Hugging Face's logo

Spaces:
ShieldX
/
cragy-api
Running

App Files Community
cragy-api
File size: 2,274 Bytes 
9470e9f
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3e10ff3
 
 
 
 
 
9470e9f
 
 
 
3e10ff3
 
9470e9f
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2ea621f
9470e9f
 
 
 
 
 
 
 
 
 
 
 
 
3e10ff3
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
import 'dotenv/config';
import express from 'express';
import mongoose from 'mongoose';
import cookieSession from 'cookie-session';
import passport from 'passport';
import cors from 'cors';
import helmet from 'helmet';
import { createServer } from 'http'; // REQUIRED for Socket.io

// Config
import connectDB from './config/db.js';
import './config/passport.js'; // Execute passport config
import authRoutes from './routes/authRoutes.js';
import userRoutes from './routes/userRoutes.js';
import friendRoutes from './routes/friendRoutes.js';
import { initSocket } from './services/SocketManager.js';

// Connect to DB
connectDB();

const app = express();

// Security Middleware
app.use(helmet());
app.use(cors({
  origin: process.env.CLIENT_URL || "http://localhost:5173",
  methods: "GET,POST,PUT,DELETE",
  credentials: true // Allow cookies
}));

// Body Parsers
app.use(express.json());

// Session Middleware (Encryption for Cookie)
app.use(
  cookieSession({
    name: 'cragy_session',
    maxAge: 30 * 24 * 60 * 60 * 1000,
    keys: [process.env.COOKIE_KEY],

    sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', 
    
    // Secure MUST be true if sameSite is 'none'
    secure: process.env.NODE_ENV === 'production', 
    
    // Allow proxy trust (HuggingFace uses a proxy)
    httpOnly: true,
  })
);

// Trust the HuggingFace/Cloudflare proxy so 'secure' cookies work
app.set('trust proxy', 1);

app.use((req, res, next) => {
    if (req.session && !req.session.regenerate) {
        req.session.regenerate = (cb) => {
            cb();
        };
    }
    if (req.session && !req.session.save) {
        req.session.save = (cb) => {
            cb();
        };
    }
    next();
});

// Passport Middleware
app.use(passport.initialize());
app.use(passport.session());

// Routes
app.use('/api/auth', authRoutes);
app.use('/api/user', userRoutes);
app.use('/api/friends', friendRoutes);

app.get('/', (req, res) => {
  res.send({ status: 'Online', user: req.user });
});

const httpServer = createServer(app); // Wrap Express
initSocket(httpServer); // Initialize Socket

const PORT = process.env.PORT || 3000;
httpServer.listen(PORT, () => { // Listen on httpServer, NOT app
  console.log(`🚀 Server + Socket running on port ${PORT}`);
});