30 lines
822 B
TypeScript
30 lines
822 B
TypeScript
import { Elysia } from "elysia";
|
|
import { cors } from "@elysiajs/cors";
|
|
import { dashboard } from "./routes/dashboard";
|
|
import { account } from "./routes/auth";
|
|
import { migrate } from "./db";
|
|
|
|
await migrate();
|
|
|
|
const SECURITY_HEADERS = {
|
|
"X-Content-Type-Options": "nosniff",
|
|
"X-Frame-Options": "DENY",
|
|
"Strict-Transport-Security": "max-age=63072000; includeSubDomains",
|
|
"X-XSS-Protection": "0",
|
|
"Referrer-Policy": "strict-origin-when-cross-origin",
|
|
};
|
|
|
|
const app = new Elysia()
|
|
.onAfterHandle(({ set }) => {
|
|
Object.assign(set.headers, SECURITY_HEADERS);
|
|
})
|
|
.use(cors({
|
|
origin: process.env.CORS_ORIGINS?.split(",") ?? ["https://pingql.com"],
|
|
credentials: true,
|
|
}))
|
|
.use(dashboard)
|
|
.use(account)
|
|
.listen(3000);
|
|
|
|
console.log(`PingQL Web running at http://localhost:${app.server?.port}`);
|