From 03c29072ac5102b8fc47e8e116913bba644bf7fe Mon Sep 17 00:00:00 2001 From: AV77web Date: Tue, 9 Jun 2026 13:21:03 +0200 Subject: [PATCH] inserito cors.ts e variabili forzate in docker-compose.yml per auth-url e auth-trust --- dist/index.js | 20 +++----------------- dist/index.js.map | 2 +- docker-compose.yml | 3 +++ src/config/cors.ts | 22 ++++++++++++++++++++++ src/index.ts | 22 +++------------------- 5 files changed, 32 insertions(+), 37 deletions(-) create mode 100644 src/config/cors.ts diff --git a/dist/index.js b/dist/index.js index ef8642f..200a5db 100644 --- a/dist/index.js +++ b/dist/index.js @@ -1,8 +1,8 @@ import { ExpressAuth } from "@auth/express"; -import cors from "cors"; import dotenv from "dotenv"; import express from "express"; import { authConfig } from "./auth/config.js"; +import { corsMiddleware } from "./config/cors.js"; import { errorHandler } from "./middleware/errorHandler.js"; import categorieRouter from "./routes/categorie.js"; import rimborsiRouter from "./routes/rimborsi.js"; @@ -12,23 +12,9 @@ dotenv.config(); const app = express(); const port = Number(process.env.PORT) || 3003; app.set("trust proxy", 1); -const allowedOrigins = [ - "http://localhost:5173", - "http://127.0.0.1:5173", - process.env.FRONTEND_URL, -].filter(Boolean); -app.use(cors({ - origin(origin, callback) { - if (!origin || allowedOrigins.includes(origin)) { - callback(null, true); - } - else { - callback(new Error("Origin non consentita")); - } - }, - credentials: true, -})); +app.use(corsMiddleware); app.use(express.json()); +app.options(/.*/, corsMiddleware); app.get("/api/health", (_req, res) => { res.json({ status: "ok" }); }); diff --git a/dist/index.js.map b/dist/index.js.map index c1eb521..74ad3f4 100644 --- a/dist/index.js.map +++ b/dist/index.js.map @@ -1 +1 @@ -{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,eAAe,MAAM,uBAAuB,CAAC;AACpD,OAAO,cAAc,MAAM,sBAAsB,CAAC;AAClD,OAAO,iBAAiB,MAAM,yBAAyB,CAAC;AACxD,OAAO,YAAY,MAAM,oBAAoB,CAAC;AAE9C,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;AACtB,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AAE9C,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;AAC1B,MAAM,cAAc,GAAG;IACrB,uBAAuB;IACvB,uBAAuB;IACvB,OAAO,CAAC,GAAG,CAAC,YAAY;CACzB,CAAC,MAAM,CAAC,OAAO,CAAa,CAAC;AAE9B,GAAG,CAAC,GAAG,CACL,IAAI,CAAC;IACH,MAAM,CAAC,MAAM,EAAE,QAAQ;QACrB,IAAI,CAAC,MAAM,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IACD,WAAW,EAAE,IAAI;CAClB,CAAC,CACH,CAAC;AACF,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAExB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACnC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7B,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;AACrC,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAC;AACjD,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AACzC,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;AAE/C,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AAEtB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;IAC/B,OAAO,CAAC,GAAG,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC"} \ No newline at end of file +{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,eAAe,MAAM,uBAAuB,CAAC;AACpD,OAAO,cAAc,MAAM,sBAAsB,CAAC;AAClD,OAAO,iBAAiB,MAAM,yBAAyB,CAAC;AACxD,OAAO,YAAY,MAAM,oBAAoB,CAAC;AAE9C,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;AACtB,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AAE9C,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;AAC1B,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACxB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AACxB,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;AAElC,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACnC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7B,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;AACrC,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAC;AACjD,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AACzC,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;AAE/C,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AAEtB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;IAC/B,OAAO,CAAC,GAAG,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC"} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 1a1dbfb..7a30385 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,6 +11,9 @@ services: DB_HOST: mysql DB_PORT: 3306 PORT: 3003 + FRONTEND_URL: https://provapraticafrontend.andreavillari.it + AUTH_URL: https://provapraticabackend.andreavillari.it + AUTH_TRUST_HOST: "true" ports: - "127.0.0.1:3003:3003" depends_on: diff --git a/src/config/cors.ts b/src/config/cors.ts new file mode 100644 index 0000000..31b8ae8 --- /dev/null +++ b/src/config/cors.ts @@ -0,0 +1,22 @@ +import cors from "cors"; + +const allowedOrigins = [ + "http://localhost:5173", + "http://127.0.0.1:5173", + "https://provapraticafrontend.andreavillari.it", + process.env.FRONTEND_URL, +].filter(Boolean) as string[]; + +export const corsMiddleware = cors({ + origin(origin, callback) { + if (!origin || allowedOrigins.includes(origin)) { + callback(null, true); + return; + } + console.warn(`CORS: origin non consentita: ${origin}`); + callback(null, false); + }, + credentials: true, + methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], + allowedHeaders: ["Content-Type", "Authorization", "Cookie", "X-Requested-With"], +}); diff --git a/src/index.ts b/src/index.ts index 239b0cb..22bd3d4 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,8 +1,8 @@ import { ExpressAuth } from "@auth/express"; -import cors from "cors"; import dotenv from "dotenv"; import express from "express"; import { authConfig } from "./auth/config.js"; +import { corsMiddleware } from "./config/cors.js"; import { errorHandler } from "./middleware/errorHandler.js"; import categorieRouter from "./routes/categorie.js"; import rimborsiRouter from "./routes/rimborsi.js"; @@ -15,25 +15,9 @@ const app = express(); const port = Number(process.env.PORT) || 3003; app.set("trust proxy", 1); -const allowedOrigins = [ - "http://localhost:5173", - "http://127.0.0.1:5173", - process.env.FRONTEND_URL, -].filter(Boolean) as string[]; - -app.use( - cors({ - origin(origin, callback) { - if (!origin || allowedOrigins.includes(origin)) { - callback(null, true); - } else { - callback(new Error("Origin non consentita")); - } - }, - credentials: true, - }) -); +app.use(corsMiddleware); app.use(express.json()); +app.options(/.*/, corsMiddleware); app.get("/api/health", (_req, res) => { res.json({ status: "ok" });