/**
 * Setup the server app and apply common middlewares.
 */
import express from "express";
import compression from "compression";
import helmet from "helmet";
import morgan from "morgan";
import cors from "cors";

import utils from "./utils.mjs";

// server

const app = express();

// get form data as json.
app.use(express.urlencoded({ extended: true }));

// compress responses.
app.use(compression());

// set security policies.
app.use(
    helmet.contentSecurityPolicy({
        directives: {
            "script-src": ["'self'"],
        },
    }),
);
// add logging.
app.use(morgan("combined"));

// set cors options
const corsOptions = {
    origin: utils.cors,
    optionsSuccessStatus: 200,
};

app.use(cors(corsOptions));

// trust reverse proxies.
app.set("trust proxy", "127.0.0.1");

export default app;