| 93 | const require = createRequire(import.meta.url); |
| 94 | |
| 95 | export default async function createApp(): Promise<express.Application> { |
| 96 | const env = useEnv(); |
| 97 | const logger = useLogger(); |
| 98 | const helmet = await import('helmet'); |
| 99 | |
| 100 | await validateDatabaseConnection(); |
| 101 | |
| 102 | if ((await isInstalled()) === false) { |
| 103 | logger.error(`Database doesn't have Directus tables installed.`); |
| 104 | process.exit(1); |
| 105 | } |
| 106 | |
| 107 | if ((await validateMigrations()) === false) { |
| 108 | logger.warn(`Database migrations have not all been run`); |
| 109 | } |
| 110 | |
| 111 | if (!env['SECRET']) { |
| 112 | logger.warn( |
| 113 | `"SECRET" env variable is missing. Using a random value instead. Tokens will not persist between restarts. This is not appropriate for production usage.`, |
| 114 | ); |
| 115 | } |
| 116 | |
| 117 | if (typeof env['SECRET'] === 'string' && Buffer.byteLength(env['SECRET']) < 32) { |
| 118 | logger.warn( |
| 119 | '"SECRET" env variable is shorter than 32 bytes which is insecure. This is not appropriate for production usage.', |
| 120 | ); |
| 121 | } |
| 122 | |
| 123 | if (!new Url(env['PUBLIC_URL'] as string).isAbsolute()) { |
| 124 | logger.warn('"PUBLIC_URL" should be a full URL'); |
| 125 | } |
| 126 | |
| 127 | if (env['MCP_OAUTH_ENABLED'] === true) { |
| 128 | if (toBoolean(env['MCP_ENABLED']) !== true) { |
| 129 | logger.warn('MCP_OAUTH_ENABLED requires MCP_ENABLED=true. OAuth disabled.'); |
| 130 | env['MCP_OAUTH_ENABLED'] = false; |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | await validateDatabaseExtensions(); |
| 135 | await validateStorage(); |
| 136 | |
| 137 | await getLicenseManager().initialize(); |
| 138 | getEntitlementManager().initialize(); |
| 139 | |
| 140 | await registerAuthProviders(); |
| 141 | registerDeploymentDrivers(); |
| 142 | await ensureDeploymentWebhooks(); |
| 143 | |
| 144 | const extensionManager = getExtensionManager(); |
| 145 | const flowManager = getFlowManager(); |
| 146 | |
| 147 | await extensionManager.initialize(); |
| 148 | await flowManager.initialize(); |
| 149 | |
| 150 | const app = express(); |
| 151 | |
| 152 | app.disable('x-powered-by'); |