Secure-File-Vault/index.js at main · maazkhnn/Secure-File-Vault · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
const express = require('express');
const colors = require('colors');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const cors = require('cors');
const mongoose = require ('mongoose'); //(you only need to run npm install mongoose, as it is built on top of the MongoDB driver, so it automatically installs mongodb as a dependancy behind the scenes)
require('dotenv').config();
// this immediately loads and runs the config() function
// compared to "const dotenv = require('dotenv'); dotenv.config();" which is the
// same thing but lets you access dotenv later if you need it or want more control
// (like using a .env.local file or checking if .env loaded successfully) then use this
const { PORT } = require('./config/env');
//makes the app fail fast if ENCRYPTION_KEY_BASE64 is missing or invalid
const app = express();
//const PORT = process.env.PORT || 4000; // fallback makes sure the app still runs w/out .env
// common dev ports for web serves/apis: 3000, 4000, 5000
// common alternatives, sometimes used for proxies or test apis: 8080, 8888
// reserved for production HTTP/HTTPS: 80, 443 (you usually dont use these for local dev)
const flagsAdapter = require('./flags/adapter');
const connectDB = require('./config/db');
const vaultRoutes = require('./routes/vaultRoutes');
const authRoutes = require('./routes/authRoutes');
const fileRoutes = require('./routes/fileRoutes');
//const userRoutes = require('./routes/userRoutes');
const logRoutes = require('./routes/logRoutes');
const flagsHealthRoutes = require('./routes/flagsHealthRoutes');
const debugRoutes = require('./routes/debugRoutes');
const metricsRoutes = require('./routes/metricsRoutes');
const docsRoutes = require('./routes/docsRoutes');
const demoTokenRoutes = require('./routes/demoTokenRoutes');

flagsAdapter.init().then(() => {
    console.log('Flags client initialized. Version:', flagsAdapter.getVersion());
}).catch((e) => {
    console.error('Flags client failed to init:', e);
});

// Security middleware
app.use(helmet());
app.use(cors({ origin: '*' })); // restrict later if needed
/*
app.use(rateLimit({
    windowMs: 15 * 60 * 1000, // 15 min
    max: 100,                 // limit each IP
    message: { error: 'Too many requests, please try again later' }
}));
*/

// Middleware
app.use(express.json()); //you're calling a function that returns a middleware function

/* mongoose.connect(process.env.MONGO_URI) // this returns a Promise
    .then(() => console.log('MongoDB Connected'))
    .catch((err) => console.error('MongoDB Connection error:', err)); // when .catch() runs, it automatically receives the error that caused the promise to fail — and you get to name that error whatever you want, so "err"

    // handling promises with:
    // .then().catch() -> old school, works fine
    // async/await -> cleaner, preferred for bigger apps
*/

//MongoDB Connection
connectDB(); //recommended style for real apps

/* mongoose.connect(process.env.MONGO_URI) // this returns a Promise
    .then(() => console.log('MongoDB Connected'))
    .catch((err) => console.error('MongoDB Connection error:', err)); // when .catch() runs, it automatically receives the error that caused the promise to fail — and you get to name that error whatever you want, so "err"

    // handling promises with:
    // .then().catch() -> old school, works fine
    // async/await -> cleaner, preferred for bigger apps
*/

const publicLimiter = rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 50,
  standardHeaders: true,
  legacyHeaders: false,
  message: { error: 'Too many auth requests, try later' }
});


//Routes
app.use('/api', demoTokenRoutes);
app.use('/api', docsRoutes);
app.use('/api', flagsHealthRoutes);
app.use('/api', metricsRoutes);
app.use('/api/auth', publicLimiter, authRoutes);
app.use('/api', debugRoutes);
app.use('/api/vaults', vaultRoutes);
app.use('/api', fileRoutes);
//app.use('/api/users', userRoutes); dont need this as of yet(creation already in auth)
app.use('/api', logRoutes);


const errorHandler = require('./middleware/errorHandler');
app.use(errorHandler);

app.get('/', (req, res) => {
    res.send('Starting the secure file vault API');
});

app.get('/health', (req, res) => res.status(200).send('ok'));

app.listen(PORT, '0.0.0.0', () => {
  console.log(`Server running on port ${PORT}`);
});
/*
app.listen(PORT, () => {
    console.log(`Server listening on http://localhost:${PORT}`); // it's NOT localhost.com, that's a real domain
});
*/
/*
//app.get('/', (req, res) => {res.status(202).send(`Ay yo this port's working on ${PORT}`);});
app.get('/:id', (req, res) => {
    const { id } = req.params;
    res.send(id);
})
app.get('/users', (req, res) => {
    res.send('Nothing of yet');
});
app.use('/api/users', users);
*/