From 9363584ee2cb8888682fc398e5ab5dc5df71345b Mon Sep 17 00:00:00 2001 From: zion-off Date: Thu, 30 May 2024 05:39:33 +0600 Subject: [PATCH] new cors setup --- back-end/app.js | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/back-end/app.js b/back-end/app.js index a3c0933..2e6192e 100644 --- a/back-end/app.js +++ b/back-end/app.js @@ -5,50 +5,65 @@ const app = express(); const morgan = require("morgan"); const path = require("path"); const cookieParser = require("cookie-parser"); -app.use(express.json()); const jwt = require("jsonwebtoken"); const passport = require("passport"); const jwtStrategy = require("./config/jwt-config.js"); -passport.use(jwtStrategy); -app.use(passport.initialize()); const mongoose = require("mongoose"); const User = require("./models/User.js"); const homeRouter = require('./routes/home.route.js'); -app.use(cors({ origin: process.env.FRONT_END_DOMAIN, credentials: true })) -try { - mongoose.connect(process.env.MONGODB_URI); - console.log(`Connected to MongoDB.`); -} catch (err) { - console.log( - `Error connecting to MongoDB user account authentication will fail: ${err}` - ); -} - -// app.use(function(req, res, next) { -// res.header("Access-Control-Allow-Origin", `process.env.FRONT_END_DOMAIN`); -// res.header("Access-Control-Allow-Credentials", "true"); -// res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); -// next(); -// }); - -app.use(morgan("dev", { skip: (req, res) => process.env.NODE_ENV === "test" })) -app.use(express.json()) -app.use(express.urlencoded({ extended: true })) -app.use(cookieParser()) - - -const authenticationRoutes = require("./routes/authentication-routes.js") -const cookieRoutes = require("./routes/cookie-routes.js") +const authenticationRoutes = require("./routes/authentication-routes.js"); +const cookieRoutes = require("./routes/cookie-routes.js"); const rankingRouter = require("./routes/ranking.route.js"); const protectedContentRoutes = require("./routes/protected-content-routes.js"); const linkInfo = require("./routes/signupmessage.route.js"); const linkRouter = require("./routes/uniquelink.route.js"); + +// Middleware setup +app.use(express.json()); +app.use(express.urlencoded({ extended: true })); +app.use(cookieParser()); +app.use(morgan("dev", { skip: (req, res) => process.env.NODE_ENV === "test" })); + +// CORS configuration +const allowedOrigins = ['https://8heart.vercel.app', 'https://8heart.zzzzion.com', 'https://eightheart.onrender.com']; +app.use(cors({ + origin: function (origin, callback) { + if (!origin) return callback(null, true); + if (allowedOrigins.indexOf(origin) === -1) { + const msg = 'The CORS policy for this site does not allow access from the specified Origin.'; + return callback(new Error(msg), false); + } + return callback(null, true); + }, + methods: "GET,HEAD,PUT,PATCH,POST,DELETE", + credentials: true, + optionsSuccessStatus: 204 +})); + +// Passport setup +passport.use(jwtStrategy); +app.use(passport.initialize()); + +// MongoDB connection +mongoose.connect(process.env.MONGODB_URI, { useNewUrlParser: true, useUnifiedTopology: true }) + .then(() => console.log('Connected to MongoDB.')) + .catch(err => console.log(`Error connecting to MongoDB: ${err}`)); + +// Route setup app.use("/cookie", cookieRoutes()); app.use("/auth", authenticationRoutes()); app.use("/users/:uniqueLink", linkRouter); app.use("/protected", protectedContentRoutes()); app.use("/home", homeRouter); app.use("/linkinfo", linkInfo); -app.use("/ranking", rankingRouter) +app.use("/ranking", rankingRouter); + +// Commented out manual CORS setup (not needed with cors middleware) +// app.use(function(req, res, next) { +// res.header("Access-Control-Allow-Origin", `process.env.FRONT_END_DOMAIN`); +// res.header("Access-Control-Allow-Credentials", "true"); +// res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); +// next(); +// }); -module.exports = app; +module.exports = app; \ No newline at end of file