106 lines
3.3 KiB
JavaScript
106 lines
3.3 KiB
JavaScript
const express = require('express');
|
|
const helmet = require('helmet');
|
|
const cors = require('cors');
|
|
const cookieParser = require('cookie-parser');
|
|
const mongoose = require('mongoose');
|
|
const config = require('./config/env');
|
|
const connectDB = require('./config/database');
|
|
const errorHandler = require('./middleware/errorHandler');
|
|
const requestLogger = require('./middleware/requestLogger');
|
|
const { apiLimiter, authLimiter } = require('./middleware/rateLimiter');
|
|
const logger = require('./utils/logger');
|
|
const { version } = require('./package.json');
|
|
|
|
// Connect to database with retry logic
|
|
const connectWithRetry = async () => {
|
|
try {
|
|
await connectDB();
|
|
|
|
// Seed database if empty (runs in all environments on first start)
|
|
const User = require('./models/User');
|
|
const userCount = await User.countDocuments();
|
|
if (userCount === 0) {
|
|
logger.info('Datenbank ist leer, starte Seeding...');
|
|
const { execSync } = require('child_process');
|
|
try {
|
|
execSync('node seed.js', { stdio: 'inherit', cwd: __dirname });
|
|
} catch (seedError) {
|
|
logger.error('Fehler beim Seeding:', seedError.message);
|
|
}
|
|
}
|
|
} catch (error) {
|
|
logger.error('Verbindungsversuch fehlgeschlagen, erneuter Versuch in 5 Sekunden...');
|
|
setTimeout(connectWithRetry, 5000);
|
|
}
|
|
};
|
|
|
|
connectWithRetry();
|
|
|
|
const app = express();
|
|
|
|
// Trust first proxy (nginx reverse proxy sets X-Forwarded-For)
|
|
app.set('trust proxy', 1);
|
|
|
|
// Security headers
|
|
app.use(helmet({
|
|
crossOriginResourcePolicy: { policy: 'same-site' },
|
|
contentSecurityPolicy: false // Managed by nginx/frontend
|
|
}));
|
|
|
|
// Middleware
|
|
app.use(cors({
|
|
origin: config.corsOrigin,
|
|
credentials: true
|
|
}));
|
|
app.use(express.json({ limit: '2mb' }));
|
|
app.use(express.urlencoded({ extended: true, limit: '2mb' }));
|
|
app.use(cookieParser()); // Parse cookies
|
|
app.use(requestLogger);
|
|
|
|
// Rate limiting
|
|
app.use('/api/', apiLimiter); // Global API rate limiter
|
|
|
|
// Routes
|
|
app.use('/api/auth', authLimiter, require('./routes/authRoutes')); // Strict limiter for auth
|
|
app.use('/api', require('./routes/userRoutes'));
|
|
app.use('/api', require('./routes/auditRoutes'));
|
|
app.use('/api/config', require('./routes/configRoutes'));
|
|
app.use('/api/handler', require('./routes/handlerRoutes'));
|
|
|
|
// Health check with basic system info
|
|
app.get('/health', async (req, res) => {
|
|
const dbStatus = mongoose.connection.readyState === 1 ? 'connected' : 'disconnected';
|
|
|
|
res.json({
|
|
status: 'OK',
|
|
timestamp: new Date().toISOString(),
|
|
uptime: process.uptime(),
|
|
environment: config.nodeEnv,
|
|
database: dbStatus,
|
|
version
|
|
});
|
|
});
|
|
|
|
// Error handler (must be last)
|
|
app.use(errorHandler);
|
|
|
|
const PORT = config.port;
|
|
app.listen(PORT, () => {
|
|
logger.info(`Server läuft auf Port ${PORT} (${config.nodeEnv})`);
|
|
});
|
|
|
|
// If a frontend build exists, serve it as static files (useful for local testing)
|
|
const path = require('path');
|
|
const fs = require('fs');
|
|
const buildPath = path.join(__dirname, '..', 'frontend', 'build');
|
|
if (fs.existsSync(buildPath)) {
|
|
logger.info('Frontend-Build gefunden — serviere statische Dateien von frontend/build');
|
|
app.use(express.static(buildPath));
|
|
|
|
// Serve index.html for any unknown GET route (SPA fallback)
|
|
app.get('*', (req, res, next) => {
|
|
if (req.path.startsWith('/api') || req.path === '/health') return next();
|
|
res.sendFile(path.join(buildPath, 'index.html'));
|
|
});
|
|
}
|