module.exports = function () { // Initialize the app var app = express(); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; // App favicon app.use(favicon(path.resolve("./public/favicons/favicon.ico"))); // Pass url to environment locals app.use(function (req, res, next) { res.locals.url = req.protocol + "://" + req.headers.host + req.url; next(); }); app.use(bodyParser.json({limit: "2mb"})); app.use(bodyParser.urlencoded({limit: "2mb", extended: true})); // Set swig as the template engine app.engine("server.view.html", consolidate.swig); // view engine setup app.set("view engine", "server.view.html"); app.set("views", "./app/views"); // Environment dependent middleware if (process.env.NODE_ENV === "development") { // Enable logger app.use(morgan("dev")); // Disable views cache app.set("view cache", false); } else if (process.env.NODE_ENV === "production") { app.locals.cache = "memory"; } // Request body parsing middleware app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); // CookieParser should be above session app.use(cookieParser()); // Express MySQL session storage app.use(session({ secret: config.sessionSecret, store: new SessionStore(config.database.connection), resave: true, saveUninitialized: true })); // Setup flash messages app.use(require("connect-flash")()); app.use(function (req, res, next) { res.locals.messages = require("express-messages")(req, res); next(); }); // Use passport session passport.serializeUser(passportSetup.serializeUser); passport.deserializeUser(passportSetup.deserializeUser); passport.use(new LocalStrategy( {usernameField: "username", passwordField: "password"}, passportSetup.strategy) ); app.use(passport.initialize()); app.use(passport.session()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable("x-powered-by"); // Static folder app.use(express.static(path.resolve("./public"))); // Routing files require("../app/routes/index.server.routes")(app); app.use(function (err, req, res, next) { if (!err) { return next(); } console.error(err.stack); res.status(500).render("500", { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render("404", { url: req.originalUrl, error: "Not Found" }); }); if (process.env.NODE_ENV === "secure") { // Log SSL usage console.log("Securely using https protocol"); // Load SSL key and certificate var privateKey = fs.readFileSync("./config/ssl_certs/key.pem", "utf8"); var certificate = fs.readFileSync("./config/ssl_certs/cert.pem", "utf8"); // Create HTTPS Server var httpsServer = https.createServer({ key: privateKey, cert: certificate }, app); // Return HTTPS server instance return httpsServer; } return http.createServer(app); };
module.exports = function (db) { var app = express(); //Get all the model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function (model) { require(path.resolve(model)); }); app.use(compress({ filter: function (req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); app.set('showStackError', true); console.log(path.resolve('./app/views/', 'layouts')); console.log(process.cwd() + '/app/views/layouts'); var hbsConfig = { defaultLayout: 'main', layoutsDir: './app/views/layouts' }; app.engine('handlebars', exphbs(hbsConfig)); app.set('view engine', 'handlebars'); app.set('views', './app/views'); if (process.env.NODE_ENV === 'development') { app.use(logger('dev')); app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); app.enable('jsonp callback'); app.use(cookieParser()); app.use(session({ saveUnitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); return app; };
module.exports = function (db) { // Initialize express app var app = express(); // Setting application local variables // app.locals.config = config; app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.url = config.app.url; app.locals.ROUTES = ROUTES; // Initialize models require('./../models/user.js'); // Should be placed before express.static app.use(compress({ filter: function (req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine require('./swig')(swig, app); // app.engine('html', swig.renderFile); app.engine('html', consolidate.swig); // Set views path and view engine app.set('view engine', 'html'); app.set('views', './app/views'); // Enable logger (morgan) if (process.env.NODE_ENV == 'development') app.use(morgan('dev')); // Environment dependent middleware if (process.env.NODE_ENV == 'development') { app.set('view cache', false); // Disable views cache } else if (process.env.NODE_ENV == 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }), cookie: config.sessionCookie, name: config.sessionName })); // use passport session require('./passport')(passport); app.use(passport.initialize()); app.use(passport.session()); // connect flash for flash messages app.use(flash()); app.use(function (req, res, next) { var render = res.render; res.render = function () { res.locals.messages = req.flash(); render.apply(res, arguments); } var json = res.json; res.json = function () { res.locals.messages = req.flash(); json.apply(res, arguments); } next(); }); // Passing user to environment locals app.use(function (req, res, next) { res.locals.user = req.isAuthenticated() ? req.user : null; next(); }); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder // app.use(favicon(path.resolve('./public/favicon.ico'))); app.use(express.static(path.resolve('./public'))); app.use(require('prerender-node')); // Load routes app.use('/auth', require('./../routes/auth')); // var auth = require('./../middlewares/auth'); // app.get('/', auth.authenticatedAccessMiddleware, function (req, res, next) { // res.render('index.html'); // }); app.get('/', function (req, res, next) { res.redirect('/auth'); }); /* * Unauthorized access handler */ app.use(function (err, req, res, next) { if (err.status !== 401) return next(err); if (req.xhr) res.json(401, { success: false, message: "Unauthorized Access" }); else res.redirect(ROUTES.AUTH_LOGIN); }); /* * development error handler * will print stacktrace */ if (process.env.NODE_ENV == 'development') app.use(function (err, req, res, next) { console.error(err.stack); res.status(err.status || 500); if (req.xhr) res.json({ success: false, message: err.message, error: err }); else res.render('error', { message: err.message, error: err }); }); /* * production error handler * no stacktraces leaked to user */ app.use(function (err, req, res, next) { res.status(err.status || 500); if (req.xhr) res.json({ success: false, message: err.message }); else res.render('error', { message: err.message }); }); // Assume 404 since no middleware responded if (process.env.NODE_ENV != 'development') app.use(function (req, res) { if (req.xhr) res.json({ url: req.originalUrl, error: 'Not Found' }); res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); console.log('LOCALS', app.locals); // console.log('ROUTES', app._router.stack); return app; };
auth0Api = require('./app/routes/auth0.api.routes'), electricImp = require('./app/routes/electricimp.routes'), authentication = require('./app/routes/authentication.auth0.routes'), installationsAPI = require('./app/routes/installations.routes'), requester = require('./app/routes/request.routes'), route = require('./app/routes/route'), runOptions = require('./app/options'); var app = express(), port = config.port || 8080; // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.iexss()); app.use(helmet.contentTypeOptions()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: true })); app.all('*', function (req, res, next) { if (req.headers.realm !== undefined) { runOptions.set({realm: req.headers.realm}); } else { runOptions.set({realm: 'local'}); } next();
module.exports = function() { // Initialize express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // compression app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.enable('showStackError'); // Env dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger app.use(morgan('dev')); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // Enable jsonp app.enable('jsonp callback'); // Passport app.use(passport.initialize()); // Helmet app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Routing config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Error handling app.use(function(err, req, res, next) { if (!err) return next(); console.error(err.stack); res.send(500); }); app.use(function(req, res) { res.send(404); }); return app; };
module.exports = function(db) { // Initialize express app var app = express(); // Setting application local variables app.locals.title = config.app.title; app.locals.siteName = config.app.siteName; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.facebookAppId = config.facebook.clientID; app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); app.locals.gaID = config.gaID; // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); // Should be placed before express.static app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true, limit: config.contentLimit })); app.use(bodyParser.json({limit: config.contentLimit})); app.use(methodOverride()); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); app.use(function (req, res, next) { passport.authenticate('token', function (err, user, info) { if (err) return next(err); if (info && info.has_token) { req.has_token = true; return next(); } if (!user) return next(); req.login(user, { session: false }, function (err) { if (err) return next(err); else return next(); }); })(req, res, next); }); // connect flash for flash messages app.use(flash()); //MEAN-SEO prerender pages for search engines app.use(seo({ cacheClient: 'disk', // Can be 'disk' or 'redis' cacheDuration: 2 * 60 * 60 * 24 * 1000 // In milliseconds for disk cache })); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); app.use(function (req, res, next) { if (req.user || req.has_token) { next(); } else if (checkPath(req)) { next(); } else { res.sendStatus(401).end(); } }); //Check path for secure protection function checkPath (req) { var allowPaths = [ //@TODO: move to config '/', '/api/auth/signin', '/auth/facebook', '/auth/twitter', '/auth/google', '/auth/facebook/callback', '/auth/twitter/callback', '/auth/google/callback', '/newTwitterUser' ]; return _.some(allowPaths, function(path){ return req.path === path; }); } policy.init(app, db); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); if (process.env.NODE_ENV === 'secure') { // Log SSL usage console.log('Securely using https protocol'); // Load SSL key and certificate var privateKey = fs.readFileSync('./config/sslcerts/key.pem', 'utf8'); var certificate = fs.readFileSync('./config/sslcerts/cert.pem', 'utf8'); // Create HTTPS Server var httpsServer = https.createServer({ key: privateKey, cert: certificate }, app); // Return HTTPS server instance return httpsServer; } // Return Express server instance return app; };
module.exports = function(db) { // Initialize express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.facebookAppId = config.facebook.clientID; app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); // Should be placed before express.static app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } //handling multi/form-data app.use(multer({ dest: './public/uploads/', rename: function (fieldname, filename) { return filename.replace(/\W+/g, '-').toLowerCase() +'_'+Date.now(); } })); // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, cookie: { maxAge: 60000 * 15 * 5}, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection, ttl: 15 * 60 * 60 }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); if (process.env.NODE_ENV === 'secure') { // Log SSL usage console.log('Securely using https protocol'); // Load SSL key and certificate var privateKey = fs.readFileSync('./config/sslcerts/key.pem', 'utf8'); var certificate = fs.readFileSync('./config/sslcerts/cert.pem', 'utf8'); // Create HTTPS Server var httpsServer = https.createServer({ key: privateKey, cert: certificate }, app); // Return HTTPS server instance return httpsServer; } // Return Express server instance return app; };
app.configure(function(){ app.engine('html', require('ejs').renderFile); app.set('view engine', 'html'); app.use(express.logger('dev')); app.use(express.compress()); app.use(express.methodOverride()); app.use(express.urlencoded()); app.use(express.json()); app.set('uploadDir', path.join(config.root, 'uploads')); app.set('uploadRelative', 'uploads'); app.use(function (req, res, next) { req.uploadDir = app.get('uploadDir'); req.uploadRelative = app.get('uploadRelative'); next(); }); app.use(express.bodyParser({ keepExtensions: true, uploadDir: app.get('uploadDir') })); app.use(express.cookieParser(settings.cookie.secret)); // Used instead of app.use(express.cookieSession()); app.use(express.session({ store: new RedisStore({ host: settings.redis.ip, port: settings.redis.port }), proxy: true, // Trust the reverse proxy when setting secure cookies cookie: { secure: false, // Important! Otherwise you'll get Forbidden 403 maxAge: cacheMaxAge, // 1 week httpOnly: false // Disabling allows us to see the cookie in Angular } })); app.use(helmet.csp({ 'default-src': ["'self'"], 'script-src': scriptSrc, 'style-src': ["'self'", "'unsafe-inline'"], 'img-src': ["'self'", "data:", "http://placehold.it"], 'connect-src': connectSrc, 'font-src': ["'self'"], 'object-src': ["'self'"], 'media-src': ["'self'"], 'frame-src': ["'self'"], reportOnly: false, // set to true if you only want to report errors setAllHeaders: false, // set to true if you want to set all headers safari5: false // set to true if you want to force buggy CSP in Safari 5 })); // This middleware adds the Strict-Transport-Security header to the response. // To use the default header of Strict-Transport-Security: maxAge=15768000 (about 6 months) app.use(helmet.hsts()); // `X-Frame` specifies whether your app can be put in a frame or iframe. app.use(helmet.xframe('deny')); // The X-XSS-Protection header is a basic protection against XSS. app.use(helmet.iexss()); // Sets the `X-Download-Options` header to noopen to prevent IE users from executing downloads in your site's context. app.use(helmet.ienoopen()); // The following sets the `X-Content-Type-Options` header to its only and default option, nosniff. app.use(helmet.contentTypeOptions()); // This middleware will remove the `X-Powered-By` header if it is set. app.use(helmet.hidePoweredBy()); app.use(function (req, res, next) { // POSTS send an OPTIONS request first so let's make sure we handle those res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type'); next(); }); // Router needs to be last app.use(app.router); });
module.exports = function() { // Initialize express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded()); app.use(bodyParser.json()); app.use(methodOverride()); // Enable jsonp app.enable('jsonp callback'); // CookieParser should be above session app.use(cookieParser()); // connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.iexss()); app.use(helmet.contentTypeOptions()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Continue along unless there is a 500 app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.send(500, { message: err.message }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found', user: req.user || null }); }); return app; };
module.exports = function(db) { // Initialize express app var app = express(); app.post('/api/v1/upload/image', function(req, res) { var form = new multiparty.Form(); form.parse(req, function(err, fields, files) { var obj = JSON.parse(fields.sizes); var medium = JSON.parse(fields.medium); var thumbnail = JSON.parse(fields.thumbnail); var file = files.file[0]; var contentType = file.headers['content-type']; var extension = file.path.substring(file.path.lastIndexOf('.')); //var destPath = '/nicklewis/profile' + '/' + uuid.v4() + extension; // TODO: Pass in the username from the front-end and store it in this variable var userName = '******'; // console.log(fields.s3bucket); // TODO: Thinking of storing this in a config file or passing it in from client??? var bucketName = 'nfolio-images'; // TODO: Imagefile, Avatar and so on // var type = obj.type; // TODO: Merge fullpath and keyname variables together for cleaner code? // TODO: Need to introduce another directory level for different image sizes // TODO: Original image is passed to server by client and this function creates variants // TODO: Thumb, medium, original - what other sizes are likely to be needed?? var keyName = userName + '/' + uuid.v4() + '/' + file.originalFilename; var fullPath = bucketName + '/' + keyName; // TODO: I would prefere that this was a similar name to that of the main image // TODO: Must delete these temporary files as soon as they are uploaded var tmpFile = 'tmp/images/' + uuid.v4(); resize(file,tmpFile,fullPath,bucketName,keyName,800,800); res.setHeader('Content-Type', 'application/json'); res.end(JSON.stringify({ fileName: fullPath }, null, 3)); }); }); function resize(file,tmpFile,fullPath,bucketName,keyName,width,height) { // STEP 1 - RESIZE // TODO: Would it be better to pass in sizes from client?? im.resize({ srcPath: file.path, dstPath: tmpFile, width: width, height: height }, function(err, stdout, stderr){ if (err) { // It is possible that the resize may fail, perhaps lack of memory or some other reason? // TODO: What should we do if the resize fails? Just pass a message back to the client??? console.log('error while resizing images' + stderr); } else { // STEP 2 - UPLOAD TO S3 // I moved this within this callback, so that we know the file has been resized and output file EXISTS! console.log('Image resized successfully: ' + tmpFile); sendToS3(tmpFile,fullPath,bucketName,keyName); } }); } function sendToS3(tmpFile,fullPath,bucketName,keyName) { // Loads the credentials from a file on the server (more secure) AWS.config.loadFromPath('./config/config.json'); var s3 = new AWS.S3(); console.log(tmpFile); var rs = fs.createReadStream(tmpFile); var params = {Bucket: bucketName, Key: keyName, Body: rs}; s3.putObject(params, function(err, data) { if (err) { // TODO: Take action if this fails but in what way? // TODO: Send a fail back to the client which should then message the user accordingly console.log(err); } else { // Success return the filename generated for this upload console.log('Successfully uploaded data to ' + fullPath); } }); } // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.facebookAppId = config.facebook.clientID; app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + ':// ' + req.headers.host + req.url; next(); }); // Should be placed before express.static app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded()); app.use(bodyParser.json()); app.use(methodOverride()); // Enable jsonp app.enable('jsonp callback'); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.iexss()); app.use(helmet.contentTypeOptions()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); return app; };
// Easy form validation! app.use(expressValidator()); // If you want to simulate DELETE and PUT // in your app you need methodOverride. app.use(methodOverride()); // Use sessions // NOTE: cookie-parser not needed with express-session > v1.5 app.use(session(config.session)); // Security Settings app.disable('x-powered-by'); // Don't advertise our server type app.use(csrf()); // Prevent Cross-Site Request Forgery app.use(helmet.nosniff()); // Sets X-Content-Type-Options to nosniff app.use(helmet.ienoopen()); // X-Download-Options for IE8+ app.use(helmet.xssFilter()); // sets the X-XSS-Protection header app.use(helmet.xframe('deny')); // Prevent iframe app.use(helmet.crossdomain()); // crossdomain.xml // Content Security Policy: // http://content-security-policy.com/ // http://www.html5rocks.com/en/tutorials/security/content-security-policy/ // http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/ // // NOTE: TURN THIS OFF DURING DEVELOPMENT // IT'S JUST PAINFUL OTHERWISE! OR DON'T // EVEN USE IT AT ALL - I JUST WANTED TO // LEARN HOW IT WORKS. :) app.use(helmet.csp({
module.exports = function(db) { // Initialize express app var app = express(); var OAuth2 = require('oauth').OAuth2; var https = require('https'); app.get('/public/Indexpage.jpg', function(req, res) { var img = fs.readFileSync('./public/Indexpage.jpg'); res.writeHead(200, {'Content-Type': 'image/gif' }); res.end(img, 'binary'); }); app.get('/public/lib/hello/dist/hello.all.min.js', function(req, res) { var img = fs.readFileSync('./public/lib/hello/dist/hello.all.min.js'); res.writeHead(200, {'Content-Type': 'text/javascript' }); res.end(img, 'binary'); }); app.get('/places', function(req, res) { var uri = '/maps/api/place/textsearch/json?query=' + req.query.query; if (req.query.language !== undefined) { uri = uri + '&language=' + req.query.language; } uri = uri + '&key=AIzaSyBXXWUbms4wO48NHxmFUPmVE0AlrY0ztZ8'; var options = { hostname: 'maps.googleapis.com', path: encodeURI(uri), }; https.get(options, function(result) { var buffer = ''; result.setEncoding('utf8'); result.on('data', function (data) { buffer += data; }); result.on('end', function() { var tweets = JSON.parse(buffer); res.send(tweets); }); }); }); /* app.get('/placeId', function(req, res) { var uri = '/maps/api/place/details/json?placeid=' + req.query.placeId; uri = uri + '&key=AIzaSyBXXWUbms4wO48NHxmFUPmVE0AlrY0ztZ8'; var options = { hostname: 'maps.googleapis.com', path: encodeURI(uri), }; console.log(uri); console.log('!!!!!!!!!!!!!!'); https.get(options, function(result) { var buffer = ''; result.setEncoding('utf8'); result.on('data', function(data) { buffer += data; }); result.on('end', function() { var tweets = JSON.parse(buffer); res.send(tweets); }); }); }); */ app.get('/tweets', function(req, res) { var oauth2 = new OAuth2('uRpaaKqj9e4ombt4ZniARqKHW', 'Y8T9NnZrpl0P2lHXLatB7DblSq7nKVtTgrBYnJOdtU9frl2AeD', 'https://api.twitter.com/', null, 'oauth2/token', null); oauth2.getOAuthAccessToken('', { 'grant_type': 'client_credentials' }, function (e, access_token) { console.log(access_token); //string that we can use to authenticate request var query = req.query; var options = { hostname: 'api.twitter.com', path: encodeURI('/1.1/search/tweets.json?q=' + query.q + '&geocode=' + query.geocode + 'km' + '&result_type=recent&count=100'), headers: { Authorization: 'Bearer ' + access_token } }; console.log('AUTHED'); https.get(options, function (result) { var buffer = ''; result.setEncoding('utf8'); result.on('data', function (data) { buffer += data; }); result.on('end', function () { var tweets = JSON.parse(buffer); res.send(tweets); }); }); }); }); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.facebookAppId = config.facebook.clientID; app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); app.locals.secure = config.secure; // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); // Setting the app router and static folder app.use(express.static(__dirname + '/public')); // Should be placed before express.static app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); if (app.locals.secure) { console.log('Securely using https protocol'); var https = require('https'), privateKey = fs.readFileSync('./config/sslcert/key.pem', 'utf8'), certificate = fs.readFileSync('./config/sslcert/cert.pem', 'utf8'), credentials = {key: privateKey, cert: certificate}, httpsServer = https.createServer(credentials, app); return httpsServer; } else { console.log('Insecurely using http protocol'); var httpServer = http.createServer(app); return httpServer; } };
module.exports = function() { // Quando chamado retorna uma instancia do modulo armazenado. var app = express(); // Define variavel de ambiente (chave, valor). app.set('port', config.port); // Configuracao do template. // Define o 'ejs' como template utilizado. app.set('view engine', 'ejs'); // Define o diretorio que contera as views. app.set('views', './app/views'); // Middlewares. app.use(express.static('./public')); // Middlewares 'body-parser' e 'method-override'. app.use(bodyParser.urlencoded({extended: true})); app.use(bodyParser.json()); app.use(require('method-override')()); app.use(cookieParser()); app.use(session({ secret: 'Jessi', resave: true, saveUninitialized: true })); app.use(passport.initialize()); app.use(passport.session()); // app.use(helmet()); app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // ou. // app.use(helmet.hidePoweredBy({ setTo: 'PHP 5.5.14' })); // Inicia o modulo com as rotas (DEPRECATED - Agora usando 'express-load'). // home(app); // O load() carrega todos os scripts dentro de 'app/models', 'app/controllers' e 'app/routes' seguindo a ordem correta 'model -> controller -> route'. // O 'cwd' foi necessario pois por padrao os diretorios sao procurados na raiz. load('models', {cwd: 'app'}) .then('controllers') .then('routes/auth.js') .then('routes') .into(app); // Se nenhum rota atender, direciona para página 404. app.get('*', function(req, res) { res.status(404).render('404'); }); return app; };
module.exports = function(db) { // Initialize express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.google_analytics_id = config.app.google_analytics_id; app.locals.title = config.app.title; app.locals.signupDisabled = config.signupDisabled; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.socketPort = config.socketPort; app.locals.bowerJSFiles = config.getBowerJSAssets(); app.locals.bowerCssFiles = config.getBowerCSSAssets(); app.locals.bowerOtherFiles = config.getBowerOtherAssets(); app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); //Setup Prerender.io app.use(require('prerender-node').set('prerenderToken', process.env.PRERENDER_TOKEN)); // Passing the request url to environment locals app.use(function(req, res, next) { if(config.baseUrl === ''){ config.baseUrl = req.protocol + '://' + req.headers.host; } res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); // Should be placed before express.static app.use(compression({ // only compress files for the following content types filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, // zlib option for compression level level: 3 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Enable logger (morgan) app.use(morgan(logger.getLogFormat(), logger.getLogOptions())); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use('/', express.static(path.resolve('./public'))); app.use('/uploads', express.static(path.resolve('./uploads'))); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new MongoStore({ mongooseConnection: db.connection, collection: config.sessionCollection }), cookie: config.sessionCookie, name: config.sessionName })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // setup express-device app.use(device.capture({ parseUserAgent: true })); // connect flash for flash messages app.use(flash()); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Add headers for Sentry app.use(function (req, res, next) { // Website you wish to allow to connect res.setHeader('Access-Control-Allow-Origin', 'https://sentry.polydaic.com'); // Request methods you wish to allow res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE'); // Request headers you wish to allow res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type'); // Set to true if you need the website to include cookies in the requests sent // to the API (e.g. in case you use sessions) res.setHeader('Access-Control-Allow-Credentials', true); // Pass to next layer of middleware next(); }); // Sentry (Raven) middleware // app.use(raven.middleware.express.requestHandler(config.DSN)); // Should come before any other error middleware // app.use(raven.middleware.express.errorHandler(config.DSN)); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); client.captureError(err); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { client.captureError(new Error('Page Not Found')); res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); if (process.env.NODE_ENV === 'secure') { // Load SSL key and certificate var privateKey = fs.readFileSync('./config/sslcerts/key.pem', 'utf8'); var certificate = fs.readFileSync('./config/sslcerts/cert.pem', 'utf8'); // Create HTTPS Server var httpsServer = https.createServer({ key: privateKey, cert: certificate }, app); // Return HTTPS server instance return httpsServer; } app = configureSocketIO(app, db); // Return Express server instance return app; };
module.exports = function(db) { // Initialise express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/components/**/*.server.model.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.jsFiles = config.getJavascriptAssets(); app.locals.cssFiles = config.getCSSAssets(); app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); app.set('showStackError', true); app.engine('server.view.html', consolidate[config.templateEngine]); app.set('view engine', 'server.view.html'); // set the default views location // todo: would like this to support multiple view locations so they can exist specific component folders app.set('views', './app/components/views'); // Environment dependant middleware if (process.env.NODE_ENV === 'development') { // Enable logger app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // Enable jsonp app.enable('jsonp callback'); app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); // Connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Set static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files config.getGlobbedFiles('./app/components/**/*.server.routes.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404 app.use(function(err, req, res, next) { if (!err) { return next(); } res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not found' }); }); return app; };
module.exports = function(db) { // Initialize express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.facebookAppId = config.facebook.clientID; app.locals.jsFiles = config.getJavaScriptAssets(); app.locals.cssFiles = config.getCSSAssets(); // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); // Should be placed before express.static app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // Enable jsonp app.enable('jsonp callback'); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, store: new mongoStore({ db: db.connection.db, collection: config.sessionCollection }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // connect flash for flash messages app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); // Attach Socket.io var server = http.createServer(app); app.set('server', server); var io = socketio.listen(server); app.set('socketio', io); io.sockets.on('connection', socket); return app; };
module.exports = function(db) { // Initialize express app var app = express(); // Globbing model files config.getGlobbedFiles('./app/models/**/*.js').forEach(function(modelPath) { require(path.resolve(modelPath)); }); // Setting application local variables from loaded config.js file, which has got variables from // env/all.js app.locals.title = config.app.title; app.locals.description = config.app.description; app.locals.keywords = config.app.keywords; app.locals.facebookAppId = config.facebook.clientID; app.locals.jsFiles = config.getJavaScriptAssets(); // get all public/lib/ public/modules/ js files app.locals.cssFiles = config.getCSSAssets(); // get all public/lib/ public/modules/ css files // Passing the request url to environment locals app.use(function(req, res, next) { res.locals.url = req.protocol + '://' + req.headers.host + req.url; next(); }); // Should be placed before express.static app.use(compress({ filter: function(req, res) { return (/json|text|javascript|css/).test(res.getHeader('Content-Type')); }, level: 9 })); // Showing stack errors // i think it should not be seen in case of production app.set('showStackError', true); // Set swig as the template engine app.engine('server.view.html', consolidate[config.templateEngine]); // Set views path and view engine app.set('view engine', 'server.view.html'); app.set('views', './app/views'); // Environment dependent middleware if (process.env.NODE_ENV === 'development') { // Enable logger (morgan) app.use(morgan('dev')); // Disable views cache app.set('view cache', false); } else if (process.env.NODE_ENV === 'production') { app.locals.cache = 'memory'; } // Request body parsing middleware should be above methodOverride app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); app.use(methodOverride()); // CookieParser should be above session app.use(cookieParser()); // Express MongoDB session storage app.use(session({ saveUninitialized: true, resave: true, secret: config.sessionSecret, // env/all.js contains sessionSecret store: new mongoStore({ db: db.connection.db, // development.js/production.js/test.js has db field which gets in config.js // i think db.connection.db value is not present, don't know how it will work collection: config.sessionCollection }) })); // use passport session app.use(passport.initialize()); app.use(passport.session()); // persistent login sessions // // use connect-flash for flash messages stored in session app.use(flash()); // Use helmet to secure Express headers app.use(helmet.xframe()); app.use(helmet.xssFilter()); app.use(helmet.nosniff()); app.use(helmet.ienoopen()); app.disable('x-powered-by'); // Setting the app router and static folder app.use(express.static(path.resolve('./public'))); // Globbing routing files, // here we are auto loading the server route files // i think, these route files use controllers, which load views, views use models for data config.getGlobbedFiles('./app/routes/**/*.js').forEach(function(routePath) { require(path.resolve(routePath))(app); }); // Assume 'not found' in the error msgs is a 404. this is somewhat silly, but valid, you can do whatever you like, set properties, use instanceof etc. app.use(function(err, req, res, next) { // If the error object doesn't exists if (!err) return next(); // Log it console.error(err.stack); // Error page res.status(500).render('500', { // don't know why they haven't used full name 500.server.view.html, how using '500' only works error: err.stack }); }); // Assume 404 since no middleware responded app.use(function(req, res) { res.status(404).render('404', { url: req.originalUrl, error: 'Not Found' }); }); return app; };