cors 3

mohammadshahidbeigh · Oct 21, 2024 · 27075b7 · 27075b7
1 parent b87d1aa
commit 27075b7
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 5 deletions.
diff --git a/mindvault-backend/src/server.ts b/mindvault-backend/src/server.ts
@@ -1,5 +1,5 @@
 // src/server.ts
-import express, {Application} from "express";
+import express, {Application, Request, Response, NextFunction} from "express";
 import morgan from "morgan"; // Import morgan for logging
 import {ApolloServer} from "apollo-server-express";
 import {typeDefs} from "./graphql/schema";
@@ -20,7 +20,10 @@ const app: Application = express();
 // Allow specific origins (like your frontend)
 app.use(
   cors({
-    origin: ["http://43.205.10.7:3000"], // Add your frontend's public IP address here
+    origin: [
+      "http://43.205.10.7:3000", // Add your frontend's public IP address here
+      "https://your-frontend-production-domain.com", // Add production domain
+    ],
     methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], // Methods you want to allow
     credentials: true, // Allow cookies and other credentials
   })
@@ -29,8 +32,31 @@ app.use(
 // Use morgan for logging requests
 app.use(morgan("combined")); // You can change the format as needed
 
-// Adds security headers
-app.use(helmet());
+// Adds security headers with a custom Content Security Policy (CSP)
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        defaultSrc: ["'self'"],
+        scriptSrc: [
+          "'self'",
+          "https://apollo-server-landing-page.cdn.apollographql.com",
+          "'unsafe-inline'",
+        ],
+        imgSrc: [
+          "'self'",
+          "https://apollo-server-landing-page.cdn.apollographql.com",
+          "data:",
+        ],
+        styleSrc: ["'self'", "'unsafe-inline'"],
+        manifestSrc: [
+          "'self'",
+          "https://apollo-server-landing-page.cdn.apollographql.com",
+        ],
+      },
+    },
+  })
+);
 
 // Rate limiting
 const apiLimiter = rateLimit({
@@ -41,6 +67,16 @@ const apiLimiter = rateLimit({
 
 app.use("/graphql", apiLimiter);
 
+// Force HTTPS in production
+if (process.env.NODE_ENV === "production") {
+  app.use((req: Request, res: Response, next: NextFunction) => {
+    if (req.header("x-forwarded-proto") !== "https") {
+      return res.redirect(`https://${req.header("host")}${req.url}`);
+    }
+    next();
+  });
+}
+
 // Add a root route handler
 app.get("/", (req, res) => {
   res.send("Welcome to the MindVault API");
@@ -134,3 +170,8 @@ async function startApolloServer() {
 }
 
 startApolloServer();
+// Global error handler for Express
+app.use((err: Error, req: Request, res: Response) => {
+  console.error(err.stack);
+  res.status(500).send("Something went wrong!");
+});
diff --git a/src/main.tsx b/src/main.tsx
@@ -25,7 +25,7 @@ import {
 } from "@mui/material";
 import {Brightness4, Brightness7} from "@mui/icons-material";
 
-const backendUrl = "http://43.205.10.7:4000/graphql"; // Update this to the EC2's public IP
+const backendUrl = "https://5z025yr695.execute-api.ap-south-1.amazonaws.com/prod/graphql"; // Update this to the EC2's public IP
 
 // Create an Apollo Link to set the authorization header
 const authLink = new ApolloLink((operation, forward) => {