-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.js
125 lines (104 loc) · 3.33 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
'use strict';
// Imports
const express = require('express'),
app = express(),
config = require('./config'),
info = require('./package'),
mongo = require('./mongo'),
bodyParser = require('body-parser'),
helmet = require('helmet'),
utils = require('./utils');
var client;
// Connect to MongoDB
mongo.connect((err) => {
if (err) { // Error connecting to MongoDB
utils.logError(err.message);
process.exit(1);
}
client = mongo.client();
// Get request body
app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
// Protect against some well-known vulnerabilities
app.use(helmet({
frameguard: {
action: 'deny'
}
}));
// Function to be run on all requests
app.use('/*', (req, res, next) => {
// Auth
const auth = true;
if (!auth) {
if (req.method == "POST") {
console.log("\n\x1b[31m" + new Date().toLocaleString() + ":\x1b[0m Unauthorised POST request to '" + req.originalUrl + "' with body:");
console.log(req.body);
} else {
console.log("\n\x1b[31m" + new Date().toLocaleString() + ":\x1b[0m Unauthorised " + req.method + " request to '" + req.originalUrl + "'");
}
res.status(401).json({
code: "004",
message: "Unauthorised"
}); // 401 return
return;
}
// Log request
if (req.method == "POST") {
console.log("\n\x1b[33m" + new Date().toLocaleString() + ":\x1b[0m POST request to '" + req.originalUrl + "' with body:");
console.log(req.body);
utils.logToFile(new Date().toLocaleString() + ": POST request to '" + req.originalUrl + "' with body: " + JSON.stringify(req.body));
} else {
console.log("\n\x1b[33m" + new Date().toLocaleString() + ":\x1b[0m " + req.method + " request to '" + req.originalUrl + "'");
utils.logToFile(new Date().toLocaleString() + ": " + req.method + " request to '" + req.originalUrl + "'");
}
// CORS
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
res.header("Access-Control-Allow-Methods", "GET, POST, DELETE");
res.json = (data) => {
var strData = typeof data == 'object' ? JSON.stringify(data) : data;
strData = 'while(1);' + strData;
res.set('Content-Type', 'text/json');
res.send.call(res, strData);
};
next();
})
// Set up routes
require('./routes')(app);
app.route('/').get((req, res) => {
res.send({
name: info.name,
version: info.version,
created_by: info.contributors.map(person => person.name)
});
});
// 404 response
app.use((req, res) => {
utils.logError(req.method + " '" + req.originalUrl + "' not found")
res.status(404).json({
code: "001",
message: req.method + " '" + req.originalUrl + "' not found"
}); // 404 return
});
// Error handling middleware
app.use((err, req, res, next) => {
utils.logError(err.message);
res.status(err.status || 500); // Set error response status (default 500)
res.json({
code: "001",
message: "An Unexpected Error Occurred"
});
});
// Start
app.listen(config.port, () => {
console.log('\x1b[32mApollo API started on: ' + config.port + '\x1b[0m');
utils.logToFile("\nServer successfully started on " + config.port);
});
})
function cleanup() {
if (client) client.close(); // Close the database connection
utils.logToFile("Server stopped");
process.exit();
}
process.on('SIGINT', cleanup);
process.on('SIGTERM', cleanup);