Update server middleware and add code comments for middleware

backend/.eslintrc.cjs

@@ -42,6 +42,7 @@ module.exports = {
     semi: [2, 'always'],
     'no-underscore-dangle': 'off',
     '@typescript-eslint/no-explicit-any': ['off'],
+    '@typescript-eslint/no-unused-expressions': ['off'],
     'import/extensions': [
       2,
       'ignorePackages',

backend/.prettierignore

@@ -0,0 +1,7 @@
+./.eslintrc.cjs
+*.config.cjs
+*.config.mjs
+*.config.js
+*.config.ts
+node_modules/
+dist/

backend/package.json

@@ -17,7 +17,8 @@
     "start-worker": "nodemon --exec babel-node --presets @babel/preset-typescript ./dist/worker.js",
     "start": "concurrently \"npm run start-*\"",
     "build": "tsc --incremental",
-    "test": "mocha --require @babel/register --exit"
+    "test": "mocha --recursive --require ts-node/register --exit 'tests/**/*.ts'",
+    "full-test": "npm run fmt && npm run semifix && npm run lint && npm run build && npm run test"
   },
   "devDependencies": {
     "@babel/cli": "^7.21.0",
@@ -36,7 +37,10 @@
     "@types/mocha": "^10.0.1",
     "@types/multer": "^1.4.7",
     "@types/node": "^18.11.18",
+    "@types/nodemon": "^1.19.2",
+    "@types/original-url": "^1.2.0",
     "@types/qs": "^6.9.7",
+    "@types/redis": "^4.0.11",
     "@types/sinon": "^10.0.15",
     "@types/uuid": "^9.0.1",
     "@typescript-eslint/eslint-plugin": "^5.59.1",
@@ -82,6 +86,7 @@
     "mongoose": "^7.0.3",
     "multer": "^1.4.5-lts.1",
     "node-mocks-http": "^1.12.2",
+    "original-url": "^1.2.3",
     "qs": "^6.11.0",
     "redis": "^4.6.5",
     "uuid": "^9.0.0",

backend/src/server.ts

@@ -4,6 +4,7 @@ import express, { NextFunction, Request, Response } from 'express';
 import morgan from 'morgan';
 import cors from 'cors';
 import cookieParser from 'cookie-parser';
+import originalUrl from 'original-url';
 import userRouter from './routes/user.route';
 import authRouter from './routes/auth.route';
 import sessionRouter from './routes/session.route';
@@ -17,15 +18,92 @@ dotenv.config();
 
 const app = express();
 
-app.use(express.json({ limit: '10kb' }));
+/*
+* This middleware restores the original url of the request after it may have been
+* rewritten by a proxy or load balancer.
+*/
+app.use(originalUrl.originalUrl);
+
+/**
+ * This parses incoming request payloads as JSON if the Content-Type matches.
+
+ * The limit option limits the size of the payload to 10kb.
+
+ * The verify callback logs the size of the request body and the url if a
+ * non-empty body is received. This is used for debugging and monitoring.
+ */
+app.use(
+  express.json({
+    limit: '10kb',
+    verify: (req, res, buf) => {
+      if (buf && buf.length) {
+        const { url } = req;
+        console.log(
+          `Request body size of ${buf.length} bytes received on ${url}`,
+        );
+      }
+    },
+  }),
+);
+
+/*
+ * This parses incoming request payloads as url encoded if the
+ * Content-Type matches.
+
+ * The limit option limits the payload size to 10kb.
+
+ * The extended option allows for rich objects and arrays to be encoded into
+ * the URL-encoded format.
+
+ * The verify callback logs the size of the request body and the url if a
+ * non-empty body is received. This is used for debugging and monitoring.
+*/
+app.use(
+  express.urlencoded({
+    limit: '10kb',
+    extended: true,
+    verify: (req, res, buf) => {
+      if (buf && buf.length) {
+        const { url } = req;
+        console.log(
+          `Request body size of ${buf.length} bytes received on ${url}`,
+        );
+      }
+    },
+  }),
+);
+
+/*
+* This initializes cookie-parser middleware which parses cookies attached
+* to the client request object.
+* It populates req.cookies with an object keyed by the cookie names.
+*/
 app.use(cookieParser());
+
+/*
+* This enables the morgan HTTP request logger middleware in development mode.
+* Morgan will log information about requests and responses to the console.
+* The 'dev' format is used which provides concise colored output.
+*/
 if (process.env.NODE_ENV === 'development') app.use(morgan('dev'));
+
+/*
+* This serves static files from the given directory path.
+* It will serve files under ../public for routes starting with /api/v1/thumbnails.
+* This allows serving generated thumbnail images for videos.
+*/
 app.use(
   '/api/v1/thumbnails',
   express.static(path.join(__dirname, '../public')),
 );
 
 const FRONTEND_ENDPOINT = process.env.FRONTEND_ENDPOINT as unknown as string;
+
+/*
+* This initializes CORS middleware to allow cross-origin requests.
+* The credentials option allows cookies/auth to be sent cross-origin.
+* The origin is limited to the configured FRONTEND_ENDPOINT.
+*/
 app.use(
   cors({
     credentials: true,