bike-park-server/server.js at develop · vpomerleau/bike-park-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
const cors = require("cors");
const dotenv = require("dotenv");
const express = require("express");
const helmet = require("helmet");
const nocache = require("nocache");
const { messagesRouter } = require("./messages/messages.router");
const { errorHandler } = require("./middleware/error.middleware");
const { notFoundHandler } = require("./middleware/not-found.middleware");

const productRoutes = require('./routes/productRouter');
const riderRoutes = require('./routes/riderRouter');
const stripeRoutes = require('./routes/stripeRouter');
const transactionRoutes = require('./routes/transactionRouter');
const productTransactionRoutes = require('./routes/productTransactionRouter');
const riderProductRoutes = require('./routes/riderProductRouter');

dotenv.config();

if (!(process.env.PORT && process.env.CLIENT_ORIGIN_URL)) {
  throw new Error(
    "Missing required environment variables. Check docs for more info."
  );
}

const PORT = parseInt(process.env.PORT, 10) || 8080;
const CLIENT_ORIGIN_URL = process.env.CLIENT_ORIGIN_URL;

const app = express();
const apiRouter = express.Router();

app.use(express.static("public"));
app.use(express.json());
app.set("json spaces", 2);

// Auth0

app.use(
  helmet({
    hsts: {
      maxAge: 31536000,
    },
    contentSecurityPolicy: {
      useDefaults: true,
      directives: {
        "default-src": ["'none'"],
        "script-src": [
          "'self'",
          "https://checkout.stripe.com",
          "https://js.stripe.com",
        ],
        "connect-src": [
          "https://checkout.stripe.com",
          "https://api.stripe.com",
        ],
        "frame-src": [
          "https://checkout.stripe.com",
          "https://js.stripe.com",
          "https://hooks.stripe.com",
        ],
        "img-src": ["https://*.stripe.com"],
        "frame-ancestors": ["'none'"],
      },
    },
    frameguard: {
      action: "deny",
    },
  })
);

app.use((req, res, next) => {
  res.contentType("application/json; charset=utf-8");
  next();
});
app.use(nocache());

app.use(
  cors({
    origin: CLIENT_ORIGIN_URL,
    methods: ["GET"],
    allowedHeaders: ["Authorization", "Content-Type"],
    maxAge: 86400,
  })
);

// Routes
app.use('/products', productRoutes);
app.use('/riders', riderRoutes);
app.use('/stripe', stripeRoutes);
app.use('/transaction', transactionRoutes);
app.use('/product-transaction', productTransactionRoutes);
app.use('/rider-product', riderProductRoutes);

app.use("/api", apiRouter);
apiRouter.use("/messages", messagesRouter);

app.use(errorHandler);
app.use(notFoundHandler);

app.listen(PORT, () => {
  console.log(`🚲 Listening on port ${PORT}`);
});