all cors

2025-08-04 09:53:50 +05:30 · 2025-08-04 09:53:50 +05:30 · 1362dd52be
commit 1362dd52be
parent 58c10e5ea7
3 changed files with 53 additions and 71 deletions
--- a/src/app.js
+++ b/src/app.js
@ -60,7 +60,14 @@ app.use(compression({
 app.use('/api/', apiLimiter);

 // Apply CORS
-app.use(cors(corsOptions));
+app.use(cors({
+    origin: true, // Allow all origins
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
+    exposedHeaders: ['Content-Range', 'X-Content-Range'],
+    maxAge: 86400
+}));

 // Request validation
 app.use(validateRequest);
--- a/src/middlewares/security.js
+++ b/src/middlewares/security.js
@ -73,39 +73,7 @@ const validateRequest = (req, res, next) => {

 // CORS configuration
 const corsOptions = {
-    origin: (origin, callback) => {
-        if (!origin) return callback(null, true);
-        
-        const allowedOrigins = [
-            'http://192.168.1.19:8081',
-            'http://localhost:5173',
-            'http://localhost:5174',
-            'https://spurrinai.com',
-            'https://www.spurrinai.com',
-            'http://localhost:3000',
-            'https://www.spurrinai.org',
-            'https://www.spurrinai.info',
-            'https://spurrinai.info',
-            'http://spurrinai.info',
-            'https://34a4-122-171-20-117.ngrok-free.app',
-            'http://34a4-122-171-20-117.ngrok-free.app'
-        ];
-
-        const isOriginAllowed = (
-            /^http:\/\/[a-z0-9-]+\.localhost(:\d+)?$/.test(origin) ||
-            /^https:\/\/[a-z0-9-]+\.spurrinai\.com$/.test(origin) ||
-            /^https:\/\/[a-z0-9-]+\.spurrinai\.org$/.test(origin) ||
-            /^https:\/\/[a-z0-9-]+\.spurrinai\.info$/.test(origin) ||
-            allowedOrigins.includes(origin)
-        );
-
-        if (isOriginAllowed) {
-            callback(null, true);
-        } else {
-            logger.warn(`CORS blocked request from origin: ${origin}`);
-            callback(new Error('Not allowed by CORS'));
-        }
-    },
+    origin: true, // Allow all origins
    credentials: true,
    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
    allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
--- a/src/services/secondaryWebsocket.js
+++ b/src/services/secondaryWebsocket.js
@ -329,48 +329,55 @@ wss.on("connection", (ws) => {
                        emitEvent("app-usersby-hospitalid", { error: error.message }, ws.userId);
                    }
        }
+if (data.event === "get-signup-notifications") {

-        if(data.event === "get-signup-notifications"){
+    if (!data.token) {
+        emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
+        return;
+    }

-            if (!data.token) {
-                emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
-                return;
-            }
+    try {
+        const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
+        const allowedRoles = ['Admin', 'Superadmin', 8, 7];

-            try {
-                const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
-                const allowedRoles = ['Admin','Superadmin',8,7];
-
-                // Role-based access check
-                if (!allowedRoles.includes(decoded.role)) {
-                    emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
-                    return;
-                }
-
-               
-
-                // Fetch documents for hospital
-                const hospital_code = await db.query(
-                    "SELECT hospital_code FROM hospitals WHERE id = ?",
-                    [decoded.id]
-                );
-
-                 // Fetch notifications of new signup
-                 const notifications = await db.query(
-                    "SELECT * FROM hospitals WHERE hospital_code = ? AND checked=0",
-                    [hospital_code]
-                );
-
-                emitEvent("get-signup-notifications", {
-                    message: "Notifications fetched successfully.",
-                    notifications
-                }, decoded.id);
-
-            } catch (error) {
-                emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
-            }
+        // Role-based access check
+        if (!allowedRoles.includes(decoded.role)) {
+            emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
+            return;
        }

+        // Fetch hospital_code from the DB
+        const result = await db.query(
+            "SELECT hospital_code FROM hospitals WHERE id = ?",
+            [decoded.id]
+        );
+
+        // Validate result
+        if (!result || result.length === 0 || !result[0].hospital_code) {
+            emitEvent("get-signup-notifications", { error: "Hospital code not found." }, decoded.id);
+            return;
+        }
+
+        const hospital_code = result[0].hospital_code;
+
+        // Fetch signup notifications
+        const notifications = await db.query(
+            "SELECT * FROM hospitals WHERE hospital_code = ? AND checked = 0",
+            [hospital_code]
+        );
+
+        emitEvent("get-signup-notifications", {
+            message: "Notifications fetched successfully.",
+            notifications
+        }, decoded.id);
+
+    } catch (error) {
+        console.error("Error fetching signup notifications:", error);
+        emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
+    }
+}
+
+
        if(data.event === "get-app-queries"){

            if (!data.token || (!data.hospital_code || !data.app_user_id) ) {