From a95bfaf00f5346ce7ff924712c5f46756ef0ef37 Mon Sep 17 00:00:00 2001
From: philc <phc@ndda.fr>
Date: Fri, 16 Feb 2024 07:55:29 +0100
Subject: [PATCH] modif cors

---
 apxtri.js | 76 ++++++++++++++++++-------------------------------------
 1 file changed, 25 insertions(+), 51 deletions(-)

diff --git a/apxtri.js b/apxtri.js
index 8fb86d5..5e6ef18 100755
--- a/apxtri.js
+++ b/apxtri.js
@@ -8,9 +8,6 @@ const cors = require("cors");
 const express = require("express");
 const process = require("process");
 
-const l=require('./tools/log.js');
-l.showlog= true; // force log as well in prod and dev
-l.context="apxtri";
 
 /*******************************************
 
@@ -117,6 +114,9 @@ if (
 }
 */
 const conf = require(path.resolve(`../conf/townconf.json`));
+const currentmod='apxtri';
+const log = conf.api.activelog.includes(currentmod)
+
 
 // Create and update ./nationchains plutot que cette fonction 
 // A creuser et voir comment synchro
@@ -156,7 +156,7 @@ Object.keys(tribelist).forEach((t) => {
   });
   tribeIds.push(t);
 });
-l.og("Allowed DOMs to access to this apxtri server:",JSON.stringify(doms));
+if (log) console.log(currentmod," Allowed DOMs to access to this apxtri server:",JSON.stringify(doms));
 
 const app = express();
 // load express parameter from conf
@@ -170,71 +170,45 @@ app.use(express.json());
 app.use(bodyParser.json(conf.api.bodyparse.json));
 app.disable('x-powered-by');// for security
 app.locals.tribeids = tribeIds;
-l.og("app.locals.tribeids", app.locals.tribeids);
+if (log) console.log(currentmod," app.locals.tribeids", app.locals.tribeids);
 // Cors management
-const corsOptions = {
-  origin: (origin, callback) => {
-    //before modif only origin == undefined 
-    // ajout d'une condition en dev à voir || (infotown.townId == "devfarm" && (origin == undefined || origin == null))
-    if (
-      (origin == undefined ||
-      origin.indexOf("chrome-extension") > -1)
-    ) {
-      callback(null, true);
-    } else {
-      const rematch = /^https?:\/\/(.*):.*/g.exec(origin);
-      
-      let tmp = origin.replace(/http.?:\/\//g, "").split(".");
-
-      if (rematch && rematch.length > 1) tmp = rematch[1].split(".");
-      //l.og( 'tmp', tmp );
-      let dom = tmp[tmp.length - 1];
-      if (tmp.length > 1) {
-        dom = `${tmp[tmp.length - 2]}.${tmp[tmp.length - 1]}`;
-      }
-      l.og(
-        `origin: ${origin}, dom:${dom}, CORS allowed? : ${doms.includes(dom)}`
-      );
-      if (doms.includes(dom)) {
-        callback(null, true);
-      } else {
-        callback(false);
-      }
-    }
-  },
-  exposedHeaders: Object.keys(conf.api.exposedHeaders),
-};
+app.use((req,res,next)=>{
+  console.log("request origin:",req.headers.origin)
+  console.log(req.headers)
+})
+let origlist = [undefined]
+doms.forEach(d=>{
+  origlist.push(new RegExp(`^http.?:\/\/${d.replace(/\./g,"\\.")}`))
+})
+console.log(origlist)
 // CORS
-app.use(cors(corsOptions));
-// Static Routes // try to use nginx route instead in comments
-/*app.use( express.static( `${__dirname}/nationchains/tribes/${conf.mayorId}/www/cdn/public`, {
-  dotfiles: 'allow'
-} ) );
-*/
+//app.use(cors(corsOptions));
+app.use(cors({origin:origlist}))
+
 // Routers add any routes from /routes and /plugins
-let logroute = "Routes available on this apxtri instance:\n ";
+let logroute = "Routes available on this apxtri instance: \n";
 routes.forEach((r) => {
   try {
     logroute += r.url.padEnd(30,' ') + r.route +"\n";
     app.use(r.url, require(r.route));
   } catch (err) {
     logroute += " (err check it module.exports=router;? or ...)\n======\n ";
-    l.og("raise err-:", err);
+    console.log("raise err-:", err);
   }
 });
-console.log(logroute)
-if (process.env.NODE_MODE=="dev") {
-  console.log(
-    `\x1b[42m############################################################################################\x1b[0m\n\x1b[42mThis is dev conf accessible in http://devfarm-ants to switch this as production, you must run:\n 1 - 'yarn dev nationId:ants townId:usbfarm dns:usbfarm-ants ' to conf your town and check it.\n 2 - 'yarn startpm2'\n Where:\n\x1b[42m * nationId have to exist in the nationchains\n * townId new or if exist must have the smae current dns,\n * dns domaine that has to redirect 80/443 into this server (example wall-ants.ndda.fr redirect to 213.32.65.213 ).\n Check README's project to learn more.\x1b[0m\n To work with apxweb for the front use http://defarm-ants/apxweb/www/tplname/src/index.html to use the api during dev process\n\x1b[42m############################################################################################\x1b[0m`
+if (log) { 
+  console.log(currentmod,logroute)
+  if (process.env.NODE_MODE=="dev") console.log(
+    `\x1b[42m############################################################################################\x1b[0m\n\x1b[42mThis is dev conf accessible in http://dev-ants to switch this as production, you must run:\n 1 - 'yarn dev nationId:ants townId:dev dns:dev-ants' to conf your town and check it.\n 2 - 'yarn startpm2'\n Where:\n\x1b[42m * nationId have to exist in the nationchains\n * townId new or if exist must have the same current dns,\n * dns domaine that has to redirect 80/443 into this server.\n Check README's project to learn more.\x1b[0m\n To work with apxweb for the front use http://dev-ants/apxwebapp/www/websitename/src/index.html to use the api during dev process\n\x1b[42m############################################################################################\x1b[0m`
   );
 }
 
 app.listen(conf.api.port, () => {
   let webaccess = `api waits request on `;
   conf.dns.forEach((u) => {
-    webaccess += `http://${u}:${conf.api.port}`;
+    webaccess += `http://${u}:${conf.api.port} `;
   });
-  console.log(webaccess);
+  if (log) console.log(currentmod,webaccess);
 });
 console.log(
   "\x1b[42m\x1b[37m",