Updatweb

backend/server.js

@@ -2,27 +2,98 @@ const express = require("express");
 const session = require("express-session");
 const pgSession = require("connect-pg-simple")(session);
 const path = require("path");
-const { pool } = require("./config/database");
+const fs = require("fs");
+const helmet = require("helmet");
+const cors = require("cors");
+const { pool, healthCheck } = require("./config/database");
+const logger = require("./config/logger");
+const { apiLimiter, authLimiter } = require("./config/rateLimiter");
+const { errorHandler, notFoundHandler } = require("./middleware/errorHandler");
+const {
+  isDevelopment,
+  getBaseDir,
+  SESSION_CONFIG,
+  BODY_PARSER_LIMITS,
+} = require("./config/constants");
 require("dotenv").config();
 
 const app = express();
 const PORT = process.env.PORT || 5000;
+const baseDir = getBaseDir();
 
-// Development mode - Serve static files from development directory
-const isDevelopment = process.env.NODE_ENV !== "production";
-const baseDir = isDevelopment
-  ? path.join(__dirname, "..", "website")
-  : "/var/www/skyartshop";
+logger.info(`📁 Serving from: ${baseDir}`);
 
-console.log(`📁 Serving from: ${baseDir}`);
+// Security middleware
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        defaultSrc: ["'self'"],
+        styleSrc: ["'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net"],
+        scriptSrc: ["'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net"],
+        imgSrc: ["'self'", "data:", "blob:"],
+        fontSrc: ["'self'", "https://cdn.jsdelivr.net"],
+      },
+    },
+    hsts: {
+      maxAge: 31536000,
+      includeSubDomains: true,
+      preload: true,
+    },
+  })
+);
+
+// CORS configuration
+if (process.env.CORS_ORIGIN) {
+  app.use(
+    cors({
+      origin: process.env.CORS_ORIGIN.split(","),
+      credentials: true,
+    })
+  );
+}
+
+// Trust proxy for rate limiting behind nginx
+app.set("trust proxy", 1);
+
+// Body parsers
+app.use(express.json({ limit: BODY_PARSER_LIMITS.JSON }));
+app.use(
+  express.urlencoded({ extended: true, limit: BODY_PARSER_LIMITS.URLENCODED })
+);
+
+// Fallback middleware for missing product images
+const productImageFallback = (req, res, next) => {
+  const imagePath = path.join(
+    baseDir,
+    "assets",
+    "images",
+    "products",
+    req.path
+  );
+
+  if (fs.existsSync(imagePath)) {
+    return next();
+  }
+
+  const placeholderPath = path.join(
+    baseDir,
+    "assets",
+    "images",
+    "products",
+    "placeholder.jpg"
+  );
+  logger.debug("Serving placeholder image", { requested: req.path });
+  res.sendFile(placeholderPath);
+};
+
+app.use("/assets/images/products", productImageFallback);
 
 app.use(express.static(path.join(baseDir, "public")));
 app.use("/assets", express.static(path.join(baseDir, "assets")));
 app.use("/uploads", express.static(path.join(baseDir, "uploads")));
 
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
+// Session middleware
 app.use(
   session({
     store: new pgSession({
@@ -30,20 +101,30 @@ app.use(
       tableName: "session",
       createTableIfMissing: true,
     }),
-    secret: process.env.SESSION_SECRET || "skyart-shop-secret-2025",
+    secret: process.env.SESSION_SECRET || "change-this-secret",
     resave: false,
     saveUninitialized: false,
     cookie: {
-      secure: false, // Always false for localhost development
+      secure: !isDevelopment(),
       httpOnly: true,
-      maxAge: 24 * 60 * 60 * 1000,
+      maxAge: SESSION_CONFIG.COOKIE_MAX_AGE,
       sameSite: "lax",
     },
-    proxy: false, // No proxy in development
-    name: "skyartshop.sid",
+    proxy: !isDevelopment(),
+    name: SESSION_CONFIG.SESSION_NAME,
   })
 );
 
+// Request logging
+app.use((req, res, next) => {
+  logger.info("Request received", {
+    method: req.method,
+    path: req.path,
+    ip: req.ip,
+  });
+  next();
+});
+
 app.use((req, res, next) => {
   res.locals.session = req.session;
   res.locals.currentPath = req.path;
@@ -66,6 +147,11 @@ app.get("/admin/", (req, res) => {
   res.redirect("/admin/login.html");
 });
 
+// Apply rate limiting to API routes
+app.use("/api/admin/login", authLimiter);
+app.use("/api/admin/logout", authLimiter);
+app.use("/api", apiLimiter);
+
 // API Routes
 app.use("/api/admin", authRoutes);
 app.use("/api/admin", adminRoutes);
@@ -81,37 +167,88 @@ app.get("/", (req, res) => {
   res.sendFile(path.join(baseDir, "public", "index.html"));
 });
 
-app.get("/health", (req, res) => {
-  res.json({
-    status: "ok",
-    timestamp: new Date().toISOString(),
-    database: "connected",
+// Health check endpoint
+const { CRITICAL_IMAGES } = require("./config/constants");
+
+app.get("/health", async (req, res) => {
+  try {
+    const dbHealth = await healthCheck();
+    const missingImages = CRITICAL_IMAGES.filter(
+      (img) => !fs.existsSync(path.join(baseDir, img))
+    );
+
+    const assetsHealthy = missingImages.length === 0;
+    const overallHealthy = dbHealth.healthy && assetsHealthy;
+    const status = overallHealthy ? 200 : 503;
+
+    res.status(status).json({
+      status: overallHealthy ? "ok" : "degraded",
+      timestamp: new Date().toISOString(),
+      uptime: process.uptime(),
+      database: dbHealth,
+      assets: {
+        healthy: assetsHealthy,
+        missingCritical: missingImages,
+      },
+      memory: {
+        used: Math.round(process.memoryUsage().heapUsed / 1024 / 1024),
+        total: Math.round(process.memoryUsage().heapTotal / 1024 / 1024),
+      },
+    });
+  } catch (error) {
+    logger.error("Health check failed:", error);
+    res.status(503).json({
+      status: "error",
+      timestamp: new Date().toISOString(),
+      error: "Health check failed",
+    });
+  }
+});
+
+// 404 handler
+app.use(notFoundHandler);
+
+// Global error handler
+app.use(errorHandler);
+
+const server = app.listen(PORT, "0.0.0.0", () => {
+  logger.info("========================================");
+  logger.info("  SkyArtShop Backend Server");
+  logger.info("========================================");
+  logger.info(`🚀 Server running on http://localhost:${PORT}`);
+  logger.info(`📦 Environment: ${process.env.NODE_ENV || "development"}`);
+  logger.info(`🗄️  Database: PostgreSQL (${process.env.DB_NAME})`);
+  logger.info("========================================");
+});
+
+// Graceful shutdown
+const gracefulShutdown = (signal) => {
+  logger.info(`${signal} received, shutting down gracefully...`);
+
+  server.close(() => {
+    logger.info("HTTP server closed");
+
+    pool.end(() => {
+      logger.info("Database pool closed");
+      process.exit(0);
+    });
   });
+
+  // Force close after 10 seconds
+  setTimeout(() => {
+    logger.error("Forced shutdown after timeout");
+    process.exit(1);
+  }, 10000);
+};
+
+process.on("SIGTERM", () => gracefulShutdown("SIGTERM"));
+process.on("SIGINT", () => gracefulShutdown("SIGINT"));
+
+process.on("unhandledRejection", (reason, promise) => {
+  logger.error("Unhandled Rejection at:", { promise, reason });
 });
 
-app.use((req, res) => {
-  res.status(404).json({ error: "Not found" });
-});
-
-app.use((err, req, res, next) => {
-  console.error("Error:", err);
-  res.status(500).json({ error: "Server error" });
-});
-
-app.listen(PORT, "0.0.0.0", () => {
-  console.log("========================================");
-  console.log("  SkyArtShop Backend Server");
-  console.log("========================================");
-  console.log(`🚀 Server running on http://localhost:${PORT}`);
-  console.log(`📦 Environment: ${process.env.NODE_ENV || "development"}`);
-  console.log(`🗄️  Database: PostgreSQL (${process.env.DB_NAME})`);
-  console.log("========================================");
-});
-
-process.on("SIGTERM", () => {
-  console.log("SIGTERM received, closing server...");
-  pool.end(() => {
-    console.log("Database pool closed");
-    process.exit(0);
-  });
+process.on("uncaughtException", (error) => {
+  logger.error("Uncaught Exception:", error);
+  gracefulShutdown("UNCAUGHT_EXCEPTION");
 });