forked from cloud-gov/pages-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.js
99 lines (79 loc) · 2.71 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
const config = require('./config');
const logger = require('winston');
logger.level = config.log.level;
logger.remove(logger.transports.Console);
logger.add(logger.transports.Console, { colorize: true });
// If settings present, start New Relic
const env = require('./services/environment.js')();
if (env.NEW_RELIC_APP_NAME && env.NEW_RELIC_LICENSE_KEY) {
logger.info(`Activating New Relic: ${env.NEW_RELIC_APP_NAME}`);
require('newrelic'); // eslint-disable-line global-require
} else {
logger.warn('Skipping New Relic Activation');
}
const express = require('express');
const bodyParser = require('body-parser');
const methodOverride = require('method-override');
const expressWinston = require('express-winston');
const session = require('express-session');
const PostgresStore = require('connect-session-sequelize')(session.Store);
const nunjucks = require('nunjucks');
const flash = require('connect-flash');
const responses = require('./api/responses');
const passport = require('./api/services/passport');
const RateLimit = require('express-rate-limit');
const router = require('./api/routers');
const app = express();
const sequelize = require('./api/models').sequelize;
config.session.store = new PostgresStore({ db: sequelize });
nunjucks.configure('views', {
autoescape: true,
express: app,
});
// When deployed we are behind a proxy, but we want to be
// able to access the requesting user's IP in req.ip, so
// 'trust proxy' must be enabled.
app.enable('trust proxy');
app.use(session(config.session));
app.use(passport.initialize());
app.use(passport.session());
app.use((req, res, next) => {
res.locals.user = req.user;
next();
});
app.use(express.static('public'));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json({ limit: '2mb' }));
app.use(methodOverride());
app.use(flash());
app.use(responses);
app.use((req, res, next) => {
res.set('Cache-Control', 'max-age=0');
next();
});
if (logger.levels[logger.level] >= 2) {
app.use(expressWinston.logger({
transports: [
new logger.transports.Console({ colorize: true }),
],
requestWhitelist: expressWinston.requestWhitelist.concat('body'),
}));
}
app.use(expressWinston.errorLogger({
transports: [
new logger.transports.Console({ json: true, colorize: true }),
],
}));
const limiter = new RateLimit(config.rateLimiting);
app.use(limiter); // must be set before router is added to app
app.use(router);
// error handler middleware for custom CSRF error responses
// note that error handling middlewares must come last in the stack
app.use((err, req, res, next) => {
if (err.code === 'EBADCSRFTOKEN') {
res.forbidden({ message: 'Invalid CSRF token' });
return;
}
next(err);
});
module.exports = app;