-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
152 lines (139 loc) · 4.84 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
if (process.env.NODE_ENV !== 'production') {
require('dotenv').config();
}
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var routes = require('./app/routes');
var pg = require('pg');
var flash = require('connect-flash');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var RememberMeStrategy = require('passport-remember-me-extended').Strategy;
require('./controllers/passport')(passport);
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var app = express();
var contentLength = require('express-content-length-validator');
var express_enforces_ssl = require('express-enforces-ssl');
var helmet = require('helmet');
var mcapi = require('mailchimp-api');
var mcKey = process.env.MAILCHIMP_KEY;
var gzip = require('connect-gzip');
mc = new mcapi.Mailchimp(mcKey);
var compression = require('compression');
var MAX_CONTENT_LENGTH_ACCEPTED = 9999;
Logger = require('./logger');
//Use prerender
//app.use(require('prerender-node').set('prerenderToken', 'hCDkfgPPa4oQo1K3NZOW'));
// app.use(require('prerender-node').set('prerenderServiceUrl', 'http://localhost:1337/').set('prerenderToken', 'hCDkfgPPa4oQo1K3NZOW'));
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.static(path.join(__dirname, 'dist')));
app.use('/bower_components', express.static(__dirname + '/bower_components'));
app.use('/node_modules', express.static(__dirname + '/node_modules'));
app.use(compression());
// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
if (process.argv.indexOf('--silent-http') === -1) {
app.use(logger('dev'));
}
app.use(cookieParser('keyboard cat'));
app.use(bodyParser.json());
app.use(bodyParser.json({limit: '50mb'}));
app.use(bodyParser.urlencoded({limit: "50mb", extended: true, parameterLimit:50000}));
var redisHost = 'localhost';
var redisPort = 6379;
var rtg = null;
if (process.env.REDIS_URL) {
// redistogo connection
var rtg = require("url").parse(process.env.REDIS_URL);
var redis = require('redis').createClient(rtg.port, rtg.hostname);
redisPort = rtg.port;
redisHost = rtg.hostname;
redis.auth(rtg.auth.split(':')[1]);
Logger.info("HERE IT IS", redis);
}
else{
var redis = require("redis").createClient();
}
app.use(session({
secret: 'so secret',
cookie: { secure: false, maxAge: 14400000 },
store: new RedisStore({
client: redis,
host: redisHost,
port: redisPort
}),
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(passport.authenticate('remember-me'));
app.use(flash());
app.use(function (req, res, next) {
res.locals.messages = require('express-messages')(req, res);
next();
});
app.use(gzip.staticGzip(__dirname + '/bower_components/jquery/dist', { matchType: /javascript/ }));
// Security Shit
if (process.env.NODE_ENV === 'production') {
app.enable('trust proxy');
app.use(express_enforces_ssl());
}
// app.use(contentLength.validateMax({max: MAX_CONTENT_LENGTH_ACCEPTED, status: 400, message: "stop it!"})); // max size accepted for the content-length
app.use(helmet({ dnsPrefetchControl: false }));
app.use(helmet.frameguard({ action: 'deny' }));
app.use(helmet.hsts({
maxAge: 10886400000, // Must be at least 18 weeks to be approved by Google
includeSubdomains: true, // Must be enabled to be approved by Google
preload: true
}));
// TODO: This shit is not working out someone get on this.
// app.use(helmet.contentSecurityPolicy({
// // Specify directives as normal.
// directives: {
// defaultSrc: ["'self'"],
// scriptSrc: ["'self'", "'unsafe-inline'", "https://*.hotjar.com", "'https://oss.maxcdn.com'", "'https://s3.amazonaws.com'"],
// imgSrc: ["'self'", "http://33.media.tumblr.com"],
// styleSrc: ["'self'", "https://fonts.googleapis.com"],
// },
// disableAndroid: false,
// browserSniff: true
// }));
// Load routes
routes.initialize(app);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: err
});
});
}
// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: {}
});
});
module.exports = app;