const express = require('express'); const http = require('http'); const path = require('path'); const healthRoutes = require('./routes/health'); const optionsRoutes = require('./routes/options'); const signalsRoutes = require('./routes/signals'); const dashboardRoutes = require('./routes/dashboard'); const customAlertsRoutes = require('./routes/customAlerts'); const backtestRoutes = require('./routes/backtest'); const tradingRoutes = require('./routes/trading'); const { setupWebSocket } = require('./websocket'); const scheduler = require('./services/scheduler'); const { limiter } = require('./middleware/rateLimit'); const app = express(); const server = http.createServer(app); // Trust Nginx reverse proxy (needed for express-rate-limit with X-Forwarded-For) app.set('trust proxy', 1); app.use(express.json()); // CORS — allow any origin (Nginx also handles it, but app must respond to preflight) app.use((req, res, next) => { res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, x-api-key'); if (req.method === 'OPTIONS') return res.sendStatus(200); next(); }); // Rate limiting on all /api routes app.use('/api', limiter); const { router: notificationsRoutes } = require('./routes/notifications'); app.use(healthRoutes); app.use(optionsRoutes); app.use(signalsRoutes); app.use(dashboardRoutes); app.use(customAlertsRoutes); app.use(backtestRoutes); app.use(tradingRoutes); app.use('/api/notifications', notificationsRoutes); // Serve static frontend const frontendPath = path.join(__dirname, '../frontend/dist'); app.use(express.static(frontendPath)); // Catch-all for client-side routing app.get('*', (req, res) => { res.sendFile(path.join(frontendPath, 'index.html')); }); const { broadcastUpdates } = setupWebSocket(server); scheduler.setBroadcast(broadcastUpdates); module.exports = { app, server };