import { NestFactory } from '@nestjs/core'; import { AppModule } from './app.module'; import { serverConfig } from './config/config'; import { join } from 'path'; import * as fs from 'fs'; import { NestExpressApplication } from '@nestjs/platform-express'; import session from 'express-session'; import { ValidationPipe } from '@nestjs/common'; async function bootstrap() { const certsDir = join(__dirname, '..', 'certs'); const httpsOptions = { key: fs.readFileSync(join(certsDir, 'local-key.pem')), cert: fs.readFileSync(join(certsDir, 'local-cert.pem')), }; // const app = await NestFactory.create(AppModule); // const app = await NestFactory.create(AppModule, { // httpsOptions, // <-- Let Nest bind HTTPS // }); const app = await NestFactory.create(AppModule); app.useGlobalPipes( new ValidationPipe({ whitelist: true, // strips extra fields forbidNonWhitelisted: true, // rejects unknown fields transform: true, // converts types (e.g. string -> number/date) }), ); app.enableCors({ origin: 'http://localhost:4200', // your Angular app URL credentials: true, }); app.setGlobalPrefix('api'); const angularDistPath = join(__dirname, '..', '..', 'web-app', 'dist', 'mobile-auth-web-app', 'browser'); const indexPath = join(angularDistPath, 'index.html'); app.useStaticAssets(angularDistPath); app.setBaseViewsDir(angularDistPath); app.setViewEngine('html'); app.use( session({ secret: 'your-secret', resave: false, saveUninitialized: false, cookie: { httpOnly: true, // browser can’t access cookie via JS secure: false, // set true if using HTTPS sameSite: 'lax', // allow sending cookies cross-origin on localhost maxAge: 24 * 60 * 60 * 1000, // 1 day }, }), ); app.use((req, res, next) => { const isStaticAsset = req.url.includes('.'); const isApiCall = req.url.startsWith('/api') || req.method !== 'GET'; if (isStaticAsset || isApiCall) return next(); res.sendFile(indexPath); }); await app.listen(4000, '0.0.0.0'); console.log(`🚀 HTTPS server running at ${serverConfig.exposedUrl}`); } bootstrap();