Login sequence and inventory/protocol storage groundwork

server/src/index.ts

@@ -0,0 +1,44 @@
+import express from 'express';
+import cors from 'cors';
+import { toNodeHandler } from 'better-auth/node';
+import { auth } from './auth/auth';
+import { authRateLimiter, apiRateLimiter } from './auth/rateLimiter';
+import chemicalsRouter from './routes/chemicals';
+import protocolsRouter from './routes/protocols';
+import path from 'path';
+
+const app = express();
+const PORT = process.env.PORT || 3001;
+const UPLOADS_DIR = process.env.UPLOADS_DIR || path.join(__dirname, '../uploads');
+
+// Trust Cloudflare/proxy X-Forwarded-For headers
+app.set('trust proxy', 1);
+
+app.use(cors({
+  origin: [
+    'http://localhost:5173',
+    'https://labwise.wahwa.com',
+  ],
+  credentials: true,
+}));
+
+// Serve uploaded files
+app.use('/uploads', express.static(UPLOADS_DIR));
+
+// Better Auth — must come before express.json() so it can read its own body
+app.use('/api/auth/*', authRateLimiter);
+app.all('/api/auth/*', toNodeHandler(auth));
+
+// Body parsing for all other routes
+app.use(express.json({ limit: '1mb' }));
+
+// Application routes
+app.use('/api', apiRateLimiter);
+app.use('/api/chemicals', chemicalsRouter);
+app.use('/api/protocols', protocolsRouter);
+
+app.get('/api/health', (_req, res) => res.json({ ok: true }));
+
+app.listen(PORT, () => {
+  console.log(`LabWise API running on http://localhost:${PORT}`);
+});