Initializes and configures the Express server, applies global middlewares (CORS, session, cookies, parsers), loads the application’s route modules, and starts the HTTP listener. Also defines test endpoints and an HTTP/HTTPS redirector.
Main Responsibilities:
• Read variables from .env and prepare the app (express()).
• Configure CORS by environment (development/production).
• Enable parsers (express.json, bodyParser.urlencoded) and cookies.
• Apply session and automatic session check for almost all routes.
• Register domain routes: Artifacts, Activities, Procedures, Resources, SoftProcess, Stakeholder, Auth, GitHub/Index, Profile.
• Utility endpoints: /test, /test-cors, and handling of /favicon.ico.
• Start HTTP server (port 3000 by default). (HTTPS is prepared but not enabled here).
Dependencies and modules used:
• Core/third-party: express, cors, body-parser, cookie-parser, http, https, fs, path, jsonwebtoken, dotenv.
• Project files: sessionConfig.js, middlewares/authMiddleware.js, utils/jwtUtils.js, and the routes in ./routes/*.js.
Environment variables:
Loads .env via dotenv from ../.env. (This file defines secrets/URLs, but they are not explicitly read here; other modules may use them.)
CORS:
The server is configured to handle CORS in two distinct ways depending on the environment in which it is running:
• Production: requests are only accepted from the domain https://prov.linceonline.com.br. Allowed methods are OPTIONS, GET, POST, PUT, and DELETE, with support for sending credentials (cookies, authentication headers, etc.).
• Development: requests are only accepted from the local addresses http://127.0.0.1:5500 and http://localhost:5500. The allowed methods and credentials are the same as in production.
Global Middlewares:
On the server, global middlewares were organized in a specific order to ensure that each stage of request processing occurs correctly. The flow can be described as follows:
1 - CORS configuration and universal OPTIONS handling: At the very beginning, the CORS (Cross-Origin Resource Sharing) policy is applied according to the defined environment. In addition, any OPTIONS request (pre-flight) sent by the browser is automatically responded to, allowing subsequent calls (GET, POST, etc.) to work without being blocked.
2 - Request body parsing: Next, the server enables two parsers:
3 - Cookie handling: The cookieParser() middleware is applied to interpret cookies sent by the client. These cookies usually contain session information.
4 - Session configuration: Next comes sessionConfig, responsible for configuring and managing user sessions. It ensures that session state is preserved across different requests from the same client.
5 - Automatic session protection: There is a middleware that applies session verification (checkSession) on all routes, with a few exceptions. The following paths are exempt from this check:
Ports and servers:
The server code defines two port constants that control on which channels the application can run:
Initialization Flow: