-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.js
More file actions
146 lines (124 loc) · 4.23 KB
/
app.js
File metadata and controls
146 lines (124 loc) · 4.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
if (process.env.NODE_ENV != "production") {
require("dotenv").config();
// Workaround for local ISP blocking MongoDB SRV resolution
require("dns").setServers(["8.8.8.8", "1.1.1.1"]);
}
const express = require("express");
const app = express();
app.set("trust proxy", 1);
const mongoose = require("mongoose");
const path = require("path");
const ExpressError = require("./utils/ExpressError.js");
const passport = require("passport");
const LocalStrategy = require("passport-local");
const User = require("./models/user.js");
const cors = require("cors");
const listingsRoutes = require("./routes/listing.js");
const reviewsRoutes = require("./routes/review.js");
const userRoutes = require("./routes/user.js");
const session = require("express-session");
const MongoStore = require("connect-mongo");
const flash = require("connect-flash");
const dbUrl = process.env.ATLASDB_URL || "mongodb://127.0.0.1:27017/wanderlust";
// *============== CORS ==============* //
app.use(
cors({
origin: process.env.FRONTEND_URL,
credentials: true,
}),
);
// *============== CORE MIDDLEWARE ==============* //
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use(express.static(path.join(__dirname, "public")));
// Serve React build in production
if (process.env.NODE_ENV === "production") {
app.use(express.static(path.join(__dirname, "client", "dist")));
}
// *============== DATABASE ==============* //
async function main() {
await mongoose.connect(dbUrl);
}
main()
.then(() => {
console.log("Connected to Database: wanderlust");
})
.catch((err) => {
console.log(err);
});
// *============== SESSION STORE ==============* //
const store = MongoStore.create({
mongoUrl: dbUrl,
crypto: {
secret: process.env.SECRET,
},
collectionName: "sessions",
touchAfter: 24 * 3600,
});
store.on("error", (err) => {
console.log("ERROR IN MONGO SESSION STORE: ", err);
});
const sessionOptions = {
store,
secret: process.env.SECRET,
resave: false,
saveUninitialized: true,
cookie: {
httpOnly: true,
// Add these two lines for cross-origin authentication!
secure: process.env.NODE_ENV === "production",
sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
// Keep your existing expires/maxAge
expires: Date.now() + 7 * 24 * 60 * 60 * 1000,
maxAge: 7 * 24 * 60 * 60 * 1000,
},
};
app.use(session(sessionOptions));
app.use(flash());
// *============== PASSPORT ==============* //
app.use(passport.initialize());
app.use(passport.session());
passport.use(new LocalStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
// *============== LOCALS MIDDLEWARE ==============* //
app.use((req, res, next) => {
res.locals.success = req.flash("success");
res.locals.error = req.flash("error");
res.locals.currUser = req.user;
next();
});
// *============== AUTH STATUS ENDPOINT ==============* //
// React calls this on mount to get current user + any pending flash messages
app.get("/api/auth/me", (req, res) => {
const success = req.flash("success");
const error = req.flash("error");
res.json({
user: req.user || null,
flash: { success, error },
});
});
// *============== API ROUTES ==============* //
app.use("/api", userRoutes);
app.use("/api/listings", listingsRoutes);
app.use("/api/listings/:id/reviews", reviewsRoutes);
// *============== PRODUCTION CATCH-ALL ==============* //
// Serve React app for any non-API route in production
if (process.env.NODE_ENV === "production") {
app.get("*", (req, res) => {
res.sendFile(path.join(__dirname, "client", "dist", "index.html"));
});
}
// *============== 404 HANDLER ==============* //
app.all("*", (req, res, next) => {
next(new ExpressError(404, "Page Not Found!"));
});
// *============== ERROR HANDLER (JSON) ==============* //
app.use((err, req, res, next) => {
let { statusCode = 500, message = "Something Went Wrong!" } = err;
res.status(statusCode).json({ error: message });
});
const port = process.env.PORT || 8080;
app.listen(port, () => {
console.log(`The server is listening to port ${port}`);
});