app.js

// load dependencies
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var bodyParser = require('body-parser');
const session = require('express-session');
const MongoStore = require('connect-mongo')(session);
var cookieParser = require('cookie-parser');
var mongoose = require('mongoose');
var passport = require('passport');
const helmet = require('helmet');
var cors = require('cors')

// include routes
var indexRouter = require('./routes/index');
var usersRouter = require('./routes/users');
var sentencesRouter = require('./routes/sentences');
var commentsRouter = require('./routes/comments');
var feedbacksRouter = require('./routes/feedbacks');

// require('./evaluation/javascript/read.js');

// expose app
var app = express();

// security module
app.use(helmet());
app.use(cors());

// create a connection to MongoDB
var dbConfig = require('./config/database');

//use Bluebird instead of native ES6 promises
mongoose.Promise = require('bluebird');

if (process.env.NODE_ENV !== 'test') {
    mongoose.connect(dbConfig.database, {
            promiseLibrary: require('bluebird'),
            useNewUrlParser: true
        })
        .then(() => console.log('Connection Succesful! Server is running on http://localhost:3000/'))
        .catch((err) => console.error(err));
}

// Passport Middleware
app.use(passport.initialize());
app.use(passport.session());
require('./config/passport')(passport);

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

// log every request to the console
app.use(logger('dev'));

// parse incoming requests
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

// load the cookie-parsing middleware
app.use(cookieParser());

// create sessions
app.use(session({
    secret: dbConfig.secret,
    saveUninitialized: false, // don't create session until something stored
    resave: false, // don't save session if unmodified
    store: new MongoStore({
        url: dbConfig.database,
        touchAfter: 24 * 3600 // the session be updated only one time in a period of 24 hours
    })
}));

// serves static assets such as HTML files, images, and so on.
app.use(express.static(path.join(__dirname, 'public')));

// disable access to content via browser
var myBrowsingRestrictionMiddlewareFunction = function(req, res, next) {
    if (req.headers['my-custom-header']) {
        // custom header exists, then call next() to pass to the next function
        next();
    } else {
        res.redirect('../#/forbidden');
    }
}

// set the routes
app.use('/', indexRouter);
app.use(myBrowsingRestrictionMiddlewareFunction);
app.use('/users', usersRouter);
app.use('/sentences', sentencesRouter);
app.use('/comments', commentsRouter);
app.use('/feedbacks', feedbacksRouter);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
    next(createError(404));
});

// error handler middleware
app.use(function(err, req, res, next) {
    // set locals, only providing error in development
    res.locals.message = err.message;
    res.locals.error = req.app.get('env') === 'development' ? err : {};

    // render the error page
    res.status(err.status || 500);
    res.render('error', { error: err })
    res.json({
        error: { message: err.message }
    });
});

module.exports = app;