Setup logger, configloader, middleware & endpoints

2021-01-03 18:16:01 +01:00
parent 444502a84c
commit 5b9d9aeca8
9 changed files with 303 additions and 0 deletions
--- a/api/webserver/middleware/addIdToRequest.js
+++ b/api/webserver/middleware/addIdToRequest.js
@@ -0,0 +1,23 @@
+const crypto = require("crypto");
+const httpContext = require("express-http-context");
+
+const addIdToRequest = (req, res, next) => {
+  try {
+    crypto.randomBytes(16, (err, buf) => {
+      if (err) {
+        // log err
+        id = null;
+      }
+      id = buf.toString("hex");
+
+      httpContext.set("sessionId", id);
+      next();
+    });
+  } catch (err) {
+    // log err
+    httpContext.set("sessionId", null);
+    next();
+  }
+};
+
+module.exports = addIdToRequest;
--- a/api/webserver/middleware/setupCORS.js
+++ b/api/webserver/middleware/setupCORS.js
@@ -0,0 +1,6 @@
+const openCORS = (req, res, next) => {
+  res.set("Access-Control-Allow-Origin", "*")
+  return next();
+};
+
+module.exports = openCORS;
--- a/api/webserver/middleware/setupHeaders.js
+++ b/api/webserver/middleware/setupHeaders.js
@@ -0,0 +1,37 @@
+const camelToKebabCase = str => str.replace(/[A-Z]/g, letter => `-${letter.toLowerCase()}`);
+
+const mapFeaturePolicyToString = (features) => {
+  return Object.entries(features).map(([key, value]) => {
+    key = camelToKebabCase(key)
+    value = value == "*" ? value : `'${ value }'`
+    return `${key} ${value}`
+  }).join("; ")
+}
+
+const setupHeaders = (req, res, next) => {
+  res.set("Access-Control-Allow-Headers", "Content-Type")
+
+  // Security
+  res.set("X-Content-Type-Options", "nosniff");
+  res.set("X-XSS-Protection", "1; mode=block");
+  res.set("X-Frame-Options", "SAMEORIGIN");
+  res.set("X-DNS-Prefetch-Control", "off");
+  res.set("X-Download-Options", "noopen");
+  res.set("Strict-Transport-Security", "max-age=15552000; includeSubDomains")
+
+  // Feature policy
+  const features = {
+    fullscreen: "*",
+    payment: "none",
+    microphone: "none",
+    camera: "self",
+    speaker: "*",
+    syncXhr: "self"
+  }
+  const featureString = mapFeaturePolicyToString(features);
+  res.set("Feature-Policy", featureString)
+
+  return next();
+}
+
+module.exports = setupHeaders;
--- a/api/webserver/server.js
+++ b/api/webserver/server.js
@@ -0,0 +1,37 @@
+const express = require("express");
+const app = express();
+const path = require("path");
+global.__base = path.join(__dirname, "..");
+global.__middleware = path.join(__dirname, "middleware");
+global.__controllers = path.join(__dirname, "controllers");
+
+// logging
+const logger = require(`${__base}/logger`);
+
+// middleware
+const httpContext = require("express-http-context");
+const setupCORS = require(`${__middleware}/setupCORS`);
+const setupHeaders = require(`${__middleware}/setupHeaders`);
+const addIdToRequest = require(`${__middleware}/addIdToRequest`);
+app.use(httpContext.middleware);
+app.use(setupCORS);
+app.use(setupHeaders);
+app.use(addIdToRequest);
+
+// parse application/json
+app.use(express.json());
+
+const router = express.Router();
+// const TokenController = require(`${__controllers}/tokenController`);
+const PostController = require(`${__controllers}/postController`);
+
+router.get("/api/post/:id/render", PostController.renderPost);
+router.get("/api/post/:id", PostController.getPost);
+router.put("/api/post/:id", PostController.updatePost);
+// router.post("/api/payment/callback/v2/payments/:id", PaymentController.updatePayment);
+
+app.use(router);
+
+logger.info("Server started, listening at :30010");
+
+app.listen(30010);