-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.js
More file actions
91 lines (79 loc) · 2.8 KB
/
app.js
File metadata and controls
91 lines (79 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
// app.js
const express = require('express');
const https = require('https');
const fs = require('fs');
const mongoose = require('mongoose');
const session = require('express-session');
const flash = require('connect-flash');
const methodOverride = require('method-override');
const mongoSanitize = require('express-mongo-sanitize');
const helmet = require('helmet');
const helmetCsp = require('helmet-csp'); // Import helmet-csp
const indexRoute = require('./routes/index');
const authRoute = require('./routes/auth');
const notesRoute = require('./routes/notes');
const newRoute = require('./routes/new');
const editRoute = require('./routes/edit');
const deleteRoute = require('./routes/delete');
const dashboardRoute = require('./routes/dashboard'); // Add the new route
const allPostsRoute = require('./routes/all-posts');
const usersRouter = require('./routes/users');
const app = express();
// Connect to MongoDB
mongoose.connect('mongodb://localhost:27017/node-express-mongodb-crud', {
useNewUrlParser: true,
useUnifiedTopology: true
}).then(() => console.log('Connected to MongoDB'))
.catch(err => console.error(err));
// Middlewares
app.set('view engine', 'ejs');
app.use(express.urlencoded({ extended: false }));
app.use(express.static('public'));
// Session configuration
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: false,
cookie: {
secure: true, // Session cookie will only be sent over HTTPS
httpOnly: true, // Session cookie will not be accessible from client-side scripts
sameSite: 'strict', // Session cookie will only be sent on same-site requests
maxAge: 24 * 60 * 60 * 1000 // Session timeout set to 24 hours
}
}));
app.use(flash());
app.use(methodOverride('_method'));
app.use(helmet());
app.use(helmetCsp());
app.use(mongoSanitize());
// Error handling middleware
app.use((err, req, res, next) => {
console.error(err.stack);
res.status(500).send('Something went wrong!');
});
// Global variables
app.use((req, res, next) => {
res.locals.success_msg = req.flash('success_msg');
res.locals.error_msg = req.flash('error_msg');
res.locals.user = req.session.user || null;
next();
});
// Routes
app.use('/', indexRoute);
app.use('/', authRoute);
app.use('/', notesRoute);
app.use('/', newRoute);
app.use('/', editRoute);
app.use('/', deleteRoute);
app.use('/', dashboardRoute);
app.use('/', allPostsRoute);
app.use(usersRouter);
const PORT = process.env.PORT || 3000;
// HTTPS configuration
const options = {
key: fs.readFileSync('/Users/apple/Documents/Secure Web Development/node-express-mongodb-crud/SecureNotes/server.key'),
cert: fs.readFileSync('/Users/apple/Documents/Secure Web Development/node-express-mongodb-crud/SecureNotes/server.cert')
};
https.createServer(options, app).listen(PORT, () => {
console.log(`Server started on port ${PORT}`);
});