1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-25 00:07:47 +01:00
unleash.unleash/lib/app.js
Ivar Conradi Østhus a870c12138 fix: add optional helmet security headers
Allow users to enable the helmet middleware to enable
security headers by default.

https://github.com/helmetjs/helmet
2020-09-01 21:21:26 +02:00

66 lines
1.9 KiB
JavaScript

'use strict';
const express = require('express');
const compression = require('compression');
const favicon = require('serve-favicon');
const cookieParser = require('cookie-parser');
const path = require('path');
const errorHandler = require('errorhandler');
const IndexRouter = require('./routes');
const unleashSession = require('./middleware/session');
const responseTime = require('./middleware/response-time');
const requestLogger = require('./middleware/request-logger');
const simpleAuthentication = require('./middleware/simple-authentication');
const noAuthentication = require('./middleware/no-authentication');
const helmet = require('./middleware/helmet');
module.exports = function(config) {
const app = express();
const baseUriPath = config.baseUriPath || '';
app.set('trust proxy');
app.disable('x-powered-by');
app.set('port', config.port);
app.locals.baseUriPath = baseUriPath;
if (typeof config.preHook === 'function') {
config.preHook(app);
}
app.use(compression());
app.use(cookieParser());
app.use(express.json({ strict: false }));
app.use(unleashSession(config));
app.use(responseTime(config));
app.use(requestLogger(config));
app.use(helmet(config));
if (config.publicFolder) {
app.use(favicon(path.join(config.publicFolder, 'favicon.ico')));
app.use(baseUriPath, express.static(config.publicFolder));
}
if (config.adminAuthentication === 'unsecure') {
simpleAuthentication(baseUriPath, app);
}
if (config.adminAuthentication === 'none') {
noAuthentication(baseUriPath, app);
}
if (typeof config.preRouterHook === 'function') {
config.preRouterHook(app);
}
// Setup API routes
app.use(`${baseUriPath}/`, new IndexRouter(config).router);
if (process.env.NODE_ENV !== 'production') {
app.use(errorHandler());
}
return app;
};