const express = require('express'); const cors = require('cors'); const dotenv = require('dotenv'); const path = require('path'); const crypto = require('crypto'); const authRoutes = require('./src/routes/authRoutes'); const profileRoutes = require('./src/routes/profileRoutes'); const tripsRoutes = require('./src/routes/tripsRoutes'); const driverLicenseRoutes = require('./src/routes/driverLicenseRoutes'); const availabilityRoutes = require('./src/routes/availabilityRoutes'); const { appendPostLog } = require('./src/utils/postLog'); dotenv.config({ path: path.resolve(__dirname, '.env'), override: true }); const app = express(); const PORT = process.env.PORT || 3001; const HOST = process.env.HOST || "127.0.0.1"; const uploadsDir = path.resolve(__dirname, 'uploads'); app.set('trust proxy', 1); const createRequestId = () => { if (typeof crypto.randomUUID === 'function') { return crypto.randomUUID(); } return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`; }; const captureRawBody = (req, res, buffer) => { if (!buffer || buffer.length === 0) { return; } req.rawBody = buffer.toString('utf8'); }; // Middleware app.use(cors()); app.use(express.json({ verify: captureRawBody })); app.use(express.urlencoded({ extended: true, verify: captureRawBody })); app.use((req, res, next) => { if (req.method !== 'POST') { return next(); } const requestId = createRequestId(); req.requestId = requestId; res.set('x-request-id', requestId); const authorizationHeader = req.get('authorization'); const contentType = req.get('content-type') || null; const isMultipartFormData = typeof contentType === 'string' && contentType.toLowerCase().startsWith('multipart/form-data'); if (isMultipartFormData) { return next(); } appendPostLog({ request_id: requestId, method: req.method, path: req.originalUrl || req.url, ip: req.ip || null, content_type: contentType, has_authorization_header: Boolean(req.get('authorization')), authorization: authorizationHeader ? '[REDACTED]' : null, query: req.query || {}, body: req.body || {}, raw_body: req.rawBody || null }); return next(); }); app.use('/uploads', express.static(uploadsDir)); // Security Middleware const helmet = require('helmet'); const rateLimit = require('express-rate-limit'); // 1. Basic Security Headers app.use(helmet()); // 2. Rate Limiting (100 requests per 15 min) const limiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 200, standardHeaders: true, legacyHeaders: false, message: "Too many requests from this IP, please try again after 15 minutes" }); app.get(["/health", "/healthcheck"], (req, res) => { res.set("Cache-Control", "no-store"); res.status(200).json({ status: "ok", service: "node-gestion-api", pid: process.pid, uptime_seconds: Math.floor(process.uptime()), timestamp_utc: new Date().toISOString() }); }); app.use(limiter); // Routes app.use('/', authRoutes); app.use('/', profileRoutes); app.use('/', require('./src/routes/locationRoutes')); app.use('/api', require('./src/routes/stressRoutes')); // Stress Test Endpoint app.use('/api', availabilityRoutes); app.use('/api', tripsRoutes); app.use('/api', driverLicenseRoutes); app.get('/', (req, res) => { res.send("🔥 Node.js API Backend Running 🔥"); }); const isPassengerRuntime = typeof global.PhusionPassenger !== 'undefined'; const logStartup = (runtime, host) => { const startedAt = new Date().toISOString(); const user = process.env.USER || process.env.LOGNAME || 'unknown'; console.log(`[${startedAt}] Servidor corriendo en ${host} runtime=${runtime} pid=${process.pid} user=${user}`); }; if (isPassengerRuntime) { app.listen('passenger', () => { logStartup('passenger', 'passenger'); }); } else if (require.main === module) { app.listen(PORT, "127.0.0.1", () => { logStartup('node', `127.0.0.1:${PORT}`); }); } module.exports = app;