-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
45 lines (40 loc) · 1.3 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Inititalisation
require('dotenv').config();
const express = require('express');
const helmet = require('helmet');
const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');
const bodyParser = require('body-parser');
const Path = require('path');
const checkOrigin = require('./middleware/checkOrigin');
const secureTunnel = require('./middleware/secureTunnel');
// Express Configs
const app = express();
app.use(express.static(Path.join(__dirname, 'public')));
app.use(express.json({ limit: '50kb' }));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(helmet());
app.use(mongoSanitize());
app.use(xss());
app.use(checkOrigin);
app.use(secureTunnel);
// Cors
app.use((req, res, next) => {
const allowedDomains = process.env.FRONT.split(',');
const { origin } = req.headers;
if (allowedDomains.indexOf(origin) > -1) {
res.setHeader('Access-Control-Allow-Origin', origin);
}
res.setHeader('Access-Control-Allow-Methods', 'GET, POST');
res.setHeader(
'Access-Control-Allow-Headers',
'X-Requested-With,content-type, Accept,secure_hash,requested_at',
);
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});
// Routes
app.use('/', require('./routes/index'));
const PORT = process.env.PORT || 3000;
app.listen(PORT);