36 lines
1003 B
JavaScript
36 lines
1003 B
JavaScript
var createError = require('http-errors');
|
|
var express = require('express');
|
|
var logger = require('morgan');
|
|
|
|
var authVulnerableRouter = require('./routes/auth_vulnerable');
|
|
var authSecureRouter = require('./routes/auth_secure');
|
|
|
|
var app = express();
|
|
|
|
app.use(logger('dev'));
|
|
app.use(express.json()); // Important pour lire req.body en JSON
|
|
app.use(express.urlencoded({ extended: false }));
|
|
|
|
// Montez les routeurs sur des chemins spécifiques pour la démo
|
|
app.use('/demo-vulnerable', authVulnerableRouter);
|
|
app.use('/demo-secure', authSecureRouter);
|
|
|
|
// catch 404 and forward to error handler
|
|
app.use(function(req, res, next) {
|
|
next(createError(404));
|
|
});
|
|
|
|
// --- Gestionnaire d'erreurs ---
|
|
app.use(function(err, req, res, next) {
|
|
// En développement, on affiche l'erreur
|
|
const errorDetails = req.app.get('env') === 'development' ? err : {};
|
|
|
|
// Répondre en JSON
|
|
res.status(err.status || 500);
|
|
res.json({
|
|
message: err.message,
|
|
error: errorDetails
|
|
});
|
|
});
|
|
|
|
module.exports = app; |