2020-06-17 22:34:29 +01:00
|
|
|
var createError = require('http-errors');
|
|
|
|
|
var express = require('express');
|
|
|
|
|
var path = require('path');
|
|
|
|
|
var cookieParser = require('cookie-parser');
|
2020-06-22 22:48:48 +01:00
|
|
|
var mLogger = require('morgan');
|
|
|
|
|
var logger = require('./config/winston');
|
2024-04-29 13:21:31 +01:00
|
|
|
const helmet = require('helmet');
|
2020-06-17 22:34:29 +01:00
|
|
|
|
|
|
|
|
var indexRouter = require('./routes/index');
|
2020-06-22 20:36:41 +01:00
|
|
|
var aboutRouter = require('./routes/about');
|
2020-06-29 10:09:10 +01:00
|
|
|
var contactRouter = require('./routes/contact');
|
2020-06-17 22:34:29 +01:00
|
|
|
|
|
|
|
|
var app = express();
|
2020-06-22 20:53:08 +01:00
|
|
|
|
2024-04-29 13:21:31 +01:00
|
|
|
if (process.env.IS_DOCKER != 'true')
|
|
|
|
|
app.set('trust proxy', 'loopback,uniquelocal');
|
2020-06-22 20:53:08 +01:00
|
|
|
app.disable('x-powered-by');
|
2020-06-17 22:34:29 +01:00
|
|
|
|
|
|
|
|
// view engine setup
|
|
|
|
|
app.set('views', path.join(__dirname, 'views'));
|
|
|
|
|
app.set('view engine', 'pug');
|
|
|
|
|
|
2020-06-22 21:07:05 +01:00
|
|
|
if (process.env.NODE_ENV === 'production') {
|
2024-04-29 13:21:31 +01:00
|
|
|
app.use(mLogger('common', { stream: logger.stream }));
|
2020-06-22 20:53:08 +01:00
|
|
|
} else {
|
2024-04-29 13:21:31 +01:00
|
|
|
app.use(mLogger('dev'));
|
2020-06-22 20:53:08 +01:00
|
|
|
}
|
|
|
|
|
|
2020-12-23 11:53:42 +00:00
|
|
|
app.use(helmet());
|
2021-01-03 23:28:30 +00:00
|
|
|
app.use(
|
2024-04-29 13:21:31 +01:00
|
|
|
helmet.contentSecurityPolicy({
|
|
|
|
|
directives: {
|
|
|
|
|
defaultSrc: ["'self'"],
|
|
|
|
|
scriptSrc: [
|
|
|
|
|
"'self'",
|
|
|
|
|
"'unsafe-inline'",
|
|
|
|
|
"'unsafe-eval'",
|
|
|
|
|
'https://hcaptcha.com',
|
|
|
|
|
'https://*.hcaptcha.com',
|
|
|
|
|
'https://cdn.ravenjs.com/',
|
|
|
|
|
],
|
|
|
|
|
imgSrc: [
|
|
|
|
|
"'self'",
|
|
|
|
|
'https://blog.pastel.codes',
|
|
|
|
|
'https://static.ghost.org',
|
|
|
|
|
'https://secure.gravatar.com',
|
|
|
|
|
],
|
|
|
|
|
styleSrc: [
|
|
|
|
|
"'self'",
|
|
|
|
|
"'unsafe-inline'",
|
|
|
|
|
'https://hcaptcha.com',
|
|
|
|
|
'https://*.hcaptcha.com',
|
|
|
|
|
],
|
|
|
|
|
fontSrc: ["'self'", 'data:'],
|
|
|
|
|
frameSrc: ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
|
|
|
|
|
objectSrc: ["'none'"],
|
|
|
|
|
upgradeInsecureRequests: [],
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
);
|
2021-01-03 23:28:30 +00:00
|
|
|
|
2020-06-17 22:34:29 +01:00
|
|
|
app.use(express.json());
|
|
|
|
|
app.use(express.urlencoded({ extended: false }));
|
|
|
|
|
app.use(cookieParser());
|
|
|
|
|
app.use(express.static(path.join(__dirname, 'public')));
|
|
|
|
|
|
|
|
|
|
app.use('/', indexRouter);
|
2020-06-22 20:36:41 +01:00
|
|
|
app.use('/about', aboutRouter);
|
2020-06-29 10:09:10 +01:00
|
|
|
app.use('/contact', contactRouter);
|
2020-06-17 22:34:29 +01:00
|
|
|
|
|
|
|
|
// catch 404 and forward to error handler
|
2024-04-29 13:21:31 +01:00
|
|
|
app.use(function (req, res, next) {
|
|
|
|
|
next(createError(404));
|
2020-06-17 22:34:29 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// error handler
|
2024-04-29 13:21:31 +01:00
|
|
|
app.use(function (err, req, res, _next) {
|
|
|
|
|
// set locals, only providing error in development
|
|
|
|
|
res.locals.message = err.message;
|
|
|
|
|
res.locals.error = req.app.get('env') === 'development' ? err : {};
|
2020-06-17 22:34:29 +01:00
|
|
|
|
2024-04-29 13:21:31 +01:00
|
|
|
// render the error page
|
|
|
|
|
res.status(err.status || 500);
|
|
|
|
|
res.render('error', { title: 'Error', description: 'Error' });
|
2020-06-17 22:34:29 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
module.exports = app;
|
