apiServer.ts 2.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. import express from "express";
  2. import cors from "cors";
  3. import cookieParser from "cookie-parser";
  4. import config from "@server/lib/config";
  5. import logger from "@server/logger";
  6. import {
  7. errorHandlerMiddleware,
  8. notFoundMiddleware,
  9. rateLimitMiddleware
  10. } from "@server/middlewares";
  11. import { authenticated, unauthenticated } from "@server/routers/external";
  12. import { router as wsRouter, handleWSUpgrade } from "@server/routers/ws";
  13. import { logIncomingMiddleware } from "./middlewares/logIncoming";
  14. import { csrfProtectionMiddleware } from "./middlewares/csrfProtection";
  15. import helmet from "helmet";
  16. const dev = process.env.ENVIRONMENT !== "prod";
  17. const externalPort = config.getRawConfig().server.external_port;
  18. export function createApiServer() {
  19. const apiServer = express();
  20. if (config.getRawConfig().server.trust_proxy) {
  21. apiServer.set("trust proxy", 1);
  22. }
  23. const corsConfig = config.getRawConfig().server.cors;
  24. const options = {
  25. ...(corsConfig?.origins
  26. ? { origin: corsConfig.origins }
  27. : {
  28. origin: (origin: any, callback: any) => {
  29. callback(null, true);
  30. }
  31. }),
  32. ...(corsConfig?.methods && { methods: corsConfig.methods }),
  33. ...(corsConfig?.allowed_headers && {
  34. allowedHeaders: corsConfig.allowed_headers
  35. }),
  36. credentials: !(corsConfig?.credentials === false)
  37. };
  38. logger.debug("Using CORS options", options);
  39. apiServer.use(cors(options));
  40. if (!dev) {
  41. apiServer.use(helmet());
  42. apiServer.use(csrfProtectionMiddleware);
  43. }
  44. apiServer.use(cookieParser());
  45. apiServer.use(express.json());
  46. if (!dev) {
  47. apiServer.use(
  48. rateLimitMiddleware({
  49. windowMin:
  50. config.getRawConfig().rate_limits.global.window_minutes,
  51. max: config.getRawConfig().rate_limits.global.max_requests,
  52. type: "IP_AND_PATH"
  53. })
  54. );
  55. }
  56. // API routes
  57. const prefix = `/api/v1`;
  58. apiServer.use(logIncomingMiddleware);
  59. apiServer.use(prefix, unauthenticated);
  60. apiServer.use(prefix, authenticated);
  61. // WebSocket routes
  62. apiServer.use(prefix, wsRouter);
  63. // Error handling
  64. apiServer.use(notFoundMiddleware);
  65. apiServer.use(errorHandlerMiddleware);
  66. // Create HTTP server
  67. const httpServer = apiServer.listen(externalPort, (err?: any) => {
  68. if (err) throw err;
  69. logger.info(
  70. `API server is running on http://localhost:${externalPort}`
  71. );
  72. });
  73. // Handle WebSocket upgrades
  74. handleWSUpgrade(httpServer);
  75. return httpServer;
  76. }