todo/todo/src/index.js

const http = require('http');
const https = require('https');
const cors = require('cors');
const express = require('express');
const cookieParser = require('cookie-parser');
const Config = require('./config.js');

const UserInterface = require('./user.js');

let credentials = {};

if (Config.config.https) {
  if (
    fs.existsSync(Config.config.cert) &&
    fs.existsSync(Config.config.cert_key)
  ) {
    credentials.key = fs.readFileSync(Config.config.cert_key);
    credentials.cert = fs.readFileSync(Config.config.cert);
  }
}

let app = express();

app.use(cors());
app.use(cookieParser());

// force https
app.use((req, res, next) => {
  if (Config.config.https) {
    if (req.headers['x-forwarded-proto'] !== 'https') {
      return res.redirect(`https://${req.headers.host}${req.url}`);
    }
  }
  return next();
});

if (!Config.config.secret) {
  console.error('No password secret found. please set `secret` in config.json');
  process.exit();
} else if (Config.config.https && Config.config.secret == 'TEST_SECRET') {
  console.error('please do not use the testing secret in production.');
  process.exit();
}

app.use('/api/user', UserInterface.router);

// serve static files last
app.use(express.static('./static'));
// DISABLED: no longer needs to serve static files
// due to frontend being employed in elm

if (Config.config.https) {
  var server = https.createServer(credentials, app);
  server.listen(Config.config.port || 8080);
} else {
  var server = http.createServer(app);
  server.listen(Config.config.port || 8080);
}
console.log(
  `listening on port ${Config.config.port || 8080}` +
    ` with https ${Config.config.https ? 'enabled' : 'disabled'}`
);