mirror of
https://github.com/psforever/PSFPortal.git
synced 2026-01-19 18:14:45 +00:00
82 lines
2.4 KiB
JavaScript
82 lines
2.4 KiB
JavaScript
import express from 'express'
|
|
import session from 'express-session'
|
|
import connectPg from 'connect-pg-simple'
|
|
import morgan from 'morgan'
|
|
import history from 'connect-history-api-fallback'
|
|
import dotenv from 'dotenv'
|
|
import api from './api/index.js'
|
|
import { start_server_polling } from './api/psadmin.js'
|
|
import * as db from './api/db.js'
|
|
|
|
dotenv.config();
|
|
|
|
const PORT = process.env.PORT || 8080;
|
|
const MODE = process.env.NODE_ENV || 'development';
|
|
const BASE_URL = 'https://play.psforever.net';
|
|
|
|
const app = express();
|
|
|
|
app.use(morgan('dev'));
|
|
|
|
if (process.env.TRUST_PROXY) {
|
|
console.log("Trusting proxy")
|
|
app.set('trust proxy', 'loopback')
|
|
}
|
|
|
|
// TODO: recaptcha
|
|
// TODO: form csrf protection: https://github.com/expressjs/csurf
|
|
// TODO: login rate limiting: https://www.npmjs.com/package/rate-limiter-flexible
|
|
// - https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection
|
|
// TODO: X-Frame-Options: deny
|
|
// TODO: X-Upgrade-Insecure-Requests
|
|
|
|
// Kick off the DB connection and any dependencies
|
|
// Needs to be in a function to await the DB connection state
|
|
(async () => {
|
|
await db.connect_to_db();
|
|
await start_server_polling()
|
|
|
|
const pgSession = connectPg(session);
|
|
|
|
const sessionMiddleware = session({
|
|
store: new pgSession({
|
|
pool: db.pool,
|
|
tableName: 'session'
|
|
}),
|
|
secret: process.env.COOKIE_SECRET, // changing this will invalidate all sessions
|
|
resave: false, // dont bother saving unchanged sessions
|
|
saveUninitialized: false, // dont bother saving sessions that have no data
|
|
cookie: {
|
|
httpOnly: true,
|
|
maxAge: 7 * 24 * 60 * 60 * 1000,
|
|
//secure: true, // TODO: only send cookie over https
|
|
} // 7 days
|
|
})
|
|
|
|
// All API requests have a session. Other requests are static
|
|
app.use("/api", sessionMiddleware, api);
|
|
|
|
// TODO: inject csrf token into meta of index.html
|
|
app.use(express.static('public'));
|
|
|
|
// Redirect 404s to /index.html for the single-page app (SPA)
|
|
app.use(history());
|
|
|
|
// This last static might seem redundant, but it is necessary to have the history API
|
|
// redirect work properly. If the app makes it this far, it will be an Express 404
|
|
app.use(express.static('public'));
|
|
|
|
app.listen(PORT, function () {
|
|
let url = '';
|
|
|
|
if (MODE === 'development') {
|
|
url = 'http://localhost:' + PORT + '/';
|
|
} else {
|
|
url = BASE_URL + '/';
|
|
}
|
|
|
|
console.log('[MODE ' + MODE + '] PSFWeb now accepting requests at ' + url);
|
|
});
|
|
})();
|
|
|