diff --git a/.env.example b/.env.example index d7ec205..4301578 100644 --- a/.env.example +++ b/.env.example @@ -21,3 +21,5 @@ SUPABASE_URL=your_supabase_url SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key REDIS_URL=your_url_for_redis eg. redis://localhost:6379 + +FRONTEND_URL=your_frontend_url eg. http://localhost:3000 \ No newline at end of file diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 9c7320f..aca6f2d 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -75,6 +75,7 @@ jobs: REFRESH_EXPIRES_IN: "7d" SUPABASE_URL: ${{ secrets.SUPABASE_URL }} SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} + FRONTEND_URL: "http://localhost:3000" build-and-push: name: Build and push to Docker Hub diff --git a/.gitignore b/.gitignore index bfb36bc..5f57a68 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,5 @@ node_modules /logs -NotifierAPI_Documentation.md \ No newline at end of file +NotifierAPI_Documentation.md +FRONTEND_API_DOCS.md \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 22afcf7..f4e9149 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,6 +14,7 @@ "@supabase/supabase-js": "^2.101.1", "bcryptjs": "^3.0.3", "cookie-parser": "^1.4.7", + "cors": "^2.8.6", "crypto": "^1.0.1", "dotenv": "^17.3.1", "express": "^5.2.1", @@ -2710,6 +2711,23 @@ "dev": true, "license": "MIT" }, + "node_modules/cors": { + "version": "2.8.6", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz", + "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/cross-env": { "version": "10.1.0", "resolved": "https://registry.npmjs.org/cross-env/-/cross-env-10.1.0.tgz", @@ -5316,6 +5334,15 @@ "devOptional": true, "license": "MIT" }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/object-inspect": { "version": "1.13.4", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", diff --git a/package.json b/package.json index bdba0cd..535aff7 100644 --- a/package.json +++ b/package.json @@ -19,6 +19,7 @@ "@supabase/supabase-js": "^2.101.1", "bcryptjs": "^3.0.3", "cookie-parser": "^1.4.7", + "cors": "^2.8.6", "crypto": "^1.0.1", "dotenv": "^17.3.1", "express": "^5.2.1", diff --git a/src/app.js b/src/app.js index a953062..4e9654c 100644 --- a/src/app.js +++ b/src/app.js @@ -4,6 +4,7 @@ import express from "express"; import cookieparser from "cookie-parser"; import { connectRedis } from "./config/redis.js"; import helmet from "helmet"; +import cors from "cors"; // Import routes import authRoutes from "./routes/auth.js"; @@ -21,6 +22,15 @@ import { requestLogger } from "./middlewares/requestLogger.js"; const app = express(); +app.use( + cors({ + origin: process.env.FRONTEND_URL, + credentials: true, + allowedHeaders: ["Content-Type", "Authorization"], + methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], + }), +); + app.use( helmet({ contentSecurityPolicy: false, diff --git a/src/config/envValidator.js b/src/config/envValidator.js index f32159b..e844f75 100644 --- a/src/config/envValidator.js +++ b/src/config/envValidator.js @@ -23,6 +23,8 @@ const envSchema = z.object({ SUPABASE_URL: z.string().url(), SUPABASE_SERVICE_ROLE_KEY: z.string().min(20), REDIS_URL: z.string().url(), + + FRONTEND_URL: z.string().url(), }); const _env = envSchema.safeParse(process.env); diff --git a/src/controllers/users/getAll.js b/src/controllers/users/getAll.js index 8607f5a..1fb3849 100644 --- a/src/controllers/users/getAll.js +++ b/src/controllers/users/getAll.js @@ -16,6 +16,9 @@ const getUsers = async (req, res) => { select: { id: true, name: true, + email: true, + isEmailVerified: true, + role: true, isDeleted: true, profilePictureUrl: true, updatedAt: true, diff --git a/src/controllers/users/getMyself.js b/src/controllers/users/getMyself.js index f70e8d7..5c4cd82 100644 --- a/src/controllers/users/getMyself.js +++ b/src/controllers/users/getMyself.js @@ -8,6 +8,7 @@ const getMyself = async (req, res) => { id: true, name: true, email: true, + role: true, isEmailVerified: true, profilePictureUrl: true, updatedAt: true, diff --git a/src/utils/sendVerificationEmail.js b/src/utils/sendVerificationEmail.js index add1b20..3cca2f6 100644 --- a/src/utils/sendVerificationEmail.js +++ b/src/utils/sendVerificationEmail.js @@ -21,7 +21,7 @@ const sendVerificationEmail = async (user) => { }, }); - const verifyUrl = `${env.BASE_URL}/auth/verify-email?token=${verificationToken}`; + const verifyUrl = `${env.FRONTEND_URL}/verify-email?token=${verificationToken}`; await sendEmail({ email: user.email,