definma-api/src/index.ts

import express from 'express';
import bodyParser from 'body-parser';
import compression from 'compression';
import contentFilter from 'content-filter';
import helmet from 'helmet';
import cors from 'cors';
import api from './api';
import db from './db';
import Mail from './helpers/mail';


// Tell if server is running in debug or production environment
console.info(process.env.NODE_ENV === 'production' ?
  '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');


// Mongodb connection
db.connect();

// Mail service
Mail.init();

// Create Express app
const app = express();

// Get port from environment, defaults to 3000
const port = process.env.PORT || 3000;

// Security headers
const defaultHeaderConfig = {
  contentSecurityPolicy: {
    directives: {
      defaultSrc: [`'none'`],
      baseUri: [`'self'`],
      formAction: [`'none'`],
      frameAncestors: [`'none'`]
    }
  },
  frameguard: {
    action: 'deny'
  },
  permittedCrossDomainPolicies: true,
  refererPolicy: true
};
app.use(helmet(defaultHeaderConfig));
// Special CSP header for api-doc
app.use('/api-doc', helmet.contentSecurityPolicy({
  ...defaultHeaderConfig,
  directives: {
    defaultSrc: [`'none'`],
    scriptSrc: [`'self'`],
    connectSrc: [`'self'`],
    styleSrc: [`'self'`, `'unsafe-inline'`],
    imgSrc: [`'self'`, 'data:']
  }
}));
// Special CSP header for the intro-presentation
app.use(/\/static\/intro-presentation\/(index.html)?/, helmet.contentSecurityPolicy({
  ...defaultHeaderConfig,
  directives: {
    defaultSrc: [`'none'`],
    scriptSrc: [`'self'`, `'unsafe-inline'`],
    styleSrc: [`'self'`, `'unsafe-inline'`],
    imgSrc: [`'self'`]
  }
}));
// Special CSP header for the bosch-logo.svg
app.use('/static/*.svg', helmet.contentSecurityPolicy({
  ...defaultHeaderConfig,
  directives: {
    styleSrc: [`'unsafe-inline'`]
  }
}));

// Middleware
app.use(compression());  // Compress responses
app.use(express.json({ limit: '5mb'}));
app.use(express.urlencoded({ extended: false, limit: '5mb' }));
app.use(bodyParser.json());
app.use(contentFilter({
  urlBlackList: ['$', '&&', '||'],
  bodyBlackList: ['$', '{', '&&', '||'],
  appendFound: true
}));  // Filter URL query attacks
app.use((err, req, res, ignore) => {  // BodyParser error handling
  res.status(400).send({status: 'Invalid JSON body'});
});
app.use((req, res, next) => {  // No database connection error
  if (db.getState().db) {
    next();
  }
  else {
    console.error('No database connection');
    res.status(500).send({status: 'Internal server error'});
  }
});
app.use(cors());  // CORS headers
app.use(require('./helpers/authorize'));  // Handle authentication

// Redirect /api routes for Angular proxy in development
if (process.env.NODE_ENV !== 'production') {
  app.use('/api/:url([^]+)', (req, res) => {
    if (/help\//.test(req.params.url)) { // Encode URI again for help route
      req.params.url = 'help/' + encodeURIComponent(req.params.url.replace('help/', ''));
    }
    req.url = '/' + req.params.url;
    app.handle(req, res);
  });
}


// Require routes
app.use('/', require('./routes/help'));
app.use('/', require('./routes/material'));
app.use('/', require('./routes/measurement'));
app.use('/', require('./routes/model'));
app.use('/', require('./routes/prediction'));
app.use('/', require('./routes/root'));
app.use('/', require('./routes/sample'));
app.use('/', require('./routes/template'));
app.use('/', require('./routes/user'));

// Static files
app.use('/static', express.static('static'));

// Swagger UI
app.use('/api-doc', api());

app.use((req, res) => {  // 404 error handling
  res.status(404).json({status: 'Not found'});
});

app.use((err, req, res, ignore) => {  // Internal server error handling
  console.error(err);
  res.status(500).json({status: 'Internal server error'});
});


// Hook up server to port
const server = app.listen(port, () => {
  console.info(process.env.NODE_ENV === 'test' ? '' : `Listening on http://localhost:${port}`);
});

module.exports = server;
init 2020-01-14 13:25:13 +01:00			`import express from 'express';`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`import bodyParser from 'body-parser';`
cleaned TODOS 2020-06-05 10:51:03 +02:00			`import compression from 'compression';`
added authorization 2020-04-23 13:59:45 +02:00			`import contentFilter from 'content-filter';`
cleaned TODOS 2020-06-05 10:51:03 +02:00			`import helmet from 'helmet';`
spectrum field working again 2020-07-09 13:48:27 +02:00			`import cors from 'cors';`
implemented feature 2020-05-12 14:05:47 +02:00			`import api from './api';`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`import db from './db';`
fixed mail service 2020-08-07 08:37:25 +02:00			`import Mail from './helpers/mail';`
init 2020-01-14 13:25:13 +01:00

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Tell if server is running in debug or production environment`
fixed testing cache 2020-08-04 13:54:14 +02:00			`console.info(process.env.NODE_ENV === 'production' ?`
			`'===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');`
init 2020-01-14 13:25:13 +01:00

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Mongodb connection`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`db.connect();`
api definition created 2020-04-20 16:17:43 +02:00
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Mail service`
fixed mail service 2020-08-07 08:37:25 +02:00			`Mail.init();`

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Create Express app`
init 2020-01-14 13:25:13 +01:00			`const app = express();`

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Get port from environment, defaults to 3000`
init 2020-01-14 13:25:13 +01:00			`const port = process.env.PORT \|\| 3000;`

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Security headers`
api and headers 2020-07-28 13:59:13 +02:00			`const defaultHeaderConfig = {`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`contentSecurityPolicy: {`
			`directives: {`
			defaultSrc: [`'none'`],
			baseUri: [`'self'`],
			formAction: [`'none'`],
			frameAncestors: [`'none'`]
			`}`
api and headers 2020-07-28 13:59:13 +02:00			`},`
			`frameguard: {`
			`action: 'deny'`
			`},`
			`permittedCrossDomainPolicies: true,`
			`refererPolicy: true`
			`};`
			`app.use(helmet(defaultHeaderConfig));`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Special CSP header for api-doc`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`app.use('/api-doc', helmet.contentSecurityPolicy({`
api and headers 2020-07-28 13:59:13 +02:00			`...defaultHeaderConfig,`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`directives: {`
minor fixes 2020-07-30 11:36:03 +02:00			defaultSrc: [`'none'`],
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			scriptSrc: [`'self'`],
			connectSrc: [`'self'`],
			styleSrc: [`'self'`, `'unsafe-inline'`],
api and headers 2020-07-28 13:59:13 +02:00			imgSrc: [`'self'`, 'data:']
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`}`
			`}));`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Special CSP header for the intro-presentation`
another CSP fix 2020-08-09 17:25:32 +02:00			`app.use(/\/static\/intro-presentation\/(index.html)?/, helmet.contentSecurityPolicy({`
added presentation 2020-08-07 15:21:16 +02:00			`...defaultHeaderConfig,`
			`directives: {`
			defaultSrc: [`'none'`],
			scriptSrc: [`'self'`, `'unsafe-inline'`],
			styleSrc: [`'self'`, `'unsafe-inline'`],
			imgSrc: [`'self'`]
			`}`
			`}));`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Special CSP header for the bosch-logo.svg`
added presentation 2020-08-07 15:21:16 +02:00			`app.use('/static/*.svg', helmet.contentSecurityPolicy({`
api and headers 2020-07-28 13:59:13 +02:00			`...defaultHeaderConfig,`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`directives: {`
			styleSrc: [`'unsafe-inline'`]
			`}`
			`}));`

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Middleware`
			`app.use(compression()); // Compress responses`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`app.use(express.json({ limit: '5mb'}));`
			`app.use(express.urlencoded({ extended: false, limit: '5mb' }));`
			`app.use(bodyParser.json());`
fixed testing cache 2020-08-04 13:54:14 +02:00			`app.use(contentFilter({`
improved globals and added status and spectrum 2020-08-11 16:06:51 +02:00			`urlBlackList: ['$', '&&', '\|\|'],`
			`bodyBlackList: ['$', '{', '&&', '\|\|'],`
			`appendFound: true`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`})); // Filter URL query attacks`
			`app.use((err, req, res, ignore) => { // BodyParser error handling`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`res.status(400).send({status: 'Invalid JSON body'});`
			`});`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`app.use((req, res, next) => { // No database connection error`
added authorization 2020-04-23 13:59:45 +02:00			`if (db.getState().db) {`
			`next();`
			`}`
			`else {`
spectrum field working again 2020-07-09 13:48:27 +02:00			`console.error('No database connection');`
added authorization 2020-04-23 13:59:45 +02:00			`res.status(500).send({status: 'Internal server error'});`
			`}`
			`});`
spectrum field working again 2020-07-09 13:48:27 +02:00			`app.use(cors()); // CORS headers`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`app.use(require('./helpers/authorize')); // Handle authentication`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Redirect /api routes for Angular proxy in development`
/api/ subroutes only available in dev/test 2020-05-28 12:18:38 +02:00			`if (process.env.NODE_ENV !== 'production') {`
first implementation of fields 2020-06-29 15:50:24 +02:00			`app.use('/api/:url([^]+)', (req, res) => {`
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`if (/help\//.test(req.params.url)) { // Encode URI again for help route`
code improvements 2020-09-03 16:26:16 +02:00			`req.params.url = 'help/' + encodeURIComponent(req.params.url.replace('help/', ''));`
			`}`
/api/ subroutes only available in dev/test 2020-05-28 12:18:38 +02:00			`req.url = '/' + req.params.url;`
first implementation of fields 2020-06-29 15:50:24 +02:00			`app.handle(req, res);`
/api/ subroutes only available in dev/test 2020-05-28 12:18:38 +02:00			`});`
			`}`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Require routes`
Allow predictions to be saved 2021-02-24 13:59:25 +01:00			`app.use('/', require('./routes/help'));`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00			`app.use('/', require('./routes/material'));`
model routes 2020-08-13 12:07:40 +02:00			`app.use('/', require('./routes/measurement'));`
			`app.use('/', require('./routes/model'));`
Allow predictions to be saved 2021-02-24 13:59:25 +01:00			`app.use('/', require('./routes/prediction'));`
			`app.use('/', require('./routes/root'));`
			`app.use('/', require('./routes/sample'));`
			`app.use('/', require('./routes/template'));`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00			`app.use('/', require('./routes/user'));`
init 2020-01-14 13:25:13 +01:00
Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Static files`
styled swagger 2020-04-29 15:07:07 +02:00			`app.use('/static', express.static('static'));`

init 2020-01-14 13:25:13 +01:00			`// Swagger UI`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`app.use('/api-doc', api());`
init 2020-01-14 13:25:13 +01:00
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`app.use((req, res) => { // 404 error handling`
			`res.status(404).json({status: 'Not found'});`
			`});`

Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`app.use((err, req, res, ignore) => { // Internal server error handling`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`console.error(err);`
			`res.status(500).json({status: 'Internal server error'});`
			`});`


Change first character of all end-of-line comments to upper case 2021-01-26 13:25:11 +01:00			`// Hook up server to port`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`const server = app.listen(port, () => {`
implemented more /sample methods 2020-05-07 21:55:29 +02:00			console.info(process.env.NODE_ENV === 'test' ? '' : `Listening on http://localhost:${port}`);
init 2020-01-14 13:25:13 +01:00			`});`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00
Allow predictions to be saved 2021-02-24 13:59:25 +01:00			`module.exports = server;`