Updated dependencies

.envdev

@@ -1,5 +1,7 @@
 WEB_PORT=3100
 
+WEB_ORIGIN=http://localhost:3001
+
 DB_HOSTNAME=database
 DB_DATABASE=news
 DB_USERNAME=news

.github/FUNDING.yml

@@ -0,0 +1,5 @@
+# These are supported funding model platforms
+
+patreon: krgamestudios
+ko_fi: krgamestudios
+custom: ["https://www.paypal.com/donate/?hosted_button_id=73Q82T2ZHV8AA"]

Dockerfile

@@ -1,5 +1,4 @@
-
-FROM node:16
+FROM node:18
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production

README.md

@@ -15,7 +15,7 @@ POST https://dev-auth.krgamestudios.com/auth/login HTTP/1.1
 Content-Type: application/json
 
 {
-	"email": "kayneruse@gmail.com",
+	"email": "example@example.com",
 	"password": "helloworld"
 }
 ```

configure-script.js

@@ -30,6 +30,7 @@ const question = (prompt, def = null) => {
 	//project configuration
 	const appName = await question('App Name', 'news');
 	const appWebAddress = await question('Web Addr', `${appName}.example.com`);
+	const appWebOrigin = await question('Web Origin', `https://example.com`); //TODO: clean these up properly
 	const appPort = await question('App Port', '3100');
 
 	const appDBUser = await question('DB User', appName);
@@ -59,6 +60,7 @@ services:
       - "traefik.http.services.${appName}service.loadbalancer.server.port=${appPort}"
     environment:
       - WEB_PORT=${appPort}
+      - WEB_ORIGIN=${appWebOrigin}
       - DB_HOSTNAME=database
       - DB_DATABASE=${appName}
       - DB_USERNAME=${appDBUser}
@@ -109,7 +111,7 @@ networks:
 `;
 
 	const dockerfile = `
-FROM node:16
+FROM node:18
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production

package.json

@@ -1,6 +1,6 @@
 {
   "name": "news-server",
-  "version": "1.4.1",
+  "version": "1.5.0",
   "description": "An API centric news server. Uses Sequelize and mariaDB by default.",
   "main": "server/server.js",
   "scripts": {
@@ -20,11 +20,11 @@
   "homepage": "https://github.com/krgamestudios/news-server#readme",
   "dependencies": {
     "cors": "^2.8.5",
-    "dotenv": "^8.6.0",
+    "dotenv": "^16.0.1",
     "express": "^4.17.1",
     "jsonwebtoken": "^8.5.1",
-    "mariadb": "^2.5.4",
-    "markdown-it": "^12.3.0",
+    "mariadb": "^3.0.1",
+    "markdown-it": "^13.0.1",
     "sequelize": "^6.6.5"
   },
   "devDependencies": {

server/news/edit.js

@@ -1,6 +1,6 @@
 const { Op } = require('sequelize');
 const { articles, revisions } = require('../database/models');
-const markdownIt = require('markdown-it')();
+const markdownIt = require('markdown-it')({ html: true });
 
 const route = async (req, res) => {
 	//get the existing record

server/news/index.js

@@ -1,5 +1,6 @@
 const express = require('express');
 const router = express.Router();
+const cors = require('cors'); //route-by-route, because some routes are available without authentication
 
 //middleware
 const authToken = require('../utilities/token-auth');
@@ -11,17 +12,25 @@ const edit = require('./edit');
 const remove = require('./remove');
 
 //basic route management (all query possibilities)
-router.get('/', query(false, false));
-router.get('/:id(\\d+)', query(false, false));
-router.get('/archive', query(true, false));
-router.get('/archive/:id(\\d+)', query(true, false));
-router.get('/metadata', query(false, true));
-router.get('/metadata/:id(\\d+)', query(false, true));
-router.get('/archive/metadata', query(true, true));
-router.get('/archive/metadata/:id(\\d+)', query(true, true));
+router.get('/', cors(), query(false, false));
+router.get('/:id(\\d+)', cors(), query(false, false));
+router.get('/archive', cors(), query(true, false));
+router.get('/archive/:id(\\d+)', cors(), query(true, false));
+router.get('/metadata', cors(), query(false, true));
+router.get('/metadata/:id(\\d+)', cors(), query(false, true));
+router.get('/archive/metadata', cors(), query(true, true));
+router.get('/archive/metadata/:id(\\d+)', cors(), query(true, true));
 
 //use middleware to authenticate the rest of the routes
+router.use(cors({
+	credentials: true,
+	origin: [`${process.env.WEB_ORIGIN}`], //because auth-server
+	allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
+	exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
+}));
+
 router.use(authToken);
+
 router.use((req, res, next) => {
 	if (req.user.mod) {
 		next();

server/news/publish.js

@@ -1,5 +1,5 @@
 const { articles } = require('../database/models');
-const markdownIt = require('markdown-it')();
+const markdownIt = require('markdown-it')({ html: true });
 
 const route = async (req, res) => {
 	//check for missing data

server/server.js

@@ -5,11 +5,9 @@ require('dotenv').config();
 const express = require('express');
 const app = express();
 const server = require('http').Server(app);
-const cors = require('cors');
 
 //config
 app.use(express.json());
-app.use(cors());
 
 //database connection
 const database = require('./database');
@@ -27,7 +25,7 @@ server.listen(process.env.WEB_PORT || 3100, async (err) => {
 	await database.sync();
 	console.log(`listening to localhost:${process.env.WEB_PORT || 3100}`);
 
-	//parse the unrendered data from the database
+	//COMPATABILITY: parse the unrendered data from the database
 	const markdownIt = require('markdown-it')();
 	const { articles, revisions } = require('./database/models');