add cors policy and rename route

2025-12-24 16:22:44 +00:00 · 2024-12-08 23:43:32 +01:00
parent ef0ee78758
commit 23910cc94c
3 changed files with 53 additions and 9 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,6 +19,7 @@
        "classnames": "^2.5.1",
        "codemirror": "^5.65.6",
        "cookie-parser": "^1.4.7",
+        "cors": "^2.8.5",
        "create-react-class": "^15.7.0",
        "dedent-tabs": "^0.10.3",
        "dompurify": "^3.2.2",
@@ -4805,6 +4806,19 @@
      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==",
      "license": "MIT"
    },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "license": "MIT",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
    "node_modules/cosmiconfig": {
      "version": "9.0.0",
      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz",
--- a/package.json
+++ b/package.json
@@ -91,6 +91,7 @@
    "classnames": "^2.5.1",
    "codemirror": "^5.65.6",
    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.5",
    "create-react-class": "^15.7.0",
    "dedent-tabs": "^0.10.3",
    "dompurify": "^3.2.2",
--- a/server/app.js
+++ b/server/app.js
@@ -55,6 +55,31 @@ app.use(bodyParser.json({ limit: '25mb' }));
 app.use(cookieParser());
 app.use(forceSSL);

+import cors from 'cors';
+
+// CORS Configuration
+const corsOptions = {
+
+    origin: (origin, callback) => {
+        const allowedOrigins = [
+			'https://homebrewery.naturalcrit.com',
+			'http://localhost:8000',
+			'http://localhost:8010',
+			'https://naturalcrit.com'
+		]; //allow natcrit local and live to call
+        if (!origin || allowedOrigins.includes(origin)) {
+            callback(null, true);
+        } else {
+			console.log(origin, 'not allowed');
+            callback(new Error('Not allowed by CORS'));
+        }
+    },
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    credentials: true,
+};
+
+app.use(cors(corsOptions));
+
 //Account Middleware
 app.use((req, res, next)=>{
 	if(req.cookies && req.cookies.nc_session){
@@ -313,9 +338,10 @@ app.get('/user/:username', async (req, res, next)=>{
 });

 //Rename Brews
-app.put('/user/:username/rename-brews', async (req, res) => {
-	const { username } = req.params;
-    const { newUsername } = req.body;
+app.put('/api/user/rename', async (req, res) => {
+    const { username, newUsername } = req.body;
+
+	console.log('renaming');

    if (!username || !newUsername) {
        return res.status(400).json({ error: 'Username and newUsername are required.' });
@@ -504,12 +530,15 @@ app.get('/vault', asyncHandler(async(req, res, next)=>{
 }));

 //Send rendered page
-app.use(asyncHandler(async (req, res, next)=>{
-	if (!req.route) return res.redirect('/'); // Catch-all for invalid routes
-		
-	const page = await renderPage(req, res);
-	if(!page) return;
-	res.send(page);
+app.use(asyncHandler(async (req, res, next) => {
+    if (!req.route && !req.path.startsWith('/api/')) {
+        return res.redirect('/');
+    }
+
+    const page = await renderPage(req, res);
+    if (!page) return;
+
+    res.send(page);
 }));

 //Render the page