Refactoring project to typescript. (#12)

Author: haimkastner

.env.example

@@ -1,2 +1,2 @@
 PORT=8080
-DB_URL='postgres://user:pass@localhost:5432/bots_db'
+DATABASE_URL='postgres://user:pass@localhost:5432/bots_db'

.prettierrc.json

@@ -0,0 +1,5 @@
+{
+	"singleQuote": true,
+	"printWidth": 95,
+	"tabWidth": 2
+}

.vscode/launch.json

@@ -0,0 +1,18 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug TypeScript",
+      "program": "${workspaceFolder}\\src\\index.ts",
+      "preLaunchTask": "npm: build",
+      "sourceMaps": true,
+      "smartStep": true,
+      "internalConsoleOptions": "openOnSessionStart",
+      "outFiles": [
+        "${workspaceFolder}/dist/**/*.js"
+      ]
+    },
+  ]
+}

package-lock.json

@@ -14,13 +14,9 @@
     "npm": ">=3.10.0"
   },
   "scripts": {
-    "prestart": "npm run -s build",
-    "start": "node dist/index.js",
-    "dev": "nodemon src/index.js --exec \"node -r dotenv/config -r babel-register\"",
-    "clean": "rimraf dist",
-    "build": "npm run clean && mkdir -p dist && babel src -s -D -d dist",
-    "test": "jest --watch",
-    "lint": "esw -w src test"
+    "jscopy": "copyfiles -u 1 src/**/*.js dist",
+    "prepare": "tsoa routes && tsoa swagger && tsc && npm run jscopy",
+    "build": "npm run prepare"
   },
   "keywords": [
     "express",
@@ -35,70 +31,28 @@
     "eslint"
   ],
   "dependencies": {
-    "babel-cli": "^6.26.0",
-    "babel-plugin-transform-class-properties": "^6.24.1",
-    "babel-plugin-transform-object-rest-spread": "^6.26.0",
-    "babel-preset-env": "^1.6.1",
-    "body-parser": "^1.18.2",
-    "express": "^4.16.2",
+    "body-parser": "^1.18.3",
+    "copyfiles": "^2.1.0",
+    "express": "^4.16.4",
+    "express-rate-limit": "^3.4.0",
+    "generic-json-sanitizer": "^1.0.1",
+    "helmet": "^3.15.1",
+    "http": "0.0.0",
     "morgan": "^1.9.0",
+    "path": "^0.12.7",
     "pg-promise": "^8.5.6",
     "pug": "^2.0.0-beta11",
-    "rimraf": "^2.6.2"
+    "randomstring": "^1.1.5",
+    "rimraf": "^2.6.2",
+    "tsoa": "^2.3.8"
   },
   "devDependencies": {
-    "babel-eslint": "^8.2.3",
-    "babel-jest": "^21.2.0",
-    "babel-register": "^6.26.0",
-    "dotenv": "^4.0.0",
-    "eslint": "^4.12.1",
-    "eslint-plugin-import": "^2.11.0",
-    "eslint-plugin-jest": "^21.3.2",
-    "eslint-watch": "^3.1.3",
-    "jest": "^23.6.0",
-    "nodemon": "^1.12.1",
-    "supertest": "^3.0.0"
-  },
-  "babel": {
-    "presets": [
-      [
-        "env",
-        {
-          "targets": {
-            "node": "current"
-          }
-        }
-      ]
-    ],
-    "plugins": [
-      "transform-object-rest-spread",
-      "transform-class-properties"
-    ]
-  },
-  "eslintConfig": {
-    "parser": "babel-eslint",
-    "plugins": [
-      "import",
-      "jest"
-    ],
-    "parserOptions": {
-      "ecmaVersion": 2017,
-      "sourceType": "module"
-    },
-    "env": {
-      "node": true,
-      "jest": true
-    },
-    "extends": [
-      "eslint:recommended"
-    ],
-    "rules": {
-      "jest/no-focused-tests": 2,
-      "jest/no-identical-title": 2
-    }
-  },
-  "jest": {
-    "testEnvironment": "node"
+    "@types/body-parser": "^1.17.0",
+    "@types/express": "^4.16.0",
+    "@types/node": "^10.12.27",
+    "@types/randomstring": "^1.1.6",
+    "ts-node": "^7.0.1",
+    "typescript": "^3.3.3333"
   },
   "bugs": {
     "url": "https://github.com/vmasto/express-babel/issues"

package.json

@@ -0,0 +1,129 @@
+import * as bodyParser from 'body-parser';
+import * as express from 'express';
+import * as RateLimit from 'express-rate-limit';
+import * as helmet from 'helmet';
+import * as path from 'path';
+import { RegisterRoutes } from './routers/routes';
+import { sanitizeExpressMiddleware } from 'generic-json-sanitizer';
+
+// controllers need to be referenced in order to get crawled by the TSOA generator
+import './controllers/botimController';
+
+class App {
+	public express: express.Express;
+
+	constructor() {
+		/** Creat the express app */
+		this.express = express();
+
+		/** Security is the first thing, right?  */
+		this.vulnerabilityProtection();
+
+		/** Parse the request */
+		this.dataParsing();
+
+		/** After data parsed, sanitize it. */
+		this.sanitizeData();
+
+		/** Serve static client side */
+		this.serveStatic();
+
+		/** Route inner system */
+		this.routes();
+
+		/** And never sent errors back to client. */
+		this.catchErrors();
+	}
+
+	/**
+     * Serve static files of front-end.
+     */
+	private serveStatic() {
+		/** In / path only serve the index.html file */
+		this.express.get('/', (req: express.Request, res: express.Response) =>
+			res.sendFile(path.join(__dirname, '/public/static/index.html'))
+		);
+		/** Get any file in public directory */
+		this.express.use('/static', express.static(path.join(__dirname, '/public/static/')));
+	}
+
+	/**
+     * Route requests to API.
+     */
+	private routes(): void {
+		/** Use generated routers (by TSOA) */
+		RegisterRoutes(this.express);
+	}
+
+	/**
+     * Protect from many vulnerabilities ,by http headers such as HSTS HTTPS redirect etc.
+     */
+	private vulnerabilityProtection(): void {
+		// Protect from DDOS and access thieves
+		const limiter = new RateLimit({
+			windowMs: 10 * 60 * 1000,
+			max: 1000
+		});
+
+		//  apply to all  IP requests
+		this.express.use(limiter);
+
+		// Protect from XSS and other malicious attacks
+		this.express.use(helmet());
+		this.express.use(helmet.frameguard({ action: 'deny' }));
+
+		this.express.disable('x-powered-by');
+	}
+
+	/**
+     * Parse request query and body.
+     */
+	private dataParsing(): void {
+		this.express.use(bodyParser.json({ limit: '2mb' })); // for parsing application/json
+		this.express.use(bodyParser.urlencoded({ extended: false }));
+	}
+
+	/**
+     * Sanitize Json schema arrived from client.
+     * to avoid stored XSS issues.
+     */
+	private sanitizeData(): void {
+
+		// TODO: sanitize query.
+		this.express.use((req: express.Request, res: express.Response, next: express.NextFunction) => {
+			sanitizeExpressMiddleware(req, res, next, {
+				allowedAttributes: {},
+				allowedTags: []
+			});
+		});
+	}
+
+	/**
+     * Catch any Node / JS error.
+     */
+	private catchErrors() {
+		// Unknowon routing get 404
+		this.express.use('*', (req, res) => {
+			res.statusCode = 404;
+			res.send();
+		});
+
+		/**
+         * Production error handler, no stacktraces leaked to user.
+         */
+		this.express.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
+			try {
+				console.warn(
+					`express route crash,  req: ${req.method} ${req.path} error: ${err.message} body: ${JSON.stringify(
+						req.body
+					)}`
+				);
+			} catch (error) {
+				console.warn(`Ok... even the crash route catcher crashd...`);
+			}
+			res.status(500).send();
+		});
+	}
+}
+
+export default new App().express;