Enhance CORS configuration and add deployment guide for production setup

2025-09-02 00:51:36 +03:00 · 2025-08-10 04:22:00 +05:30
parent dc91bc8cdc
commit 7facf8ded1
3 changed files with 156 additions and 12 deletions
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@@ -0,0 +1,84 @@
+# Deployment Guide for CORS Fix
+
+## Problem
+CORS error: "Access to fetch at 'https://seedbox-api.isalman.dev/api/auth/login' from origin 'https://seedbox.isalman.dev' has been blocked"
+
+## Solution Steps
+
+### 1. Backend Deployment (Server)
+
+**Stop existing server:**
+```bash
+# Kill any existing processes
+pkill -f "node index.js"
+pm2 stop seedbox-backend 2>/dev/null || true
+pm2 delete seedbox-backend 2>/dev/null || true
+```
+
+**Deploy with PM2 (Recommended):**
+```bash
+cd /home/toor/seedbox-lite/server-new
+mkdir -p logs
+pm2 start ecosystem.config.js
+```
+
+**Or deploy manually:**
+```bash
+cd /home/toor/seedbox-lite/server-new
+NODE_ENV=production \
+SERVER_PORT=3001 \
+SERVER_HOST=0.0.0.0 \
+FRONTEND_URL=https://seedbox.isalman.dev \
+ACCESS_PASSWORD=seedbox123 \
+node index.js
+```
+
+### 2. Frontend Deployment
+
+**Rebuild with production API URL:**
+```bash
+cd /home/toor/seedbox-lite/client
+VITE_API_BASE_URL=https://seedbox-api.isalman.dev npm run build
+```
+
+**Deploy with PM2:**
+```bash
+pm2 start ecosystem.config.js
+```
+
+### 3. Verify CORS Configuration
+
+**Test CORS manually:**
+```bash
+cd /home/toor/seedbox-lite/server-new
+chmod +x test-cors.sh
+./test-cors.sh
+```
+
+**Check PM2 status:**
+```bash
+pm2 status
+pm2 logs seedbox-backend --lines 20
+```
+
+### 4. Important Notes
+
+- Backend runs on port **3001** (as per your .env.production)
+- Make sure your reverse proxy/Cloudflare points to port 3001
+- CORS is now configured to allow both domains:
+  - `https://seedbox.isalman.dev` (frontend)
+  - `https://seedbox-api.isalman.dev` (backend)
+
+### 5. Debugging
+
+If still having issues, check:
+```bash
+# Check server logs
+pm2 logs seedbox-backend
+
+# Test backend health
+curl https://seedbox-api.isalman.dev/api/health
+
+# Test CORS manually
+curl -H "Origin: https://seedbox.isalman.dev" https://seedbox-api.isalman.dev/api/health
+```
--- a/server-new/index.js
+++ b/server-new/index.js
@@ -637,26 +637,58 @@ const allowedOrigins = [
  'http://localhost:3000',
  'http://127.0.0.1:5173',
  'http://127.0.0.1:5174',
-  'http://127.0.0.1:3000'
+  'http://127.0.0.1:3000',
+  'https://seedbox.isalman.dev',
+  'https://seedbox-api.isalman.dev'
 ];

-// Add production domains if not in development
-if (!config.isDevelopment) {
-  allowedOrigins.push(
-    'https://seedbox.isalman.dev',
-    'https://seedbox-api.isalman.dev'
-  );
-}
-
 console.log('🌐 CORS allowed origins:', allowedOrigins);
+console.log('🔧 Environment:', process.env.NODE_ENV);
+console.log('🔧 isDevelopment:', config.isDevelopment);

+// Enhanced CORS configuration
 app.use(cors({
-  origin: allowedOrigins,
+  origin: function (origin, callback) {
+    // Allow requests with no origin (mobile apps, curl, etc.)
+    if (!origin) return callback(null, true);
+    
+    if (allowedOrigins.includes(origin)) {
+      return callback(null, true);
+    } else {
+      console.log('❌ CORS blocked origin:', origin);
+      return callback(new Error('Not allowed by CORS'));
+    }
+  },
  credentials: true,
-  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
-  allowedHeaders: ['Content-Type', 'Authorization']
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],
+  allowedHeaders: [
+    'Content-Type', 
+    'Authorization', 
+    'X-Requested-With',
+    'Accept',
+    'Origin'
+  ],
+  optionsSuccessStatus: 200 // Some legacy browsers choke on 204
 }));

+// Additional CORS headers for preflight
+app.use((req, res, next) => {
+  const origin = req.headers.origin;
+  if (allowedOrigins.includes(origin)) {
+    res.setHeader('Access-Control-Allow-Origin', origin);
+  }
+  res.setHeader('Access-Control-Allow-Credentials', 'true');
+  res.setHeader('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,OPTIONS,PATCH');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type,Authorization,X-Requested-With,Accept,Origin');
+  
+  // Handle preflight requests
+  if (req.method === 'OPTIONS') {
+    res.status(200).end();
+    return;
+  }
+  next();
+});
+
 app.use(express.json());

 // Health check
--- a/server-new/test-cors.sh
+++ b/server-new/test-cors.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+echo "🧪 Testing CORS configuration..."
+echo ""
+
+# Test OPTIONS request (preflight)
+echo "1. Testing OPTIONS preflight request:"
+curl -X OPTIONS \
+  -H "Origin: https://seedbox.isalman.dev" \
+  -H "Access-Control-Request-Method: POST" \
+  -H "Access-Control-Request-Headers: Content-Type" \
+  -v \
+  https://seedbox-api.isalman.dev/api/auth/login
+
+echo ""
+echo "2. Testing actual POST request:"
+curl -X POST \
+  -H "Origin: https://seedbox.isalman.dev" \
+  -H "Content-Type: application/json" \
+  -d '{"password":"test"}' \
+  -v \
+  https://seedbox-api.isalman.dev/api/auth/login
+
+echo ""
+echo "3. Testing health endpoint:"
+curl -H "Origin: https://seedbox.isalman.dev" \
+  -v \
+  https://seedbox-api.isalman.dev/api/health