EcoTracker / server.js
Akash-Dragon's picture
feat: implement security headers, rate limiting, validation, and test suite
e0c22b5
Raw
History Blame Contribute Delete
1.88 kB
const express = require('express');
const cors = require('cors');
const morgan = require('morgan');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const routes = require('./routes');
const app = express();
const PORT = process.env.PORT || 5000;
// Enable Helmet for secure HTTP headers (prevents XSS, clickjacking, MIME sniffing, etc.)
app.use(helmet({
crossOriginResourcePolicy: { policy: "cross-origin" }
}));
// Rate limiting to prevent brute force / DoS attacks
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per windowMs
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
message: { error: 'Too many requests from this IP, please try again after 15 minutes' }
});
// Apply rate limiter to all API routes
app.use('/api', limiter);
// Enable CORS so the React Native Web client can fetch from it
app.use(cors());
// Parse JSON request bodies
app.use(express.json());
// Log incoming request details for debugging
app.use(morgan('dev'));
// Root endpoint for health check & status checks
app.get('/', (req, res) => {
res.json({
status: 'online',
service: 'EcoTrack AI Carbon Accounting API',
version: '1.0.0',
database: process.env.FIREBASE_SERVICE_ACCOUNT ? 'firestore' : 'local-mock'
});
});
// Mount our router on /api
app.use('/api', routes);
// Start server (only if not running inside a test runner)
if (process.env.NODE_ENV !== 'test') {
app.listen(PORT, '0.0.0.0', () => {
console.log(`=========================================`);
console.log(` EcoTrack AI Backend Service Running`);
console.log(` URL: http://localhost:${PORT}`);
console.log(`=========================================`);
});
}
module.exports = app;