Spaces:

nexusbert
/

zurri

Runtime error

App Files Files Community

nexusbert commited on Nov 5, 2025

Commit

b2cd2a3

1 Parent(s): f5035b9

send app

Browse files

Files changed (1) hide show

src/app.ts +20 -35

src/app.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import helmet from 'helmet';
 import rateLimit from 'express-rate-limit';
 import swaggerUi from 'swagger-ui-express';
 import { swaggerSpec } from './docs/swagger';
-import { requestLogger, sanitizeRequestBody, validateRequestSize, createStrictRateLimiter } from './middlewares/security';
 // Routes
 import authRoutes from './routes/authRoutes';
@@ -23,24 +23,10 @@ const app: Application = express();
 // Only trust the first proxy (Hugging Face Spaces proxy)
 app.set('trust proxy', 1);
 app.use(helmet({
-  contentSecurityPolicy: {
-    directives: {
-      defaultSrc: ["'self'"],
-      styleSrc: ["'self'", "'unsafe-inline'"],
-      scriptSrc: ["'self'"],
-      imgSrc: ["'self'", "data:", "https:"],
-    },
-  },
   crossOriginEmbedderPolicy: false,
-  hsts: {
-    maxAge: 31536000,
-    includeSubDomains: true,
-    preload: true,
-  },
-  noSniff: true,
-  xssFilter: true,
-  frameguard: { action: 'deny' },
 }));
 // CORS configuration - simplified
@@ -75,10 +61,8 @@ app.use(cors({
 app.use(express.json({ limit: '10mb' }));
 app.use(express.urlencoded({ extended: true, limit: '10mb' }));
-// Security middleware
-app.use(validateRequestSize(10 * 1024 * 1024));
-app.use(sanitizeRequestBody);
-app.use(requestLogger);
 const generalLimiter = createStrictRateLimiter(15 * 60 * 1000, 100);
 app.use('/api/', generalLimiter);
@@ -123,26 +107,27 @@ app.use('/api/chat', chatRoutes);
 app.use('/api/subscriptions', subscriptionRoutes);
 app.use('/api/wallet', walletRoutes);
 app.use((req, res) => {
-  res.status(404).json({ error: 'Route not found' });
 });
 app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
-  console.error('Error:', {
-    message: err.message,
-    stack: process.env.NODE_ENV === 'development' ? err.stack : undefined,
-    path: req.path,
-    method: req.method,
-    ip: req.ip,
-  });
-  if (err.message === 'Not allowed by CORS') {
-    return res.status(403).json({ error: 'CORS policy violation' });
   }
-  res.status(500).json({
-    error: process.env.NODE_ENV === 'production' ? 'Internal server error' : err.message,
-  });
 });
 export default app;

 import rateLimit from 'express-rate-limit';
 import swaggerUi from 'swagger-ui-express';
 import { swaggerSpec } from './docs/swagger';
+import { sanitizeRequestBody, createStrictRateLimiter } from './middlewares/security';
 // Routes
 import authRoutes from './routes/authRoutes';
 // Only trust the first proxy (Hugging Face Spaces proxy)
 app.set('trust proxy', 1);
+// Simplified Helmet - basic security only
 app.use(helmet({
+  contentSecurityPolicy: false, // Disable CSP for simplicity
   crossOriginEmbedderPolicy: false,
 }));
 // CORS configuration - simplified
 app.use(express.json({ limit: '10mb' }));
 app.use(express.urlencoded({ extended: true, limit: '10mb' }));
+// Simplified security - only sanitize API routes
+app.use('/api', sanitizeRequestBody);
 const generalLimiter = createStrictRateLimiter(15 * 60 * 1000, 100);
 app.use('/api/', generalLimiter);
 app.use('/api/subscriptions', subscriptionRoutes);
 app.use('/api/wallet', walletRoutes);
+// Simple 404 handler
 app.use((req, res) => {
+  // Only return JSON for API routes, otherwise just 404
+  if (req.path.startsWith('/api')) {
+    res.status(404).json({ error: 'Route not found' });
+  } else {
+    res.status(404).send('Not found');
+  }
 });
+// Simplified error handler
 app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
+  if (process.env.NODE_ENV === 'development') {
+    console.error('Error:', err.message);
   }
+  if (req.path.startsWith('/api')) {
+    res.status(500).json({ error: 'Server error' });
+  } else {
+    res.status(500).send('Server error');
+  }
 });
 export default app;