-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.js
126 lines (107 loc) · 3.19 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
var createError = require("http-errors");
var express = require("express");
var path = require("path");
var cookieParser = require("cookie-parser");
var logger = require("morgan");
const cors = require("cors");
const compression = require("compression");
const helmet = require("helmet");
const Admin = require("./models/Admin");
const passport = require("passport");
const localStrategy = require("passport-local").Strategy;
const JWTstrategy = require("passport-jwt").Strategy;
const ExtractJWT = require("passport-jwt").ExtractJwt;
const jwt = require("jsonwebtoken");
const mongoose = require("mongoose");
mongoose.set("strictQuery", false);
const dotenv = require("dotenv");
dotenv.config();
password = process.env.db_password;
const indexRouter = require("./routes/index");
var apiRouter = require("./routes/api");
var usersRouter = require("./routes/users");
var app = express();
const mongoDB = `mongodb+srv://myAtlasDBUser:${password}@cluster0.envg0u2.mongodb.net/?retryWrites=true&w=majority`;
main().catch((err) => console.log(err));
async function main() {
await mongoose.connect(mongoDB);
}
// View engine setup
app.set("views", path.join(__dirname, "views"));
app.set("view engine", "ejs");
app.use(helmet());
app.use(compression());
app.use(cors());
app.use(logger("dev"));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, "public")));
app.use(passport.initialize());
app.use(passport.session());
// Passport auth
passport.use(
"login",
new localStrategy(
{
usernameField: "username",
passwordField: "password",
},
async (username, password, done) => {
try {
const user = await Admin.findOne({ username });
if (!user) {
return done(null, false, { message: "User not found" });
}
const validate = await user.isValidPassword(password);
if (!validate) {
return done(null, false, { message: "Wrong Password" });
}
return done(null, user, { message: "Logged in Successfully" });
} catch (error) {
return done(error);
}
}
)
);
// Auth with JWT
passport.use(
new JWTstrategy(
{
secretOrKey: process.env.TOKEN,
jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
},
async (token, done) => {
try {
return done(null, token.user);
} catch (error) {
done(error);
}
}
)
);
// Set up rate limiter: maximum of twenty requests per minute
const RateLimit = require("express-rate-limit");
const limiter = RateLimit({
windowMs: 1 * 60 * 1000, // 1 minute
max: 20,
});
// Apply rate limiter to all requests
app.use(limiter);
app.use("/", indexRouter);
app.use("/api", apiRouter);
app.use("/users", usersRouter);
// Catch 404 and forward to error handler
app.use(function (req, res, next) {
next(createError(404));
});
// Error handler
app.use(function (err, req, res, next) {
// Set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get("env") === "development" ? err : {};
// Render the error page
res.status(err.status || 500);
res.render("error");
});
module.exports = app;