-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
79 lines (63 loc) · 2.1 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
const bodyParser = require('body-parser');
const express = require('express');
const helmet = require('helmet');
const path = require('path');
const hbs = require('express-handlebars');
const session = require('express-session');
const MemoryStore = require('memorystore')(session); // Use better version of memorystore, https://www.npmjs.com/package/memorystore
const appConfig = require('config').get('app');
const sessionConfig = require('config').get('session');
const routes = require('./routes/index.routes');
const logger = require('./helpers/logger');
const app = express();
const port = process.env.PORT || appConfig.port;
/*
To remove the X-Powered-By header.
Refer https://helmetjs.github.io/docs/hide-powered-by/
*/
app.use(helmet.hidePoweredBy());
/*
Enables XSS filtering and the browser will prevent rendering of the page if an attack is detected (by browser).
Refer https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
*/
app.use(helmet.xssFilter());
/*
Adding "X-Content-Type-Options: nosniff" header for protection against MIME type Sniffing attacks.
Refer https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options and https://www.keycdn.com/support/what-is-mime-sniffing
*/
app.use(helmet.noSniff());
/*
view engine setup
View Folder - /views
View Engine - Handlebars
*/
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'hbs');
app.engine('hbs', hbs({
extname: 'hbs',
defaultLayout: 'main'
}));
// Declaring Public folder for the app
app.use(express.static(path.join(__dirname, 'public')));
// Set up body parser
app.use(bodyParser.json({ limit: '1mb', type: '*/*' }));
// Add server session
app.set('trust proxy', 1); // trust first proxy
app.use(session({
secret: sessionConfig.secret,
store: new MemoryStore({
checkPeriod: sessionConfig.expiry
}),
resave: false,
saveUninitialized: true,
cookie: {
maxAge: sessionConfig.cookie.maxAge
}
}));
// Set up routing
app.use('/', routes);
// Start the server
app.listen(port, () => {
logger.info(`${appConfig.title} listening on port ${port}`);
});
module.exports = app;