Feature/hanoak

src/database.ts

@@ -17,7 +17,7 @@ const connectToDatabase = async () => {
     await AuthenticationModel.init();
     await AuditLogModel.init();
   } catch (error) {
-    logger.error("Error connecting to MongoDB:", error);
+    logger.error("Error while connecting to MongoDB:", error);
     process.exit(1);
   }
 };

src/middlewares/req-headers.middleware.ts

@@ -0,0 +1,18 @@
+import { Request, Response, NextFunction } from "express";
+
+export const requestHeadersMiddleware = (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  res.header("Access-Control-Allow-Origin", "*");
+  res.header(
+    "Access-Control-Allow-Headers",
+    "Origin, Content-Type, Accept, app_token"
+  );
+  if (req.method === "OPTIONS") {
+    res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
+    return res.status(200).json({});
+  }
+  next();
+};

src/middlewares/unmatched-routes.middleware.ts

@@ -0,0 +1,9 @@
+import { Request, Response } from "express";
+import { constants } from "../constants";
+
+export const unmatchedRoutesMiddleware = (req: Request, res: Response) => {
+  const status = constants.HTTP_CODES.NOT_FOUND;
+  res.status(status).json({
+    error: { code: status, message: constants.HTTP_TEXTS.ROUTE_ERROR },
+  });
+};

src/server.ts

@@ -1,15 +1,17 @@
+// file deepcode ignore UseCsurfForExpress: We've app_token for all the API calls, so we don't need CSRF token.
 import { config } from "./config";
-import express, { NextFunction, Request, Response } from "express";
+import express from "express";
 import cors from "cors";
 import helmet from "helmet";
 import authRoutes from "./routes/auth.routes";
 import projectRoutes from "./routes/projects.routes";
 import { errorMiddleware } from "./middlewares/error.middleware";
 import loggerMiddleware from "./middlewares/logger.middleware";
-import logger from "./utils/logger";
 import connectToDatabase from "./database";
 import { authenticateUser } from "./middlewares/auth.middleware";
-import { constants } from "./constants";
+import { requestHeadersMiddleware } from "./middlewares/req-headers.middleware";
+import { unmatchedRoutesMiddleware } from "./middlewares/unmatched-routes.middleware";
+import logger from "./utils/logger";
 
 try {
   const app = express();
@@ -23,44 +25,26 @@ try {
   app.use(express.urlencoded({ extended: false, limit: "10mb" }));
   app.use(express.json({ limit: "10mb" }));
   app.use(loggerMiddleware);
+  app.use(requestHeadersMiddleware);
 
   // Routes
   app.use("/v2/auth", authRoutes);
   app.use("/v2/org/:orgId/project", authenticateUser, projectRoutes);
 
-  app.use((req: Request, res: Response, next: NextFunction) => {
-    res.setHeader("Access-Control-Allow-Origin", "*");
-    res.setHeader(
-      "Access-Control-Allow-Methods",
-      "OPTIONS, GET, POST, PUT, PATCH, DELETE"
-    );
-    res.setHeader(
-      "Access-Control-Allow-Headers",
-      "Content-Type, Authorization"
-    );
-    res.setHeader("Access-Control-Allow-Credentials", "true");
-    next();
-  });
-
   //For unmatched route patterns
-  app.use((req: Request, res: Response) => {
-    const status = constants.HTTP_CODES.NOT_FOUND;
-    res.status(status).json({
-      error: { code: status, message: constants.HTTP_TEXTS.ROUTE_ERROR },
-    });
-  });
-
-  // Connect to DB
-  connectToDatabase();
+  app.use(unmatchedRoutesMiddleware);
 
   // Error Middleware
   app.use(errorMiddleware);
 
-  app.listen(config.PORT, () => {
-    console.info(`Server listening at port ${config.PORT}`);
-  });
-  logger.info("Connected node");
+  // starting the server & DB connection.
+  (async () => {
+    await connectToDatabase();
+    app.listen(config.PORT, () =>
+      logger.info(`Server listening at port ${config.PORT}`)
+    );
+  })();
 } catch (e) {
-  console.error("Error while starting the server!");
-  console.error(e);
+  logger.error("Error while starting the server!");
+  logger.error(e);
 }