adamp/cookie-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cookie-tracker/server/index.js
adamp a4d5461a8c Whitelist SPA routes so unknown paths return 404 
Replace the file-extension check with a regex whitelist of known client
routes. Only whitelisted paths serve index.html for React Router — all
other paths return a real 404.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-10 00:35:19 -06:00

81 lines
2.4 KiB
JavaScript
Raw Blame History

require('dotenv').config({ path: require('path').join(__dirname, '..', '.env') });
const express = require('express');
const cookieParser = require('cookie-parser');
const path = require('path');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const authRouter = require('./routes/auth');
const { authMiddleware } = require('./middleware/auth');
const productsRouter = require('./routes/products');
const customersRouter = require('./routes/customers');
const ordersRouter = require('./routes/orders');
const dashboardRouter = require('./routes/dashboard');
const reportsRouter = require('./routes/reports');
const app = express();
const PORT = process.env.PORT || 3002;
app.set('trust proxy', 1);
app.use(helmet());
if (process.env.NODE_ENV !== 'production') {
const cors = require('cors');
app.use(cors({ origin: 'http://localhost:5173', credentials: true }));
}
app.use(express.json());
app.use(cookieParser());
const apiLimiter = rateLimit({
windowMs: 60 * 1000,
max: 100,
standardHeaders: true,
legacyHeaders: false,
});
app.use('/api', apiLimiter);
app.use('/api/auth', authRouter);
app.use('/api', authMiddleware);
app.use('/api/products', productsRouter);
app.use('/api/customers', customersRouter);
app.use('/api/orders', ordersRouter);
app.use('/api/dashboard', dashboardRouter);
app.use('/api/reports', reportsRouter);
// 404 for unmatched API routes
app.use('/api', (req, res) => {
res.status(404).json({ error: 'Not found' });
});
if (process.env.NODE_ENV === 'production') {
const clientDist = path.join(__dirname, '..', 'client', 'dist');
app.use(express.static(clientDist));
// Whitelist known client-side routes for SPA fallback.
// Everything else returns a real 404.
const spaRoutes = /^\/($|inventory$|customers$|orders($|\/new$|\/\d+$)|restock$|reports$)/;
app.get('*', (req, res) => {
if (spaRoutes.test(req.path)) {
return res.sendFile(path.join(clientDist, 'index.html'));
}
res.status(404).end();
});
}
// Global error handler
app.use((err, req, res, next) => {
console.error(err.stack || err.message || err);
if (res.headersSent) return next(err);
res.status(500).json({ error: process.env.NODE_ENV === 'production' ? 'Internal server error' : err.message });
});
process.on('unhandledRejection', (reason) => {
console.error('Unhandled rejection:', reason);
});
app.listen(PORT, () => {
console.log(`Server running on http://localhost:${PORT}`);
});
Reference in New Issue View Git Blame Copy Permalink