-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.js
116 lines (91 loc) · 3.55 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
require('dotenv').config();
const express = require('express');
const session = require('express-session');
const methodOverride = require('method-override');
const cors = require('cors');
const path = require('path');
const passport = require('passport');
const BearerStrategy = require('passport-azure-ad').BearerStrategy;
const todolistRoutes = require('./routes/todolistRoutes');
const adminRoutes = require('./routes/adminRoutes');
const routeGuard = require('./auth/routeGuard');
const mongoHelper = require('./utils/mongoHelper');
const { msalConfig, EXPRESS_SESSION_SECRET, CORS_ALLOWED_DOMAINS, API_REQUIRED_PERMISSION } = require('./authConfig');
const app = express();
app.set('views', path.join(__dirname, './views'));
app.set('view engine', 'ejs');
app.use('/css', express.static(path.join(__dirname, 'node_modules/bootstrap/dist/css')));
app.use('/js', express.static(path.join(__dirname, 'node_modules/bootstrap/dist/js')));
app.use(express.static(path.join(__dirname, './public')));
app.use(methodOverride('_method'));
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
/**
* We need to enable CORS for client's domain in order to
* expose www-authenticate header in response from the web API
*/
app.use(
cors({
origin: CORS_ALLOWED_DOMAINS, // replace with client domain
exposedHeaders: 'WWW-Authenticate',
})
);
/**
* Using express-session middleware. Be sure to familiarize yourself with available options
* and set them as desired. Visit: https://www.npmjs.com/package/express-session
*/
const sessionConfig = {
secret: EXPRESS_SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
secure: false, // set this to true on production
},
};
if (app.get('env') === 'production') {
/**
* In App Service, SSL termination happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests.
* The line below is needed for getting the correct absolute URL for redirectUri configuration. For more information, visit:
* https://docs.microsoft.com/azure/app-service/configure-language-nodejs?pivots=platform-linux#detect-https-session
*/
app.set('trust proxy', 1); // trust first proxy e.g. App Service
sessionConfig.cookie.secure = true; // serve secure cookies
}
app.use(session(sessionConfig));
// =========== Initialize Passport ==============
const bearerOptions = {
identityMetadata: `${msalConfig.auth.authority}/v2.0/.well-known/openid-configuration`,
issuer: `${msalConfig.auth.authority}/v2.0`,
clientID: msalConfig.auth.clientId,
audience: msalConfig.auth.clientId, // audience is this application
validateIssuer: true,
passReqToCallback: false,
loggingLevel: 'info',
scope: [API_REQUIRED_PERMISSION], // scope you set during app registration
};
const bearerStrategy = new BearerStrategy(bearerOptions, (token, done) => {
// Send user info using the second argument
done(null, {}, token);
});
app.use(passport.initialize());
passport.use(bearerStrategy);
// protected api endpoints
app.use(
'/api',
passport.authenticate('oauth-bearer', { session: false }), // validate access tokens
routeGuard, // check for auth context
todolistRoutes
);
// admin routes
app.use('/admin', adminRoutes);
const port = process.env.PORT || 5000;
mongoHelper.mongoConnect(() => {
app.listen(port, () => {
console.log('Listening on port ' + port);
});
});
module.exports = app;