Files
Claude Code d6b16f5e06 Initial commit: design-018 Phases 0-5 (stomping.me)
Auth BFF (OIDC + prompt=none silent SSO), Mongo data layer, admin CRUD
(folders/tags/stories/chapters with TipTap), public reader with tag
filtering. Built and verified same-session per design-018-stories.md.
2026-07-04 05:36:43 +00:00

69 lines
2.2 KiB
JavaScript

'use strict';
require('dotenv').config({ path: '/etc/AGWOL/stomping/.env' });
const path = require('path');
const express = require('express');
const helmet = require('helmet');
const cors = require('cors');
const cookieParser = require('cookie-parser');
const { env } = require('./config/env');
const { connectMongo } = require('./config/mongo');
const { createRedis } = require('./config/redis');
const { router: authRoutes } = require('./routes/auth');
const indexRoutes = require('./routes/index');
const adminPagesRoutes = require('./routes/adminPages');
const adminFoldersRoutes = require('./routes/adminFolders');
const adminTagsRoutes = require('./routes/adminTags');
const adminStoriesRoutes = require('./routes/adminStories');
const adminChaptersRoutes = require('./routes/adminChapters');
const publicPagesRoutes = require('./routes/publicPages');
async function start() {
await connectMongo();
createRedis();
const app = express();
// nginx is the only proxy hop — trust loopback only.
app.set('trust proxy', 'loopback');
app.use(helmet({
// Stories/covers are image-by-URL (design-018 §4 — no upload pipeline in
// v1), so images can come from any https host, not just our own.
contentSecurityPolicy: {
directives: {
...helmet.contentSecurityPolicy.getDefaultDirectives(),
'img-src': ["'self'", 'data:', 'https:'],
},
},
}));
app.use(cors({ origin: env.ALLOWED_ORIGINS, credentials: true }));
app.use(cookieParser(env.COOKIE_SECRET));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views'));
app.use(express.static(path.join(__dirname, 'public')));
app.use('/', authRoutes);
app.use('/', adminPagesRoutes);
app.use('/', adminFoldersRoutes);
app.use('/', adminTagsRoutes);
app.use('/', adminStoriesRoutes);
app.use('/', adminChaptersRoutes);
app.use('/', indexRoutes);
app.use('/', publicPagesRoutes);
app.listen(env.PORT, '127.0.0.1', () => {
console.log(`stomping.me running on port ${env.PORT}`);
});
}
start().catch(err => {
console.error('[startup] fatal:', err.message);
process.exit(1);
});