require('fs');`
ES6-ify server.js and add SIGINT graceful close 2018-07-24 19:39:18 -04:00			`const express = require('express');`
			`const bodyParser = require('body-parser');`
			`const methodOverride = require('method-override');`
			`const mongoose = require('mongoose');`
			`const morgan = require('morgan');`
			`const passport = require('passport');`
			`const session = require('express-session');`
			`const sanitizer = require('express-sanitizer');`
			`const helmet = require('helmet');`
Add rate limiting instead of fail2ban 2018-12-26 20:47:04 -05:00			`const rateLimit = require('express-rate-limit');`
Initial Commit 2017-10-09 22:01:02 -04:00
ES6-ify server.js and add SIGINT graceful close 2018-07-24 19:39:18 -04:00			`const app = express();`
			`const config = require('config');`
Add different env configs 2017-10-12 17:26:35 -04:00
Add different config for morgan logging 2018-07-25 10:18:29 -04:00			`// MongoDB`
Replace constants with configurable values 2018-07-26 17:34:47 -04:00			`const dbHost = config.get('Database.host');`
			`let db;`
			`mongoose.connect(dbHost, {useNewUrlParser: true})`
			`.then(() => {`
Add uncaught exception handler 2018-07-29 19:35:58 -04:00			`console.log('Connected to database ' + dbHost + '\n');`
Replace constants with configurable values 2018-07-26 17:34:47 -04:00			`db = mongoose.connection;`
			`});`

ES6-ify server.js and add SIGINT graceful close 2018-07-24 19:39:18 -04:00			`const MongoStore = require('connect-mongo')(session);`
Replace constants with configurable values 2018-07-26 17:34:47 -04:00			`const mongoStore = new MongoStore({url: dbHost});`
Initial Commit 2017-10-09 22:01:02 -04:00
Add different config for morgan logging 2018-07-25 10:18:29 -04:00			`// HTTP Request Logging`
Add conditional http logging 2018-08-13 06:43:31 -04:00			`if (config.get('Log.http'))`
			`app.use(morgan(config.get('Log.httpLevel')));`
Work on stuff... 2017-10-11 10:15:19 -04:00
Add different config for morgan logging 2018-07-25 10:18:29 -04:00			`// Session setup`
Work on stuff 2017-10-18 13:31:08 -04:00			`app.use(helmet());`
			`app.set('trust proxy', 1);`
			`app.use(session({`
			`secret: 'secret',`
			`name: 'session.id',`
			`resave: false,`
			`saveUninitialized: false,`
			`store: mongoStore,`
			`cookie: {`
			`//secure: true,`
			`httpOnly: true,`
			`//domain: 'shimapan.rocks',`
			`maxAge: 1000 * 60 * 60`
			`}`
			`}));`
Add different config for morgan logging 2018-07-25 10:18:29 -04:00
			`// Middleware`
Fix some warnings 2018-07-26 19:01:16 -04:00			`app.use(passport.initialize(null));`
			`app.use(passport.session(null));`
Initial Commit 2017-10-09 22:01:02 -04:00			`app.use(bodyParser.json());`
ES6-ify server.js and add SIGINT graceful close 2018-07-24 19:39:18 -04:00			`app.use(bodyParser.json({ type: 'application/*+json' }));`
Initial Commit 2017-10-09 22:01:02 -04:00			`app.use(bodyParser.urlencoded({ extended: true }));`
Add different env configs 2017-10-12 17:26:35 -04:00			`app.use(bodyParser.text());`
Work on stuff 2017-10-18 13:31:08 -04:00			`app.use(sanitizer());`
Initial Commit 2017-10-09 22:01:02 -04:00			`app.use(methodOverride('X-HTTP-Method-Override'));`

Add rate limiting instead of fail2ban 2018-12-26 20:47:04 -05:00			`// Rate limiter`
			`const global_limiter = rateLimit({`
			`windowMs: 60 * 1000, // 1 minute`
			`max: 60 // limit to 1 request/second`
			`});`

			`if (config.get('RateLimit.enable'))`
			`app.use(global_limiter);`

Add different config for morgan logging 2018-07-25 10:18:29 -04:00			`// Static directories and favicon`
Work on stuff 2017-10-18 13:31:08 -04:00			`//app.use(favicon(__dirname + '/public/img/favicon.ico'));`
Initial Commit 2017-10-09 22:01:02 -04:00			`app.use(express.static(__dirname + '/public'));`
Work on stuff 2017-10-18 13:31:08 -04:00
Add different config for morgan logging 2018-07-25 10:18:29 -04:00			`// Install routes and configure authentication strategy`
Rework directory structure 2017-10-20 16:46:14 -04:00			`require('./app/routes/routes.js')(app);`
Work on stuff 2017-10-18 13:31:08 -04:00			`require('./config/passport.js');`

Add error handling middleware 2018-07-25 18:43:20 -04:00			`// Error handler`
Fix error handler 2018-08-14 05:12:05 -04:00			`app.use((err, req, res, next) => {`
Add error handling middleware 2018-07-25 18:43:20 -04:00			`console.error(err.stack);`
			`res.status(500).json({'message': 'Internal server error.'});`
			`});`

Add auth failure logging 2018-12-26 19:02:59 -05:00			`app.set('trust proxy', config.get('Server.trustProxy'));`

Initial Commit 2017-10-09 22:01:02 -04:00			`// Start app`
Replace constants with configurable values 2018-07-26 17:34:47 -04:00			`const port = config.get('Server.port');`
Add TLS support 2018-12-26 13:30:02 -05:00
			`let server;`
			`if (config.get('Server.tls')) {`
			`const options = {`
			`cert: fs.readFileSync('./cert.pem'),`
			`key: fs.readFileSync('./privkey.pem'),`
			`};`
			`server = https.createServer(options, app).listen(port, () =>`
			console.log(`Listening on port ${port}...`));
			`} else {`
			`server = app.listen(port, () =>`
			console.log(`Listening on port ${port}...`));
			`}`
ES6-ify server.js and add SIGINT graceful close 2018-07-24 19:39:18 -04:00
Initial Commit 2017-10-09 22:01:02 -04:00			`// Expose app`
Remove SIGINT handler and only listen upon server start 2018-07-26 13:16:42 -04:00			`module.exports.app = app;`
			`module.exports.server = server;`