Updated dependencies

.envdev

@@ -1,5 +1,7 @@
 WEB_PORT=3100
 
+WEB_ORIGIN=http://localhost:3001
+
 DB_HOSTNAME=database
 DB_DATABASE=news
 DB_USERNAME=news

Dockerfile

@@ -1,5 +1,4 @@
-
+FROM node:18
-FROM node:16
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production

configure-script.js

@@ -30,6 +30,7 @@ const question = (prompt, def = null) => {
 	//project configuration
 	const appName = await question('App Name', 'news');
 	const appWebAddress = await question('Web Addr', `${appName}.example.com`);
+	const appWebOrigin = await question('Web Origin', `https://example.com`); //TODO: clean these up properly
 	const appPort = await question('App Port', '3100');
 
 	const appDBUser = await question('DB User', appName);
@@ -59,6 +60,7 @@ services:
       - "traefik.http.services.${appName}service.loadbalancer.server.port=${appPort}"
     environment:
       - WEB_PORT=${appPort}
+      - WEB_ORIGIN=${appWebOrigin}
       - DB_HOSTNAME=database
       - DB_DATABASE=${appName}
       - DB_USERNAME=${appDBUser}
@@ -109,7 +111,7 @@ networks:
 `;
 
 	const dockerfile = `
-FROM node:16
+FROM node:18
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production

package.json

@@ -1,6 +1,6 @@
 {
   "name": "news-server",
-  "version": "1.4.5",
+  "version": "1.5.3",
   "description": "An API centric news server. Uses Sequelize and mariaDB by default.",
   "main": "server/server.js",
   "scripts": {
@@ -20,14 +20,14 @@
   "homepage": "https://github.com/krgamestudios/news-server#readme",
   "dependencies": {
     "cors": "^2.8.5",
-    "dotenv": "^8.6.0",
+    "dotenv": "^16.0.3",
-    "express": "^4.17.1",
+    "express": "^4.18.2",
     "jsonwebtoken": "^8.5.1",
-    "mariadb": "^2.5.4",
+    "mariadb": "^3.0.2",
-    "markdown-it": "^12.3.0",
+    "markdown-it": "^13.0.1",
-    "sequelize": "^6.6.5"
+    "sequelize": "^6.25.5"
   },
   "devDependencies": {
-    "nodemon": "^2.0.12"
+    "nodemon": "^2.0.20"
   }
 }

server/news/index.js

@@ -1,5 +1,6 @@
 const express = require('express');
 const router = express.Router();
+const cors = require('cors'); //route-by-route, because some routes are available without authentication
 
 //middleware
 const authToken = require('../utilities/token-auth');
@@ -11,17 +12,25 @@ const edit = require('./edit');
 const remove = require('./remove');
 
 //basic route management (all query possibilities)
-router.get('/', query(false, false));
+router.get('/', cors(), query(false, false));
-router.get('/:id(\\d+)', query(false, false));
+router.get('/:id(\\d+)', cors(), query(false, false));
-router.get('/archive', query(true, false));
+router.get('/archive', cors(), query(true, false));
-router.get('/archive/:id(\\d+)', query(true, false));
+router.get('/archive/:id(\\d+)', cors(), query(true, false));
-router.get('/metadata', query(false, true));
+router.get('/metadata', cors(), query(false, true));
-router.get('/metadata/:id(\\d+)', query(false, true));
+router.get('/metadata/:id(\\d+)', cors(), query(false, true));
-router.get('/archive/metadata', query(true, true));
+router.get('/archive/metadata', cors(), query(true, true));
-router.get('/archive/metadata/:id(\\d+)', query(true, true));
+router.get('/archive/metadata/:id(\\d+)', cors(), query(true, true));
 
 //use middleware to authenticate the rest of the routes
+router.use(cors({
+	credentials: true,
+	origin: [`${process.env.WEB_ORIGIN}`], //because auth-server
+	allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
+	exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
+}));
+
 router.use(authToken);
+
 router.use((req, res, next) => {
 	if (req.user.mod) {
 		next();

server/server.js

@@ -5,11 +5,9 @@ require('dotenv').config();
 const express = require('express');
 const app = express();
 const server = require('http').Server(app);
-const cors = require('cors');
 
 //config
 app.use(express.json());
-app.use(cors());
 
 //database connection
 const database = require('./database');