-
Notifications
You must be signed in to change notification settings - Fork 1
/
server.js
65 lines (55 loc) · 2.25 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
require('babel/register')
var express = require('express'),
http = require('http'),
path = require('path'),
app = express(),
request = require('request'),
session = require('express-session'),
csrf = require('csurf'),
override = require('method-override')
function startServer() {
function querify(queryParamsObject){
return '?'+Object.keys(queryParamsObject).map(function(val, key){ return val+'='+queryParamsObject[val] }).join('&')
}
// adds a new rule to proxy a localUrl -> webUrl
// i.e. proxify ('/my/server/google', 'http://google.com/')
function proxify(localUrl, webUrl){
app.get(localUrl, (req, res) => {
var tokens = webUrl.match(/:(\w+)/ig)
var remote = (tokens || []).reduce((a, t) => {
return a.replace(new RegExp(t, 'ig'), req.params[t.substr(1)])
}, webUrl)
req.pipe( request(remote + querify(req.query)) ).pipe(res)
})
}
// add your proxies here.
//
// examples:
// proxify('/yummly/recipes', 'http://api.yummly.com/v1/api/recipes');
// proxify('/brewery/styles', 'https://api.brewerydb.com/v2/styles');
// all environments
app.set('port', process.argv[3] || process.env.PORT || 3000)
app.use(express.static(path.join(__dirname, '')))
// SOME SECURITY STUFF
// ----------------------------
// more info: https://speakerdeck.com/ckarande/top-overlooked-security-threats-to-node-dot-js-web-applications
// ----
// remove some info so we don't divulge to potential
// attackers what platform runs the website
app.disable('x-powered-by')
// change the generic session cookie name
app.use(session({ secret: 'some secret', key: 'sessionId', cookie: {httpOnly: true, secure: true} }))
// enable overriding
app.use(override("X-HTTP-Method-Override"))
// enable CSRF protection
app.use(csrf())
app.use((req, res, next) => {
res.locals.csrftoken = req.csrfToken() // send the token to the browser app
next()
})
// ---------------------------
http.createServer(app).listen(app.get('port'), function() {
console.log('Express server listening on port ' + app.get('port'))
})
}
module.exports.startServer = startServer