-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserve.js
More file actions
107 lines (88 loc) · 2.89 KB
/
serve.js
File metadata and controls
107 lines (88 loc) · 2.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
const express = require("express");
const dotenv = require("dotenv");
const passport = require("passport");
const session = require("express-session");
const connectDB = require("./config/db");
const cors = require("cors");
const helmet = require("helmet");
const compression = require("compression");
const rateLimit = require("express-rate-limit");
const morgan = require("morgan");
const path = require("path");
require("./config/passport");
const authRoutes = require("./routes/authRoutes");
const meetingRoutes = require("./routes/messageRoutes");
const userRoutes = require("./routes/userRoutes");
dotenv.config();
connectDB();
const app = express();
const PORT = process.env.PORT || 4000;
// ✅ Set up basic HTTP security headers with Helmet
app.use(helmet());
// ✅ Enable response compression for performance
app.use(compression());
// ✅ Enable logging with Morgan (set to 'combined' in production for detailed logs)
if (process.env.NODE_ENV === "production") {
app.use(morgan("combined"));
} else {
app.use(morgan("dev"));
}
// ✅ Apply rate limiting for API requests (helps prevent brute-force attacks)
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per windowMs
message: "Too many requests from this IP, please try again later.",
});
app.use(limiter);
// ✅ Allow frontend access with credentials (specific for dev and production environments)
const allowedOrigin = "http://localhost:3000"; // For local development
app.use(
cors({
origin: allowedOrigin,
credentials: true,
})
);
// ✅ Session middleware before Passport
app.use(
session({
secret: process.env.SESSION_SECRET || "your-secret-key", // Ensure SESSION_SECRET is stored securely
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: true, // Helps protect against XSS attacks
secure: process.env.NODE_ENV === "production", // Use secure cookies in production
},
})
);
app.use(passport.initialize());
app.use(passport.session());
app.use(express.json());
// Routes
app.use("/auth", authRoutes);
app.use("/user", userRoutes);
app.use("/meeting", meetingRoutes);
// Home route
app.get("/", (req, res) => {
res.json({
status: 200,
message: "Welcome to the backend project 🚀",
});
});
// Error handling middleware (Centralized error handling)
app.use((err, req, res, next) => {
console.error(err.stack);
res.status(500).json({
status: "error",
message: err.message || "Something went wrong!",
});
});
// Serve static assets in production (if using front-end build)
// if (process.env.NODE_ENV === "production") {
// app.use(express.static(path.join(__dirname, "client/build")));
// app.get("*", (req, res) => {
// res.sendFile(path.resolve(__dirname, "client", "build", "index.html"));
// });
// }
app.listen(PORT, () => {
console.log(`🚀 Server is running on http://localhost:${PORT}`);
});