1 |
|
2 | 'use strict';
|
3 |
|
4 | Object.defineProperty(exports, '__esModule', { value: true });
|
5 |
|
6 | function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
|
7 |
|
8 | var compression = _interopDefault(require('compression'));
|
9 | var createLocaleMiddleware = _interopDefault(require('express-locale'));
|
10 | var cookieParser = _interopDefault(require('cookie-parser'));
|
11 | var bodyParser = _interopDefault(require('body-parser'));
|
12 | var PrettyError = _interopDefault(require('pretty-error'));
|
13 | var helmet = _interopDefault(require('helmet'));
|
14 | var parameterProtection = _interopDefault(require('hpp'));
|
15 | var uuid = _interopDefault(require('uuid'));
|
16 | var express = _interopDefault(require('express'));
|
17 | var dotenv = _interopDefault(require('dotenv'));
|
18 |
|
19 | function addCoreMiddleware(server, _ref) {
|
20 | var locale = _ref.locale;
|
21 |
|
22 |
|
23 | server.use(cookieParser());
|
24 |
|
25 |
|
26 | server.use(createLocaleMiddleware({
|
27 | priority: ["query", "cookie", "accept-language", "default"],
|
28 | "default": locale["default"].replace(/-/, "_"),
|
29 | allowed: locale.supported.map(function (entry) {
|
30 | return entry.replace(/-/, "_");
|
31 | })
|
32 | }));
|
33 |
|
34 |
|
35 | server.use(bodyParser.urlencoded({ extended: false }));
|
36 |
|
37 |
|
38 | server.use(bodyParser.json());
|
39 |
|
40 |
|
41 | server.use(compression());
|
42 | }
|
43 |
|
44 | var pretty = new PrettyError();
|
45 |
|
46 |
|
47 | pretty.skipNodeFiles();
|
48 |
|
49 |
|
50 | pretty.skipPackage("express");
|
51 |
|
52 | function addErrorMiddleware(server) {
|
53 |
|
54 | server.use(function (error, request, response, next) {
|
55 |
|
56 | console.log(pretty.render(error));
|
57 | next();
|
58 | });
|
59 | }
|
60 |
|
61 |
|
62 | function addFallbackHandler(server) {
|
63 |
|
64 |
|
65 |
|
66 |
|
67 | server.use(function (request, response) {
|
68 |
|
69 | response.status(404).send("Sorry, that resource was not found.");
|
70 | });
|
71 |
|
72 |
|
73 |
|
74 |
|
75 | server.use(function (error, request, response) {
|
76 | if (error) {
|
77 |
|
78 | console.log(error);
|
79 | console.log(error.stack);
|
80 | }
|
81 |
|
82 | response.status(500).send("Sorry, an unexpected error occurred.");
|
83 | });
|
84 | }
|
85 |
|
86 | function addSecurityMiddleware(server, _ref) {
|
87 | var _ref$enableNonce = _ref.enableNonce,
|
88 | enableNonce = _ref$enableNonce === undefined ? true : _ref$enableNonce,
|
89 | _ref$enableCSP = _ref.enableCSP,
|
90 | enableCSP = _ref$enableCSP === undefined ? true : _ref$enableCSP;
|
91 |
|
92 | if (enableNonce) {
|
93 |
|
94 |
|
95 |
|
96 |
|
97 |
|
98 | server.use(function (request, response, next) {
|
99 | response.locals.nonce = uuid();
|
100 | next();
|
101 | });
|
102 | }
|
103 |
|
104 |
|
105 | server.disable("x-powered-by");
|
106 |
|
107 |
|
108 | server.use(parameterProtection());
|
109 |
|
110 |
|
111 |
|
112 |
|
113 |
|
114 |
|
115 |
|
116 |
|
117 |
|
118 |
|
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
|
128 |
|
129 |
|
130 | var cspConfig = enableCSP ? {
|
131 | directives: {
|
132 | defaultSrc: ["'self'"],
|
133 |
|
134 | scriptSrc: [
|
135 |
|
136 | "'self'",
|
137 |
|
138 |
|
139 |
|
140 |
|
141 |
|
142 |
|
143 | function (request, response) {
|
144 | return "'nonce-" + response.locals.nonce + "'";
|
145 | },
|
146 |
|
147 |
|
148 | process.env.NODE_ENV === "development" ? "'unsafe-eval'" : ""].filter(function (value) {
|
149 | return value !== "";
|
150 | }),
|
151 |
|
152 | styleSrc: ["'self'", "'unsafe-inline'", "blob:"],
|
153 | imgSrc: ["'self'", "data:"],
|
154 | fontSrc: ["'self'", "data:"],
|
155 |
|
156 |
|
157 |
|
158 |
|
159 |
|
160 | connectSrc: ["*"],
|
161 |
|
162 |
|
163 |
|
164 |
|
165 | childSrc: ["'self'"]
|
166 | }
|
167 | } : null;
|
168 |
|
169 | if (enableCSP) {
|
170 | server.use(helmet.contentSecurityPolicy(cspConfig));
|
171 | }
|
172 |
|
173 |
|
174 |
|
175 |
|
176 | server.use(helmet.xssFilter());
|
177 |
|
178 |
|
179 |
|
180 | server.use(helmet.frameguard("deny"));
|
181 |
|
182 |
|
183 |
|
184 |
|
185 | server.use(helmet.ieNoOpen());
|
186 |
|
187 |
|
188 |
|
189 |
|
190 |
|
191 | server.use(helmet.noSniff());
|
192 | }
|
193 |
|
194 | var defaultLocale = {
|
195 | "default": "en-US",
|
196 | supported: ["en-US"]
|
197 | };
|
198 |
|
199 | var defaultStatic = {
|
200 | "public": "/static/",
|
201 | path: "build/client"
|
202 | };
|
203 |
|
204 | function createExpressServer(_ref) {
|
205 | var _ref$localeConfig = _ref.localeConfig,
|
206 | localeConfig = _ref$localeConfig === undefined ? defaultLocale : _ref$localeConfig,
|
207 | _ref$staticConfig = _ref.staticConfig,
|
208 | staticConfig = _ref$staticConfig === undefined ? defaultStatic : _ref$staticConfig,
|
209 | _ref$afterSecurity = _ref.afterSecurity,
|
210 | afterSecurity = _ref$afterSecurity === undefined ? [] : _ref$afterSecurity,
|
211 | _ref$beforeFallback = _ref.beforeFallback,
|
212 | beforeFallback = _ref$beforeFallback === undefined ? [] : _ref$beforeFallback,
|
213 | _ref$enableCSP = _ref.enableCSP,
|
214 | enableCSP = _ref$enableCSP === undefined ? false : _ref$enableCSP,
|
215 | _ref$enableNonce = _ref.enableNonce,
|
216 | enableNonce = _ref$enableNonce === undefined ? false : _ref$enableNonce;
|
217 |
|
218 |
|
219 | var server = express();
|
220 |
|
221 | addErrorMiddleware(server);
|
222 | addSecurityMiddleware(server, { enableCSP: enableCSP, enableNonce: enableNonce });
|
223 |
|
224 |
|
225 | if (afterSecurity.length > 0) {
|
226 | afterSecurity.forEach(function (middleware) {
|
227 | if (middleware instanceof Array) {
|
228 | server.use.apply(server, middleware);
|
229 | } else {
|
230 | server.use(middleware);
|
231 | }
|
232 | });
|
233 | }
|
234 |
|
235 | addCoreMiddleware(server, { locale: localeConfig });
|
236 |
|
237 |
|
238 | if (staticConfig) {
|
239 | server.use(staticConfig["public"], express["static"](staticConfig.path));
|
240 | }
|
241 |
|
242 |
|
243 | if (beforeFallback.length > 0) {
|
244 | beforeFallback.forEach(function (middleware) {
|
245 | if (middleware instanceof Array) {
|
246 | server.use.apply(server, middleware);
|
247 | } else {
|
248 | server.use(middleware);
|
249 | }
|
250 | });
|
251 | }
|
252 |
|
253 |
|
254 | addFallbackHandler(server);
|
255 |
|
256 | return server;
|
257 | }
|
258 |
|
259 |
|
260 | dotenv.config();
|
261 |
|
262 | exports.addCoreMiddleware = addCoreMiddleware;
|
263 | exports.addErrorMiddleware = addErrorMiddleware;
|
264 | exports.addFallbackHandler = addFallbackHandler;
|
265 | exports.addSecurityMiddleware = addSecurityMiddleware;
|
266 | exports.createExpressServer = createExpressServer;
|
267 |
|