-
Notifications
You must be signed in to change notification settings - Fork 1
/
app.js
executable file
·68 lines (60 loc) · 1.77 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/*
* Module dependencies
*/
var express = require('express');
var helmet = require('helmet');
var i18n = require('i18n-abide');
var logger = require('morgan');
var uuid = require('uuid');
var config = require('./config');
var routes = require('./routes');
var app = express();
// Initialize i18n first
// i18n overrides res.locals, it doesn't merge it with current res.locals object
app.use(
i18n.abide({
supported_languages: ['ar', 'en'],
translation_directory: 'public/i18n',
template_engine: 'pug',
template_file_ext: 'pug'
})
);
// Generate NONCE for CSP
app.use((req, res, next) => {
res.locals.nonce = uuid.v4();
next();
});
// Initialize Helmet
app.use(
helmet(
{
crossOriginEmbedderPolicy: false,
contentSecurityPolicy: {
directives: {
baseUri: ["'self'"],
defaultSrc: ["'self'"],
objectSrc: ["'none'"],
scriptSrc: [(req, res) => `'nonce-${res.locals.nonce}'`, "'unsafe-inline'"],
frameSrc: ["'self'", 'www.google.com', 'www.youtube.com'],
imgSrc: ["'self'", 'blob:', 'data:', config.apiBaseUrl, ...(config.additionalImageSources || [])],
styleSrc: [
"'self'",
// TODO: fix AngularJS inline style
"'unsafe-inline'",
],
connectSrc: ["'self'", config.apiBaseUrl, ...(config.additionalXHRImageSources || [])],
}
},
...config.helmet
},
)
);
app.set('views', __dirname + '/views');
app.set('view engine', 'pug');
app.use(logger('dev'));
app.use(express.static(__dirname + '/public'));
app.get('/', routes.dashboardDefault);
app.get('/:intake_locale/:ui_lang', routes.dashboard);
// app.get('/image-gallery', routes.imageGallery);
app.get('/password-reset', routes.passwordReset);
app.listen(3002);