82 lines
2.6 KiB
JavaScript
82 lines
2.6 KiB
JavaScript
const requireAuth = require('./middlewares/requireAuth');
|
|
const authRoutes = require('./routes/authRoutes');
|
|
const express = require('express');
|
|
const path = require('path');
|
|
const session = require('express-session');
|
|
require('dotenv').config();
|
|
|
|
const viabilidadeRoutes = require('./routes/viabilidadeRoutes');
|
|
|
|
const app = express();
|
|
|
|
// Basic middleware
|
|
app.use(express.json({ limit: '5mb' }));
|
|
app.use(express.urlencoded({ extended: true }));
|
|
|
|
// Session (in-memory, fine for dev/tests)
|
|
app.use(session({
|
|
secret: process.env.SESSION_SECRET || 'dev-secret',
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
cookie: { secure: false } // secure should be true behind HTTPS in prod
|
|
}));
|
|
|
|
// Registrar authRoutes primeiro (rotas de login)
|
|
app.use(authRoutes);
|
|
|
|
// Dev bypass for Microsoft auth / session (only when explicitly enabled)
|
|
// MUST come before the global protection middleware so it can insert req.session.user
|
|
if (process.env.NODE_ENV === 'development' && process.env.DEV_SKIP_AUTH === 'true') {
|
|
app.use((req, res, next) => {
|
|
if (!req.session) return next();
|
|
// note: property must be `authenticated` (with 'h') so requireAuth recognizes it
|
|
req.session.user = req.session.user || { authenticated: true, id: 'dev', name: 'developer' };
|
|
next();
|
|
});
|
|
}
|
|
|
|
// Note: static assets must be served AFTER the global protection middleware
|
|
// when you want the site to redirect to /login before delivering the UI.
|
|
|
|
// Proteção global (após static + dev bypass)
|
|
app.use((req, res, next) => {
|
|
if (
|
|
req.path.startsWith('/auth') ||
|
|
req.path === '/login' ||
|
|
req.path === '/health'
|
|
) {
|
|
return next();
|
|
}
|
|
|
|
return requireAuth(req, res, next);
|
|
});
|
|
|
|
// Serve static assets (UI) AFTER protection so the app redirects to /login first
|
|
app.use(express.static(path.join(__dirname, 'public')));
|
|
|
|
// Mount API routes
|
|
app.use('/', viabilidadeRoutes);
|
|
|
|
// Health endpoint
|
|
app.get('/health', (req, res) => res.json({ ok: true }));
|
|
|
|
// 404
|
|
app.use((req, res) => res.status(404).json({ error: 'Not found' }));
|
|
|
|
// Error handler
|
|
app.use((err, req, res, next) => {
|
|
console.error(err && (err.stack || err.message) || err);
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
});
|
|
|
|
if (require.main === module) {
|
|
const port = parseInt(process.env.PORT, 10) || 3000;
|
|
app.listen(port, () => {
|
|
console.log(`Server listening on port ${port} (env=${process.env.NODE_ENV || 'production'})`);
|
|
if (process.env.NODE_ENV === 'development' && process.env.DEV_SKIP_AUTH === 'true') {
|
|
console.log('[START-NOAUTH] DEV_SKIP_AUTH=true — authentication is bypassed');
|
|
}
|
|
});
|
|
}
|
|
|
|
module.exports = app; |