-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
app.js
118 lines (102 loc) · 3.7 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
const express = require('express');
const createHttpError = require('http-errors')
const morgan = require('morgan');
const connectDB = require('./db/connect')
const session = require('express-session');
const connectFlash = require('connect-flash')
require('dotenv').config();
const PORT = process.env.PORT || 3000;
const passport = require('passport')
const mongoose = require('mongoose');
const MongoStore = require('connect-mongo');// https://www.npmjs.com/package/express-session#compatible-session-stores [FROM expression-session package for persistent session storage after server reboots]
const {ensureLoggedIn} = require('connect-ensure-login');
const { roles } = require('./utils/constants');
const cors = require('cors');
const app = express();
//middlewares
app.use(morgan('dev'));
app.set('view engine', 'ejs');
app.use(express.static('public'));
app.use(express.json());
app.use(cors());
app.use(express.urlencoded({ extended: true })); //allow posting nested objects
//init session
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
// secure:true, //for only https(secure)
httpOnly: true,
},
store: MongoStore.create({ mongoUrl: process.env.MONGO_URI })
}))
//for passport js authentication
app.use(passport.initialize());
app.use(passport.session());
require('./utils/passport.auth');
app.use((req, res, next) => {
res.locals.user = req.user;
console.log(`OUPUT: ${res.locals.user}`)
next();
})
//flash-message
app.use(connectFlash());
app.use((req, res, next) => {
res.locals.messages = req.flash()
next()
})
//routes
app.use('/', require('./routes/config.route'));
app.use('/v1/auth', require('./routes/auth.route'));
app.use('/v1/profile', require('./routes/profile.route'));
app.use('/v1/admin', require('./routes/admin.route'));
app.use('/v1/user', passport.authenticate('jwt', {session: false}), ensureAdmin, require('./routes/user.route'));
app.use("/v1/status", require('./routes/api_health'));
app.use("/v1/terminal", require('./routes/terminal'));
app.use("/v1/config",passport.authenticate('jwt', {session: false}), require('./routes/config.route'));
app.use('/v1/event', require('./routes/event.route'));
app.use('/v1/logs', require('./routes/log.route'));
app.use('/v1/instance', passport.authenticate('jwt', {session: false}), require('./routes/instance.route'));
//404 handler
app.use((req, res, next) => {
next(createHttpError.NotFound())
})
app.use((error, req, res, next) => {
error.status = error.status || 500
res.status(error.status)
res.render('404', { error })
})
const start = async () => {
try {
await connectDB(process.env.MONGO_URI);
app.listen(PORT, () => console.log(`Listening on port: ${PORT}`))
} catch (err) {
console.log(err);
}
}
// //my custom function to avoid user to unauthorised sessions routes [replaced with connectEnsureLogin]
// function ensureAuthenticated(req, res, next) {
// if (req.isAuthenticated()) {
// next();
// } else {
// res.redirect('/auth/login');
// }
// };
function ensureAdmin(req, res, next) {
if (req.user.role === roles.admin || req.user.role === roles.enterprise) {
next()
} else {
req.flash('warning', 'You are not an authorised user to see this page')
res.redirect('/')
}
}
// function ensureModerator(req, res, next) {
// if (req.user.role === roles.moderator) {
// next()
// } else {
// req.flash('warning', 'You are not an authorised user to see this page')
// res.redirect('/')
// }
// }
start();