Fix csv update/import on settings page + lots of cors work

2025-01-10 14:17:07 -05:00
parent dbdf77331c
commit a1f4e57394
9 changed files with 957 additions and 329 deletions
--- a/inventory-server/src/middleware/cors.js
+++ b/inventory-server/src/middleware/cors.js
@@ -0,0 +1,39 @@
+const cors = require('cors');
+
+// Single CORS middleware for all endpoints
+const corsMiddleware = cors({
+  origin: [
+    'https://inventory.kent.pw',
+    'http://localhost:5173',
+    /^http:\/\/192\.168\.\d+\.\d+(:\d+)?$/,
+    /^http:\/\/10\.\d+\.\d+\.\d+(:\d+)?$/
+  ],
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization'],
+  exposedHeaders: ['Content-Type'],
+  credentials: true
+});
+
+// Error handler for CORS
+const corsErrorHandler = (err, req, res, next) => {
+  if (err.message === 'CORS not allowed') {
+    console.error('CORS Error:', {
+      origin: req.get('Origin'),
+      method: req.method,
+      path: req.path,
+      headers: req.headers
+    });
+    res.status(403).json({
+      error: 'CORS not allowed',
+      origin: req.get('Origin'),
+      message: 'Origin not in allowed list: https://inventory.kent.pw, localhost:5173, 192.168.x.x, or 10.x.x.x'
+    });
+  } else {
+    next(err);
+  }
+};
+
+module.exports = {
+  corsMiddleware,
+  corsErrorHandler
+};