128 lines
3.6 KiB
JavaScript
128 lines
3.6 KiB
JavaScript
require("dotenv").config();
|
|
|
|
const cors = require("cors");
|
|
const express = require("express");
|
|
const passport = require("passport");
|
|
const passportSetup = require("./passport");
|
|
const authRoute = require("./routes/auth");
|
|
const apiRoute = require("./routes/api");
|
|
const assignmentRoute = require("./routes/assignment");
|
|
|
|
const session = require("express-session");
|
|
|
|
const app = express();
|
|
|
|
app.use((req, res, next) => {
|
|
console.log('Protocol before proxy:', req.protocol, 'Secure:', req.secure);
|
|
next();
|
|
});
|
|
app.use((req, res, next) => {
|
|
console.log('req.secure:', req.secure);
|
|
console.log('x-forwarded-proto:', req.headers['x-forwarded-proto']);
|
|
next();
|
|
});
|
|
|
|
|
|
app.set('trust proxy', true); // proxy magic that needs to happen
|
|
|
|
|
|
// app.use((req, res, next) => {
|
|
// console.log('Protocol after proxy:', req.protocol, 'Secure:', req.secure);
|
|
// next();
|
|
// });
|
|
|
|
|
|
const allowedOrigins = process.env.ACCEPTED_ORIGINS.split(",");
|
|
|
|
const corsOptions = {
|
|
// origin: function (origin, callback) {
|
|
// if (!origin || allowedOrigins.includes(origin)) {
|
|
// callback(null, origin); // allow the request
|
|
// } else {
|
|
// callback(new Error("Not allowed by CORS"));
|
|
// }
|
|
// },
|
|
origin: "https://snake-byte.org", // Replace with your frontend URL
|
|
// methods: ["GET", "POST", "OPTIONS"],
|
|
// allowedHeaders: ["Content-Type", "Authorization"],
|
|
credentials: true,
|
|
};
|
|
|
|
app.use(cors(corsOptions));
|
|
|
|
|
|
// app.use((req, res, next) => {
|
|
// console.log("Session:", req.session);
|
|
// console.log("User:", req.user);
|
|
// next();
|
|
// });
|
|
|
|
// app.use((req, res, next) => {
|
|
// res.cookie(
|
|
// 'myTestCookie', 'helloWorld',
|
|
// {
|
|
// httpOnly: true,
|
|
// secure: true, // Set to true if using HTTPS
|
|
// sameSite: 'none', // Use 'none' for cross-origin requests
|
|
// domain: 'jank-frontend.fly.dev', // Set the domain to allow cross-origin requests
|
|
// maxAge: 24 * 60 * 60 * 1000, // 1 day
|
|
// path: '/', // Set the path for the cookie
|
|
// }
|
|
// );
|
|
// next();
|
|
// });
|
|
|
|
|
|
console.log("AUTH_URL:", process.env.AUTH_URL);
|
|
const isProduction = process.env.NODE_ENV === "production";
|
|
app.use(
|
|
session({
|
|
secret: process.env.AUTH_SESSION_KEY,
|
|
resave: false,
|
|
saveUninitialized: false, // true in development, false in production
|
|
cookie: {
|
|
httpOnly: true, // true in production for sec
|
|
maxAge: 24 * 60 * 60 * 1000, // 1 day
|
|
secure: true, //true // only true in production over HTTPS
|
|
sameSite: 'none', // or 'none' if using cross-origin
|
|
// domain: '', // Set the domain to allow cross-origin requests, or not?
|
|
//keep production security settings below disable for the mean-time because we need to integrate redis session for cross-origin to work properly
|
|
//sameSite: isProduction ? "none" : "lax", // or 'none' if using cross-origin
|
|
//secure: isProduction, // only true in production over HTTPS
|
|
},
|
|
})
|
|
);
|
|
|
|
// console.log("this is the session", session);
|
|
// console.log("this is the cookie", session.cookie);
|
|
|
|
app.use(passport.initialize());
|
|
app.use(passport.session());
|
|
|
|
|
|
|
|
// app.use((req, res, next) => {
|
|
// res.on("finish", () => {
|
|
// console.log(`Response Status: ${res.statusCode}`);
|
|
// console.log(`Response Headers:`, res.getHeaders());
|
|
// });
|
|
// next();
|
|
// })
|
|
|
|
|
|
// app.use((req, res, next) => {
|
|
// res.on("finish", () => {
|
|
// const headers = res.getHeaders();
|
|
// console.log("Set-Cookie header:", headers["set-cookie"]);
|
|
// });
|
|
// next();
|
|
// });
|
|
|
|
|
|
app.use("/assignment", assignmentRoute);
|
|
app.use("/api", apiRoute);
|
|
app.use("/auth", authRoute);
|
|
|
|
const port = 8080;
|
|
console.log(`Listening on port ${port}...`);
|
|
app.listen(port, '0.0.0.0');
|