-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
108 lines (92 loc) · 2.71 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
const express = require('express')
const app = express()
const morgan = require('morgan')
const bodyParser = require('body-parser')
const mongoose = require('mongoose')
const http = require('http')
const helmet = require('helmet')
const RateLimit = require('express-rate-limit')
const expressSanitizer = require('express-sanitizer')
const compression = require('compression')
require('dotenv').config()
app.use(compression())
app.use(helmet())
// limit requests
var limiter = new RateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
delayMs: 0 // disable delaying - full speed until the max limit is reached
})
// apply to all requests
app.use(limiter)
var verifyLimiter = new RateLimit({
windowMs: 60 * 60 * 1000, // 60 minutes
max: 5, // limit each IP to 5 requests per windowMs
delayMs: 0 // disabled
})
app.use('/users/verify/', verifyLimiter)
var authLimiter = new RateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 20, // limit each IP to 100 requests per windowMs
delayMs: 0 // disable delaying - full speed until the max limit is reached
})
app.use('/users/authenticate/', authLimiter)
// routes
const userRoutes = require('./api/routes/users.js')
const ratingRoutes = require('./api/routes/ratings.js')
const uploadRoutes = require('./api/routes/uploads.js')
// config
const config = require('./_config')
// connect to mongodb
if (process.env.HEROKU) {
mongoose.connect(process.env.MONGODB_URI)
} else {
mongoose.connect(config.mongoURI[app.settings.env], function (err, res) {
if (err) {
console.log('Error connecting to the database. ' + err)
} else {
console.log('Connected to Database: ' + config.mongoURI[app.settings.env] + '\n')
}
})
}
// misc
app.use(morgan('dev'))
app.use(bodyParser.urlencoded({extended: false}))
app.use(bodyParser.json())
// Mount express-sanitizer here
app.use(expressSanitizer())
// cors
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*')
res.header('Access-Control-Allow-Headers', '*')
if (req.method === 'OPTIONS') {
res.header('Access-Control-Allow-Methods', 'PUT, POST, PATCH, DELETE, GET')
return res.status(200).json({})
}
next()
})
// routes
app.use('/users', userRoutes)
app.use('/ratings', ratingRoutes)
app.use('/upload', uploadRoutes)
// error catching
app.use((req, res, next) => {
const error = new Error('Not found')
error.status = 404
next(error)
})
app.use((error, req, res, next) => {
res.status(error.status || 500)
res.json({
error: {
message: error.message
}
})
})
// server
const port = process.env.PORT || 3000
const server = http.createServer(app)
if (!module.parent) {
server.listen(port)
}
module.exports = app