100 lines
2.6 KiB
JavaScript
100 lines
2.6 KiB
JavaScript
const express = require('express');
|
|
const cors = require('cors');
|
|
const helmet = require('helmet');
|
|
const session = require('express-session');
|
|
const path = require('path');
|
|
require('dotenv').config();
|
|
|
|
const apiRoutes = require('./routes/api');
|
|
const authRoutes = require('./routes/auth');
|
|
const { requireAdmin } = require('./middleware/auth');
|
|
|
|
const app = express();
|
|
const PORT = process.env.PORT || 3333;
|
|
|
|
// Security middleware
|
|
app.use(helmet({
|
|
contentSecurityPolicy: {
|
|
directives: {
|
|
defaultSrc: ["'self'"],
|
|
styleSrc: ["'self'", "'unsafe-inline'"],
|
|
scriptSrc: ["'self'"],
|
|
imgSrc: ["'self'", "data:", "https:"],
|
|
connectSrc: ["'self'"],
|
|
},
|
|
},
|
|
}));
|
|
|
|
// Middleware
|
|
app.use(cors());
|
|
app.use(express.json());
|
|
app.use(express.urlencoded({ extended: true }));
|
|
|
|
// Session configuration
|
|
app.use(session({
|
|
secret: process.env.SESSION_SECRET || 'influence-campaign-secret-key-change-in-production',
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
cookie: {
|
|
secure: process.env.NODE_ENV === 'production' && process.env.HTTPS === 'true',
|
|
httpOnly: true,
|
|
maxAge: 24 * 60 * 60 * 1000 // 24 hours
|
|
}
|
|
}));
|
|
|
|
app.use(express.static(path.join(__dirname, 'public')));
|
|
|
|
// Routes
|
|
app.use('/api/auth', authRoutes);
|
|
app.use('/api', apiRoutes);
|
|
|
|
// Serve the main page
|
|
app.get('/', (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'index.html'));
|
|
});
|
|
|
|
// Serve login page
|
|
app.get('/login.html', (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'login.html'));
|
|
});
|
|
|
|
// Serve admin panel (protected)
|
|
app.get('/admin.html', requireAdmin, (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'admin.html'));
|
|
});
|
|
|
|
// Serve the admin page (protected)
|
|
app.get('/admin', requireAdmin, (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'admin.html'));
|
|
});
|
|
|
|
// Serve campaign landing pages
|
|
app.get('/campaign/:slug', (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'campaign.html'));
|
|
});
|
|
|
|
// Serve campaign pages
|
|
app.get('/campaign/:slug', (req, res) => {
|
|
res.sendFile(path.join(__dirname, 'public', 'campaign.html'));
|
|
});
|
|
|
|
// Error handling middleware
|
|
app.use((err, req, res, next) => {
|
|
console.error(err.stack);
|
|
res.status(500).json({
|
|
error: 'Something went wrong!',
|
|
message: process.env.NODE_ENV === 'development' ? err.message : 'Internal server error'
|
|
});
|
|
});
|
|
|
|
// 404 handler
|
|
app.use((req, res) => {
|
|
res.status(404).json({ error: 'Route not found' });
|
|
});
|
|
|
|
app.listen(PORT, () => {
|
|
console.log(`Server running on port ${PORT}`);
|
|
console.log(`Environment: ${process.env.NODE_ENV}`);
|
|
});
|
|
|
|
module.exports = app; |