-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.js
135 lines (111 loc) · 3.42 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
'use strict';
const {
initCassandraAsync
} = require('./src/cassandra.js');
const express = require('express');
const bodyParser = require('body-parser');
const Promise = require('bluebird');
const helmet = require('helmet');
const nodeLimits = require('limits');
const reqDuration = 2629746000; // 1-month hsts
const auth = require('./controllers/auth.js');
console.log('Node', process.version);
console.log('info Remember to only run even-numbered (LTS) versions of node in production.');
// Allow bluebird promise cancellation
Promise.config({
cancellation: true
});
/**
* Connect to Cassandra and start Express
*/
function startAsync() {
// Start by initializing cassandra
return initCassandraAsync()
// Create any tables here
.then(client => {
return auth.createTable(client);
})
// Start the express server to process requests
.then(() => {
const app = express();
app.use(bodyParser.json({
limit: '1mb' // limit string length
}));
app.use(bodyParser.urlencoded({
extended: true
}));
// security by obscurity (helmet does this also)
app.disable('x-powered-by');
// helmet
app.use(helmet());
// hsts
app.use(helmet.hsts({
maxAge: reqDuration
}));
// framebuster
app.use(helmet.frameguard({
action: 'deny'
}));
// content security policy
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
childSrc: ["'none'"],
objectSrc: ["'none'"],
formAction: ["'none'"],
}
}));
// x-xss-protection (disabled for ie8/ie9 which opens vulnerability)
app.use(helmet.xssFilter());
// x-content-type-options
app.use(helmet.noSniff());
// limit some things
app.use(nodeLimits({
file_uploads: false,
post_max_size: 1000000, // 1mb max upload
inc_req_timeout: 1000*60 // 60 seconds
}))
const port = 3003;
app.get('/', (req, res) => res.send('Hello World!'));
app.post('/register', (req, res) => auth.register(req,res));
app.post('/login', (req, res) => auth.login(req,res));
app.post('/testcleanup', (req, res) => auth.testcleanup(req,res));
app.listen(port, () => console.log(`info Express listening on port ${port}!`))
return app;
})
.catch(err => {
// Use console to log error since logger might write asynchronously
console.error(err);
process.exit(1);
});
}
let startPromise = startAsync();
/**
* Handle stopping everything. From Datastax example.
*/
function stop() {
console.log('info', 'Attempting to shutdown');
if (startPromise.isFulfilled()) {
let server = startPromise.value();
return new Promise((resolve, reject) => {
resolve(server.removeAllListeners());
})
.then(() => process.exit(0));
} else {
startPromise.cancel();
process.exit(0);
}
}
// Try to gracefully shutdown on SIGTERM and SIGINT
process.on('SIGTERM', stop);
process.on('SIGINT', stop);
// Graceful shutdown attempt in Windows
if (process.platform === 'win32') {
// Simulate SIGINT on Windows (see http://stackoverflow.com/questions/10021373/what-is-the-windows-equivalent-of-process-onsigint-in-node-js)
createInterface({
input: process.stdin,
output: process.stdout
})
.on('SIGINT', () => process.emit('SIGINT'));
}