/ var / www / html / cqt / server / [ HOME SHELL ]

Name	Size	Permission
middleware	[ DIR ]	drwxr-xr-x
node_modules	[ DIR ]	drwxr-xr-x
routes	[ DIR ]	drwxr-xr-x
utils	[ DIR ]	drwxr-xr-x
.env	935 B	-rw-r--r--
.env.example	1.04 KB	-rw-r--r--
generate-credentials.cjs	2.1 KB	-rw-r--r--
index.js	4.6 KB	-rw-r--r--
package-lock.json	61.45 KB	-rw-r--r--
package.json	779 B	-rw-r--r--

Code Editor : index.js

const express = require('express');
const cors = require('cors');
const bodyParser = require('body-parser');
const dotenv = require('dotenv');
const path = require('path');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');

// Load environment variables
dotenv.config();

const app = express();
const PORT = process.env.PORT || 5000;

// CORS Configuration - Allows multiple origins
const allowedOrigins = [
  'http://localhost:5173',
  'http://localhost:8080',
  'http://localhost:8081',
  process.env.FRONTEND_URL,
  process.env.PRODUCTION_URL,
].filter(Boolean); // Remove undefined values

const corsOptions = {
  origin: function (origin, callback) {
    // Allow requests with no origin (like mobile apps, curl, Postman)
    if (!origin) return callback(null, true);
    
    // Check if origin is in allowed list or matches a pattern
    const isAllowed = allowedOrigins.some(allowedOrigin => {
      // Exact match
      if (origin === allowedOrigin) return true;
      // Pattern match (e.g., *.iiitd.ac.in)
      if (allowedOrigin && allowedOrigin.includes('*')) {
        const regex = new RegExp(allowedOrigin.replace('*', '.*'));
        return regex.test(origin);
      }
      return false;
    });

if (isAllowed) {
      callback(null, true);
    } else {
      console.log(`CORS blocked origin: ${origin}`);
      callback(new Error('Not allowed by CORS'));
    }
  },
  credentials: true,
  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  exposedHeaders: ['Content-Range', 'X-Content-Range'],
  maxAge: 600 // Cache preflight for 10 minutes
};

// Security Middleware
app.use(helmet({
  contentSecurityPolicy: process.env.NODE_ENV === 'production' ? undefined : false,
  crossOriginEmbedderPolicy: false
}));

// Rate limiting for API endpoints
const apiLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // Limit each IP to 100 requests per windowMs
  message: 'Too many requests from this IP, please try again later.',
  standardHeaders: true,
  legacyHeaders: false,
});

// Strict rate limiting for auth endpoints
const authLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 5, // Limit each IP to 5 login attempts per windowMs
  message: 'Too many login attempts, please try again later.',
  skipSuccessfulRequests: true,
});

// Middleware
app.use(cors(corsOptions));
app.use(bodyParser.json({ limit: '10mb' })); // Add size limit
app.use(bodyParser.urlencoded({ extended: true, limit: '10mb' }));

// Routes
const authRoutes = require('./routes/auth');
const researchRoutes = require('./routes/research');
const newsRoutes = require('./routes/news');
const coursesRoutes = require('./routes/courses');
const workshopsRoutes = require('./routes/workshops');
const teamRoutes = require('./routes/team');
const publicationsRoutes = require('./routes/publications');
const labsRoutes = require('./routes/labs');
const rebuildRoutes = require('./routes/rebuild');

// Apply rate limiting to API routes
app.use('/api/', apiLimiter);

app.use('/api/auth', authLimiter, authRoutes);
app.use('/api/research', researchRoutes);
app.use('/api/news', newsRoutes);
app.use('/api/courses', coursesRoutes);
app.use('/api/workshops', workshopsRoutes);
app.use('/api/team', teamRoutes);
app.use('/api/publications', publicationsRoutes);
app.use('/api/labs', labsRoutes);
app.use('/api/rebuild', rebuildRoutes);

// Health check endpoint
app.get('/api/health', (req, res) => {
  res.json({ status: 'ok', message: 'Server is running' });
});

// Serve static frontend files in production
if (process.env.NODE_ENV === 'production') {
  const distPath = path.join(__dirname, '../dist');
  app.use(express.static(distPath));
  console.log(`🌐 Serving frontend from: ${distPath}`);
  
  // Handle client-side routing - send all non-API requests to index.html
  app.get('*', (req, res) => {
    res.sendFile(path.join(distPath, 'index.html'));
  });
}

// Error handling middleware
app.use((err, req, res, next) => {
  console.error('Error occurred:', {
    message: err.message,
    stack: process.env.NODE_ENV === 'development' ? err.stack : undefined,
    path: req.path,
    method: req.method
  });
  
  // Don't leak error details in production
  res.status(err.status || 500).json({ 
    error: process.env.NODE_ENV === 'production' 
      ? 'An error occurred while processing your request' 
      : err.message
  });
});

// Start server
app.listen(PORT, () => {
  console.log(`🚀 Admin API Server running on port ${PORT}`);
  console.log(`📡 Frontend URL: ${process.env.FRONTEND_URL}`);
  console.log(`🔐 Environment: ${process.env.NODE_ENV}`);
});

Urban Research Lab

The Urban Research Lab (URL) at IIIT-Delhi was established in 2020, during a time when the pandemic brought the complexities of urban life more visible than ever. What started as an initiative by faculty and students has grown into a collaborative space for critically exploring and reimagining the urban questions through research, dialogue, and interdisciplinary engagement.

${this.title}

Code Editor : index.js

Urban Research Lab