-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.js
168 lines (160 loc) · 5.14 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
// if(process.env.NODE_ENV !== "production")
// {
// require('dotenv').config();
// //If we running application in dev mod => require .env and add in process so process will have env
// // and we can access it process.env.VARIABLENAME!
// }
//Npm packages
require('dotenv').config();
const express = require('express');
const path = require('path');
const mongoose = require('mongoose');
const app = express();
const methodOverride = require('method-override')
const ejsMate = require('ejs-mate');
const ExpressError = require('./utils/ExpressError');
const session = require('express-session');
const flash = require('connect-flash');
const passport = require('passport');
const LocalStrategy = require('passport-local');
const User = require('./models/user');
const mongoSanitize = require('express-mongo-sanitize');
const helmet = require('helmet');
const MongoStore = require('connect-mongo');
const dbUrl = process.env.DB_URL || 'mongodb://localhost:27017/yelp-camp';
//Routes
const campgroundRoutes = require('./routes/campgrounds');
const reviewRoutes = require('./routes/reviews');
const userRoutes = require('./routes/users');
async function main() {
await mongoose.connect(dbUrl);
}
main().then(() =>{
console.log("Database connect")
})
main().catch((e) =>{
console.log("Error");
console.log(e);
})
//This is using for parse the body using urlencode ( our normal language)
app.use(express.urlencoded({extended : true}));
// override with POST having ?_method=DELETE
app.use(methodOverride('_method'))
app.set('view engine', 'ejs')
//This one right here is app.engine used for layouts, partials, block
app.engine('ejs', ejsMate);
//This one is for req.render
app.set('views', path.join(__dirname,'views'));
//Serving public asset
app.use(express.static(path.join(__dirname,'public')));
//Mongo Session config
const store = MongoStore.create({
mongoUrl: dbUrl,
touchAfter: 24 * 60 * 60,
crypto: {
secret: 'thisshouldbeabettersecret!'
}
})
store.on("error",function(e) {
console.log('SESSION STORE ERROR',e)
})
//Using session
const sessionConfig = {
store,
secret: 'thisshouldbeabettersecret',
resave: false,
saveUninitialized: true,
cookie: {
//name of the cookie!
name: 'blah',
httpOnly: true,
//Expires for old browser
//expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
//MaxAge for new browser nowdays
maxAge: 1000 * 60 * 60 * 24 * 7
//secure : only https can only work on this cookie
//secure:true
}
}
app.use(session(sessionConfig));
//This is for the flash pop up
app.use(flash());
//passport.ini => install passport, passport.session => persistant login, must place after session
app.use(passport.initialize());
app.use(passport.session());
passport.use(new LocalStrategy(User.authenticate()));
//How do we store and unstore a user in a session
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
//This is use for catch flash message
app.use((req,res,next) => {
res.locals.success = req.flash('success');
res.locals.error = req.flash('error');
res.locals.currentUser = req.user;
next();
})
app.use(mongoSanitize());
app.use(helmet({ crossOriginEmbedderPolicy: true }))
const scriptSrcUrls = [
"https://stackpath.bootstrapcdn.com/",
"https://api.tiles.mapbox.com/",
"https://api.mapbox.com/",
"https://kit.fontawesome.com/",
"https://cdnjs.cloudflare.com/",
"https://cdn.jsdelivr.net"
];
const styleSrcUrls = [
"https://kit-free.fontawesome.com/",
"https://stackpath.bootstrapcdn.com/",
"https://api.mapbox.com/",
"https://api.tiles.mapbox.com/",
"https://fonts.googleapis.com/",
"https://use.fontawesome.com/",
'https://cdn.jsdelivr.net'
];
const connectSrcUrls = [
"https://api.mapbox.com/",
"https://a.tiles.mapbox.com/",
"https://b.tiles.mapbox.com/",
"https://events.mapbox.com/",
];
const fontSrcUrls = [];
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: [],
connectSrc: ["'self'", ...connectSrcUrls],
scriptSrc: ["'unsafe-inline'", "'self'", ...scriptSrcUrls],
styleSrc: ["'self'", "'unsafe-inline'", ...styleSrcUrls],
workerSrc: ["'self'", "blob:"],
objectSrc: [],
imgSrc: [
"'self'",
"blob:",
"data:",
"https://res.cloudinary.com/dztjmkvak/", //SHOULD MATCH YOUR CLOUDINARY ACCOUNT!
"https://images.unsplash.com/",
],
fontSrc: ["'self'", ...fontSrcUrls],
},
})
);
//Routers
app.use('/',userRoutes);
app.use('/campgrounds',campgroundRoutes);
app.use('/campgrounds/:id/reviews',reviewRoutes);
app.get('/',(req,res) =>{
res.render('home');
})
app.all('*',(req,res,next) => {
next(new ExpressError('Page Not Found', 404))
})
app.use((err,req,res,next) => {
const {statusCode = 500} = err;
if(!err.message) err.message = 'Oh no, Something went wrong';
res.status(statusCode).render('error', { err });
})
const PORT = process.env.PORT || 3030;
app.listen(PORT, ()=> {
console.log('Serving on port 3000');
})