forked from cds-snc/node-starter-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
executable file
·117 lines (98 loc) · 3.26 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// import environment variables.
require('dotenv-safe').config()
// import node modules.
const express = require('express')
const cookieParser = require('cookie-parser')
const bodyParser = require('body-parser')
const compression = require('compression')
const helmet = require('helmet')
const sassMiddleware = require('node-sass-middleware')
const path = require('path')
const cookieSession = require('cookie-session')
const cookieSessionConfig = require('./config/cookieSession.config')
const { hasData } = require('./utils')
const { addNunjucksFilters } = require('./filters')
const csp = require('./config/csp.config')
const csrf = require('csurf')
const morgan = require('morgan')
// check to see if we have a custom configRoutes function
let { configRoutes, routes, locales } = require('./config/routes.config')
if (!configRoutes) configRoutes = require('./utils/route.helpers').configRoutes
if (!locales) locales = ['en', 'fr']
// initialize application.
const app = express()
// general app configuration.
app.use(express.json())
app.use(express.urlencoded({ extended: false }))
app.use(cookieParser(process.env.app_session_secret))
app.use(require('./config/i18n.config').init)
app.use(bodyParser.json())
app.use(
bodyParser.urlencoded({
extended: true,
}),
)
// CSRF setup
app.use(
csrf({
cookie: true,
signed: true,
}),
)
// append csrfToken to all responses
app.use(function(req, res, next) {
res.locals.csrfToken = req.csrfToken()
next()
})
// Logging for request details
process.env.NODE_ENV === 'development'
? app.use(morgan('dev'))
: app.use(morgan('combined'))
// in production: use redis for sessions
// but this works for now
app.use(cookieSession(cookieSessionConfig))
// in production: precompile CSS
app.use(
sassMiddleware({
src: path.join(__dirname, 'assets/scss'),
dest: path.join(__dirname, 'public'),
debug: false,
indentedSyntax: false, // look for .scss files, not .sass files
sourceMap: true,
outputStyle: 'compressed',
}),
)
// public assets go here (css, js, etc)
app.use(express.static(path.join(__dirname, 'public')))
// dnsPrefetchControl controls browser DNS prefetching
// frameguard to prevent clickjacking
// hidePoweredBy to remove the X-Powered-By header
// hsts for HTTP Strict Transport Security
// ieNoOpen sets X-Download-Options for IE8+
// noSniff to keep clients from sniffing the MIME type
// xssFilter adds some small XSS protections
app.use(helmet())
app.use(helmet.contentSecurityPolicy({ directives: csp }))
// gzip response body compression.
app.use(compression())
// Adding values/functions to app.locals means we can access them in our templates
app.locals.GITHUB_SHA = process.env.GITHUB_SHA || null
app.locals.hasData = hasData
// set default views path
app.locals.basedir = path.join(__dirname, './views')
app.set('views', [path.join(__dirname, './views')])
app.routes = configRoutes(app, routes, locales)
// view engine setup
const nunjucks = require('nunjucks')
const dateFilter = require('nunjucks-date-filter');
const env = nunjucks
.configure([...app.get('views'), 'views/macros'], {
autoescape: true,
express: app,
})
.addGlobal('$env', process.env)
.addFilter('date', dateFilter)
addNunjucksFilters(env)
nunjucks.installJinjaCompat()
app.set('view engine', 'njk')
module.exports = app