Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var app = express(opts)
var server
// Instantiate Singleton Manager (which lists all blog files)
Manager.instance.init()
app.set('config', config.getConfigByWebsite())
app.use(flash())
app.use(cookieParser())
app.use(passport.initialize())
app.use(passport.session())
app.use(
bodyParser.urlencoded({limit: '1gb', extended: true, parameterLimit: 50000})
)
app.use(expressValidator())
app.use(csrf({cookie: {secure: config.cookie.secure}}))
app.use(function(req, res, next) {
if (req.url.indexOf('/abe/') > -1) {
res.locals._csrf = req.csrfToken()
}
next()
})
app.use(bodyParser.json({limit: '1gb'}))
if (config.security === true) {
app.use(helmet())
app.use(
helmet.csp({
directives: {
defaultSrc: ["'self'"],
const server = http.createServer(app);
const port = process.env.PORT || 3030;
// Hey you! care about my order http://stackoverflow.com/a/16781554/2034015
// Databases.
initializeMongodb();
const dbSession = initializeRedis(Session);
// Cookies.
app.use(cookieParser());
// Body.
app.use(bodyParser.urlencoded({extended: false}));
app.use(bodyParser.json());
app.use(expressValidator({
customValidators: {
isSlug: function (input) {
if (typeof input !== 'string' ||
input.length < 5 || input.length > 55) return false;
const re = /^[a-zA-Z0-9_-]+$/;
return input.match(re);
}
}
}));
// Session.
const session = Session({
resave: true,
saveUninitialized: true,
key: config.get('session.key'),
// Logging information in the console
app.use(morgan('dev'));
// Request body parser
app.use(bodyParser.urlencoded({extended: false}));
app.use(bodyParser.json());
app.use(cors());
// Attach helpers to request
app.use((req, res, next) => {
req.helpers = helpers;
next();
});
// Attach express validator to requests
app.use(expressValidator());
// Routes
app.use('/', routes);
// Handle Errors
app.use(errorHandlers.notFound);
app.use(errorHandlers.showErrors);
export default app;
public initalize(app) {
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
// validator
app.use(expressValidator());
// favicon
let faviconPath = path.join(__dirname, '.', 'public', 'favicon.ico');
app.use(favicon(faviconPath)); // uncomment after placing your favicon in /public
// logger
app.use(morgan('dev'));
// bodyParser
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
// cookieParser
app.use(cookieParser());
// i18n localication
}),
);
// parse anything else
app.use(bodyParser.raw({ limit: '20mb' }));
app.use(
methodOverride((req, res) => {
if (req.body && typeof req.body === 'object' && '_method' in req.body) {
// look in urlencoded POST bodies and delete it
const method = req.body._method;
delete req.body._method;
return method;
}
}),
);
// must be right after bodyParser
app.use(expressValidator());
app.use(
busboy({
limits: {
fileSize: 5242880,
},
}),
);
app.use(hpp());
if (process.env.NODE_ENV !== 'production') {
expressWinston.requestWhitelist.push('body');
expressWinston.responseWhitelist.push('body');
app.use(
expressWinston.logger({
winstonInstance,
meta: true,
msg: 'HTTP {{req.method}} {{req.url}} {{res.statusCode}} {{res.responseTime}}ms',
private config(): void {
this.app.use(bodyParser.json());
this.app.use(bodyParser.urlencoded({ extended: false }));
this.app.use(cors());
this.app.use(compression());
this.app.use(expressValidator());
this.routes.routes(this.app);
if (AppConfig.NODE_ENV === "production") {
// Serve any static files
this.app.use(express.static(AppConfig.UI_DIR));
// Handle React routing, return all requests to React app
this.app.get("*", (req, res) => {
res.sendFile(path.join(AppConfig.UI_DIR, "index.html"));
});
}
}
}
app.set('views', path.join(__dirname, 'views'));
app.use(function (req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, access-token');
res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE');
if ('OPTIONS' === req.method) {
res.status(204).send();
}
else {
next();
}
});
app.use(bodyParser.json());
app.use(expressValidator({
customValidators: customValidators,
customSanitizers : customSanitizers
}));
app.use(validationGroups());
app.set('config', config);
app.set('models', models);
app.set('port', config.port);
app.set('logger', logger);
app.set('actions', actions);
app.set('emailSender', emailSender);
app.use(morgan('combined',{
stream: {
write: (message) => {
logger.info(message);
setupMiddlewareValidator_() {
this.getServer()
.getEngine()
.use(
expressValidator({
customValidators: {
custom: function(value, fn) {
return fn(value);
},
},
errorFormatter: (param, msg, value) => {
return {
reason: msg,
context: {
param: param,
value: value,
},
};
},
})
);
return;
}
if (ALLOW_ORIGIN.indexOf(origin) !== -1 || origin === undefined) {
callback(null, true);
} else {
callback(new Error('not allowed by CORS'));
}
},
credentials: true,
}));
app.use(morgan(ENVIRONMENT === 'production' ? 'combined' : 'dev'));
app.use(compression());
app.use(bodyParser.json({ limit: '50mb' }));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(expressValidator());
app.use(session({
resave: true,
saveUninitialized: true,
secret: SESSION_SECRET,
store: sessionStore(),
cookie: { maxAge: 24 * 60 * 60 * 1000 },
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.xssProtection(true));
userApi(app);
diagramApi(app);
datasetApi(app);
flowsenseApi(app);