139 lines
3.2 KiB
JavaScript
139 lines
3.2 KiB
JavaScript
"use strict";
|
|
|
|
// ------------ Basic Dependencies -------------------------------------------
|
|
var express = require('express'),
|
|
session = require('express-session'),
|
|
csrf = require('csurf'),
|
|
path = require('path'),
|
|
favicon = require('serve-favicon'),
|
|
logger = require('morgan'),
|
|
cookieParser = require('cookie-parser'),
|
|
bodyParser = require('body-parser'),
|
|
requireDir = require('require-dir'),
|
|
connection = require('express-myconnection'),
|
|
mysql = require('mysql2');
|
|
// ----------------------------------------------------------------------------
|
|
var app = express();
|
|
|
|
// General config
|
|
app.set('trust proxy', true); // Trust X-Forwarded-* headers
|
|
|
|
// Database connection
|
|
app.use(
|
|
connection(mysql, {
|
|
host: 'localhost',
|
|
user: 'node',
|
|
password: 'node',
|
|
port: 3306,
|
|
database: 'node'
|
|
}, 'pool')
|
|
);
|
|
|
|
// view engine setup
|
|
var consolidate = require('consolidate');
|
|
var dust = require('dustjs-linkedin');
|
|
app.engine('dust', consolidate.dust);
|
|
app.set('views', path.join(__dirname, 'views'));
|
|
app.set('view engine', 'dust');
|
|
|
|
// General app setup
|
|
app.use(favicon(__dirname + '/public/favicon.ico'));
|
|
app.use(logger('dev'));
|
|
app.use(bodyParser.json());
|
|
app.use(bodyParser.urlencoded({ extended: false }));
|
|
app.use(cookieParser());
|
|
app.use(session({
|
|
resave: true,
|
|
saveUninitialized: true,
|
|
secret: 'j2uyc0hjh2;clkjang1ddojj'
|
|
}));
|
|
app.use(express.static(path.join(__dirname, 'public'), {redirect:false}));
|
|
app.use(csrf({
|
|
ignoreMethods: ['GET', 'HEAD', 'OPTIONS']
|
|
}));
|
|
|
|
//Check session for any pages that require authentication
|
|
app.use(function(err, req, res, next) {
|
|
if ( ! req.session.uid)
|
|
{
|
|
console.log("This should redirect to index!")
|
|
|
|
['/', '/login', '/logout'].forEach(function(item) {
|
|
if (req.path.match(item)) return next();
|
|
});
|
|
res.redirect(303, '/');
|
|
}
|
|
});
|
|
|
|
// Route mapping
|
|
// Routes are prefixed by the filename,
|
|
// unless the filename is index.
|
|
//
|
|
// A '/' route in the users file becomes the '/users/' route.
|
|
var routes = requireDir('routes', {recurse: true});
|
|
Object.keys(routes).forEach(function(route) {
|
|
var path = (route != 'index')
|
|
? '/' + route
|
|
: '/';
|
|
|
|
var routeMethod = (typeof routes[route])
|
|
|
|
// Handle API routes
|
|
if (typeof routes[route] === 'object')
|
|
{
|
|
var innerRoute;
|
|
|
|
for (innerRoute in routes[route])
|
|
{
|
|
var innerPath = ['', route, innerRoute].join('/');
|
|
app.use(innerPath, routes[route][innerRoute]);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
app.use(path, routes[route]);
|
|
}
|
|
});
|
|
|
|
// catch 404 and forward to error handler
|
|
app.use(function(req, res, next) {
|
|
var err = new Error('Not Found');
|
|
err.status = 404;
|
|
next(err);
|
|
});
|
|
|
|
// error handlers
|
|
|
|
// csrf error handler
|
|
app.use(function(err, req, res, next) {
|
|
if (err.code !== 'EBADCSRFTOKEN') return next(err);
|
|
|
|
// Bad CSRF Token
|
|
res.status(403);
|
|
res.send('Session has expired, or has been tampered with.');
|
|
});
|
|
|
|
// development error handler
|
|
// will print stacktrace
|
|
if (app.get('env') === 'development') {
|
|
app.use(function(err, req, res, next) {
|
|
res.status(err.status || 500);
|
|
res.render('error', {
|
|
message: err.message,
|
|
error: err
|
|
});
|
|
});
|
|
}
|
|
|
|
// production error handler
|
|
// no stacktraces leaked to user
|
|
app.use(function(err, req, res, next) {
|
|
res.status(err.status || 500);
|
|
res.render('error', {
|
|
message: err.message,
|
|
error: {}
|
|
});
|
|
});
|
|
|
|
|
|
module.exports = app; |