This repository has been archived by the owner on Jun 25, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 34
/
app.js
103 lines (86 loc) · 2.75 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
var Habitat = require('habitat');
Habitat.load();
var express = require('express'),
path = require('path'),
url = require('url'),
compression = require('compression'),
helmet = require('helmet'),
frameguard = helmet.frameguard,
reactRouted = require('./dist/lib/react-server-route.js'),
locationParser = require('./dist/lib/location-parser.js'),
bodyParser = require('body-parser');
env = new Habitat(),
routes = require('./routes'),
app = express();
const CSP_DIRECTIVES = require('./scripts/csp-directives.js');
app.set('trust proxy', true);
app.use(bodyParser.json());
app.use(compression());
app.use(helmet());
app.use(frameguard({
action: "allow-from",
domain: "https://pontoon.mozilla.org"
}));
app.use(helmet.csp(CSP_DIRECTIVES));
app.use(helmet.hsts({
maxAge: 90 * 24 * 60 * 60 * 1000 // 90 days
}));
// Redirect to SSL if set
app.use(function(req, resp, next){
if (!req.secure && env.get('FORCE_SSL')){
if (req.method === "GET") {
resp.redirect(301, `https://${req.headers.host}${req.originalUrl}`);
}
else{
resp.status(403).send("Please use HTTPS when submitting data to this server.");
}
}
else{
next();
}
});
app.post('/api/signup/basket', routes.signup);
app.post('/api/petition/sheets', routes.petitionSheets);
app.post('/api/fcc-comment/sheets', routes.fccCommentSheets);
app.post('/api/call', routes.call);
app.use(reactRouted);
app.use(express.static(__dirname + '/public', {maxAge: 3600000}));
/**
* We need to make sure that resources are presented to the
* user in the appropriate locale, so any requests without
* a locale should first be locale-enriched based on the
* request headers we receive from the client.
*/
function routeBasedOnLocale(req, res, next) {
var location = url.parse(req.url).pathname;
var search = url.parse(req.url).search || "";
// Get a valid locale from the path and header
var parsed = locationParser(req.headers["accept-language"], location);
var parsedLocale = parsed.locale;
var parsedRedirect = parsed.redirect;
// See if we should redirect.
if (parsedRedirect) {
let newUrl = "/" + parsedLocale + parsedRedirect + search;
if (newUrl === req.url) {
console.warn("Received meaningless redirect: new URL is identical to original URL. Skipping to next()");
next();
} else {
res.redirect(301, newUrl);
}
} else {
next();
}
}
app.use(routeBasedOnLocale);
/**
* A general purpose last-ditch error handler:
* just present the user with the error so
* that they can report it to us.
*/
function errorHandler(err, req, res, next) {
res.send(err);
}
app.use(errorHandler);
app.listen(env.get('PORT'), function () {
console.log('Server listening ( http://localhost:%d )', env.get('PORT'));
});