all cors

src/app.js

@@ -60,7 +60,14 @@ app.use(compression({
 app.use('/api/', apiLimiter);
 
 // Apply CORS
-app.use(cors(corsOptions));
+app.use(cors({
+    origin: true, // Allow all origins
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
+    exposedHeaders: ['Content-Range', 'X-Content-Range'],
+    maxAge: 86400
+}));
 
 // Request validation
 app.use(validateRequest);

src/middlewares/security.js

@@ -73,39 +73,7 @@ const validateRequest = (req, res, next) => {
 
 // CORS configuration
 const corsOptions = {
-    origin: (origin, callback) => {
+    origin: true, // Allow all origins
-        if (!origin) return callback(null, true);
-        
-        const allowedOrigins = [
-            'http://192.168.1.19:8081',
-            'http://localhost:5173',
-            'http://localhost:5174',
-            'https://spurrinai.com',
-            'https://www.spurrinai.com',
-            'http://localhost:3000',
-            'https://www.spurrinai.org',
-            'https://www.spurrinai.info',
-            'https://spurrinai.info',
-            'http://spurrinai.info',
-            'https://34a4-122-171-20-117.ngrok-free.app',
-            'http://34a4-122-171-20-117.ngrok-free.app'
-        ];
-
-        const isOriginAllowed = (
-            /^http:\/\/[a-z0-9-]+\.localhost(:\d+)?$/.test(origin) ||
-            /^https:\/\/[a-z0-9-]+\.spurrinai\.com$/.test(origin) ||
-            /^https:\/\/[a-z0-9-]+\.spurrinai\.org$/.test(origin) ||
-            /^https:\/\/[a-z0-9-]+\.spurrinai\.info$/.test(origin) ||
-            allowedOrigins.includes(origin)
-        );
-
-        if (isOriginAllowed) {
-            callback(null, true);
-        } else {
-            logger.warn(`CORS blocked request from origin: ${origin}`);
-            callback(new Error('Not allowed by CORS'));
-        }
-    },
     credentials: true,
     methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
     allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],

src/services/secondaryWebsocket.js

@@ -329,7 +329,6 @@ wss.on("connection", (ws) => {
                         emitEvent("app-usersby-hospitalid", { error: error.message }, ws.userId);
                     }
         }
-
 if (data.event === "get-signup-notifications") {
 
     if (!data.token) {
@@ -347,15 +346,21 @@ wss.on("connection", (ws) => {
             return;
         }
 
-               
+        // Fetch hospital_code from the DB
-
+        const result = await db.query(
-                // Fetch documents for hospital
-                const hospital_code = await db.query(
             "SELECT hospital_code FROM hospitals WHERE id = ?",
             [decoded.id]
         );
 
-                 // Fetch notifications of new signup
+        // Validate result
+        if (!result || result.length === 0 || !result[0].hospital_code) {
+            emitEvent("get-signup-notifications", { error: "Hospital code not found." }, decoded.id);
+            return;
+        }
+
+        const hospital_code = result[0].hospital_code;
+
+        // Fetch signup notifications
         const notifications = await db.query(
             "SELECT * FROM hospitals WHERE hospital_code = ? AND checked = 0",
             [hospital_code]
@@ -367,10 +372,12 @@ wss.on("connection", (ws) => {
         }, decoded.id);
 
     } catch (error) {
+        console.error("Error fetching signup notifications:", error);
         emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
     }
 }
 
+
         if(data.event === "get-app-queries"){
 
             if (!data.token || (!data.hospital_code || !data.app_user_id) ) {