pastel.codes/app.js

93 lines
2.4 KiB
JavaScript
Raw Permalink Normal View History

2020-06-17 22:34:29 +01:00
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
2020-06-22 22:48:48 +01:00
var mLogger = require('morgan');
var logger = require('./config/winston');
const helmet = require('helmet');
2020-06-17 22:34:29 +01:00
var indexRouter = require('./routes/index');
2020-06-22 20:36:41 +01:00
var aboutRouter = require('./routes/about');
2020-06-29 10:09:10 +01:00
var contactRouter = require('./routes/contact');
2020-06-17 22:34:29 +01:00
var app = express();
2020-06-22 20:53:08 +01:00
if (process.env.IS_DOCKER != 'true')
app.set('trust proxy', 'loopback,uniquelocal');
2020-06-22 20:53:08 +01:00
app.disable('x-powered-by');
2020-06-17 22:34:29 +01:00
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
if (process.env.NODE_ENV === 'production') {
app.use(mLogger('common', { stream: logger.stream }));
2020-06-22 20:53:08 +01:00
} else {
app.use(mLogger('dev'));
2020-06-22 20:53:08 +01:00
}
2020-12-23 11:53:42 +00:00
app.use(helmet());
2021-01-03 23:28:30 +00:00
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: [
"'self'",
"'unsafe-inline'",
"'unsafe-eval'",
'https://hcaptcha.com',
'https://*.hcaptcha.com',
'https://cdn.ravenjs.com/',
2024-04-29 14:52:09 +01:00
'https://cdnjs.cloudflare.com/',
'https://cdn.jsdelivr.net/',
'https://*.cloudfront.net/',
],
imgSrc: [
"'self'",
'https://blog.pastel.codes',
'https://static.ghost.org',
'https://secure.gravatar.com',
2024-04-29 14:52:09 +01:00
'data: ',
],
styleSrc: [
"'self'",
"'unsafe-inline'",
'https://hcaptcha.com',
'https://*.hcaptcha.com',
],
fontSrc: ["'self'", 'data:'],
frameSrc: ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
})
);
2021-01-03 23:28:30 +00:00
2020-06-17 22:34:29 +01:00
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
2024-04-29 14:52:09 +01:00
app.use('/obsidian', express.static(path.join(__dirname, 'obsidian')));
2020-06-17 22:34:29 +01:00
app.use('/', indexRouter);
2020-06-22 20:36:41 +01:00
app.use('/about', aboutRouter);
2020-06-29 10:09:10 +01:00
app.use('/contact', contactRouter);
2020-06-17 22:34:29 +01:00
// catch 404 and forward to error handler
app.use(function (req, res, next) {
next(createError(404));
2020-06-17 22:34:29 +01:00
});
// error handler
app.use(function (err, req, res, _next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
2020-06-17 22:34:29 +01:00
// render the error page
res.status(err.status || 500);
res.render('error', { title: 'Error', description: 'Error' });
2020-06-17 22:34:29 +01:00
});
module.exports = app;