microservices/auth-service/server.js

require("dotenv").config();

const cors = require("cors");
const express = require("express");
const passport = require("passport");
const passportSetup = require("./passport");
const authRoute = require("./routes/auth");
const apiRoute = require("./routes/api");
const assignmentRoute = require("./routes/assignment");

const session = require("express-session");

const app = express();

app.use((req, res, next) => {
  console.log('Protocol before proxy:', req.protocol, 'Secure:', req.secure);
  next();
});
app.use((req, res, next) => {
  console.log('req.secure:', req.secure);
  console.log('x-forwarded-proto:', req.headers['x-forwarded-proto']);
  next();
});


app.set('trust proxy', true); // proxy magic that needs to happen


// app.use((req, res, next) => {
//   console.log('Protocol after proxy:', req.protocol, 'Secure:', req.secure);
//   next();
// });


const allowedOrigins = process.env.ACCEPTED_ORIGINS.split(",");

const corsOptions = {
  // origin: function (origin, callback) {
  //   if (!origin || allowedOrigins.includes(origin)) {
  //     callback(null, origin); // allow the request
  //   } else {
  //     callback(new Error("Not allowed by CORS"));
  //   }
  // },
  origin: "https://snake-byte.org", // Replace with your frontend URL
  // methods: ["GET", "POST", "OPTIONS"],
  // allowedHeaders: ["Content-Type", "Authorization"],
  credentials: true,
};

app.use(cors(corsOptions));


// app.use((req, res, next) => {
//   console.log("Session:", req.session);
//   console.log("User:", req.user);
//   next();
// });

// app.use((req, res, next) => {
//   res.cookie(
//     'myTestCookie', 'helloWorld',
//     {
//       httpOnly: true,
//       secure: true, // Set to true if using HTTPS
//       sameSite: 'none', // Use 'none' for cross-origin requests
//       domain: 'jank-frontend.fly.dev', // Set the domain to allow cross-origin requests
//       maxAge: 24 * 60 * 60 * 1000, // 1 day
//       path: '/', // Set the path for the cookie
//     }
//   );
//   next();
// });


console.log("AUTH_URL:", process.env.AUTH_URL);
const isProduction = process.env.NODE_ENV === "production";
app.use(
  session({
    secret: process.env.AUTH_SESSION_KEY,
    resave: false,
    saveUninitialized: false, // true in development, false in production
    cookie: {
      httpOnly: true, // true in production for sec
      maxAge: 24 * 60 * 60 * 1000, // 1 day
      secure: true, //true // only true in production over HTTPS
      sameSite: 'none', // or 'none' if using cross-origin
      // domain: '', // Set the domain to allow cross-origin requests, or not?
      //keep production security settings below disable for the mean-time because we need to integrate redis session for cross-origin to work properly
      //sameSite: isProduction ? "none" : "lax", // or 'none' if using cross-origin
      //secure: isProduction, // only true in production over HTTPS
    },
  })
);

// console.log("this is the session", session);
// console.log("this is the cookie", session.cookie);

app.use(passport.initialize());
app.use(passport.session());


// app.use((req, res, next) => {
//   res.on("finish", () => {
//     console.log(`Response Status: ${res.statusCode}`);
//     console.log(`Response Headers:`, res.getHeaders());
//   });
//   next();
// })


// app.use((req, res, next) => {
//   res.on("finish", () => {
//     const headers = res.getHeaders();
//     console.log("Set-Cookie header:", headers["set-cookie"]);
//   });
//   next();
// });


app.use("/assignment", assignmentRoute);
app.use("/api", apiRoute);
app.use("/auth", authRoute);

const port = 8080;
console.log(`Listening on port ${port}...`);
app.listen(port, '0.0.0.0');
improved database updates for assignment creation 2025-05-07 11:43:16 -07:00			`require("dotenv").config();`
Initial working google auth 2025-04-16 10:49:46 -07:00
			`const cors = require("cors");`
			`const express = require("express");`
			`const passport = require("passport");`
			`const passportSetup = require("./passport");`
			`const authRoute = require("./routes/auth");`
more bug fix, fix to run on fly.io 2025-05-20 17:03:18 -07:00			`const apiRoute = require("./routes/api");`
minor changes 2025-08-25 14:23:55 -07:00			`const assignmentRoute = require("./routes/assignment");`

Initial working google auth 2025-04-16 10:49:46 -07:00			`const session = require("express-session");`

			`const app = express();`

minor changes 2025-08-25 14:23:55 -07:00			`app.use((req, res, next) => {`
			`console.log('Protocol before proxy:', req.protocol, 'Secure:', req.secure);`
			`next();`
			`});`
			`app.use((req, res, next) => {`
			`console.log('req.secure:', req.secure);`
			`console.log('x-forwarded-proto:', req.headers['x-forwarded-proto']);`
			`next();`
			`});`


			`app.set('trust proxy', true); // proxy magic that needs to happen`


			`// app.use((req, res, next) => {`
			`// console.log('Protocol after proxy:', req.protocol, 'Secure:', req.secure);`
			`// next();`
			`// });`


			`const allowedOrigins = process.env.ACCEPTED_ORIGINS.split(",");`

			`const corsOptions = {`
			`// origin: function (origin, callback) {`
			`// if (!origin \|\| allowedOrigins.includes(origin)) {`
			`// callback(null, origin); // allow the request`
			`// } else {`
			`// callback(new Error("Not allowed by CORS"));`
			`// }`
			`// },`
			`origin: "https://snake-byte.org", // Replace with your frontend URL`
			`// methods: ["GET", "POST", "OPTIONS"],`
			`// allowedHeaders: ["Content-Type", "Authorization"],`
			`credentials: true,`
			`};`

			`app.use(cors(corsOptions));`


			`// app.use((req, res, next) => {`
			`// console.log("Session:", req.session);`
			`// console.log("User:", req.user);`
			`// next();`
			`// });`

			`// app.use((req, res, next) => {`
			`// res.cookie(`
			`// 'myTestCookie', 'helloWorld',`
			`// {`
			`// httpOnly: true,`
			`// secure: true, // Set to true if using HTTPS`
			`// sameSite: 'none', // Use 'none' for cross-origin requests`
			`// domain: 'jank-frontend.fly.dev', // Set the domain to allow cross-origin requests`
			`// maxAge: 24 * 60 * 60 * 1000, // 1 day`
			`// path: '/', // Set the path for the cookie`
			`// }`
			`// );`
			`// next();`
			`// });`


			`console.log("AUTH_URL:", process.env.AUTH_URL);`
improved database updates for assignment creation 2025-05-07 11:43:16 -07:00			`const isProduction = process.env.NODE_ENV === "production";`
Initial working google auth 2025-04-16 10:49:46 -07:00			`app.use(`
improved database updates for assignment creation 2025-05-07 11:43:16 -07:00			`session({`
			`secret: process.env.AUTH_SESSION_KEY,`
			`resave: false,`
minor changes 2025-08-25 14:23:55 -07:00			`saveUninitialized: false, // true in development, false in production`
improved database updates for assignment creation 2025-05-07 11:43:16 -07:00			`cookie: {`
minor changes 2025-08-25 14:23:55 -07:00			`httpOnly: true, // true in production for sec`
improved database updates for assignment creation 2025-05-07 11:43:16 -07:00			`maxAge: 24 * 60 * 60 * 1000, // 1 day`
minor changes 2025-08-25 14:23:55 -07:00			`secure: true, //true // only true in production over HTTPS`
			`sameSite: 'none', // or 'none' if using cross-origin`
			`// domain: '', // Set the domain to allow cross-origin requests, or not?`
improved database updates for assignment creation 2025-05-07 11:43:16 -07:00			`//keep production security settings below disable for the mean-time because we need to integrate redis session for cross-origin to work properly`
			`//sameSite: isProduction ? "none" : "lax", // or 'none' if using cross-origin`
			`//secure: isProduction, // only true in production over HTTPS`
			`},`
			`})`
Initial working google auth 2025-04-16 10:49:46 -07:00			`);`

minor changes 2025-08-25 14:23:55 -07:00			`// console.log("this is the session", session);`
			`// console.log("this is the cookie", session.cookie);`

Initial working google auth 2025-04-16 10:49:46 -07:00			`app.use(passport.initialize());`
			`app.use(passport.session());`


improved database updates for assignment creation 2025-05-07 11:43:16 -07:00
minor changes 2025-08-25 14:23:55 -07:00			`// app.use((req, res, next) => {`
			`// res.on("finish", () => {`
			// console.log(`Response Status: ${res.statusCode}`);
			// console.log(`Response Headers:`, res.getHeaders());
			`// });`
			`// next();`
			`// })`


			`// app.use((req, res, next) => {`
			`// res.on("finish", () => {`
			`// const headers = res.getHeaders();`
			`// console.log("Set-Cookie header:", headers["set-cookie"]);`
			`// });`
			`// next();`
			`// });`

working logout and student login 2025-05-02 15:06:00 -07:00
minor changes 2025-08-25 14:23:55 -07:00			`app.use("/assignment", assignmentRoute);`
more bug fix, fix to run on fly.io 2025-05-20 17:03:18 -07:00			`app.use("/api", apiRoute);`
Initial working google auth 2025-04-16 10:49:46 -07:00			`app.use("/auth", authRoute);`

minor changes 2025-08-25 14:23:55 -07:00			`const port = 8080;`
			console.log(`Listening on port ${port}...`);
			`app.listen(port, '0.0.0.0');`