-
Notifications
You must be signed in to change notification settings - Fork 1
/
app.js
165 lines (145 loc) · 5.04 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
if (process.env.NODE_ENV !== "production") {
require('dotenv').config();
}
const express = require('express');
const path = require('path');
const mongoose = require('mongoose');
const ejsMate = require('ejs-mate'); //to help make a boilerplate
const session = require('express-session'); //to store session data in MongoStore
const flash = require('connect-flash'); //to display flash messages
const passport = require('passport'); //for authentication and authorization - adds many useful methods to req
const localStrategy = require('passport-local');
const ExpressError = require('./utils/ExpressError'); //custom made error template
const methodOverride = require('method-override'); //to make delete, put and patch request from html forms
const User = require('./models/user');
const mongoSanitize = require('express-mongo-sanitize'); //to prevent Mongo injection
const helmet = require('helmet'); //to prevent Cross-site-scripting
const MongoStore = require('connect-mongo');
const userRoutes = require('./routes/users');
const hospitalRoutes = require('./routes/hospitals');
const reviewRoutes = require('./routes/reviews')
const dbUrl = process.env.DB_URL || 'mongodb://localhost:27017/lifeline';
mongoose.connect(dbUrl, {
useNewUrlParser: true,
// useCreateIndex: true,
useUnifiedTopology: true,
// useFindAndModify: false
});
const db = mongoose.connection;
db.on("error", console.error.bind(console, "connection error:"));
db.once("open", () => {
console.log("Database connected");
});
const app = express();
app.engine('ejs', ejsMate)
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views')) //setting up the views directory
app.use(express.urlencoded({ extended: true }));
app.use(methodOverride('_method'));
app.use(express.static(path.join(__dirname, 'public')));
app.use(
mongoSanitize({
replaceWith: '_', //replacing '$' and ':' with '_' in the query
}),
);
const secret = process.env.SECRET || "thisshouldbeabettersecret";
const sessionConfig = {
store: MongoStore.create({
mongoUrl: dbUrl,
touchAfter: 24 * 36 * 60 // time period in seconds
}),
name: 'session',
secret,
resave: false,
saveUninitialized: true,
cookie: {
httpOnly: true,
// secure: true,
expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
maxAge: 1000 * 60 * 60 * 24 * 7,
}
}
app.use(session(sessionConfig));
app.use(flash());
app.use(helmet());
const scriptSrcUrls = [
"https://stackpath.bootstrapcdn.com/",
"https://api.tiles.mapbox.com/",
"https://api.mapbox.com/",
"https://kit.fontawesome.com/",
"https://cdnjs.cloudflare.com/",
"https://cdn.jsdelivr.net",
"https://unpkg.com/aos@next/dist/aos.js",
];
const styleSrcUrls = [
"https://kit-free.fontawesome.com/",
"https://stackpath.bootstrapcdn.com/",
"https://api.mapbox.com/",
"https://api.tiles.mapbox.com/",
"https://fonts.googleapis.com/",
"https://use.fontawesome.com/",
"https://cdn.jsdelivr.net",
"https://unpkg.com/aos@next/dist/aos.css",
"https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.6.2/animate.min.css",
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.1/css/all.min.css",
];
const connectSrcUrls = [
"https://api.mapbox.com/",
"https://a.tiles.mapbox.com/",
"https://b.tiles.mapbox.com/",
"https://events.mapbox.com/",
"https://formspree.io/",
];
const fontSrcUrls = [
"https://fonts.gstatic.com/",
"https://cdnjs.cloudflare.com/",
];
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: [],
connectSrc: ["'self'", ...connectSrcUrls],
scriptSrc: ["'unsafe-inline'", "'self'", ...scriptSrcUrls],
styleSrc: ["'self'", "'unsafe-inline'", ...styleSrcUrls],
workerSrc: ["'self'", "blob:"],
objectSrc: [],
imgSrc: [
"'self'",
"blob:",
"data:",
"https://res.cloudinary.com/storm123/",
"https://images.unsplash.com/",
],
fontSrc: ["'self'", ...fontSrcUrls],
},
})
);
app.use(passport.initialize());
app.use(passport.session());
passport.use(new localStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
app.use((req, res, next) => {
res.locals.currentUser = req.user;
res.locals.success = req.flash('success');
res.locals.error = req.flash('error');
next();
})
app.use('/', userRoutes);
app.use('/hospitals', hospitalRoutes);
app.use('/hospitals/:id/reviews', reviewRoutes);
app.get('/', (req, res) => {
res.render('home');
})
app.all('*', (req, res, next) => {
next(new ExpressError('Page Not Found', 404))
})
app.use((err, req, res, next) => {
const { statusCode = 500 } = err;
if (!err.message) err.message = 'Oh No, Something Went Wrong!'
res.status(statusCode).render('error', { err })
})
const port = process.env.PORT || 3000;
app.listen(port, () => {
console.log(`Serving on port ${port}`)
})