uploaded

2026-04-21 22:03:19 -04:00
parent 36e2d11f2e
commit 08bf320b57
4681 changed files with 566542 additions and 0 deletions
--- a/admin/server/admin.js
+++ b/admin/server/admin.js
@@ -0,0 +1,89 @@
+require('dotenv').config();
+const express = require('express');
+const { configureSecurityHeaders } = require('./middleware/securityHeaders');
+const { adminLimiter } = require('./middleware/rateLimiter');
+const adminRoutes = require('./routes/admin');
+
+const adminApp = express();
+const ADMIN_PORT = Number(process.env.ADMIN_PORT || 3005);
+const isDevelopment = process.env.NODE_ENV !== 'production';
+
+/**
+ * Trust proxy for correct IP detection
+ * Important: Only enable if behind a reverse proxy
+ */
+adminApp.set('trust proxy', process.env.TRUST_PROXY === 'true' ? true : 1);
+
+configureSecurityHeaders(adminApp, isDevelopment);
+
+adminApp.use((req, res, next) => {
+  const allowedOrigins = [
+    'http://localhost:3005',
+    'http://localhost:3000',
+    process.env.ADMIN_ORIGIN || '',
+  ].filter(Boolean);
+
+  const origin = req.get('origin');
+  if (allowedOrigins.includes(origin)) {
+    res.setHeader('Access-Control-Allow-Origin', origin);
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+    res.setHeader('Access-Control-Allow-Credentials', 'true');
+  }
+
+  if (req.method === 'OPTIONS') {
+    return res.sendStatus(204);
+  }
+
+  next();
+});
+
+// Body parser
+adminApp.use(express.json({ limit: '10mb' }));
+adminApp.use(express.urlencoded({ limit: '10mb', extended: true }));
+
+// Global rate limiting
+adminApp.use(adminLimiter);
+
+// Admin routes with /api/admin prefix
+adminApp.use('/api/admin', adminRoutes);
+
+// Health check endpoint
+adminApp.get('/health', (req, res) => {
+  res.json({ status: 'ok', timestamp: new Date().toISOString() });
+});
+
+// 404 handler
+adminApp.use((req, res) => {
+  res.status(404).json({
+    error: 'Not found',
+    path: req.path,
+  });
+});
+
+// Error handler
+adminApp.use((err, req, res, next) => {
+  console.error('Unhandled error:', err);
+
+  if (isDevelopment) {
+    return res.status(500).json({
+      error: 'Internal server error',
+      message: err.message,
+      stack: err.stack,
+    });
+  }
+
+  return res.status(500).json({
+    error: 'Internal server error',
+  });
+});
+
+// Start admin server
+function startAdminServer() {
+  adminApp.listen(ADMIN_PORT, () => {
+    console.log(`EaglerTiers Admin API running on http://localhost:${ADMIN_PORT}`);
+    console.log(`Admin endpoints require API key via Authorization header or ?key parameter`);
+  });
+}
+
+module.exports = { adminApp, startAdminServer };