admin/Rezepte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bfb8b2074a9b48c87348f5b96fb7b07b8a5a72d
Rezepte/backend/dist/app.js

129 lines
5.4 KiB
JavaScript
Raw Blame History

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const express_1 = __importDefault(require("express"));
const cors_1 = __importDefault(require("cors"));
const helmet_1 = __importDefault(require("helmet"));
const compression_1 = __importDefault(require("compression"));
const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
const path_1 = __importDefault(require("path"));
const config_1 = require("./config/config");
const errorHandler_1 = require("./middleware/errorHandler");
const requestLogger_1 = require("./middleware/requestLogger");
const recipes_1 = __importDefault(require("./routes/recipes"));
const ingredients_1 = __importDefault(require("./routes/ingredients"));
const images_1 = __importDefault(require("./routes/images"));
const health_1 = __importDefault(require("./routes/health"));
const app = (0, express_1.default)();
app.use((0, helmet_1.default)({
crossOriginResourcePolicy: { policy: "cross-origin" },
}));
app.use((0, compression_1.default)());
const limiter = (0, express_rate_limit_1.default)({
windowMs: 15 * 60 * 1000,
max: 100,
message: 'Too many requests from this IP, please try again later.',
});
app.use(limiter);
const insecureOverride = process.env.ALLOW_INSECURE_CORS === '1';
const isProd = process.env.NODE_ENV === 'production';
let allowedOrigins = [];
if (config_1.config.cors.origin.includes(',')) {
allowedOrigins = config_1.config.cors.origin.split(',').map(o => o.trim()).filter(Boolean);
}
else if (config_1.config.cors.origin === '*' && (!isProd || insecureOverride)) {
allowedOrigins = ['*'];
}
else {
allowedOrigins = [config_1.config.cors.origin];
}
allowedOrigins = Array.from(new Set(allowedOrigins.map(o => o.replace(/\/$/, ''))));
if (!isProd && !allowedOrigins.includes('*')) {
['http://localhost:5173', 'http://localhost:3000'].forEach(def => {
if (!allowedOrigins.includes(def))
allowedOrigins.push(def);
});
}
if (isProd && allowedOrigins.includes('*') && !insecureOverride) {
console.warn('[CORS] Wildcard removed in production. Set CORS_ORIGIN explicitly or ALLOW_INSECURE_CORS=1 (NOT RECOMMENDED).');
allowedOrigins = allowedOrigins.filter(o => o !== '*');
}
app.use((0, cors_1.default)({
origin: (origin, callback) => {
if (!origin)
return callback(null, true);
if (allowedOrigins.includes('*') || allowedOrigins.includes(origin.replace(/\/$/, ''))) {
return callback(null, true);
}
console.warn(`[CORS] Blocked origin: ${origin}`);
return callback(new Error('CORS not allowed for this origin'));
},
credentials: true,
}));
app.use((req, res, next) => {
const origin = req.headers.origin;
const normalized = origin?.replace(/\/$/, '');
if (allowedOrigins.includes('*')) {
res.header('Access-Control-Allow-Origin', origin || '*');
}
else if (normalized && allowedOrigins.includes(normalized)) {
res.header('Access-Control-Allow-Origin', normalized);
}
res.header('Access-Control-Allow-Credentials', 'true');
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
if (req.method === 'OPTIONS') {
return res.sendStatus(200);
}
next();
});
app.use(express_1.default.json({ limit: '10mb' }));
app.use(express_1.default.urlencoded({ extended: true, limit: '10mb' }));
app.use(requestLogger_1.requestLogger);
app.use('/uploads', express_1.default.static(path_1.default.join(process.cwd(), 'uploads')));
app.use('/api/health', health_1.default);
app.use('/api/recipes', recipes_1.default);
app.use('/api/ingredients', ingredients_1.default);
app.use('/api/images', images_1.default);
app.get('/serve/*', (req, res, next) => {
const imagePath = req.params[0];
const cleanPath = imagePath.replace(/^uploads\//, '');
const fullPath = path_1.default.join(process.cwd(), '../../uploads', cleanPath);
console.log(`Direct serve request: ${req.originalUrl} -> ${fullPath}`);
const fs = require('fs');
if (!fs.existsSync(fullPath)) {
return res.status(404).json({
success: false,
message: 'Image not found',
requestedPath: req.originalUrl,
resolvedPath: fullPath
});
}
const requestOrigin = req.headers.origin;
const chosenOrigin = allowedOrigins.includes('*')
? (requestOrigin || '*')
: (requestOrigin && allowedOrigins.includes(requestOrigin) ? requestOrigin : allowedOrigins[0] || 'http://localhost:3000');
res.set({
'Access-Control-Allow-Origin': chosenOrigin,
'Access-Control-Allow-Credentials': 'true',
'Cache-Control': 'public, max-age=31536000',
});
res.sendFile(path_1.default.resolve(fullPath));
});
app.use('*', (req, res) => {
res.status(404).json({
success: false,
message: `Route ${req.originalUrl} not found`,
});
});
app.use(errorHandler_1.errorHandler);
const PORT = config_1.config.port;
app.listen(PORT, () => {
console.log(`🚀 Server running on port ${PORT}`);
console.log(`📱 Health check: http://localhost:${PORT}/api/health`);
console.log(`🎯 API Documentation: http://localhost:${PORT}/api`);
});
exports.default = app;
//# sourceMappingURL=app.js.map
Reference in New Issue View Git Blame Copy Permalink