Skip to content

Instantly share code, notes, and snippets.

@dommmel
Created May 24, 2014
Embed
What would you like to do?
secure express 4 boilerplate using (tags: mincer, sass, coffeescript, bootstrap, cookie-session, csrf, swig)
var express = require('express')
, path = require('path')
, helmet = require('helmet')
, csrf = require('csurf')
, cookieParser = require('cookie-parser')
, bodyParser = require('body-parser')
, cookieSession = require('cookie-session')
, methodOverride = require('method-override')
, compress = require('compression')
, mincer = require('mincer')
, swig = require('swig');
var app = express();
app.set('port', (process.env.PORT || 5000));
app.use(compress());
app.use(bodyParser());
app.use(helmet.defaults())
app.use(methodOverride());
// Don't cache templates in development
if (process.env.NODE_ENV !== 'production') {
swig.setDefaults({ cache: false });
}
// set .html as the default extension
app.engine('html', swig.renderFile)
app.set('view engine', 'html');
app.set('views', __dirname + '/views');
//app.use(express.static(__dirname + '/public'));
app.use( cookieParser("guess me"));
app.use(cookieSession({
secret: "dant guess me",
}))
// CSRF Protection
app.use(csrf());
app.use(function (req, res, next) {
res.cookie('XSRF-TOKEN', req.csrfToken());
res.locals.csrf_token = req.csrfToken();
next();
});
mincer.logger.use(console);
var environment = new mincer.Environment(__dirname);
environment.enable('source_maps');// Enable source maps support
//environment.sourceRoot = '/'; // use to cheat nesting level in dev tools
// Configure environment load paths (where to find assets)
environment.appendPath('assets/javascripts');
environment.appendPath('assets/stylesheets');
environment.appendPath('assets/images');
environment.appendPath('assets/fonts');
// Paths for bootstrap-sass-official
// see https://github.com/twbs/bootstrap-sass#mincer for futher configuration/usage
var bootstrapDir = "../bower_components/bootstrap-sass-official/vendor/assets/"
environment.appendPath(bootstrapDir + 'stylesheets');
environment.appendPath(bootstrapDir + 'fonts');
environment.appendPath(bootstrapDir + 'javascripts');
// Define environment essential *_path helper that will be available in the
// processed assets. See `assets/stylesheets/app.css.ejs` for example.
environment.ContextClass.defineAssetPath(function (pathname, options) {
var asset = this.environment.findAsset(pathname, options);
if (!asset) {
throw new Error("File " + pathname + " not found");
}
return '/assets/' + asset.digestPath;
});
environment.enable("autoprefixer");
// Prepare production-ready environment
if ('production' === process.env.NODE_ENV) {
// Cache compiled assets.
environment.cache = new mincer.FileStore(path.join(__dirname, 'cache'));
// Enable JS and CSS compression
environment.jsCompressor = "uglify";
// (!) use csswring, because csso does not supports sourcemaps
environment.cssCompressor = "csswring";
// cache environment.
environment = environment.index;
}
app.use('/assets/', mincer.createServer(environment));
/*
* Asset View helpers
* Allows you to call javascript("filename.js") or stylesheet("filename.css")
* in your templates.
*/
function rewrite_extension(source, ext) {
var source_ext = path.extname(source);
return (source_ext === ext) ? source : (source + ext);
}
function alertAssetNotFound(fileType, logicalPath){
return '<script type="application/javascript">alert("' + fileType + ' file ' +
JSON.stringify(logicalPath).replace(/"/g, '\\"') +
' not found.")</script>';
}
app.locals.javascript = function javascript(logicalPath) {
var asset = environment.findAsset(logicalPath);
if (!asset) alertAssetNotFound("Javascript", logicalPath);
return '<script type="application/javascript" src="/assets/' +
rewrite_extension(asset.digestPath, '.js') +
'"></script>';
};
app.locals.stylesheet = function stylesheet(logicalPath) {
var asset = environment.findAsset(logicalPath);
if (!asset) alertAssetNotFound("Stylesheet", logicalPath);
return '<link rel="stylesheet" type="text/css" href="/assets/' +
rewrite_extension(asset.digestPath, '.css') +
'" />';
};
/*
*
* ADD ROUTES HERE
*
*/
// START SERVER
app.listen(app.get('port'), function() {
console.log("Node app is running at localhost:" + app.get('port'))
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment