var express = require('express'), session = require('express-session'), cors = require('cors'), helmet = require('helmet'), errorhandler = require('errorhandler'); const config = require('./config'), swaggerUi = require('swagger-ui-express'), swaggerSpec = require('./config/swagger'); function createApp() { const app = express(); app.use(helmet({ contentSecurityPolicy: false })); const allowedOrigins = process.env.ALLOWED_ORIGINS ? process.env.ALLOWED_ORIGINS.split(',').map(o => o.trim()) : []; app.use(cors({ origin: allowedOrigins.length > 0 ? allowedOrigins : false, credentials: true })); app.use(express.json()); app.use(express.urlencoded({ extended: true })); app.use(require('method-override')()); app.use(express.static(__dirname + '/../public')); app.use(session({ secret: process.env.SESSION_SECRET || config.secret, cookie: { maxAge: config.session_lifetime }, resave: false, saveUninitialized: false })); if (process.env.APP_ENV !== 'production') { app.use(errorhandler()); } app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec, { swaggerOptions: { persistAuthorization: true }, })); return app; } module.exports = createApp;