definma-api/src/index.ts

import express from 'express';
import bodyParser from 'body-parser';
import compression from 'compression';
import contentFilter from 'content-filter';
import helmet from 'helmet';
import cors from 'cors';
import api from './api';
import db from './db';
import Mail from './helpers/mail';


// tell if server is running in debug or production environment
console.info(process.env.NODE_ENV === 'production' ?
  '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');


// mongodb connection
db.connect();

// mail service
Mail.init();

// create Express app
const app = express();

// get port from environment, defaults to 3000
const port = process.env.PORT || 3000;

// security headers
const defaultHeaderConfig = {
  contentSecurityPolicy: {
    directives: {
      defaultSrc: [`'none'`],
      baseUri: [`'self'`],
      formAction: [`'none'`],
      frameAncestors: [`'none'`]
    }
  },
  frameguard: {
    action: 'deny'
  },
  permittedCrossDomainPolicies: true,
  refererPolicy: true
};
app.use(helmet(defaultHeaderConfig));
// special CSP header for api-doc
app.use('/api-doc', helmet.contentSecurityPolicy({
  ...defaultHeaderConfig,
  directives: {
    defaultSrc: [`'none'`],
    scriptSrc: [`'self'`],
    connectSrc: [`'self'`],
    styleSrc: [`'self'`, `'unsafe-inline'`],
    imgSrc: [`'self'`, 'data:']
  }
}));
// special CSP header for the intro-presentation
app.use(/\/static\/intro-presentation\/(index.html)?/, helmet.contentSecurityPolicy({
  ...defaultHeaderConfig,
  directives: {
    defaultSrc: [`'none'`],
    scriptSrc: [`'self'`, `'unsafe-inline'`],
    styleSrc: [`'self'`, `'unsafe-inline'`],
    imgSrc: [`'self'`]
  }
}));
// special CSP header for the bosch-logo.svg
app.use('/static/*.svg', helmet.contentSecurityPolicy({
  ...defaultHeaderConfig,
  directives: {
    styleSrc: [`'unsafe-inline'`]
  }
}));

// middleware
app.use(compression());  // compress responses
app.use(express.json({ limit: '5mb'}));
app.use(express.urlencoded({ extended: false, limit: '5mb' }));
app.use(bodyParser.json());
app.use(contentFilter({
  urlBlackList: ['$', '&&', '||'],
  bodyBlackList: ['$', '{', '&&', '||'],
  appendFound: true
}));  // filter URL query attacks
app.use((err, req, res, ignore) => {  // bodyParser error handling
  res.status(400).send({status: 'Invalid JSON body'});
});
app.use((req, res, next) => {  // no database connection error
  if (db.getState().db) {
    next();
  }
  else {
    console.error('No database connection');
    res.status(500).send({status: 'Internal server error'});
  }
});
app.use(cors());  // CORS headers
app.use(require('./helpers/authorize'));  // handle authentication

// redirect /api routes for Angular proxy in development
if (process.env.NODE_ENV !== 'production') {
  app.use('/api/:url([^]+)', (req, res) => {
    req.url = '/' + req.params.url;
    app.handle(req, res);
  });
}


// require routes
app.use('/', require('./routes/root'));
app.use('/', require('./routes/sample'));
app.use('/', require('./routes/material'));
app.use('/', require('./routes/measurement'));
app.use('/', require('./routes/template'));
app.use('/', require('./routes/model'));
app.use('/', require('./routes/user'));

// static files
app.use('/static', express.static('static'));

// Swagger UI
app.use('/api-doc', api());

app.use((req, res) => {  // 404 error handling
  res.status(404).json({status: 'Not found'});
});

app.use((err, req, res, ignore) => {  // internal server error handling
  console.error(err);
  res.status(500).json({status: 'Internal server error'});
});


// hook up server to port
const server = app.listen(port, () => {
  console.info(process.env.NODE_ENV === 'test' ? '' : `Listening on http://localhost:${port}`);
});

module.exports = server;
init 2020-01-14 13:25:13 +01:00			`import express from 'express';`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`import bodyParser from 'body-parser';`
cleaned TODOS 2020-06-05 10:51:03 +02:00			`import compression from 'compression';`
added authorization 2020-04-23 13:59:45 +02:00			`import contentFilter from 'content-filter';`
cleaned TODOS 2020-06-05 10:51:03 +02:00			`import helmet from 'helmet';`
spectrum field working again 2020-07-09 13:48:27 +02:00			`import cors from 'cors';`
implemented feature 2020-05-12 14:05:47 +02:00			`import api from './api';`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`import db from './db';`
fixed mail service 2020-08-07 08:37:25 +02:00			`import Mail from './helpers/mail';`
init 2020-01-14 13:25:13 +01:00

			`// tell if server is running in debug or production environment`
fixed testing cache 2020-08-04 13:54:14 +02:00			`console.info(process.env.NODE_ENV === 'production' ?`
			`'===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');`
init 2020-01-14 13:25:13 +01:00

implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`// mongodb connection`
			`db.connect();`
api definition created 2020-04-20 16:17:43 +02:00
fixed mail service 2020-08-07 08:37:25 +02:00			`// mail service`
			`Mail.init();`

init 2020-01-14 13:25:13 +01:00			`// create Express app`
			`const app = express();`

			`// get port from environment, defaults to 3000`
			`const port = process.env.PORT \|\| 3000;`

modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`// security headers`
api and headers 2020-07-28 13:59:13 +02:00			`const defaultHeaderConfig = {`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`contentSecurityPolicy: {`
			`directives: {`
			defaultSrc: [`'none'`],
			baseUri: [`'self'`],
			formAction: [`'none'`],
			frameAncestors: [`'none'`]
			`}`
api and headers 2020-07-28 13:59:13 +02:00			`},`
			`frameguard: {`
			`action: 'deny'`
			`},`
			`permittedCrossDomainPolicies: true,`
			`refererPolicy: true`
			`};`
			`app.use(helmet(defaultHeaderConfig));`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`// special CSP header for api-doc`
			`app.use('/api-doc', helmet.contentSecurityPolicy({`
api and headers 2020-07-28 13:59:13 +02:00			`...defaultHeaderConfig,`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`directives: {`
minor fixes 2020-07-30 11:36:03 +02:00			defaultSrc: [`'none'`],
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			scriptSrc: [`'self'`],
			connectSrc: [`'self'`],
			styleSrc: [`'self'`, `'unsafe-inline'`],
api and headers 2020-07-28 13:59:13 +02:00			imgSrc: [`'self'`, 'data:']
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`}`
			`}));`
added presentation 2020-08-07 15:21:16 +02:00			`// special CSP header for the intro-presentation`
another CSP fix 2020-08-09 17:25:32 +02:00			`app.use(/\/static\/intro-presentation\/(index.html)?/, helmet.contentSecurityPolicy({`
added presentation 2020-08-07 15:21:16 +02:00			`...defaultHeaderConfig,`
			`directives: {`
			defaultSrc: [`'none'`],
			scriptSrc: [`'self'`, `'unsafe-inline'`],
			styleSrc: [`'self'`, `'unsafe-inline'`],
			imgSrc: [`'self'`]
			`}`
			`}));`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`// special CSP header for the bosch-logo.svg`
added presentation 2020-08-07 15:21:16 +02:00			`app.use('/static/*.svg', helmet.contentSecurityPolicy({`
api and headers 2020-07-28 13:59:13 +02:00			`...defaultHeaderConfig,`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`directives: {`
			styleSrc: [`'unsafe-inline'`]
			`}`
			`}));`

			`// middleware`
fixed testing cache 2020-08-04 13:54:14 +02:00			`app.use(compression()); // compress responses`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`app.use(express.json({ limit: '5mb'}));`
			`app.use(express.urlencoded({ extended: false, limit: '5mb' }));`
			`app.use(bodyParser.json());`
fixed testing cache 2020-08-04 13:54:14 +02:00			`app.use(contentFilter({`
improved globals and added status and spectrum 2020-08-11 16:06:51 +02:00			`urlBlackList: ['$', '&&', '\|\|'],`
			`bodyBlackList: ['$', '{', '&&', '\|\|'],`
			`appendFound: true`
fixed testing cache 2020-08-04 13:54:14 +02:00			`})); // filter URL query attacks`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`app.use((err, req, res, ignore) => { // bodyParser error handling`
			`res.status(400).send({status: 'Invalid JSON body'});`
			`});`
added authorization 2020-04-23 13:59:45 +02:00			`app.use((req, res, next) => { // no database connection error`
			`if (db.getState().db) {`
			`next();`
			`}`
			`else {`
spectrum field working again 2020-07-09 13:48:27 +02:00			`console.error('No database connection');`
added authorization 2020-04-23 13:59:45 +02:00			`res.status(500).send({status: 'Internal server error'});`
			`}`
			`});`
spectrum field working again 2020-07-09 13:48:27 +02:00			`app.use(cors()); // CORS headers`
added authorization 2020-04-23 13:59:45 +02:00			`app.use(require('./helpers/authorize')); // handle authentication`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00			`// redirect /api routes for Angular proxy in development`
/api/ subroutes only available in dev/test 2020-05-28 12:18:38 +02:00			`if (process.env.NODE_ENV !== 'production') {`
first implementation of fields 2020-06-29 15:50:24 +02:00			`app.use('/api/:url([^]+)', (req, res) => {`
/api/ subroutes only available in dev/test 2020-05-28 12:18:38 +02:00			`req.url = '/' + req.params.url;`
first implementation of fields 2020-06-29 15:50:24 +02:00			`app.handle(req, res);`
/api/ subroutes only available in dev/test 2020-05-28 12:18:38 +02:00			`});`
			`}`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00

init 2020-01-14 13:25:13 +01:00			`// require routes`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00			`app.use('/', require('./routes/root'));`
			`app.use('/', require('./routes/sample'));`
			`app.use('/', require('./routes/material'));`
model routes 2020-08-13 12:07:40 +02:00			`app.use('/', require('./routes/measurement'));`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00			`app.use('/', require('./routes/template'));`
model routes 2020-08-13 12:07:40 +02:00			`app.use('/', require('./routes/model'));`
adapted existing /sample methods to condition, removed /condition route 2020-05-27 14:31:17 +02:00			`app.use('/', require('./routes/user'));`
init 2020-01-14 13:25:13 +01:00
styled swagger 2020-04-29 15:07:07 +02:00			`// static files`
			`app.use('/static', express.static('static'));`

init 2020-01-14 13:25:13 +01:00			`// Swagger UI`
modified api.ts to directly incorporate swagger-ui-express code 2020-07-28 10:30:10 +02:00			`app.use('/api-doc', api());`
init 2020-01-14 13:25:13 +01:00
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`app.use((req, res) => { // 404 error handling`
			`res.status(404).json({status: 'Not found'});`
			`});`

			`app.use((err, req, res, ignore) => { // internal server error handling`
			`console.error(err);`
			`res.status(500).json({status: 'Internal server error'});`
			`});`


init 2020-01-14 13:25:13 +01:00			`// hook up server to port`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`const server = app.listen(port, () => {`
implemented more /sample methods 2020-05-07 21:55:29 +02:00			console.info(process.env.NODE_ENV === 'test' ? '' : `Listening on http://localhost:${port}`);
init 2020-01-14 13:25:13 +01:00			`});`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00
			`module.exports = server;`