Created
February 1, 2018 03:20
-
-
Save nhanco/eac268743d6978d9ab4ff9d7e32322bd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import express from "express" | |
import next from "next" | |
import bodyParser from "body-parser" | |
import cookieParser from "cookie-parser" | |
import dotenv from "dotenv" | |
import jwt from "jsonwebtoken" | |
import lusca from "lusca" | |
import moment from "moment" | |
import helmet from "helmet" | |
import Auth from "./tools/Auth" | |
import routes from "./server/routes" | |
const port = parseInt(process.env.PORT, 10) || 3000 | |
const dev = process.env.NODE_ENV !== "production" | |
const app = next({ dev }) | |
const handle = app.getRequestHandler() | |
app.prepare() | |
.then(() => { | |
const server = express() | |
// Request body parsing middleware should be above methodOverride | |
server.use(bodyParser.json()) | |
server.use(bodyParser.urlencoded({ | |
extended: true, | |
limit: "50mb", | |
parameterLimit: 10000000, // experiment with this parameter and tweak | |
})) | |
server.use(cookieParser()) | |
server.use(lusca.xframe("SAMEORIGIN")) | |
server.use(lusca.xssProtection(true)) | |
// global user info | |
server.use(helmet()) | |
server.use(helmet.xssFilter()) // sets the X-XSS-Protection header | |
server.use(helmet.frameguard("deny")) // Prevent iframe clickjacking | |
server.use(lusca.nosniff()) | |
server.locals.moment = moment | |
server.use((req, res, next) => { | |
res.locals.user = req.user | |
next() | |
res.setHeader("X-Powered-By", "Nhan Co") // modify X power header | |
res.setHeader("X-Dev-By", "http://fb.com/nhanco") // modify X power header | |
}) | |
routes(server, handle) | |
server.listen(port, (err) => { | |
if (err) throw err | |
console.log("> Ready on http://vbo.local") | |
}) | |
}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment