const createError = require('http-errors');const express = require('express');

1. const createError = require('http-errors');
2. const express = require('express');
3. const path = require('path');
4. const cookieParser = require('cookie-parser');
5. const session = require('express-session');
6. const expressLayouts = require('express-ejs-layouts');
7. const bodyParser = require('body-parser');
8. const mongoose = require('mongoose');
9. const flash = require('connect-flash');
10. const passport = require('passport');
11. const csrf = require('csurf');
12. const helmet = require('helmet')
13.  
14. const indexRouter = require('./routes/index');
15. const usersRouter = require('./routes/users');
16. const challengesRouter = require('./routes/challenges');
17. const activitiesRouter = require('./routes/activities');
18.  
19. const app = express();
20.  
21. require('./config/passport')(passport);
22.  
23. const db = require('./config/keys').mongoURI;
24.  
25. //import Recaptcha from 'express-recaptcha'
26.  
27. // Connect to MongoDB
28. mongoose
29. .connect(db, {
30. useCreateIndex: true,
31. useNewUrlParser: true,
32. useFindAndModify: false
33. })
34. .then(() => console.log('MongoDB Connected'))
35. .catch(err => console.log(err));
36.  
37. // View engine setup
38. app.use(expressLayouts);
39. app.set('views', path.join(__dirname, 'views'));
40. app.set('view engine', 'ejs');
41.  
42. // Set body-parser
43. app.use(bodyParser.json());
44. app.use(
45. bodyParser.urlencoded({
46. extended: true
47. })
48. );
49. app.use(helmet());
50. app.disable('x-powered-by');
51. app.use(express.json());
52. app.use(express.urlencoded({ extended: false }));
53. app.use(cookieParser());
54.  
55. // Set static resources
56. app.use(express.static(path.join(__dirname, 'public')));
57.  
58. // Express session
59. app.use(
60. session({
61. secret: 'secret',
62. resave: true,
63. saveUninitialized: true,
64. name: 'sessionId',
65. cookie:{
66. httpOnly: true,
67. secure: true,
68. sameSite: true,
69. expires: new Date(Date.now() + 60 * 60 * 1000)
70. }
71. })
72. );
73.  
74. // Passport middleware
75. app.use(passport.initialize());
76. app.use(passport.session());
77.  
78. // Connect flash
79. app.use(flash());
80.  
81. // Global variables
82. app.use(function(req, res, next) {
83. res.locals.success_msg = req.flash('success_msg');
84. res.locals.error_msg = req.flash('error_msg');
85. next();
86. });
87.  
88. // CSRF Token Protection
89. app.use(csrf());
90. app.use(function(req, res, next) {
91. res.cookie('XSRF-TOKEN', req.csrfToken(), {
92. httpOnly: true,
93. secure: true,
94. sameSite: true,
95. expires: new Date(Date.now() + 60 * 60 * 1000)
96. });
97. res.locals.csrftoken = req.csrfToken();
98. next();
99. });
100.  
101. // Router
102. app.use('/', indexRouter);
103. app.use('/users', usersRouter);
104. app.use('/challenges', challengesRouter);
105. app.use('/activities', activitiesRouter);
106.  
107. // catch 404 and forward to error handler
108. app.use(function(req, res, next) {
109. next(createError(404));
110. });
111.  
112. // error handler
113. app.use(function(err, req, res, next) {
114. // set locals, only providing error in development
115. res.locals.message = err.message;
116. res.locals.error = req.app.get('env') === 'development' ? err : {};
117. // render the error page
118. res.status(err.status || 500);
119. res.render('error');
120. });
121.  
122. module.exports = app;