This repository has been archived by the owner on Nov 27, 2020. It is now read-only.
generated from cds-snc/.github
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathapp.js
executable file
·94 lines (74 loc) · 2.66 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// import environment variables.
require('dotenv').config()
// import node modules.
const express = require('express')
const cookieParser = require('cookie-parser')
const compression = require('compression')
const helmet = require('helmet')
const path = require('path')
const cookieSession = require('cookie-session')
const cookieSessionConfig = require('./config/cookieSession.config')
const { hasData, contextMiddleware } = require('./utils')
const { addNunjucksFilters } = require('./filters')
const csp = require('./config/csp.config')
const csrf = require('csurf')
// check to see if we have a custom configRoutes function
let { configRoutes, routes, locales } = require('./config/routes.config')
if (!configRoutes) configRoutes = require('./utils/route.helpers').configRoutes
if (!locales) locales = ['en', 'fr']
// initialize application.
const app = express()
// general app configuration.
app.use(express.json())
app.use(express.urlencoded({ extended: true }))
app.use(cookieParser(process.env.app_session_secret))
app.use(require('./config/i18n.config').init)
// CSRF setup
app.use(
csrf({
cookie: true,
signed: true,
}),
)
// append csrfToken to all responses
app.use(function(req, res, next) {
res.locals.csrfToken = req.csrfToken()
next()
})
// in production: use redis for sessions
// but this works for now
app.use(cookieSession(cookieSessionConfig))
// public assets go here (css, js, etc)
app.use(express.static(path.join(__dirname, 'public')))
// dnsPrefetchControl controls browser DNS prefetching
// frameguard to prevent clickjacking
// hidePoweredBy to remove the X-Powered-By header
// hsts for HTTP Strict Transport Security
// ieNoOpen sets X-Download-Options for IE8+
// noSniff to keep clients from sniffing the MIME type
// xssFilter adds some small XSS protections
app.use(helmet())
app.use(helmet.contentSecurityPolicy({ directives: csp }))
// gzip response body compression.
app.use(compression())
// Adding values/functions to app.locals means we can access them in our templates
app.locals.GITHUB_SHA = process.env.GITHUB_SHA || null
app.locals.hasData = hasData
// set default views path
app.locals.basedir = path.join(__dirname, './views')
app.set('views', [path.join(__dirname, './views')])
// add in helpers for scoped data contexts (used in the repeater)
app.use(contextMiddleware)
app.routes = configRoutes(app, routes, locales)
// view engine setup
const nunjucks = require('nunjucks')
const env = nunjucks
.configure([...app.get('views'), 'views/macros'], {
autoescape: true,
express: app,
})
.addGlobal('$env', process.env)
addNunjucksFilters(env)
nunjucks.installJinjaCompat()
app.set('view engine', 'njk')
module.exports = app