75 lines
2.7 KiB
JavaScript
75 lines
2.7 KiB
JavaScript
import { Hono } from "hono";
|
|
import { serve } from '@hono/node-server';
|
|
import { serveStatic } from '@hono/node-server/serve-static';
|
|
import { rpcApp } from "./routes/rpc.js";
|
|
import { caldavApp } from "./routes/caldav.js";
|
|
import { clientEntry } from "./routes/client-entry.js";
|
|
const app = new Hono();
|
|
// Allow all hosts for Tailscale Funnel
|
|
app.use("*", async (c, next) => {
|
|
// Accept requests from any host
|
|
return next();
|
|
});
|
|
// Health check endpoint
|
|
app.get("/health", (c) => {
|
|
return c.json({ status: "ok", timestamp: new Date().toISOString() });
|
|
});
|
|
// Legal config endpoint (temporary fix for RPC issue)
|
|
app.get("/api/legal-config", async (c) => {
|
|
try {
|
|
const { getLegalConfig } = await import("./lib/legal-config.js");
|
|
const config = getLegalConfig();
|
|
return c.json(config);
|
|
}
|
|
catch (error) {
|
|
console.error("Legal config error:", error);
|
|
return c.json({ error: "Failed to load legal config" }, 500);
|
|
}
|
|
});
|
|
// Security.txt endpoint (RFC 9116)
|
|
app.get("/.well-known/security.txt", (c) => {
|
|
const securityContact = process.env.SECURITY_CONTACT || "security@example.com";
|
|
const securityText = `Contact: ${securityContact}
|
|
Expires: 2025-12-31T23:59:59.000Z
|
|
Preferred-Languages: de, en
|
|
Canonical: https://${process.env.DOMAIN || 'localhost:5173'}/.well-known/security.txt
|
|
|
|
# Security Policy
|
|
# Please report security vulnerabilities responsibly by contacting us via email.
|
|
# We will respond to security reports within 48 hours.
|
|
#
|
|
# Scope: This security policy applies to the Stargirlnails booking system.
|
|
#
|
|
# Rewards: We appreciate security researchers who help us improve our security.
|
|
# While we don't have a formal bug bounty program, we may offer recognition
|
|
# for significant security improvements.
|
|
`;
|
|
return c.text(securityText, 200, {
|
|
"Content-Type": "text/plain; charset=utf-8",
|
|
"Cache-Control": "public, max-age=86400", // Cache for 24 hours
|
|
});
|
|
});
|
|
// Serve static files (only in production)
|
|
if (process.env.NODE_ENV === 'production') {
|
|
app.use('/static/*', serveStatic({ root: './dist' }));
|
|
app.use('/assets/*', serveStatic({ root: './dist' }));
|
|
}
|
|
app.use('/favicon.png', serveStatic({ path: './public/favicon.png' }));
|
|
app.use('/AGB.pdf', serveStatic({ path: './public/AGB.pdf' }));
|
|
app.use('/icons/*', serveStatic({ root: './public' }));
|
|
app.use('/manifest.json', serveStatic({ path: './public/manifest.json' }));
|
|
app.route("/rpc", rpcApp);
|
|
app.route("/caldav", caldavApp);
|
|
app.get("/*", clientEntry);
|
|
// Start server
|
|
const port = process.env.PORT ? parseInt(process.env.PORT) : 3000;
|
|
const host = process.env.HOST || "0.0.0.0";
|
|
console.log(`🚀 Server starting on ${host}:${port}`);
|
|
// Start the server
|
|
serve({
|
|
fetch: app.fetch,
|
|
port,
|
|
hostname: host,
|
|
});
|
|
export default app;
|