-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
96 lines (80 loc) · 2.99 KB
/
Copy pathserver.js
File metadata and controls
96 lines (80 loc) · 2.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
require('dotenv').config();
const express = require('express');
const routes = require('./src/routes');
const logger = require('./src/services/logger');
const app = express();
const PORT = process.env.PORT || 8080;
// Enable trust proxy (1 hop) so Express correctly detects original protocol/host behind App Engine load balancer securely
app.set('trust proxy', 1);
// Canonical Redirection Middleware (HTTPS & Domain Name Enforcement)
app.use((req, res, next) => {
// Skip in non-production environments
if (process.env.NODE_ENV !== 'production') {
return next();
}
// Skip GAE internal requests (Cron, Task Queues)
if (
req.headers['x-appengine-cron'] ||
req.headers['x-appengine-taskname'] ||
req.headers['x-appengine-queuename']
) {
return next();
}
const host = req.headers.host || '';
// Skip local host names during local simulation/testing
const isLocal = /^(localhost|127\.0\.0\.1|0\.0\.0\.0)(:\d+)?$/.test(host);
if (isLocal) {
return next();
}
const protocol = req.protocol; // Populated correctly by Express when trust proxy is enabled
const isCanonicalHost = host === 'apodemail.org';
const isHttps = protocol === 'https';
if (!isCanonicalHost || !isHttps) {
const canonicalUrl = `https://apodemail.org${req.originalUrl.replace(/^\/index\.html(?=\?|$)/, '/')}`;
logger.info({
event: 'canonical_redirect',
originalUrl: req.originalUrl,
host,
protocol,
targetUrl: canonicalUrl
}, 'Redirecting to canonical URL');
return res.redirect(301, canonicalUrl);
}
// Redirect /index.html to /
if (req.path === '/index.html') {
let targetUrl = 'https://apodemail.org/';
try {
const parsedUrl = new URL(req.originalUrl, 'https://apodemail.org');
const normalizedPathAndQuery = (parsedUrl.pathname + parsedUrl.search).replace(/^\/index\.html/, '/');
targetUrl = `https://apodemail.org${normalizedPathAndQuery}`;
} catch (error) {
targetUrl = 'https://apodemail.org/';
}
logger.info({
event: 'index_redirect',
originalUrl: req.originalUrl,
targetUrl
}, 'Redirecting /index.html to /');
return res.redirect(301, targetUrl);
}
next();
});
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use(express.static('public'));
// Rate Limiting
const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per windowMs
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
});
app.use(limiter);
app.use('/', routes);
if (require.main === module) {
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
}
module.exports = app;