44 lines
821 B
JavaScript
44 lines
821 B
JavaScript
/**
|
|
* Setup the server app and apply common middlewares.
|
|
*/
|
|
import express from "express";
|
|
import compression from "compression";
|
|
import helmet from "helmet";
|
|
import morgan from "morgan";
|
|
import cors from "cors";
|
|
|
|
import utils from "./utils.mjs";
|
|
|
|
// server
|
|
|
|
const app = express();
|
|
|
|
// get form data as json.
|
|
app.use(express.urlencoded({ extended: true }));
|
|
|
|
// compress responses.
|
|
app.use(compression());
|
|
|
|
// set security policies.
|
|
app.use(
|
|
helmet.contentSecurityPolicy({
|
|
directives: {
|
|
"script-src": ["'self'"],
|
|
},
|
|
}),
|
|
);
|
|
// add logging.
|
|
app.use(morgan("combined"));
|
|
|
|
// set cors options
|
|
const corsOptions = {
|
|
origin: utils.cors,
|
|
optionsSuccessStatus: 200,
|
|
};
|
|
|
|
app.use(cors(corsOptions));
|
|
|
|
// trust reverse proxies.
|
|
app.set("trust proxy", "127.0.0.1");
|
|
|
|
export default app;
|