From e2f2edbf590600fa3c64465dca80e619ab80513e Mon Sep 17 00:00:00 2001 From: Nico Date: Sun, 23 Nov 2025 14:52:24 -0800 Subject: [PATCH] Increase security - move host locations to .env --- .vscode/settings.json | 2 +- backend/app.js | 7 ++----- frontend/src/App.jsx | 1 + frontend/src/pages/GroceryList.jsx | 2 +- frontend/vite.config.ts | 11 ++++++++--- 5 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 2f1dcef..e6d4b42 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -41,7 +41,7 @@ // ============================ "[javascript]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, "[javascriptreact]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, - "[typescript]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, + "[typescript]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, "[typescriptreact]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, // ============================ diff --git a/backend/app.js b/backend/app.js index 8da9fc1..23ef938 100644 --- a/backend/app.js +++ b/backend/app.js @@ -6,11 +6,8 @@ const User = require("./models/user.model"); const app = express(); app.use(express.json()); -const allowedOrigins = [ - "http://localhost:3000", - "https://costco.nicosaya.com", - "https://costco.api.nicosaya.com", -]; +const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim()); +console.log("Allowed Origins: ", allowedOrigins); app.use( cors({ origin: function (origin, callback) { diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx index 3f5839e..d897821 100644 --- a/frontend/src/App.jsx +++ b/frontend/src/App.jsx @@ -12,6 +12,7 @@ import PrivateRoute from "./utils/PrivateRoute.jsx"; import RoleGuard from "./utils/RoleGuard.jsx"; +console.log("VITE_ALLOWED_HOSTS:", import.meta.env.VITE_ALLOWED_HOSTS); function App() { return ( diff --git a/frontend/src/pages/GroceryList.jsx b/frontend/src/pages/GroceryList.jsx index 07d5682..78c4f96 100644 --- a/frontend/src/pages/GroceryList.jsx +++ b/frontend/src/pages/GroceryList.jsx @@ -72,7 +72,7 @@ export default function GroceryList() { let newQuantity = quantity; const item = await getItemByName(itemName); - if (item.data) { + if (item.data && item.data.item_bought === false) { let currentQuantity = item.data.quantity; const yes = window.confirm( `Item "${itemName}" already exists in the list. Do you want to update its quantity from ${currentQuantity} to ${currentQuantity + newQuantity}?` diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts index 36541a0..8f1ab7f 100644 --- a/frontend/vite.config.ts +++ b/frontend/vite.config.ts @@ -1,10 +1,15 @@ -import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react from '@vitejs/plugin-react'; +import { defineConfig, loadEnv } from 'vite'; + +const env = loadEnv('', process.cwd()); +const allowedHosts = env.VITE_ALLOWED_HOSTS + ? env.VITE_ALLOWED_HOSTS.split(',').map((host) => host.trim()) + : []; export default defineConfig({ plugins: [react()], server: { - allowedHosts: ["costco.nicosaya.com", "www.costco.nicosaya.com"], + allowedHosts: allowedHosts, watch: { usePolling: true, },