}).then(async connection => {
const app = new Koa();
// Provides important security headers to make your app more secure
app.use(helmet());
// Logger middleware -> use winston as logger (logging.ts with config)
app.use(logger(winston));
app.use(bodyParser());
// JWT middleware -> below this line routes are only reached if JWT token is valid, secret as env variable
app.use(jwt({ secret: config.jwtSecret }));
// this routes are protected by the JWT middleware, also include middleware to respond with "Method Not Allowed - 405".
app.use(router.routes()).use(router.allowedMethods());
app.listen(config.port);
console.log(`Server running on port ${config.port}`);
}).catch(error => console.log('TypeORM connection error: ', error));
/**
* Initialize an app
* @api public
*/
export default (): Koa => {
const app: Koa = new Koa();
// override koa's undocumented error handler
app.context.onerror = errorHandler;
// specify that this is our api
app.context.api = true;
// logging
if ('test' != env) app.use(morgan('combined', { stream: accessLogStream }));
app.use(responseTime()); // Set response time header
app.use(conditionalGet());
app.use(etag()); // Adds eTag headers to the response
app.use(compress()); // ctx.compress = false to disable compression
app.use(helmet()); // Security layer
app.use(koa404Handler);
app.use(koaJWT({ secret: jwtSecret, passthrough: true }));
// routing
routers.forEach(route => app.use(route.middleware()));
return app;
};