50 lines
1.2 KiB
JavaScript
50 lines
1.2 KiB
JavaScript
require('dotenv').config();
|
|
const debug=require('debug')('debug');
|
|
const helmet = require('helmet');
|
|
const compression = require('compression');
|
|
const express = require("express");
|
|
const cors = require("cors");
|
|
|
|
//get API root with alive msg
|
|
const rootRouter = require('./route/root');
|
|
|
|
const gtfsRtRouter = require('./route/gtfs-rt');
|
|
|
|
//TODO make this list available via config
|
|
//limit access to this origin list
|
|
let whitelist = [
|
|
'http://localhost:8080',
|
|
'http(s)://foo.bar'
|
|
];
|
|
|
|
const app = express();
|
|
|
|
//compress all routes
|
|
app.use(compression());
|
|
|
|
//protect against vulnerabilities
|
|
app.use(helmet());
|
|
|
|
//configure cors
|
|
app.use(cors({
|
|
origin: function(origin, callback){
|
|
// allow requests with no origin
|
|
debug('origin: '+origin)
|
|
if(!origin){
|
|
return callback(null, true);
|
|
}
|
|
if(whitelist.indexOf(origin) === -1){
|
|
let message = 'The cors policy for this origin does not allow access from the particular origin: '+origin;
|
|
return callback(new Error(message), false);
|
|
}
|
|
debug('origin: '+origin+' allowed by cors');
|
|
return callback(null, true);
|
|
}
|
|
}));
|
|
|
|
app.use('/', rootRouter);
|
|
|
|
app.use('/gtfs-rt',gtfsRtRouter);
|
|
|
|
module.exports=app;
|