MCPcopy
hub / github.com/FlowiseAI/Flowise / config

Method config

packages/server/src/index.ts:172–370  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

170 }
171
172 async config() {
173 // Limit is needed to allow sending/receiving base64 encoded string
174 const flowise_file_size_limit = process.env.FLOWISE_FILE_SIZE_LIMIT || '50mb'
175
176 // Preserve raw bytes before JSON parsing for webhook HMAC signature verification
177 const captureRawBody = (req: Request, _res: Response, buf: Buffer) => {
178 ;(req as any).rawBody = buf
179 }
180 this.app.use(express.json({ limit: flowise_file_size_limit, verify: captureRawBody }))
181 this.app.use(express.urlencoded({ limit: flowise_file_size_limit, extended: true, verify: captureRawBody }))
182
183 // Enhanced trust proxy settings for load balancer
184 let trustProxy: string | boolean | number | undefined = process.env.TRUST_PROXY
185 if (typeof trustProxy === 'undefined' || trustProxy.trim() === '' || trustProxy === 'true') {
186 // Default to trust all proxies
187 trustProxy = true
188 } else if (trustProxy === 'false') {
189 // Disable trust proxy
190 trustProxy = false
191 } else if (!isNaN(Number(trustProxy))) {
192 // Number: Trust specific number of proxies
193 trustProxy = Number(trustProxy)
194 }
195
196 this.app.set('trust proxy', trustProxy)
197
198 // Allow access from specified domains
199 validateCorsConfig()
200 this.app.use(cors(getCorsOptions()))
201
202 // Parse cookies
203 this.app.use(cookieParser())
204
205 // Allow embedding from specified domains.
206 const iframeSecurityHeaders = getIframeSecurityHeaders()
207 this.app.use((req, res, next) => {
208 for (const [headerName, headerValue] of Object.entries(iframeSecurityHeaders)) {
209 res.setHeader(headerName, headerValue)
210 }
211 next()
212 })
213
214 // Switch off the default 'X-Powered-By: Express' header
215 this.app.disable('x-powered-by')
216
217 // Add the expressRequestLogger middleware to log all requests
218 this.app.use(expressRequestLogger)
219
220 // Add the sanitizeMiddleware to guard against XSS
221 this.app.use(sanitizeMiddleware)
222
223 const denylistURLs = process.env.DENYLIST_URLS ? process.env.DENYLIST_URLS.split(',') : []
224 const whitelistURLs = WHITELIST_URLS.filter((url) => !denylistURLs.includes(url))
225 const URL_CASE_INSENSITIVE_REGEX: RegExp = /\/api\/v1\//i
226 const URL_CASE_SENSITIVE_REGEX: RegExp = /\/api\/v1\//
227
228 await initializeJwtCookieMiddleware(this.app, this.identityManager)
229

Callers 5

index.tsFile · 0.80
startFunction · 0.80
config.tsFile · 0.80
base.tsFile · 0.80
vite.config.jsFile · 0.80

Calls 15

validateCorsConfigFunction · 0.90
getCorsOptionsFunction · 0.90
getIframeSecurityHeadersFunction · 0.90
verifyTokenFunction · 0.90
validateAPIKeyFunction · 0.90
setMethod · 0.80
testMethod · 0.80
addRateLimiterMethod · 0.80
getRateLimiterByIdMethod · 0.80
getBullBoardRouterMethod · 0.80

Tested by

no test coverage detected