ifb-schulapp/index.js

require('dotenv').config();
const express = require('express');
const cookieParser = require('cookie-parser');
const helmet = require('helmet');
const path = require('path');
const routes = require('./src/routes');
const { router: filesRouter } = require('./src/files');
const teacherRouter = require('./src/teacher');

if (!process.env.JWT_SECRET) {
  console.error('FATAL: JWT_SECRET environment variable is not set.');
  process.exit(1);
}

const app = express();
const PORT = 3010;

app.use(helmet({
  contentSecurityPolicy: {
    directives: {
      defaultSrc: ["'self'"],
      scriptSrc: ["'self'", "'unsafe-inline'", 'unpkg.com'],
      scriptSrcAttr: ["'unsafe-inline'"],
      styleSrc: ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
      fontSrc: ["'self'", 'https://fonts.gstatic.com'],
      imgSrc: ["'self'", 'data:'],
      connectSrc: ["'self'", 'https://api.open-meteo.com'],
      frameAncestors: ["'none'"],
      objectSrc: ["'none'"],
    },
  },
}));
app.use(express.json());
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/api', routes);
app.use('/api/files', filesRouter);
app.use('/api/teacher', teacherRouter);

const html = f => (req, res) => res.sendFile(path.join(__dirname, 'public', f));

app.get('/login', html('login.html'));
app.get('/admin', html('admin.html'));
app.get('/datenschutz', html('datenschutz.html'));
app.get('/app', html('app.html'));
app.get('/reset-password', html('reset-password.html'));
app.get('/{*path}', html('index.html'));

app.listen(PORT, '127.0.0.1', () => console.log(`info1 läuft auf :${PORT}`));