-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
91 lines (73 loc) · 2.32 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
const path=require('path');
const express=require('express');
const fs=require('fs');
const morgan=require('morgan');
const appError=require('./utils/appError.js');
const globalErrorHandler=require('./Controller/errorController.js');
const tourRouter=require('./routes/tourRoutes');
const userRouter=require('./routes/userRoutes');
const reviewRouter=require('./routes/reviewRoutes.js');
const bookingRouter=require('./routes/bookingRoutes.js');
const viewRouter=require('./routes/viewRoutes.js');
const rateLimit=require('express-rate-limit');
const helmet=require('helmet');
const mongoSanitize=require('express-mongo-sanitize');
const xss=require('xss-clean');
const hpp=require('hpp');
const cookieParser=require('cookie-parser');
const app=express();
app.set('view engine', 'pug');
app.set('views',path.join(__dirname,'views'));
//1)GLOBAL MIDDLEWARES
//serving static files
app.use(express.static(path.join(__dirname,'starter/public')));
//set security HTTP headers
app.use(helmet());
//Body parser,reading data from body into req.body
app.use(express.json({ limit: '10kb' }));
app.use(express.urlencoded({ extended:true, limit: '10kb' }));
app.use(cookieParser());
//Data sanitization against NoSQL query injection
app.use(mongoSanitize());
//Data sanitization against XSS
app.use(xss());
//development logging
if(process.env.NODE_ENV==='development')
{
app.use(morgan('dev'));
}
const limiter=rateLimit({
max:100,
windowMs:60*60*1000,
message:'Too many requests from this IP,try again after an hour'
});
//limit requests from same API
app.use('/api',limiter);
//Prevent parameter pollution
app.use(hpp({
whitelist: ['duration',
'ratingsQuantity',
'ratingsAverage',
'maxGroupSize',
'difficulty',
'price']
}));
app.use((req,res,next) => {
req.requestTime=new Date().toISOString();
console.log(req.cookies);
next();
});
app.use('/',viewRouter);
app.use('/api/v1/tours',tourRouter);
app.use('/api/v1/users',userRouter);
app.use('/api/v1/reviews',reviewRouter);
app.use('/api/v1/bookings',bookingRouter);
app.all('*',(req,res,next) => {
// res.status(404).json({
// status:'fail',
// message: `Can't find ${req.originalUrl} on this server`
// });
next(new appError(`Can't find ${req.originalUrl} on this server`,404));
});
app.use(globalErrorHandler);
module.exports=app;