From 15cec678976539b9b749a57402a8403d841bd37c Mon Sep 17 00:00:00 2001 From: jazzgrewal Date: Fri, 29 Sep 2023 14:49:08 -0700 Subject: [PATCH] fix/backendCors --- backend/index.js | 44 +------------------------------------------- frontend/.env | 4 ++-- 2 files changed, 3 insertions(+), 45 deletions(-) diff --git a/backend/index.js b/backend/index.js index e66a281..2f81eb5 100644 --- a/backend/index.js +++ b/backend/index.js @@ -10,51 +10,9 @@ dotenv.config({ }) const app = express(); -// Define the array of whitelisted IP addresses , the loopback will be allowed automatically -const whitelist = ['192.168.1.89', '172.21.0.1']; - -// Middleware to check if the request's IP is in the whitelist -const ipWhitelistMiddleware = (req, res, next) => { - let clientIp = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || req.connection.remoteAddress; - console.log("request from IP = "+clientIp); - // If the clientIp is in the IPv6 format "::ffff:", extract the IPv4 part - if (clientIp && clientIp.startsWith('::ffff:')) { - clientIp = clientIp.substr(7); - } - - if (isLoopbackIp(clientIp) || (isValidIp(clientIp) && whitelist.includes(clientIp)) || isHealthCheck(req.url)) { - // If the IP is the loopback address or in the whitelist, allow the request to proceed - next(); - } else { - // If the IP is not in the whitelist, send a 403 Forbidden response - res.status(403).json({ error: 'Access denied. IP address not whitelisted.' }); - } -}; - -// Helper function to check if an IP address is the loopback address -function isLoopbackIp(ip) { - return ip === '::1' || ip === '127.0.0.1' || ip === '::ffff:127.0.0.1'; -} - -// Helper function to let health checks through -function isHealthCheck(path) { - return path === '/health'; -} - -// Helper function to validate if an IP address is valid -function isValidIp(ip) { - // Regular expression to validate IPv4 and IPv6 addresses, excluding loopback addresses - const ipv4Pattern = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/; - const ipv6Pattern = /^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$/; - return ipv4Pattern.test(ip) || ipv6Pattern.test(ip); -} - -// Apply IP whitelist middleware before CORS middleware -app.use(ipWhitelistMiddleware); - // Configure CORS options const corsOptions = { - origin: 'http://localhost:3000', // Replace with the actual frontend domain + origin: ['http://localhost:3000', 'https://nr-results-exam-test-frontend.apps.silver.devops.gov.bc.ca/'], methods: ['GET','POST'], // Specify the allowed HTTP methods }; app.use(express.json()); diff --git a/frontend/.env b/frontend/.env index bd1f3ac..4433bb2 100644 --- a/frontend/.env +++ b/frontend/.env @@ -1,6 +1,6 @@ VITE_MAIN_VERSION = v1.0.0 VITE_USER_POOLS_ID= ca-central-1_FxagSNQa7 -VITE_USER_POOLS_WEB_CLIENT_ID= 43hjhdf5dvi17opb0jgucfpvm7 +VITE_USER_POOLS_WEB_CLIENT_ID= 3g6n2ha1loi4kp1jhaq359vrvb VITE_CHES_FROM_EMAIL = jaskiratsingh.grewal@gov.bc.ca VITE_CHES_ADMIN_EMAIL = jaski.grewal@gmail.com -VITE_ZONE = DEV +VITE_ZONE = DEV \ No newline at end of file