Initial T06 security template

api/src/server.js

@@ -0,0 +1,59 @@
+require('dotenv').config();
+
+const fs = require('fs');
+const http = require('http');
+const https = require('https');
+const path = require('path');
+const express = require('express');
+const authRoutes = require('./routes/auth');
+const profileRoutes = require('./routes/profile');
+const ordersRoutes = require('./routes/orders');
+const previewRoutes = require('./routes/preview');
+const startAdminService = require('./admin-service');
+
+const app = express();
+app.use(express.json());
+
+app.get('/api/public', (req, res) => {
+  res.json({ message: 'Javni endpoint radi.' });
+});
+
+app.get('/api/internal', (req, res) => {
+  const cert = req.socket.getPeerCertificate();
+
+  if (!req.client.authorized) {
+    return res.status(401).json({ error: 'Client certificate required' });
+  }
+
+  return res.json({ message: 'mTLS pristup odobren.', client: cert.subject });
+});
+
+app.use('/auth', authRoutes);
+app.use('/api', profileRoutes);
+app.use('/api', ordersRoutes);
+app.use('/api', previewRoutes);
+
+const useHttps = String(process.env.HTTPS || '').toLowerCase() === 'true';
+
+if (useHttps) {
+  const certsDir = path.join(process.cwd(), 'certs');
+  const options = {
+    key: fs.readFileSync(path.join(certsDir, 'server.key')),
+    cert: fs.readFileSync(path.join(certsDir, 'server.crt')),
+    ca: fs.readFileSync(path.join(certsDir, 'ca.crt')),
+    requestCert: true,
+    rejectUnauthorized: false
+  };
+
+  https.createServer(options, app).listen(3443, () => {
+    console.log('API na https://localhost:3443');
+  });
+} else {
+  http.createServer(app).listen(3000, () => {
+    console.log('API na http://localhost:3000');
+  });
+}
+
+if (process.env.START_ADMIN_SERVICE !== 'false') {
+  startAdminService();
+}