Initial commit: design-018 Phases 0-5 (stomping.me)
Auth BFF (OIDC + prompt=none silent SSO), Mongo data layer, admin CRUD (folders/tags/stories/chapters with TipTap), public reader with tag filtering. Built and verified same-session per design-018-stories.md.
This commit is contained in:
+68
@@ -0,0 +1,68 @@
|
||||
'use strict';
|
||||
|
||||
require('dotenv').config({ path: '/etc/AGWOL/stomping/.env' });
|
||||
|
||||
const path = require('path');
|
||||
const express = require('express');
|
||||
const helmet = require('helmet');
|
||||
const cors = require('cors');
|
||||
const cookieParser = require('cookie-parser');
|
||||
|
||||
const { env } = require('./config/env');
|
||||
const { connectMongo } = require('./config/mongo');
|
||||
const { createRedis } = require('./config/redis');
|
||||
const { router: authRoutes } = require('./routes/auth');
|
||||
const indexRoutes = require('./routes/index');
|
||||
const adminPagesRoutes = require('./routes/adminPages');
|
||||
const adminFoldersRoutes = require('./routes/adminFolders');
|
||||
const adminTagsRoutes = require('./routes/adminTags');
|
||||
const adminStoriesRoutes = require('./routes/adminStories');
|
||||
const adminChaptersRoutes = require('./routes/adminChapters');
|
||||
const publicPagesRoutes = require('./routes/publicPages');
|
||||
|
||||
async function start() {
|
||||
await connectMongo();
|
||||
createRedis();
|
||||
|
||||
const app = express();
|
||||
|
||||
// nginx is the only proxy hop — trust loopback only.
|
||||
app.set('trust proxy', 'loopback');
|
||||
|
||||
app.use(helmet({
|
||||
// Stories/covers are image-by-URL (design-018 §4 — no upload pipeline in
|
||||
// v1), so images can come from any https host, not just our own.
|
||||
contentSecurityPolicy: {
|
||||
directives: {
|
||||
...helmet.contentSecurityPolicy.getDefaultDirectives(),
|
||||
'img-src': ["'self'", 'data:', 'https:'],
|
||||
},
|
||||
},
|
||||
}));
|
||||
app.use(cors({ origin: env.ALLOWED_ORIGINS, credentials: true }));
|
||||
app.use(cookieParser(env.COOKIE_SECRET));
|
||||
app.use(express.json());
|
||||
app.use(express.urlencoded({ extended: false }));
|
||||
|
||||
app.set('view engine', 'ejs');
|
||||
app.set('views', path.join(__dirname, 'views'));
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
|
||||
app.use('/', authRoutes);
|
||||
app.use('/', adminPagesRoutes);
|
||||
app.use('/', adminFoldersRoutes);
|
||||
app.use('/', adminTagsRoutes);
|
||||
app.use('/', adminStoriesRoutes);
|
||||
app.use('/', adminChaptersRoutes);
|
||||
app.use('/', indexRoutes);
|
||||
app.use('/', publicPagesRoutes);
|
||||
|
||||
app.listen(env.PORT, '127.0.0.1', () => {
|
||||
console.log(`stomping.me running on port ${env.PORT}`);
|
||||
});
|
||||
}
|
||||
|
||||
start().catch(err => {
|
||||
console.error('[startup] fatal:', err.message);
|
||||
process.exit(1);
|
||||
});
|
||||
Reference in New Issue
Block a user