import express from 'express'; import { corsMiddleware, helmetMiddleware, rateLimitMiddleware, requestLoggingMiddleware, errorHandlingMiddleware, notFoundMiddleware } from './middleware/security'; import routes from './routes'; const app = express(); // Trust proxy (for rate limiting behind reverse proxy) app.set('trust proxy', 1); // Security middleware app.use(helmetMiddleware); app.use(corsMiddleware); app.use(rateLimitMiddleware); // Body parsing middleware app.use(express.json({ limit: '10mb' })); app.use(express.urlencoded({ extended: true, limit: '10mb' })); // Request logging app.use(requestLoggingMiddleware); // Routes app.use('/', routes); // 404 handler app.use(notFoundMiddleware); // Error handling middleware (must be last) app.use(errorHandlingMiddleware); export default app;