-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
133 lines (114 loc) · 3.85 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
if (process.env.NODE_ENV !== "production") {
require('dotenv').config();
}
const express = require('express');
const app = express();
const portlocal = 3000;
const ejsMate = require('ejs-mate');
const path = require('path');
const flash = require('connect-flash');
const mongoose = require('mongoose');
const MongoStore = require('connect-mongo');
const methodOverride = require('method-override');
const ExpressError = require('./utils/ExpressError');
const session = require('express-session');
const mongoSanitize = require('express-mongo-sanitize');
const helmet = require("helmet");
const { connectSrcUrls, scriptSrcUrls, styleSrcUrls, fontSrcUrls } = require('./url_connects');
const userRoutes = require('./routes/users');
const campgroundRoutes = require('./routes/campgrounds');
const reviewRoutes = require('./routes/reviews');
const passport = require('passport');
const LocalStrategy = require('passport-local');
const User = require('./models/user');
const db_url = process.env.DB_URL;
const sessionConfig = {
secret: process.env.SESSION_SECRET,
store: MongoStore.create({
mongoUrl: db_url,
touchAfter: 24 * 3600 // time period in seconds
}),
resave: false,
saveUninitialized: true,
cookie: {
httpOnly: true,
expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
maxAge: 1000 * 60 * 60 * 24 * 7
}
};
mongoose.connect(db_url, {
useNewUrlParser: true,
useCreateIndex: true,
useUnifiedTopology: true,
useFindAndModify: false
});
const db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', () => {
console.log('Database connected!');
});
app.engine('ejs', ejsMate);
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views'));
app.use(methodOverride('_method'));
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use(express.static(path.join(__dirname, 'public')));
app.use(session(sessionConfig));
app.use(flash());
app.use(mongoSanitize({
replaceWith: '_',
}),
);
app.use(helmet());
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: [],
connectSrc: ["'self'", ...connectSrcUrls],
scriptSrc: ["'unsafe-inline'", "'self'", ...scriptSrcUrls],
styleSrc: ["'self'", "'unsafe-inline'", ...styleSrcUrls],
workerSrc: ["'self'", "blob:"],
objectSrc: [],
imgSrc: [
"'self'",
"blob:",
"data:",
"https://res.cloudinary.com/wach/", //SHOULD MATCH YOUR CLOUDINARY ACCOUNT!
"https://images.unsplash.com/",
],
fontSrc: ["'self'", ...fontSrcUrls],
},
})
);
app.use(passport.initialize());
app.use(passport.session());
app.use((req, res, next) => {
res.locals.currentUser = req.user;
res.locals.success = req.flash('success');
res.locals.error = req.flash('error');
next();
});
passport.use(new LocalStrategy(User.authenticate())) // use local strategy to authenticate a user
passport.serializeUser(User.serializeUser()) // this shows how to get a user to a session
passport.deserializeUser(User.deserializeUser()) //this shows how to get a user out of a session
app.get('/', (req, res) => {
res.render('home');
})
app.use('/', userRoutes);
app.use('/campgrounds', campgroundRoutes);
app.use('/campgrounds/:id/reviews', reviewRoutes);
//Response to unnavailable routes
app.all('*', (req, res, next) => {
next(new ExpressError('Page Not Found', 404));
})
// Error Handler
app.use((err, req, res, next) => {
const { statusCode = 500 } = err;
if (!err.message) err.message = 'Opps, something went wrong!';
res.status(statusCode).render('error', { err });
})
const port = process.env.PORT || portlocal;
app.listen(port, () => {
console.log(`Serving on port ${port}`);
})