core-api/server.js at master · ephs/core-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
//Node requires
const express = require('express');
const bodyParser = require('body-parser');
const app = express();
const rateLimit = require("express-rate-limit");
const winston = require('winston');

const config = require('./server/config/config');

const logger = winston.createLogger({
    level: 'info',
    format: winston.format.json(),
    transports: [
        new winston.transports.File({filename: '../error.log', level: 'error'}),
        new winston.transports.File({filename: '../combined.log'})
    ]
});

//Create logger
let reqTracker = function (req, res, next) {
    if (req.connection.remoteAddress === "::1") //Local host = ::1
        logger.info("[HTTP] Localhost --> (" + req.method + ") " + req.url);
    else
        logger.info("[HTTP] " + req.connection.remoteAddress + " --> (" + req.method + ") " + req.url);
    next();
};
//Use logger
app.all('*', reqTracker);
console.log("[LOGGER] Running logger.");

//Rate limit (a little generous because all students will have the same IP).
const limiter = rateLimit({
    windowMs: 5 * 60 * 1000, // 5 minutes
    max: config.maxRequests,
    message: "You sure did overwhelm the server. Please wait before sending more requests. THIS HAS BEEN LOGGED!",
    onLimitReached: function (req, res, options) {
        if (req.connection.remoteAddress === "::1")
            logger.info("[R-LIMIT] Too many requests from localhost!");
        else
            logger.info("[R-LIMIT] Too many requests from " + req.connection.remoteAddress +  "!");
    }
});
app.use(limiter);
console.log("Running rate limiter. " + config.maxRequests + " per 5 minutes.");

app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json()); // support json encoded bodies

//Remove/add headers
app.disable('x-powered-by');
app.use((req, res, next) => {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers",
        "Origin, X-Requeted-With, Content-Type, Accept, Authorization, RBR");
    if (req.headers.origin) {
        res.header('Access-Control-Allow-Origin', req.headers.origin);
    }
    if (req.method === 'OPTIONS') {
        res.header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE");
        return res.status(200).json({});
    }
    next();
});
//Index page routes //TODO maybe get this out of server.js?
app.get('/', function (req, res) {
    res.status(200);
    res.json({
        "error": "false",
        "message": "OK"
    });
});

//Pull in our api routes
const apiRoutes = require('./server/routes/routes');
//Use api routes
app.use('/api/v1/', apiRoutes);

//Error handlers
app.use(function (err, req, res, next) {
    if (err.name === 'UnauthorizedError') {
        res.status(401);
        res.json({
            "error": "true",
            "error_code": "auth_required"
        });
    }
});

// development error handler
// will print stacktrace
app.use(function (err, req, res, next) {
    res.status(err.status || 500);
    res.render('error', {
        message: err.message,
        error: err
    });
});
/* TODO: re-enable for prod
// production error handler
// no stacktraces leaked to user
app.use(function (err, req, res, next) {
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
});
*/

module.exports = {
    app: app,
    logger: logger
};