trickydisco78/gist:471286339de564f7aa85ecc008bc8625

## gistfile1.txt
import express from 'express';
import proxy from 'http-proxy-middleware';
import compression from 'compression';
import apicache from 'apicache';
let cors = require('cors');
let helmet = require('helmet');
require('dotenv').config();
let cache = apicache.middleware;

// whitelist domains
var whitelist = [
  'https://www.domain1.com',
  'http://www.domain2.com',
  'https://www.domain3.com',
  'http://www.domain4.com'
];

var corsOptionsDelegate = function(req, callback) {
  var corsOptions;
  if (whitelist.indexOf(req.header('Origin')) !== -1) {
    corsOptions = { origin: true }; // reflect (enable) the requested origin in the CORS response
  } else {
    corsOptions = { origin: false }; // disable CORS for this request
  }
  callback(null, corsOptions); // callback expects two parameters: error and options
  credentials: true;
};

var options = {
  logLevel: 'debug',
  target: 'https://api.airtable.com/v0/', //+ process.env.APP_ID,
  changeOrigin: true,
  headers: {
    Accept: 'application/json',
    Authorization: 'Bearer ' + process.env.API_KEY,
    'Cache-Control': 'max-age=450000'
  },
  pathRewrite: {
    '^/api': ''
  },
  onError(err, req, res) {
    res.writeHead(500, {
      'Content-Type': 'text/plain'
    });
    res.end('Something went wrong. And we are reporting a custom error message.');
  },

  onProxyRes(proxyRes, req, res) {
    // Secure API so only GET requests are handled
    proxyRes.headers['Access-Control-Allow-Methods'] = 'GET';
    proxyRes.headers['Access-Control-Allow-Headers'] =
      'content-type, authorization, content-length, X-Requested-With, accept';

    if (req.headers.origin) {
      if (whitelist.indexOf(req.headers.origin) === -1) {
        //|| whitelist.indexOf(req.headers.referer) === -1) {
        proxyRes.headers['Access-Control-Allow-Origin'] = 'http://www.domain1.com';
      } else {
        proxyRes.headers['Access-Control-Allow-Origin'] = req.headers.origin; //|| req.headers.referer;
      }
    }

    proxyRes.headers['P3P'] =
      'ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI';
  },

  // http://stackoverflow.com/questions/14262986/node-js-hostname-ip-doesnt-match-certificates-altnames
  // https://github.com/nodejitsu/node-http-proxy/blob/f345a1ac2dde1884e72b952a685a0a1796059f14/lib/http-proxy/common.js#L54
  secure: true,
  ssl: {
    rejectUnauthorized: true
  }
};

let apiProxy = proxy(options);

let app = express();
app.use(compression());
app.use(helmet());

app.use('/api/**', cache('5 minutes'), cors(corsOptionsDelegate), apiProxy);

let server = app.listen(process.env.PORT || 3000, function() {
  console.log('Listening on port ' + server.address().port);
});

export default app;
	import express from 'express';
	import proxy from 'http-proxy-middleware';
	import compression from 'compression';
	import apicache from 'apicache';
	let cors = require('cors');
	let helmet = require('helmet');
	require('dotenv').config();
	let cache = apicache.middleware;

	// whitelist domains
	var whitelist = [
	'https://www.domain1.com',
	'http://www.domain2.com',
	'https://www.domain3.com',
	'http://www.domain4.com'
	];

	var corsOptionsDelegate = function(req, callback) {
	var corsOptions;
	if (whitelist.indexOf(req.header('Origin')) !== -1) {
	corsOptions = { origin: true }; // reflect (enable) the requested origin in the CORS response
	} else {
	corsOptions = { origin: false }; // disable CORS for this request
	}
	callback(null, corsOptions); // callback expects two parameters: error and options
	credentials: true;
	};

	var options = {
	logLevel: 'debug',
	target: 'https://api.airtable.com/v0/', //+ process.env.APP_ID,
	changeOrigin: true,
	headers: {
	Accept: 'application/json',
	Authorization: 'Bearer ' + process.env.API_KEY,
	'Cache-Control': 'max-age=450000'
	},
	pathRewrite: {
	'^/api': ''
	},
	onError(err, req, res) {
	res.writeHead(500, {
	'Content-Type': 'text/plain'
	});
	res.end('Something went wrong. And we are reporting a custom error message.');
	},

	onProxyRes(proxyRes, req, res) {
	// Secure API so only GET requests are handled
	proxyRes.headers['Access-Control-Allow-Methods'] = 'GET';
	proxyRes.headers['Access-Control-Allow-Headers'] =
	'content-type, authorization, content-length, X-Requested-With, accept';

	if (req.headers.origin) {
	if (whitelist.indexOf(req.headers.origin) === -1) {
	//\|\| whitelist.indexOf(req.headers.referer) === -1) {
	proxyRes.headers['Access-Control-Allow-Origin'] = 'http://www.domain1.com';
	} else {
	proxyRes.headers['Access-Control-Allow-Origin'] = req.headers.origin; //\|\| req.headers.referer;
	}
	}

	proxyRes.headers['P3P'] =
	'ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI';
	},

	// http://stackoverflow.com/questions/14262986/node-js-hostname-ip-doesnt-match-certificates-altnames
	// https://github.com/nodejitsu/node-http-proxy/blob/f345a1ac2dde1884e72b952a685a0a1796059f14/lib/http-proxy/common.js#L54
	secure: true,
	ssl: {
	rejectUnauthorized: true
	}
	};

	let apiProxy = proxy(options);

	let app = express();
	app.use(compression());
	app.use(helmet());

	app.use('/api/**', cache('5 minutes'), cors(corsOptionsDelegate), apiProxy);

	let server = app.listen(process.env.PORT \|\| 3000, function() {
	console.log('Listening on port ' + server.address().port);
	});

	export default app;