forked from GEOLYTIX/xyz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexpress.js
142 lines (100 loc) · 3.46 KB
/
express.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/**
@module express.js
@description
# Express.js 🚅
[Express](https://expressjs.com) is a minimal and flexible Node.js web application framework that provides a robust
set of features for web and mobile applications.
Our implementation provides the following endpoints and features:
- SAML authentication endpoints for Single Sign-On
- Rate-limited API endpoints for provider interactions
- Static file serving for documentation
- Security enhancements including header protection
The server implements the following core features:
- Rate limiting: 1000 requests per 1 min per IP
- Cookie parsing for session management
- JSON body parsing with 5MB limit for POST requests
- Static file serving with HTML extension support
## Security 🔐
- X-Powered-By header disabled
- Rate limiting enabled
- SAML authentication required for protected routes
## env
```env
PORT - Server port (default: 3000)
DIR - Base directory for routes
RATE_LIMIT - Maximum requests per window (default: 1000)
RATE_LIMIT_WINDOW - Time window in ms (default: 1 min)
```
@requires dotenv - Environment configuration loading
@requires express - Web application framework
@requires cookie-parser - HTTP cookie parsing middleware
@requires express-rate-limit - Rate limiting middleware
*/
require('dotenv').config();
const express = require('express');
const cookieParser = require('cookie-parser');
const rateLimit = require('express-rate-limit');
const app = express();
app.disable('x-powered-by');
const limiter = rateLimit({
windowMs: process.env.RATE_LIMIT_WINDOW ?? 1 * 60 * 1000, // 1 min
limit: process.env.RATE_LIMIT ?? 1000, //1000 requests per 1min
standardHeaders: 'draft-8',
legacyHeaders: false,
});
app.use(limiter);
app.use(
'/xyz',
express.static('docs', {
extensions: ['html'],
}),
);
app.use(`${process.env.DIR || ''}/public`, express.static('public'));
app.use(process.env.DIR || '', express.static('public'));
app.use(`${process.env.DIR || ''}/tests`, express.static('tests'));
app.use(process.env.DIR || '', express.static('tests'));
app.use(cookieParser());
const api = require('./api/api');
app.get(`${process.env.DIR || ''}/api/provider/:provider?`, api);
app.post(
`${process.env.DIR || ''}/api/provider/:provider?`,
express.json({ limit: '5mb' }),
api,
);
app.get(`${process.env.DIR || ''}/api/sign/:provider?`, api);
app.post(
`${process.env.DIR || ''}/api/sign/:provider?`,
express.json({ limit: '5mb' }),
api,
);
app.get(`${process.env.DIR || ''}/api/query/:template?`, api);
app.post(
`${process.env.DIR || ''}/api/query/:template?`,
express.json({ limit: '5mb' }),
api,
);
app.get(`${process.env.DIR || ''}/api/fetch/:template?`, api);
app.post(
`${process.env.DIR || ''}/api/fetch/:template?`,
express.json({ limit: '5mb' }),
api,
);
app.get(`${process.env.DIR || ''}/api/workspace/:key?`, api);
app.get(`${process.env.DIR || ''}/api/user/:method?/:key?`, api);
app.post(
`${process.env.DIR || ''}/api/user/:method?`,
[express.urlencoded({ extended: true }), express.json({ limit: '5mb' })],
api,
);
app.get(`${process.env.DIR || ''}/saml/metadata`, api);
app.get(`${process.env.DIR || ''}/saml/logout`, api);
app.get(`${process.env.DIR || ''}/saml/login`, api);
app.post(
`${process.env.DIR || ''}/saml/acs`,
express.urlencoded({ extended: true }),
api,
);
app.get(`${process.env.DIR || ''}/view/:template?`, api);
app.get(`${process.env.DIR || ''}/:locale?`, api);
process.env.DIR && app.get(`/`, api);
app.listen(process.env.PORT || 3000);