nalalangan/costco-grocery-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Increase security - move host locations to .env

Browse Source
This commit is contained in:
Nico 2025-11-23 14:52:24 -08:00
parent f4e784b2ec
commit e2f2edbf59
5 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.vscode/settings.json vendored
View File

@ -41,7 +41,7 @@
// ============================ // ============================
"[javascript]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, "[javascript]": { "editor.defaultFormatter": "vscode.typescript-language-features" },
"[javascriptreact]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, "[javascriptreact]": { "editor.defaultFormatter": "vscode.typescript-language-features" },
"[typescript]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, "[typescript]": { "editor.defaultFormatter": "vscode.typescript-language-features" },
"[typescriptreact]": { "editor.defaultFormatter": "vscode.typescript-language-features" }, "[typescriptreact]": { "editor.defaultFormatter": "vscode.typescript-language-features" },
// ============================ // ============================

7
backend/app.js
View File

@ -6,11 +6,8 @@ const User = require("./models/user.model");
const app = express(); const app = express();
app.use(express.json()); app.use(express.json());
const allowedOrigins = [ const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
"http://localhost:3000", console.log("Allowed Origins: ", allowedOrigins);
"https://costco.nicosaya.com",
"https://costco.api.nicosaya.com",
];
app.use( app.use(
cors({ cors({
origin: function (origin, callback) { origin: function (origin, callback) {

1
frontend/src/App.jsx
View File

@ -12,6 +12,7 @@ import PrivateRoute from "./utils/PrivateRoute.jsx";
import RoleGuard from "./utils/RoleGuard.jsx"; import RoleGuard from "./utils/RoleGuard.jsx";
console.log("VITE_ALLOWED_HOSTS:", import.meta.env.VITE_ALLOWED_HOSTS);
function App() { function App() {
return ( return (

2
frontend/src/pages/GroceryList.jsx
View File

@ -72,7 +72,7 @@ export default function GroceryList() {
let newQuantity = quantity; let newQuantity = quantity;
const item = await getItemByName(itemName); const item = await getItemByName(itemName);
if (item.data) { if (item.data && item.data.item_bought === false) {
let currentQuantity = item.data.quantity; let currentQuantity = item.data.quantity;
const yes = window.confirm( const yes = window.confirm(
`Item "${itemName}" already exists in the list. Do you want to update its quantity from ${currentQuantity} to ${currentQuantity + newQuantity}?` `Item "${itemName}" already exists in the list. Do you want to update its quantity from ${currentQuantity} to ${currentQuantity + newQuantity}?`

11
frontend/vite.config.ts
View File

@ -1,10 +1,15 @@
import { defineConfig } from 'vite' import react from '@vitejs/plugin-react';
import react from '@vitejs/plugin-react' import { defineConfig, loadEnv } from 'vite';
const env = loadEnv('', process.cwd());
const allowedHosts = env.VITE_ALLOWED_HOSTS
? env.VITE_ALLOWED_HOSTS.split(',').map((host) => host.trim())
: [];
export default defineConfig({ export default defineConfig({
plugins: [react()], plugins: [react()],
server: { server: {
allowedHosts: ["costco.nicosaya.com", "www.costco.nicosaya.com"], allowedHosts: allowedHosts,
watch: { watch: {
usePolling: true, usePolling: true,
}, },