Updated dependencies

Tweak cors handling
2022-08-01 10:35:58 +01:00 · 2022-07-26 13:39:04 +01:00
7 changed files with 89 additions and 70 deletions
@@ -1,5 +1,7 @@
 WEB_PORT=3100

+WEB_ORIGIN=http://localhost:3001
+
 DB_HOSTNAME=database
 DB_DATABASE=news
 DB_USERNAME=news
@@ -1,5 +1,4 @@
-
-FROM node:16
+FROM node:18
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production
@@ -30,6 +30,7 @@ const question = (prompt, def = null) => {
 	//project configuration
 	const appName = await question('App Name', 'news');
 	const appWebAddress = await question('Web Addr', `${appName}.example.com`);
+	const appWebOrigin = await question('Web Origin', `https://example.com`); //TODO: clean these up properly
 	const appPort = await question('App Port', '3100');

 	const appDBUser = await question('DB User', appName);
@@ -59,6 +60,7 @@ services:
      - "traefik.http.services.${appName}service.loadbalancer.server.port=${appPort}"
    environment:
      - WEB_PORT=${appPort}
+      - WEB_ORIGIN=${appWebOrigin}
      - DB_HOSTNAME=database
      - DB_DATABASE=${appName}
      - DB_USERNAME=${appDBUser}
@@ -109,7 +111,7 @@ networks:
 `;

 	const dockerfile = `
-FROM node:16
+FROM node:18
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production
@@ -1,26 +1,37 @@
 {
  "name": "news-server",
-  "version": "1.4.5",
+  "version": "1.5.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "news-server",
-      "version": "1.4.5",
+      "version": "1.5.0",
      "license": "ISC",
      "dependencies": {
        "cors": "^2.8.5",
-        "dotenv": "^8.6.0",
+        "dotenv": "^16.0.1",
        "express": "^4.17.1",
        "jsonwebtoken": "^8.5.1",
-        "mariadb": "^2.5.4",
-        "markdown-it": "^12.3.0",
+        "mariadb": "^3.0.1",
+        "markdown-it": "^13.0.1",
        "sequelize": "^6.6.5"
      },
      "devDependencies": {
        "nodemon": "^2.0.12"
      }
    },
+    "node_modules/@alloc/quick-lru": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz",
+      "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
    "node_modules/@types/debug": {
      "version": "4.1.7",
      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.7.tgz",
@@ -286,11 +297,11 @@
      }
    },
    "node_modules/dotenv": {
-      "version": "8.6.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.6.0.tgz",
-      "integrity": "sha512-IrPdXQsk2BbzvCBGBOTmmSH5SodmqZNt4ERAZDmW4CT+tL8VtvinqywuANaFu4bOMWki16nqf0e4oC0QIaDr/g==",
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.0.1.tgz",
+      "integrity": "sha512-1K6hR6wtk2FviQ4kEiSjFiH5rpzEVi8WW0x96aztHVMhEspNpc4DVOUTEHtEva5VThQ8IaBX1Pe4gSzpVVUsKQ==",
      "engines": {
-        "node": ">=10"
+        "node": ">=12"
      }
    },
    "node_modules/dottie": {
@@ -320,9 +331,12 @@
      }
    },
    "node_modules/entities": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz",
-      "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz",
+      "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==",
+      "engines": {
+        "node": ">=0.12"
+      },
      "funding": {
        "url": "https://github.com/fb55/entities?sponsor=1"
      }
@@ -642,9 +656,9 @@
      }
    },
    "node_modules/linkify-it": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz",
-      "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz",
+      "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==",
      "dependencies": {
        "uc.micro": "^1.0.1"
      }
@@ -689,11 +703,6 @@
      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="
    },
-    "node_modules/long": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/long/-/long-5.2.0.tgz",
-      "integrity": "sha512-9RTUNjK60eJbx3uz+TEGF7fUr29ZDxR5QzXcyDpeSfeH28S9ycINflOgOlppit5U+4kNTe83KQnMEerw7GmE8w=="
-    },
    "node_modules/lru-cache": {
      "version": "6.0.0",
      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@@ -706,20 +715,20 @@
      }
    },
    "node_modules/mariadb": {
-      "version": "2.5.6",
-      "resolved": "https://registry.npmjs.org/mariadb/-/mariadb-2.5.6.tgz",
-      "integrity": "sha512-zBx7loYY5GzLl8Y6AKxGXfY9DUYIIdGrmEORPOK9FEu0pg5ZLBKCGJuucHwKADxTBxKY7eM4rxndqxRcnMZKIw==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/mariadb/-/mariadb-3.0.1.tgz",
+      "integrity": "sha512-orYg4JojWszNWlI1a+We2TUe4h+S5WIkjUa0U4DF0jjrOtxBVtCsQtioXxURWCxVfxwQ5wZVZkBoa53lqRuQeQ==",
      "dependencies": {
+        "@alloc/quick-lru": "^5.2.0",
        "@types/geojson": "^7946.0.8",
        "@types/node": "^17.0.10",
        "denque": "^2.0.1",
        "iconv-lite": "^0.6.3",
-        "long": "^5.2.0",
        "moment-timezone": "^0.5.34",
        "please-upgrade-node": "^3.2.0"
      },
      "engines": {
-        "node": ">= 10.13"
+        "node": ">= 12"
      }
    },
    "node_modules/mariadb/node_modules/iconv-lite": {
@@ -734,13 +743,13 @@
      }
    },
    "node_modules/markdown-it": {
-      "version": "12.3.2",
-      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz",
-      "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==",
+      "version": "13.0.1",
+      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz",
+      "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==",
      "dependencies": {
        "argparse": "^2.0.1",
-        "entities": "~2.1.0",
-        "linkify-it": "^3.0.1",
+        "entities": "~3.0.1",
+        "linkify-it": "^4.0.1",
        "mdurl": "^1.0.1",
        "uc.micro": "^1.0.5"
      },
@@ -1406,6 +1415,11 @@
    }
  },
  "dependencies": {
+    "@alloc/quick-lru": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz",
+      "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw=="
+    },
    "@types/debug": {
      "version": "4.1.7",
      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.7.tgz",
@@ -1616,9 +1630,9 @@
      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg=="
    },
    "dotenv": {
-      "version": "8.6.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.6.0.tgz",
-      "integrity": "sha512-IrPdXQsk2BbzvCBGBOTmmSH5SodmqZNt4ERAZDmW4CT+tL8VtvinqywuANaFu4bOMWki16nqf0e4oC0QIaDr/g=="
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.0.1.tgz",
+      "integrity": "sha512-1K6hR6wtk2FviQ4kEiSjFiH5rpzEVi8WW0x96aztHVMhEspNpc4DVOUTEHtEva5VThQ8IaBX1Pe4gSzpVVUsKQ=="
    },
    "dottie": {
      "version": "2.0.2",
@@ -1644,9 +1658,9 @@
      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
    },
    "entities": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz",
-      "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w=="
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz",
+      "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q=="
    },
    "escape-html": {
      "version": "1.0.3",
@@ -1894,9 +1908,9 @@
      }
    },
    "linkify-it": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz",
-      "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz",
+      "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==",
      "requires": {
        "uc.micro": "^1.0.1"
      }
@@ -1941,11 +1955,6 @@
      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="
    },
-    "long": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/long/-/long-5.2.0.tgz",
-      "integrity": "sha512-9RTUNjK60eJbx3uz+TEGF7fUr29ZDxR5QzXcyDpeSfeH28S9ycINflOgOlppit5U+4kNTe83KQnMEerw7GmE8w=="
-    },
    "lru-cache": {
      "version": "6.0.0",
      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@@ -1955,15 +1964,15 @@
      }
    },
    "mariadb": {
-      "version": "2.5.6",
-      "resolved": "https://registry.npmjs.org/mariadb/-/mariadb-2.5.6.tgz",
-      "integrity": "sha512-zBx7loYY5GzLl8Y6AKxGXfY9DUYIIdGrmEORPOK9FEu0pg5ZLBKCGJuucHwKADxTBxKY7eM4rxndqxRcnMZKIw==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/mariadb/-/mariadb-3.0.1.tgz",
+      "integrity": "sha512-orYg4JojWszNWlI1a+We2TUe4h+S5WIkjUa0U4DF0jjrOtxBVtCsQtioXxURWCxVfxwQ5wZVZkBoa53lqRuQeQ==",
      "requires": {
+        "@alloc/quick-lru": "^5.2.0",
        "@types/geojson": "^7946.0.8",
        "@types/node": "^17.0.10",
        "denque": "^2.0.1",
        "iconv-lite": "^0.6.3",
-        "long": "^5.2.0",
        "moment-timezone": "^0.5.34",
        "please-upgrade-node": "^3.2.0"
      },
@@ -1979,13 +1988,13 @@
      }
    },
    "markdown-it": {
-      "version": "12.3.2",
-      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz",
-      "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==",
+      "version": "13.0.1",
+      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz",
+      "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==",
      "requires": {
        "argparse": "^2.0.1",
-        "entities": "~2.1.0",
-        "linkify-it": "^3.0.1",
+        "entities": "~3.0.1",
+        "linkify-it": "^4.0.1",
        "mdurl": "^1.0.1",
        "uc.micro": "^1.0.5"
      }
@@ -1,6 +1,6 @@
 {
  "name": "news-server",
-  "version": "1.4.5",
+  "version": "1.5.0",
  "description": "An API centric news server. Uses Sequelize and mariaDB by default.",
  "main": "server/server.js",
  "scripts": {
@@ -20,11 +20,11 @@
  "homepage": "https://github.com/krgamestudios/news-server#readme",
  "dependencies": {
    "cors": "^2.8.5",
-    "dotenv": "^8.6.0",
+    "dotenv": "^16.0.1",
    "express": "^4.17.1",
    "jsonwebtoken": "^8.5.1",
-    "mariadb": "^2.5.4",
-    "markdown-it": "^12.3.0",
+    "mariadb": "^3.0.1",
+    "markdown-it": "^13.0.1",
    "sequelize": "^6.6.5"
  },
  "devDependencies": {
@@ -1,5 +1,6 @@
 const express = require('express');
 const router = express.Router();
+const cors = require('cors'); //route-by-route, because some routes are available without authentication

 //middleware
 const authToken = require('../utilities/token-auth');
@@ -11,17 +12,25 @@ const edit = require('./edit');
 const remove = require('./remove');

 //basic route management (all query possibilities)
-router.get('/', query(false, false));
-router.get('/:id(\\d+)', query(false, false));
-router.get('/archive', query(true, false));
-router.get('/archive/:id(\\d+)', query(true, false));
-router.get('/metadata', query(false, true));
-router.get('/metadata/:id(\\d+)', query(false, true));
-router.get('/archive/metadata', query(true, true));
-router.get('/archive/metadata/:id(\\d+)', query(true, true));
+router.get('/', cors(), query(false, false));
+router.get('/:id(\\d+)', cors(), query(false, false));
+router.get('/archive', cors(), query(true, false));
+router.get('/archive/:id(\\d+)', cors(), query(true, false));
+router.get('/metadata', cors(), query(false, true));
+router.get('/metadata/:id(\\d+)', cors(), query(false, true));
+router.get('/archive/metadata', cors(), query(true, true));
+router.get('/archive/metadata/:id(\\d+)', cors(), query(true, true));

 //use middleware to authenticate the rest of the routes
+router.use(cors({
+	credentials: true,
+	origin: [`${process.env.WEB_ORIGIN}`], //because auth-server
+	allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
+	exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
+}));
+
 router.use(authToken);
+
 router.use((req, res, next) => {
 	if (req.user.mod) {
 		next();
@@ -5,11 +5,9 @@ require('dotenv').config();
 const express = require('express');
 const app = express();
 const server = require('http').Server(app);
-const cors = require('cors');

 //config
 app.use(express.json());
-app.use(cors());

 //database connection
 const database = require('./database');
Author	SHA1	Message	Date
Kayne Ruse	ca12844268	Updated dependencies	2022-08-01 10:35:58 +01:00
Kayne Ruse	76fa0649f2	Tweak cors handling	2022-07-26 13:39:04 +01:00