d6b16f5e06
Auth BFF (OIDC + prompt=none silent SSO), Mongo data layer, admin CRUD (folders/tags/stories/chapters with TipTap), public reader with tag filtering. Built and verified same-session per design-018-stories.md.
69 lines
2.2 KiB
JavaScript
69 lines
2.2 KiB
JavaScript
'use strict';
|
|
|
|
require('dotenv').config({ path: '/etc/AGWOL/stomping/.env' });
|
|
|
|
const path = require('path');
|
|
const express = require('express');
|
|
const helmet = require('helmet');
|
|
const cors = require('cors');
|
|
const cookieParser = require('cookie-parser');
|
|
|
|
const { env } = require('./config/env');
|
|
const { connectMongo } = require('./config/mongo');
|
|
const { createRedis } = require('./config/redis');
|
|
const { router: authRoutes } = require('./routes/auth');
|
|
const indexRoutes = require('./routes/index');
|
|
const adminPagesRoutes = require('./routes/adminPages');
|
|
const adminFoldersRoutes = require('./routes/adminFolders');
|
|
const adminTagsRoutes = require('./routes/adminTags');
|
|
const adminStoriesRoutes = require('./routes/adminStories');
|
|
const adminChaptersRoutes = require('./routes/adminChapters');
|
|
const publicPagesRoutes = require('./routes/publicPages');
|
|
|
|
async function start() {
|
|
await connectMongo();
|
|
createRedis();
|
|
|
|
const app = express();
|
|
|
|
// nginx is the only proxy hop — trust loopback only.
|
|
app.set('trust proxy', 'loopback');
|
|
|
|
app.use(helmet({
|
|
// Stories/covers are image-by-URL (design-018 §4 — no upload pipeline in
|
|
// v1), so images can come from any https host, not just our own.
|
|
contentSecurityPolicy: {
|
|
directives: {
|
|
...helmet.contentSecurityPolicy.getDefaultDirectives(),
|
|
'img-src': ["'self'", 'data:', 'https:'],
|
|
},
|
|
},
|
|
}));
|
|
app.use(cors({ origin: env.ALLOWED_ORIGINS, credentials: true }));
|
|
app.use(cookieParser(env.COOKIE_SECRET));
|
|
app.use(express.json());
|
|
app.use(express.urlencoded({ extended: false }));
|
|
|
|
app.set('view engine', 'ejs');
|
|
app.set('views', path.join(__dirname, 'views'));
|
|
app.use(express.static(path.join(__dirname, 'public')));
|
|
|
|
app.use('/', authRoutes);
|
|
app.use('/', adminPagesRoutes);
|
|
app.use('/', adminFoldersRoutes);
|
|
app.use('/', adminTagsRoutes);
|
|
app.use('/', adminStoriesRoutes);
|
|
app.use('/', adminChaptersRoutes);
|
|
app.use('/', indexRoutes);
|
|
app.use('/', publicPagesRoutes);
|
|
|
|
app.listen(env.PORT, '127.0.0.1', () => {
|
|
console.log(`stomping.me running on port ${env.PORT}`);
|
|
});
|
|
}
|
|
|
|
start().catch(err => {
|
|
console.error('[startup] fatal:', err.message);
|
|
process.exit(1);
|
|
});
|