This repository was archived by the owner on Mar 30, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexpressApp.ts
More file actions
85 lines (75 loc) · 2.52 KB
/
Copy pathexpressApp.ts
File metadata and controls
85 lines (75 loc) · 2.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import { expressMiddleware } from "@apollo/server/express4";
import * as Sentry from "@sentry/node";
import express, { type Express } from "express";
import { apolloServer, getAuthenticatedApolloContext } from "@/apolloServer.js";
import {
corsMW,
setSecureHttpHeaders,
logReqReceived,
handle404,
errorHandler,
} from "@/middleware";
import {
adminRouter,
authRouter,
connectRouter,
subscriptionsRouter,
webhooksRouter,
} from "@/routes";
import { ENV } from "@/server/env";
/**
* The express app for API REST requests as well as the GraphQL entry point.
*
* > - `view cache` is always disabled since this app doesn't return HTML
* > - `X-Powered-By` header is always disabled for security
* > - `trust proxy` is enabled in deployed envs so the correct IP can be logged (not the LB's)
*
* See https://expressjs.com/en/4x/api.html#app.settings.table
*/
export const expressApp = express()
.disable("view cache")
.disable("x-powered-by")
.set("trust proxy", ENV.IS_DEPLOYED_ENV) as Express & {
/** When called, this function mounts all middleware and route handlers for the express app. */
setupMiddleware: () => void;
};
expressApp.setupMiddleware = () => {
// SENTRY REQUEST-HANDLER (must be first middleware)
expressApp.use(
Sentry.Handlers.requestHandler({
// Keys to be extracted from req object and attached to the Sentry scope:
request: ["ip", "data", "headers", "method", "query_string", "url"],
ip: true,
})
);
// LOG ALL REQUESTS
expressApp.use(logReqReceived);
// SECURITY
expressApp.use(corsMW, setSecureHttpHeaders);
// BODY-PARSING (webhooks routes handle their own body parsing)
expressApp.use(
/^\/api\/?((?!webhooks)\w+)?/,
express.json({
type: ["application/json", "application/csp-report", "application/reports+json"],
})
);
// REST ROUTE HANDLERS
expressApp.use("/api/admin", adminRouter);
expressApp.use("/api/auth", authRouter);
expressApp.use("/api/connect", connectRouter);
expressApp.use("/api/subscriptions", subscriptionsRouter);
expressApp.use("/api/webhooks", webhooksRouter);
// GRAPHQL API ENTRYPOINT (root path: /api)
expressApp.use(
"/api",
expressMiddleware(apolloServer, {
context: getAuthenticatedApolloContext,
})
);
// SENTRY ERROR-HANDLER (must be before any other error-mw and after all controllers)
expressApp.use(Sentry.Handlers.errorHandler());
// HANDLE NON-EXISTENT REQUEST ROUTES
expressApp.use(handle404);
// UNIVERSAL FALLBACK ERROR HANDLER
expressApp.use(errorHandler);
};