Merge pull request #27 from scienmanas/mvp

Fix CORS
scienmanas · Dec 14, 2024 · 86fb54b · 86fb54b
2 parents 9c85e2d + f26788d
commit 86fb54b
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 29 deletions.
diff --git a/Website/Backend/index.ts b/Website/Backend/index.ts
@@ -1,8 +1,8 @@
 import express, { Express, Request, Response } from "express";
-import cors from "cors";
 import { config } from "dotenv";
 import { connectToDB } from "./config/db";
 import cookieParser from "cookie-parser";
+
 // Routes import
 import certificatesRoute from "./routes/certificate";
 import authRoute from "./routes/auth";
@@ -20,33 +20,31 @@ connectToDB();
 const app: Express = express();
 const PORT: string = process.env.PORT || "5000";
 
-// CORS configuration: Allow only your domain
-const allowedOrigins = ["https://certimailer.xyz"];
-const allowedHosts = ["certimailer.xyz"];
+// CORS configuration: Manually handle origins and preflight requests
+const allowedOrigins = ["https://certimailer.xyz"]; 
+const allowedMethods = ["GET", "POST", "PUT", "DELETE"];
+const allowedHeaders = ["Content-Type", "Authorization"];
+
+app.use((req: Request, res: Response, next) => {
+  const origin = req.headers.origin as string | undefined;
 
-// Use CORS with the specified options
-app.use((req, res, next) => {
-  const origin = req.headers.origin;
-  const host = req.headers.host;
-  console.log(origin);
-  console.log(host);
-  if (
-    origin &&
-    allowedOrigins.includes(origin) &&
-    host &&
-    allowedHosts.includes(host)
-  ) {
+  if (origin && allowedOrigins.includes(origin)) {
+    // Allow the origin if it's in the allowedOrigins list
     res.setHeader("Access-Control-Allow-Origin", origin);
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
+    res.setHeader("Access-Control-Allow-Methods", allowedMethods.join(", "));
+    res.setHeader("Access-Control-Allow-Headers", allowedHeaders.join(", "));
     res.setHeader("Access-Control-Allow-Credentials", "true");
-    res.setHeader(
-      "Access-Control-Allow-Headers",
-      "Content-Type, Authorization"
-    );
-    next();
-  } else {
-    res.status(403).json({ message: "Access denied: Not allowed" });
+
+    // Handle preflight requests (OPTIONS)
+    if (req.method === "OPTIONS") {
+      return res.status(200).end();
+    }
+  } else  {
+    // If origin doesn't match, send a 403 error
+    return res.status(403).json({ message: "Access denied: Not allowed" });
   }
+
+  next();
 });
 
 // Middleware to parse JSON and cookies

diff --git a/Website/Backend/routes/user.ts b/Website/Backend/routes/user.ts
@@ -18,7 +18,6 @@ router.get("/", (req: Request, res: Response) => {
 router.post("/newsletter", async (req: Request, res: Response) => {
   // Get the body
   const { email } = req.body;
-  console.log("got a ew request");
   try {
     // Check if user already exists
     const user = await Newsletter.findOne({ email: email });

diff --git a/Website/Frontend/app/lib/control.ts b/Website/Frontend/app/lib/control.ts
@@ -1,10 +1,9 @@
-"use server";
+"use client";
 
 export async function SubscribeToNewsletter(email: string) {
   // Backend URI from environment variables
-  const API_URI: string = (process.env.BACKEND_URI +
+  const API_URI: string = (process.env.NEXT_PUBLIC_BACKEND_URI +
     "/user/newsletter") as string;
-  console.log(API_URI);
 
   // API request to handle newsletter subscription
   try {
@@ -15,7 +14,6 @@ export async function SubscribeToNewsletter(email: string) {
       },
       body: JSON.stringify({ email: email }), // Send email as payload
     });
-    console.log(response.status);
     return {
       status: response.status,
       message: response.statusText,