add cors policy and rename route

package-lock.json

@@ -19,6 +19,7 @@
         "classnames": "^2.5.1",
         "codemirror": "^5.65.6",
         "cookie-parser": "^1.4.7",
+        "cors": "^2.8.5",
         "create-react-class": "^15.7.0",
         "dedent-tabs": "^0.10.3",
         "dompurify": "^3.2.2",
@@ -4805,6 +4806,19 @@
       "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==",
       "license": "MIT"
     },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "license": "MIT",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/cosmiconfig": {
       "version": "9.0.0",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz",

package.json

@@ -91,6 +91,7 @@
     "classnames": "^2.5.1",
     "codemirror": "^5.65.6",
     "cookie-parser": "^1.4.7",
+    "cors": "^2.8.5",
     "create-react-class": "^15.7.0",
     "dedent-tabs": "^0.10.3",
     "dompurify": "^3.2.2",

server/app.js

@@ -55,6 +55,31 @@ app.use(bodyParser.json({ limit: '25mb' }));
 app.use(cookieParser());
 app.use(forceSSL);
 
+import cors from 'cors';
+
+// CORS Configuration
+const corsOptions = {
+
+    origin: (origin, callback) => {
+        const allowedOrigins = [
+			'https://homebrewery.naturalcrit.com',
+			'http://localhost:8000',
+			'http://localhost:8010',
+			'https://naturalcrit.com'
+		]; //allow natcrit local and live to call
+        if (!origin || allowedOrigins.includes(origin)) {
+            callback(null, true);
+        } else {
+			console.log(origin, 'not allowed');
+            callback(new Error('Not allowed by CORS'));
+        }
+    },
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    credentials: true,
+};
+
+app.use(cors(corsOptions));
+
 //Account Middleware
 app.use((req, res, next)=>{
 	if(req.cookies && req.cookies.nc_session){
@@ -313,9 +338,10 @@ app.get('/user/:username', async (req, res, next)=>{
 });
 
 //Rename Brews
-app.put('/user/:username/rename-brews', async (req, res) => {
+app.put('/api/user/rename', async (req, res) => {
-	const { username } = req.params;
+    const { username, newUsername } = req.body;
-    const { newUsername } = req.body;
+
+	console.log('renaming');
 
     if (!username || !newUsername) {
         return res.status(400).json({ error: 'Username and newUsername are required.' });
@@ -504,12 +530,15 @@ app.get('/vault', asyncHandler(async(req, res, next)=>{
 }));
 
 //Send rendered page
-app.use(asyncHandler(async (req, res, next)=>{
+app.use(asyncHandler(async (req, res, next) => {
-	if (!req.route) return res.redirect('/'); // Catch-all for invalid routes
+    if (!req.route && !req.path.startsWith('/api/')) {
-		
+        return res.redirect('/');
-	const page = await renderPage(req, res);
+    }
-	if(!page) return;
+
-	res.send(page);
+    const page = await renderPage(req, res);
+    if (!page) return;
+
+    res.send(page);
 }));
 
 //Render the page