From 23910cc94c6002696b436b13c5c332abf6408422 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Losada=20Hern=C3=A1ndez?= Date: Sun, 8 Dec 2024 23:43:32 +0100 Subject: [PATCH] add cors policy and rename route --- package-lock.json | 14 ++++++++++++++ package.json | 1 + server/app.js | 47 ++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 53 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 820e01c46..bcff9a861 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,6 +19,7 @@ "classnames": "^2.5.1", "codemirror": "^5.65.6", "cookie-parser": "^1.4.7", + "cors": "^2.8.5", "create-react-class": "^15.7.0", "dedent-tabs": "^0.10.3", "dompurify": "^3.2.2", @@ -4805,6 +4806,19 @@ "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", "license": "MIT" }, + "node_modules/cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + } + }, "node_modules/cosmiconfig": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", diff --git a/package.json b/package.json index d5ea0b1de..2fa8bce4a 100644 --- a/package.json +++ b/package.json @@ -91,6 +91,7 @@ "classnames": "^2.5.1", "codemirror": "^5.65.6", "cookie-parser": "^1.4.7", + "cors": "^2.8.5", "create-react-class": "^15.7.0", "dedent-tabs": "^0.10.3", "dompurify": "^3.2.2", diff --git a/server/app.js b/server/app.js index fab56e624..4ec6ecdff 100644 --- a/server/app.js +++ b/server/app.js @@ -55,6 +55,31 @@ app.use(bodyParser.json({ limit: '25mb' })); app.use(cookieParser()); app.use(forceSSL); +import cors from 'cors'; + +// CORS Configuration +const corsOptions = { + + origin: (origin, callback) => { + const allowedOrigins = [ + 'https://homebrewery.naturalcrit.com', + 'http://localhost:8000', + 'http://localhost:8010', + 'https://naturalcrit.com' + ]; //allow natcrit local and live to call + if (!origin || allowedOrigins.includes(origin)) { + callback(null, true); + } else { + console.log(origin, 'not allowed'); + callback(new Error('Not allowed by CORS')); + } + }, + methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], + credentials: true, +}; + +app.use(cors(corsOptions)); + //Account Middleware app.use((req, res, next)=>{ if(req.cookies && req.cookies.nc_session){ @@ -313,9 +338,10 @@ app.get('/user/:username', async (req, res, next)=>{ }); //Rename Brews -app.put('/user/:username/rename-brews', async (req, res) => { - const { username } = req.params; - const { newUsername } = req.body; +app.put('/api/user/rename', async (req, res) => { + const { username, newUsername } = req.body; + + console.log('renaming'); if (!username || !newUsername) { return res.status(400).json({ error: 'Username and newUsername are required.' }); @@ -504,12 +530,15 @@ app.get('/vault', asyncHandler(async(req, res, next)=>{ })); //Send rendered page -app.use(asyncHandler(async (req, res, next)=>{ - if (!req.route) return res.redirect('/'); // Catch-all for invalid routes - - const page = await renderPage(req, res); - if(!page) return; - res.send(page); +app.use(asyncHandler(async (req, res, next) => { + if (!req.route && !req.path.startsWith('/api/')) { + return res.redirect('/'); + } + + const page = await renderPage(req, res); + if (!page) return; + + res.send(page); })); //Render the page