62 lines
1.9 KiB
TypeScript
62 lines
1.9 KiB
TypeScript
import { ClassSerializerInterceptor, ValidationPipe } from '@nestjs/common';
|
|
import { ConfigService } from '@nestjs/config';
|
|
import { NestFactory, Reflector } from '@nestjs/core';
|
|
import { ExpressAdapter } from '@nestjs/platform-express';
|
|
import helmet from 'helmet';
|
|
import express from 'express';
|
|
import { join } from 'path';
|
|
import { AppModule } from './app.module';
|
|
import { ResponseInterceptor } from './common/interceptors/response.interceptor';
|
|
|
|
async function bootstrap() {
|
|
const expressApp = express();
|
|
const app = await NestFactory.create(AppModule, new ExpressAdapter(expressApp), {
|
|
// logger: process.env.NODE_ENV === 'production'
|
|
// ? ['error', 'warn', 'log']
|
|
// : ['error', 'warn', 'log', 'debug', 'verbose'],
|
|
});
|
|
|
|
const reflector = app.get(Reflector);
|
|
const configService = app.get(ConfigService);
|
|
const PORT = configService.get<number>('PORT');
|
|
const isDevelop = configService.get<string>('NODE_ENV');
|
|
|
|
// Configure static file serving for uploads
|
|
const uploadsPath = join(__dirname, '..', 'uploads');
|
|
expressApp.use('/uploads', express.static(uploadsPath));
|
|
|
|
const helmetConfig = helmet({
|
|
contentSecurityPolicy: {
|
|
directives: {
|
|
scriptSrc: [
|
|
"'self'",
|
|
"'unsafe-inline'",
|
|
"'unsafe-eval'",
|
|
// "", "", "" // TODO: domains here
|
|
],
|
|
imgSrc: [
|
|
"'self'",
|
|
"https: data: blob:"
|
|
],
|
|
mediaSrc: [
|
|
"'self'",
|
|
"https: data: blob:"
|
|
],
|
|
},
|
|
},
|
|
crossOriginResourcePolicy: {
|
|
policy: isDevelop ? 'cross-origin' : 'same-site'
|
|
}
|
|
});
|
|
|
|
app.useGlobalPipes(new ValidationPipe({ transform: true }));
|
|
app.useGlobalInterceptors(new ClassSerializerInterceptor(reflector));
|
|
app.useGlobalInterceptors(new ResponseInterceptor(reflector))
|
|
app.enableCors();
|
|
app.use(helmetConfig);
|
|
|
|
await app.listen(PORT);
|
|
}
|
|
|
|
bootstrap();
|