require("dotenv").config(); const cors = require("cors"); const express = require("express"); const passport = require("passport"); const passportSetup = require("./passport"); const authRoute = require("./routes/auth"); const apiRoute = require("./routes/api"); const assignmentRoute = require("./routes/assignment"); const session = require("express-session"); const app = express(); app.use((req, res, next) => { console.log('Protocol before proxy:', req.protocol, 'Secure:', req.secure); next(); }); app.use((req, res, next) => { console.log('req.secure:', req.secure); console.log('x-forwarded-proto:', req.headers['x-forwarded-proto']); next(); }); app.set('trust proxy', true); // proxy magic that needs to happen // app.use((req, res, next) => { // console.log('Protocol after proxy:', req.protocol, 'Secure:', req.secure); // next(); // }); const allowedOrigins = process.env.ACCEPTED_ORIGINS.split(","); const corsOptions = { // origin: function (origin, callback) { // if (!origin || allowedOrigins.includes(origin)) { // callback(null, origin); // allow the request // } else { // callback(new Error("Not allowed by CORS")); // } // }, origin: "https://snake-byte.org", // Replace with your frontend URL // methods: ["GET", "POST", "OPTIONS"], // allowedHeaders: ["Content-Type", "Authorization"], credentials: true, }; app.use(cors(corsOptions)); // app.use((req, res, next) => { // console.log("Session:", req.session); // console.log("User:", req.user); // next(); // }); // app.use((req, res, next) => { // res.cookie( // 'myTestCookie', 'helloWorld', // { // httpOnly: true, // secure: true, // Set to true if using HTTPS // sameSite: 'none', // Use 'none' for cross-origin requests // domain: 'jank-frontend.fly.dev', // Set the domain to allow cross-origin requests // maxAge: 24 * 60 * 60 * 1000, // 1 day // path: '/', // Set the path for the cookie // } // ); // next(); // }); console.log("AUTH_URL:", process.env.AUTH_URL); const isProduction = process.env.NODE_ENV === "production"; app.use( session({ secret: process.env.AUTH_SESSION_KEY, resave: false, saveUninitialized: false, // true in development, false in production cookie: { httpOnly: true, // true in production for sec maxAge: 24 * 60 * 60 * 1000, // 1 day secure: true, //true // only true in production over HTTPS sameSite: 'none', // or 'none' if using cross-origin // domain: '', // Set the domain to allow cross-origin requests, or not? //keep production security settings below disable for the mean-time because we need to integrate redis session for cross-origin to work properly //sameSite: isProduction ? "none" : "lax", // or 'none' if using cross-origin //secure: isProduction, // only true in production over HTTPS }, }) ); // console.log("this is the session", session); // console.log("this is the cookie", session.cookie); app.use(passport.initialize()); app.use(passport.session()); // app.use((req, res, next) => { // res.on("finish", () => { // console.log(`Response Status: ${res.statusCode}`); // console.log(`Response Headers:`, res.getHeaders()); // }); // next(); // }) // app.use((req, res, next) => { // res.on("finish", () => { // const headers = res.getHeaders(); // console.log("Set-Cookie header:", headers["set-cookie"]); // }); // next(); // }); app.use("/assignment", assignmentRoute); app.use("/api", apiRoute); app.use("/auth", authRoute); const port = 8080; console.log(`Listening on port ${port}...`); app.listen(port, '0.0.0.0');