"use strict"; // ------------ Basic Dependencies ------------------------------------------- var express = require('express'), session = require('express-session'), csrf = require('csurf'), path = require('path'), favicon = require('serve-favicon'), logger = require('morgan'), cookieParser = require('cookie-parser'), bodyParser = require('body-parser'), requireDir = require('require-dir'), connection = require('express-myconnection'), mysql = require('mysql2'); // ---------------------------------------------------------------------------- var app = express(); // General config app.set('trust proxy', true); // Trust X-Forwarded-* headers // Database connection app.use( connection(mysql, { host: 'localhost', user: 'node', password: 'node', port: 3306, database: 'node' }, 'pool') ); // view engine setup var consolidate = require('consolidate'); var dust = require('dustjs-linkedin'); app.engine('dust', consolidate.dust); app.set('views', path.join(__dirname, 'views')); app.set('view engine', 'dust'); // General app setup app.use(favicon(__dirname + '/public/favicon.ico')); app.use(logger('dev')); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); app.use(cookieParser()); app.use(session({ resave: true, saveUninitialized: true, secret: 'j2uyc0hjh2;clkjang1ddojj' })); app.use(express.static(path.join(__dirname, 'public'), {redirect:false})); app.use(csrf({ ignoreMethods: ['GET', 'HEAD', 'OPTIONS'] })); //Check session for any pages that require authentication app.use(function(err, req, res, next) { if ( ! req.session.uid) { console.log("This should redirect to index!") ['/', '/login', '/logout'].forEach(function(item) { if (req.path.match(item)) return next(); }); res.redirect(303, '/'); } }); // Route mapping // Routes are prefixed by the filename, // unless the filename is index. // // A '/' route in the users file becomes the '/users/' route. var routes = requireDir('routes', {recurse: true}); Object.keys(routes).forEach(function(route) { var path = (route != 'index') ? '/' + route : '/'; var routeMethod = (typeof routes[route]) // Handle API routes if (typeof routes[route] === 'object') { var innerRoute; for (innerRoute in routes[route]) { var innerPath = ['', route, innerRoute].join('/'); app.use(innerPath, routes[route][innerRoute]); } } else { app.use(path, routes[route]); } }); // catch 404 and forward to error handler app.use(function(req, res, next) { var err = new Error('Not Found'); err.status = 404; next(err); }); // error handlers // csrf error handler app.use(function(err, req, res, next) { if (err.code !== 'EBADCSRFTOKEN') return next(err); // Bad CSRF Token res.status(403); res.send('Session has expired, or has been tampered with.'); }); // development error handler // will print stacktrace if (app.get('env') === 'development') { app.use(function(err, req, res, next) { res.status(err.status || 500); res.render('error', { message: err.message, error: err }); }); } // production error handler // no stacktraces leaked to user app.use(function(err, req, res, next) { res.status(err.status || 500); res.render('error', { message: err.message, error: {} }); }); module.exports = app;