-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
94 lines (74 loc) · 2.69 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
"use strict";
const express = require("express");
const app = express();
require("dotenv").config();
const mongoSanitize = require("express-mongo-sanitize");
const helmet = require("helmet");
const rateLimit = require("express-rate-limit");
const cors = require("cors");
// DB connection
require("./server");
const PORT = process.env.PORT || 8000;
// Swagger setup
const swaggerJsdoc = require("swagger-jsdoc");
const swaggerUi = require("swagger-ui-express");
// Swagger options
const swaggerOptions = {
definition: {
openapi: "3.0.0",
info: {
title: "Todo API",
version: "1.0.0",
description: "A simple API for managing todos",
},
servers: [
{
url: process.env.HEROKU_URL || "http://127.0.0.1:8000",
},
],
},
apis: ["./src/routes/todoRouter.js"],
};
// Swagger docs oluşturma
const swaggerSpec = swaggerJsdoc(swaggerOptions);
// Swagger UI ile API dokümantasyonu arayüzünü başlatma
app.use("/api-docs", swaggerUi.serve, swaggerUi.setup(swaggerSpec));
/********************************************************************/
// Middlewares:
// CORS Middleware: Allow requests from specific origin (frontend domain)
const corsOptions = {
origin: process.env.VERCEL_URL || "http://localhost:3000",
methods: ["GET", "POST", "PUT", "DELETE"],
credentials: true,
allowedHeaders: ["Content-Type", "Authorization"],
};
app.use(cors(corsOptions));
// Middleware for parsing incoming JSON requests
app.use(express.json());
// Handle async errors in the application using express-async-errors
require("express-async-errors");
// Rate limiting to prevent too many requests from a single IP
// This is to protect the API from DDoS or brute force attacks
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Allow only 100 requests per IP in the time window
message: "Too many requests from this IP, please try again later.",
});
app.use(limiter); // Apply rate limiting to all incoming requests
// Welcome route to indicate the server is up
app.get("/", (req, res) => {
res.send("Welcome to the Todo API! The server is up and running.");
});
// Route for Todo-related operations
app.use("/todo", require("./src/routes/todoRouter"));
// Helmet secures your app by setting various HTTP headers to protect against common vulnerabilities.
app.use(helmet());
// Sanitize user input to prevent NoSQL injection attacks
app.use(mongoSanitize());
// Error handler middleware to catch and respond to errors
app.use(require("./src/middlewares/errorHandler"));
/********************************************************************/
// Start the server
app.listen(PORT, () => {
console.log(`Server running on http://127.0.0.1:${PORT}`);
});