costco-grocery-list/backend/app.js

const express = require("express");
const cors = require("cors");
const path = require("path");
const User = require("./models/user.model");

const app = express();
app.use(express.json());

// Serve static files from public directory
app.use('/test', express.static(path.join(__dirname, 'public')));

const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
console.log("Allowed Origins:", allowedOrigins);
app.use(
  cors({
    origin: function (origin, callback) {
      if (!origin) return callback(null, true);
      if (allowedOrigins.includes(origin)) return callback(null, true);
      if (/^http:\/\/192\.168\.\d+\.\d+/.test(origin)) return callback(null, true);
      if (/^https:\/\/192\.168\.\d+\.\d+/.test(origin)) return callback(null, true);
      console.error(`🚫 CORS blocked origin: ${origin}`);
      callback(new Error(`CORS blocked: ${origin}. Add this origin to ALLOWED_ORIGINS environment variable.`));
    },
    methods: ["GET", "POST", "PUT", "DELETE", "PATCH"],
  })
);

app.get('/', async (req, res) => {
  resText = `Grocery List API is running.\n` +
    `Roles available: ${Object.values(User.ROLES).join(', ')}`

  res.status(200).type("text/plain").send(resText);
});


const authRoutes = require("./routes/auth.routes");
app.use("/auth", authRoutes);

const listRoutes = require("./routes/list.routes");
app.use("/list", listRoutes);

const adminRoutes = require("./routes/admin.routes");
app.use("/admin", adminRoutes);

const usersRoutes = require("./routes/users.routes");
app.use("/users", usersRoutes);

const configRoutes = require("./routes/config.routes");
app.use("/config", configRoutes);

const householdsRoutes = require("./routes/households.routes");
app.use("/households", householdsRoutes);

const storesRoutes = require("./routes/stores.routes");
app.use("/stores", storesRoutes);

module.exports = app;