pastel.codes/app.js

70 lines
2.2 KiB
JavaScript
Raw Normal View History

2020-06-17 22:34:29 +01:00
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
2020-06-22 22:48:48 +01:00
var mLogger = require('morgan');
var logger = require('./config/winston');
2020-07-01 12:10:30 +01:00
const helmet = require("helmet");
2020-06-17 22:34:29 +01:00
var indexRouter = require('./routes/index');
2020-06-22 20:36:41 +01:00
var aboutRouter = require('./routes/about');
2020-06-29 10:09:10 +01:00
var contactRouter = require('./routes/contact');
2020-06-17 22:34:29 +01:00
var app = express();
2020-06-22 20:53:08 +01:00
2021-02-15 01:45:26 +00:00
if (process.env.IS_DOCKER != 'true') app.set('trust proxy', 'loopback,uniquelocal');
2020-06-22 20:53:08 +01:00
app.disable('x-powered-by');
2020-06-17 22:34:29 +01:00
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
if (process.env.NODE_ENV === 'production') {
2020-06-22 22:48:48 +01:00
app.use(mLogger("common", { "stream": logger.stream }));
2020-06-22 20:53:08 +01:00
} else {
2020-06-22 22:48:48 +01:00
app.use(mLogger('dev'));
2020-06-22 20:53:08 +01:00
}
2020-12-23 11:53:42 +00:00
app.use(helmet());
2021-01-03 23:28:30 +00:00
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
2021-01-03 23:33:59 +00:00
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", "https://hcaptcha.com", "https://*.hcaptcha.com", "https://cdn.ravenjs.com/"],
2021-01-03 23:28:30 +00:00
imgSrc: ["'self'", "https://blog.pastel.codes", "https://static.ghost.org", "https://secure.gravatar.com"],
styleSrc: ["'self'", "'unsafe-inline'", "https://hcaptcha.com", "https://*.hcaptcha.com"],
fontSrc: ["'self'", "data:"],
frameSrc: ["https://hcaptcha.com", "https://*.hcaptcha.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
})
);
2020-06-17 22:34:29 +01:00
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/', indexRouter);
2020-06-22 20:36:41 +01:00
app.use('/about', aboutRouter);
2020-06-29 10:09:10 +01:00
app.use('/contact', contactRouter);
2020-06-17 22:34:29 +01:00
// catch 404 and forward to error handler
app.use(function(req, res, next) {
2020-06-22 17:48:10 +01:00
next(createError(404));
2020-06-17 22:34:29 +01:00
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
2020-06-17 22:34:29 +01:00
// render the error page
res.status(err.status || 500);
2020-06-22 17:57:35 +01:00
res.render('error', { title: 'Error', description: "Error" });
2020-06-17 22:34:29 +01:00
});
module.exports = app;