-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
77 lines (64 loc) · 1.9 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
//core-modules
import morgan from 'morgan';
import express from 'express';
import rateLimit from 'express-rate-limit';
import helmet from 'helmet';
import mongoSanitize from 'express-mongo-sanitize';
import xss from 'xss-clean';
import hpp from 'hpp';
//custom-modules
import storeRouter from './routes/storeRoutes.js';
import userRouter from './routes/userRoutes.js';
import AppError from './utils/appError.js';
import globalErrorhandler from './controllers/errorController.js';
import productRouter from './routes/productRouter.js';
////MAIN APP
const app = express();
////GLOBAL MIDDLEWARE
//SECURITY MIIDDLEWARE
//security http headers
app.use(helmet());
//dev env logs
if (process.NODE_ENV === 'development') {
app.use(morgan('dev'));
}
//json body parser, and opptions to limit request size
app.use(express.json({ limit: '10kb' }));
//data sanitiziation against no sql requests- {email: {$gte : ""}}
app.use(mongoSanitize());
//preotect againts cross site scripting , convert html symbols to html entities, works in the serverr
app.use(xss());
//prevent parameter pollution- avoid parameter duplication which cannot be split
app.use(
hpp({
whitelist: [
'duration',
'ratingsQuantity',
'ratingsAverage',
'maxGroupSize',
'difficulty',
'price',
],
}),
);
//rate limiter
const limiter = rateLimit({
max: 100,
windowMs: 60 * 60 * 1000,
message: 'Too many requests from this IP, please try again in one hour',
});
app.use('/api', limiter);
//SUB ROUTERS
app.use('/api/v1/store', storeRouter);
app.use('/api/v1/user', userRouter);
app.use('/api/v1/product', productRouter);
//handle all other urecognized URLs
// all http nmethods covered
app.all('*', (req, res, next) => {
const err = new Error();
err.status = 'fail';
err.statusCode = 404;
next(new AppError(`Cant find ${req.originalUrl} on this server`, 404));
});
app.use(globalErrorhandler);
export default app;