tech4lince/spurrin-backend
1
0
Fork 0
forked from rohit/spurrin-backend
Code Pull Requests Activity

all cors

Browse Source
This commit is contained in:
Ubuntu 2025-08-04 09:53:50 +05:30
parent 58c10e5ea7
commit 1362dd52be
3 changed files with 53 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/app.js
View File

@ -60,7 +60,14 @@ app.use(compression({
app.use('/api/', apiLimiter); app.use('/api/', apiLimiter);
// Apply CORS // Apply CORS
app.use(cors(corsOptions)); app.use(cors({
origin: true, // Allow all origins
credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
exposedHeaders: ['Content-Range', 'X-Content-Range'],
maxAge: 86400
}));
// Request validation // Request validation
app.use(validateRequest); app.use(validateRequest);

34
src/middlewares/security.js
View File

@ -73,39 +73,7 @@ const validateRequest = (req, res, next) => {
// CORS configuration // CORS configuration
const corsOptions = { const corsOptions = {
origin: (origin, callback) => { origin: true, // Allow all origins
if (!origin) return callback(null, true);
const allowedOrigins = [
'http://192.168.1.19:8081',
'http://localhost:5173',
'http://localhost:5174',
'https://spurrinai.com',
'https://www.spurrinai.com',
'http://localhost:3000',
'https://www.spurrinai.org',
'https://www.spurrinai.info',
'https://spurrinai.info',
'http://spurrinai.info',
'https://34a4-122-171-20-117.ngrok-free.app',
'http://34a4-122-171-20-117.ngrok-free.app'
];
const isOriginAllowed = (
/^http:\/\/[a-z0-9-]+\.localhost(:\d+)?$/.test(origin) ||
/^https:\/\/[a-z0-9-]+\.spurrinai\.com$/.test(origin) ||
/^https:\/\/[a-z0-9-]+\.spurrinai\.org$/.test(origin) ||
/^https:\/\/[a-z0-9-]+\.spurrinai\.info$/.test(origin) ||
allowedOrigins.includes(origin)
);
if (isOriginAllowed) {
callback(null, true);
} else {
logger.warn(`CORS blocked request from origin: ${origin}`);
callback(new Error('Not allowed by CORS'));
}
},
credentials: true, credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'], allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],

81
src/services/secondaryWebsocket.js
View File

@ -329,48 +329,55 @@ wss.on("connection", (ws) => {
emitEvent("app-usersby-hospitalid", { error: error.message }, ws.userId); emitEvent("app-usersby-hospitalid", { error: error.message }, ws.userId);
} }
} }
if (data.event === "get-signup-notifications") {
if(data.event === "get-signup-notifications"){ if (!data.token) {
emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId);
return;
}
if (!data.token) { try {
emitEvent("get-signup-notifications", { error: "Token missing" }, ws.userId); const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET);
return; const allowedRoles = ['Admin', 'Superadmin', 8, 7];
}
try { // Role-based access check
const decoded = jwt.verify(data.token, process.env.JWT_ACCESS_TOKEN_SECRET); if (!allowedRoles.includes(decoded.role)) {
const allowedRoles = ['Admin','Superadmin',8,7]; emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
return;
// Role-based access check
if (!allowedRoles.includes(decoded.role)) {
emitEvent("get-signup-notifications", { error: "You are not authorized!" }, decoded.id);
return;
}
// Fetch documents for hospital
const hospital_code = await db.query(
"SELECT hospital_code FROM hospitals WHERE id = ?",
[decoded.id]
);
// Fetch notifications of new signup
const notifications = await db.query(
"SELECT * FROM hospitals WHERE hospital_code = ? AND checked=0",
[hospital_code]
);
emitEvent("get-signup-notifications", {
message: "Notifications fetched successfully.",
notifications
}, decoded.id);
} catch (error) {
emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
}
} }
// Fetch hospital_code from the DB
const result = await db.query(
"SELECT hospital_code FROM hospitals WHERE id = ?",
[decoded.id]
);
// Validate result
if (!result || result.length === 0 || !result[0].hospital_code) {
emitEvent("get-signup-notifications", { error: "Hospital code not found." }, decoded.id);
return;
}
const hospital_code = result[0].hospital_code;
// Fetch signup notifications
const notifications = await db.query(
"SELECT * FROM hospitals WHERE hospital_code = ? AND checked = 0",
[hospital_code]
);
emitEvent("get-signup-notifications", {
message: "Notifications fetched successfully.",
notifications
}, decoded.id);
} catch (error) {
console.error("Error fetching signup notifications:", error);
emitEvent("get-signup-notifications", { error: error.message }, ws.userId);
}
}
if(data.event === "get-app-queries"){ if(data.event === "get-app-queries"){
if (!data.token || (!data.hospital_code || !data.app_user_id) ) { if (!data.token || (!data.hospital_code || !data.app_user_id) ) {