-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
81 lines (66 loc) · 2.15 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
const express = require("express");
const dotenv = require("dotenv");
const mongoose = require("mongoose");
const postRouter = require("./routes/postRoutes");
const userRouter = require("./routes/userRoutes");
const commentRouter = require("./routes/commentRoutes");
const likeRouter = require("./routes/likeRoutes");
const rateLimit = require("express-rate-limit");
const helmet = require("helmet");
const xss = require("xss-clean");
const hpp = require("hpp");
//for defining enviroment variables
dotenv.config({
path: "./config.env",
});
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
});
const app = express();
//using security libraries
// protect app from DDoS attacks
app.use(limiter);
// Helmet helps you secure your Express apps by setting various HTTP headers
app.use(helmet());
// sanitize user input coming from POST body, GET queries, and url params.
app.use(xss());
// protect against HTTP Parameter Pollution attacks
app.use(hpp());
// middleware - function that can modify incoming data
// middle -- between the request and the response
// to put body object in request (req.body to be available)
//Body parser
//* when we have body larger than 10kb basically not be accepted
app.set("view engine", "ejs");
// client-side for signup
app.get("/user/signup", (req, res) => {
res.render("upload");
});
app.use(express.json({ limit: "10kb" }));
app.use("/post", postRouter);
// app.use('/user', userRouter)
// route for users
app.use("/user", userRouter);
// route for comment
app.use("/comment", commentRouter);
// route for like
app.use("/like", likeRouter);
app.use("/", (req, res, next) => {
res.send("Use /post instead of /");
});
const DB = process.env.DATABASE.replace(
"<PASSWORD>",
process.env.DATABASE_PASSWORD
);
async function bootstrap() {
try {
await mongoose.connect(DB);
app.listen(3000, console.log("server is running..."));
} catch (error) {
console.log(error);
}
}
bootstrap();