var createError = require('http-errors'); var express = require('express'); var path = require('path'); var cookieParser = require('cookie-parser'); var mLogger = require('morgan'); var logger = require('./config/winston'); const helmet = require('helmet'); var indexRouter = require('./routes/index'); var aboutRouter = require('./routes/about'); var contactRouter = require('./routes/contact'); var app = express(); if (process.env.IS_DOCKER != 'true') app.set('trust proxy', 'loopback,uniquelocal'); app.disable('x-powered-by'); // view engine setup app.set('views', path.join(__dirname, 'views')); app.set('view engine', 'pug'); if (process.env.NODE_ENV === 'production') { app.use(mLogger('common', { stream: logger.stream })); } else { app.use(mLogger('dev')); } app.use(helmet()); app.use( helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], scriptSrc: [ "'self'", "'unsafe-inline'", "'unsafe-eval'", 'https://hcaptcha.com', 'https://*.hcaptcha.com', 'https://cdn.ravenjs.com/', 'https://cdnjs.cloudflare.com/', 'https://cdn.jsdelivr.net/', 'https://*.cloudfront.net/', ], imgSrc: [ "'self'", 'https://blog.pastel.codes', 'https://static.ghost.org', 'https://secure.gravatar.com', 'data: ', ], styleSrc: [ "'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com', ], fontSrc: ["'self'", 'data:'], frameSrc: ['https://hcaptcha.com', 'https://*.hcaptcha.com'], objectSrc: ["'none'"], upgradeInsecureRequests: [], }, }) ); app.use(express.json()); app.use(express.urlencoded({ extended: false })); app.use(cookieParser()); app.use(express.static(path.join(__dirname, 'public'))); app.use('/obsidian', express.static(path.join(__dirname, 'obsidian'))); app.use('/', indexRouter); app.use('/about', aboutRouter); app.use('/contact', contactRouter); // catch 404 and forward to error handler app.use(function (req, res, next) { next(createError(404)); }); // error handler app.use(function (err, req, res, _next) { // set locals, only providing error in development res.locals.message = err.message; res.locals.error = req.app.get('env') === 'development' ? err : {}; // render the error page res.status(err.status || 500); res.render('error', { title: 'Error', description: 'Error' }); }); module.exports = app;