}).then(async connection => { const app = new Koa(); // Provides important security headers to make your app more secure app.use(helmet()); // Logger middleware -> use winston as logger (logging.ts with config) app.use(logger(winston)); app.use(bodyParser()); // JWT middleware -> below this line routes are only reached if JWT token is valid, secret as env variable app.use(jwt({ secret: config.jwtSecret })); // this routes are protected by the JWT middleware, also include middleware to respond with "Method Not Allowed - 405". app.use(router.routes()).use(router.allowedMethods()); app.listen(config.port); console.log(`Server running on port ${config.port}`); }).catch(error => console.log('TypeORM connection error: ', error));
/** * Initialize an app * @api public */ export default (): Koa => { const app: Koa = new Koa(); // override koa's undocumented error handler app.context.onerror = errorHandler; // specify that this is our api app.context.api = true; // logging if ('test' != env) app.use(morgan('combined', { stream: accessLogStream })); app.use(responseTime()); // Set response time header app.use(conditionalGet()); app.use(etag()); // Adds eTag headers to the response app.use(compress()); // ctx.compress = false to disable compression app.use(helmet()); // Security layer app.use(koa404Handler); app.use(koaJWT({ secret: jwtSecret, passthrough: true })); // routing routers.forEach(route => app.use(route.middleware())); return app; };