noteshare.space/server/server.ts

import "dotenv/config";
import express, { Express, Request } from "express";
import { PrismaClient, EncryptedNote } from "@prisma/client";
import { addDays } from "./util";
import helmet from "helmet";
import rateLimit from "express-rate-limit";
import pinoHttp from "pino-http";
import logger from "./logger";

// Initialize middleware clients
const prisma = new PrismaClient();
const app: Express = express();
app.use(express.json());

// configure logging
app.use(
  pinoHttp({
    logger: logger,
  })
);

// configure Helmet and CORS
app.use(
  helmet({
    crossOriginResourcePolicy: {
      policy: process.env.ENVIRONMENT == "dev" ? "cross-origin" : "same-origin",
    },
  })
);

// Apply rate limiting
const postLimiter = rateLimit({
  windowMs: parseInt(process.env.POST_LIMIT_WINDOW_SECONDS as string) * 1000,
  max: parseInt(process.env.POST_LIMIT as string), // Limit each IP to X requests per window
  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
});

// start the Express server
app.listen(process.env.PORT, () => {
  logger.info(`server started at port ${process.env.PORT}`);
});

// Post new encrypted note
app.post(
  "/api/note/",
  postLimiter,
  (req: Request<{}, {}, EncryptedNote>, res, next) => {
    const note = req.body;
    prisma.encryptedNote
      .create({
        data: { ...note, expire_time: addDays(new Date(), 30) },
      })
      .then((savedNote) => {
        res.json({
          view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`,
          expire_time: savedNote.expire_time,
        });
      })
      .catch(next);
  }
);

// Get encrypted note
app.get("/api/note/:id", (req, res, next) => {
  prisma.encryptedNote
    .findUnique({
      where: { id: req.params.id },
    })
    .then((note) => {
      if (note != null) {
        res.send(note);
      }
      res.status(404).send();
    })
    .catch(next);
});

// Clean up expired notes periodically
const interval =
  Math.max(parseInt(<string>process.env.CLEANUP_INTERVAL_SECONDS) || 1, 1) *
  1000;
setInterval(async () => {
  try {
    logger.info("[Cleanup] Cleaning up expired notes...");
    const deleted = await prisma.encryptedNote.deleteMany({
      where: {
        expire_time: {
          lte: new Date(),
        },
      },
    });
    logger.info(`[Cleanup] Deleted ${deleted.count} expired notes.`);
  } catch (err) {
    logger.error(`[Cleanup] Error cleaning expired notes:`);
    logger.error(err);
  }
}, interval);
reordering 2022-06-22 00:30:11 +03:00			`import "dotenv/config";`
post rate limiting 2022-06-29 23:19:50 +03:00			`import express, { Express, Request } from "express";`
reordering 2022-06-22 00:30:11 +03:00			`import { PrismaClient, EncryptedNote } from "@prisma/client";`
schedule deletion of notes 2022-06-29 15:17:38 +03:00			`import { addDays } from "./util";`
add helmet 2022-06-29 18:14:05 +03:00			`import helmet from "helmet";`
post rate limiting 2022-06-29 23:19:50 +03:00			`import rateLimit from "express-rate-limit";`
add logging to server 2022-07-06 15:59:38 +03:00			`import pinoHttp from "pino-http";`
			`import logger from "./logger";`
reordering 2022-06-22 00:30:11 +03:00
schedule deletion of notes 2022-06-29 15:17:38 +03:00			`// Initialize middleware clients`
reordering 2022-06-22 00:30:11 +03:00			`const prisma = new PrismaClient();`
			`const app: Express = express();`
schedule deletion of notes 2022-06-29 15:17:38 +03:00			`app.use(express.json());`
add logging to server 2022-07-06 15:59:38 +03:00
			`// configure logging`
			`app.use(`
			`pinoHttp({`
			`logger: logger,`
			`})`
			`);`

			`// configure Helmet and CORS`
fix cors with helmet 2022-06-30 10:28:49 +03:00			`app.use(`
			`helmet({`
			`crossOriginResourcePolicy: {`
			`policy: process.env.ENVIRONMENT == "dev" ? "cross-origin" : "same-origin",`
			`},`
			`})`
			`);`
cors for localhost 2022-06-23 21:22:34 +03:00
post rate limiting 2022-06-29 23:19:50 +03:00			`// Apply rate limiting`
			`const postLimiter = rateLimit({`
rate limit env variable 2022-06-29 23:32:18 +03:00			`windowMs: parseInt(process.env.POST_LIMIT_WINDOW_SECONDS as string) * 1000,`
			`max: parseInt(process.env.POST_LIMIT as string), // Limit each IP to X requests per window`
post rate limiting 2022-06-29 23:19:50 +03:00			standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
			legacyHeaders: false, // Disable the `X-RateLimit-*` headers
			`});`

reordering 2022-06-22 00:30:11 +03:00			`// start the Express server`
			`app.listen(process.env.PORT, () => {`
add logging to server 2022-07-06 15:59:38 +03:00			logger.info(`server started at port ${process.env.PORT}`);
reordering 2022-06-22 00:30:11 +03:00			`});`

			`// Post new encrypted note`
post rate limiting 2022-06-29 23:19:50 +03:00			`app.post(`
Add reverse proxy to docker compose (traefik) 2022-07-03 12:02:21 +03:00			`"/api/note/",`
post rate limiting 2022-06-29 23:19:50 +03:00			`postLimiter,`
better error handling 2022-07-06 16:07:51 +03:00			`(req: Request<{}, {}, EncryptedNote>, res, next) => {`
post rate limiting 2022-06-29 23:19:50 +03:00			`const note = req.body;`
better error handling 2022-07-06 16:07:51 +03:00			`prisma.encryptedNote`
			`.create({`
			`data: { ...note, expire_time: addDays(new Date(), 30) },`
			`})`
			`.then((savedNote) => {`
			`res.json({`
			view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`,
			`expire_time: savedNote.expire_time,`
			`});`
			`})`
			`.catch(next);`
post rate limiting 2022-06-29 23:19:50 +03:00			`}`
			`);`
reordering 2022-06-22 00:30:11 +03:00
			`// Get encrypted note`
better error handling 2022-07-06 16:07:51 +03:00			`app.get("/api/note/:id", (req, res, next) => {`
			`prisma.encryptedNote`
			`.findUnique({`
			`where: { id: req.params.id },`
			`})`
			`.then((note) => {`
			`if (note != null) {`
			`res.send(note);`
			`}`
			`res.status(404).send();`
			`})`
			`.catch(next);`
reordering 2022-06-22 00:30:11 +03:00			`});`

schedule deletion of notes 2022-06-29 15:17:38 +03:00			`// Clean up expired notes periodically`
			`const interval =`
			`Math.max(parseInt(<string>process.env.CLEANUP_INTERVAL_SECONDS) \|\| 1, 1) *`
			`1000;`
			`setInterval(async () => {`
			`try {`
add logging to server 2022-07-06 15:59:38 +03:00			`logger.info("[Cleanup] Cleaning up expired notes...");`
schedule deletion of notes 2022-06-29 15:17:38 +03:00			`const deleted = await prisma.encryptedNote.deleteMany({`
			`where: {`
			`expire_time: {`
			`lte: new Date(),`
			`},`
			`},`
			`});`
add logging to server 2022-07-06 15:59:38 +03:00			logger.info(`[Cleanup] Deleted ${deleted.count} expired notes.`);
schedule deletion of notes 2022-06-29 15:17:38 +03:00			`} catch (err) {`
add logging to server 2022-07-06 15:59:38 +03:00			logger.error(`[Cleanup] Error cleaning expired notes:`);
			`logger.error(err);`
schedule deletion of notes 2022-06-29 15:17:38 +03:00			`}`
			`}, interval);`