| 123456789101112131415161718192021222324252627282930313233343536373839 |
- const express = require('express')
- const path = require('path')
- const cookieParser = require('cookie-parser')
- const logger = require('morgan')
- const cors = require('cors')
- const csrf = require('./middleware/csrf')
- const response = require('./utils/responseHandler')
- const {origin} = require('./utils/origin')
- const app = express()
- require('./config/db')()
- app.use(logger('dev'))
- app.use(express.json())
- app.use(cors({ origin: origin([]), credentials: true }))
- app.use(express.urlencoded({ extended: false }))
- app.use(cookieParser(process.env.SRU51))
- // app.use(csrf( ['GET', 'HEAD', 'OPTIONS'], ['/v1/auth/login', /\/v1\/auto\//i, /v2/i]))
- app.use(express.static(path.join(__dirname, 'public')))
- app.use((req, res, next) => {req.data = {}; return next()})
- // routes
- app.use('/', require('./routes'))
- app.use((req, res) =>
- response.error(res, { code: 404, message: 'request not found' })
- )
- app.use((err, req, res, next) => {
- if (err.code === 'EBADCSRFTOKEN') {
- response.error(res, { code: 403, message: 'invalid csrf token' })
- } else {
- response.error(res, { code: err.code || 500, message: err.message })
- }
- })
- module.exports = app
|
