import express, { type Express } from "express";
import cors from "cors";
import path from "path";
import router from "./routes/index.js";
import { responseTimeMiddleware } from "./middlewares/response-time.js";
const app: Express = express();
app.set("trust proxy", 1);
// ── CORS (#5) ────────────────────────────────────────────────────────────────
// CORS_ORIGINS = comma-separated list of allowed origins.
// Default in production: alexanderwhitestone.com (and www. variant).
// Default in development: all origins permitted.
const isProd = process.env["NODE_ENV"] === "production";
const rawOrigins = process.env["CORS_ORIGINS"];
const allowedOrigins: string[] = rawOrigins
? rawOrigins.split(",").map((o) => o.trim()).filter(Boolean)
: isProd
? [
"https://alexanderwhitestone.com",
"https://www.alexanderwhitestone.com",
"https://alexanderwhitestone.ai",
"https://www.alexanderwhitestone.ai",
]
: [];
app.use(
cors({
origin:
allowedOrigins.length === 0
? true
: (origin, callback) => {
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
callback(new Error(`CORS: origin '${origin}' not allowed`));
}
},
credentials: true,
methods: ["GET", "POST", "PATCH", "DELETE", "OPTIONS"],
allowedHeaders: ["Content-Type", "Authorization", "X-Session-Token", "X-Nostr-Token"],
exposedHeaders: ["X-Session-Token", "X-Nostr-Token"],
}),
);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(responseTimeMiddleware);
app.use("/api", router);
// ── Tower (Matrix 3D frontend) ───────────────────────────────────────────────
// Serve the pre-built Three.js world at /tower. WS client auto-connects to
// /api/ws on the same host. process.cwd() = workspace root at runtime.
const towerDist = path.resolve(process.cwd(), "the-matrix", "dist");
app.use("/tower", express.static(towerDist));
app.get("/tower/*splat", (_req, res) => res.sendFile(path.join(towerDist, "index.html")));
// Vite builds asset references as absolute /assets/... paths.
// Mirror them at the root so the browser can load them from /tower.
app.use("/assets", express.static(path.join(towerDist, "assets")));
app.use("/sw.js", express.static(path.join(towerDist, "sw.js")));
app.use("/manifest.json", express.static(path.join(towerDist, "manifest.json")));
app.get("/", (_req, res) => {
res.setHeader("Content-Type", "text/html");
res.send(`
Alexander Whitestone
Alexander Whitestone
AI infrastructure & Lightning-native agents.
enter
`);
});
app.get("/api", (_req, res) => res.redirect("/api/ui"));
export default app;