|
|
@ -18,12 +18,36 @@ dotenv.config(); |
|
|
|
|
|
|
|
|
const app = express(); |
|
|
const app = express(); |
|
|
|
|
|
|
|
|
|
|
|
// CORS Configuration for production deployment
|
|
|
|
|
|
const corsOptions = { |
|
|
|
|
|
origin: function (origin, callback) { |
|
|
|
|
|
// Allow requests with no origin (like mobile apps or curl requests)
|
|
|
|
|
|
if (!origin) return callback(null, true); |
|
|
|
|
|
|
|
|
|
|
|
// Get allowed origins from environment variable
|
|
|
|
|
|
const allowedOrigins = process.env.CORS_ORIGIN ? |
|
|
|
|
|
process.env.CORS_ORIGIN.split(',').map(url => url.trim()) : |
|
|
|
|
|
['http://localhost:3000', 'https://localhost', 'http://localhost']; |
|
|
|
|
|
|
|
|
|
|
|
if (allowedOrigins.indexOf(origin) !== -1) { |
|
|
|
|
|
callback(null, true); |
|
|
|
|
|
} else { |
|
|
|
|
|
console.warn(`CORS blocked origin: ${origin}`); |
|
|
|
|
|
callback(new Error('Not allowed by CORS')); |
|
|
|
|
|
} |
|
|
|
|
|
}, |
|
|
|
|
|
credentials: true, |
|
|
|
|
|
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], |
|
|
|
|
|
allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'], |
|
|
|
|
|
optionsSuccessStatus: 200 // Some legacy browsers choke on 204
|
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
// INITIALIZE DATABASE
|
|
|
// INITIALIZE DATABASE
|
|
|
|
|
|
|
|
|
// Increase body size limits for file uploads
|
|
|
// Increase body size limits for file uploads
|
|
|
app.use(express.urlencoded({extended: true, limit: '500mb'})); |
|
|
app.use(express.urlencoded({extended: true, limit: '500mb'})); |
|
|
app.use(express.json({limit: '500mb'})); |
|
|
app.use(express.json({limit: '500mb'})); |
|
|
app.use(cors()) |
|
|
app.use(cors(corsOptions)) |
|
|
|
|
|
|
|
|
// ROUTES
|
|
|
// ROUTES
|
|
|
app.use("/api/users/", UserRoute); |
|
|
app.use("/api/users/", UserRoute); |
|
|
|
Astri4-4
4 months ago