diff --git a/.env.dev.pcb b/.env.dev.pcb index 3e71f55..86c5b99 100644 --- a/.env.dev.pcb +++ b/.env.dev.pcb @@ -21,8 +21,8 @@ DELAY_SENDEMAIL=2000 VAPI_KEY_SUBJECT=mailto:paolo@freeplanet.app PUBLIC_VAPI_KEY=BDncvMiUZmjaCG2Kr1V9N0_33hOG-AuNSbHSvL24y2dzBiUjAxKm02emx5SeJvz2IGmtRf6YqCgopeQwCwUmZw8 PRIVATE_VAPI_KEY=uB2-jQkrbysyDtqN3ziMBDsVn0wdEaDsksX81zoOGQo -PATH_CERT_KEY=localhost.key -PATH_SERVER_CRT=localhost.crt +PATH_CERT_KEY=localhost-key.pem +PATH_SERVER_CRT=localhost.pem PATH_SSL_ROOT_PEM=root.pem PATH_SSL_CHAIN_PEM=chain.pem GCM_API_KEY="" diff --git a/.env.development b/.env.development index 7013049..86c5b99 100644 --- a/.env.development +++ b/.env.development @@ -1,12 +1,12 @@ -DATABASE=test_FreePlanet +DATABASE=test_PiuCheBuono UDB=paofreeplanet PDB=mypassword@1A SEND_EMAIL=0 SEND_EMAIL_ORDERS=1 PORT=3000 -appTelegram_TEST=["1","13"] -appTelegram=["1","13"] -appTelegram_DEVELOP=["13"] +appTelegram_TEST=["1","17"] +appTelegram=["1","17"] +appTelegram_DEVELOP=["17"] DOMAIN=mongodb://localhost:27017/ AUTH_MONGODB=0 ENABLE_PUSHNOTIFICATION=1 @@ -29,7 +29,7 @@ GCM_API_KEY="" PROD=0 PROJECT_DESCR_MAIN='__PROJECTS' SECRK=Askb38v23jjDFaoskBOWj92axXCQ -TOKEN_LIFE=1m +TOKEN_LIFE=2h REFRESH_TOKEN_LIFE=14d FTPSERVER_HOST=139.162.166.31 FTPSERVER_PORT=21 @@ -38,4 +38,9 @@ FTPSERVER_PWD=ftpmypwd@1A_ AUTH_NEW_SITES=123123123 SCRIPTS_DIR=admin_scripts CLOUDFLARE_TOKENS=[{"label":"Paolo.arena77@gmail.com","value":"M9EM309v8WFquJKpYgZCw-TViM2wX6vB3wlK6GD0"},{"label":"gruppomacro.com","value":"bqmzGShoX7WqOBzkXocoECyBkPq3GfqcM5t6VFd8"}] +MIAB_HOST=box.lamiaposta.org +MIAB_ADMIN_EMAIL=admin@lamiaposta.org +MIAB_ADMIN_PASSWORD=passpao1pabox@1A DS_API_KEY="sk-222e3addb3d8455d8b0516d93906eec7" +API_KEY_MSSQL="m68yADSr123MIVIDA@154$DSAGVOK" +SERVER_A_URL="http://51.77.156.69:3000" \ No newline at end of file diff --git a/src/server/controllers/articleController.js b/src/server/controllers/articleController.js index 7601137..0eab1ec 100644 --- a/src/server/controllers/articleController.js +++ b/src/server/controllers/articleController.js @@ -295,7 +295,7 @@ const getTableContent = async (options) => { // Se c'è un solo record, visualizza una lista di chiavi e valori const record = records[0]; output += ` - < table border = '1' style = "border-collapse: collapse; width: 50%;" > + @@ -314,7 +314,7 @@ const getTableContent = async (options) => { }); output += ` -
Campo
+ `; } else { // Se ci sono più record, visualizza una tabella con intestazioni diff --git a/src/server/server.js b/src/server/server.js index 348c39f..b806bf3 100755 --- a/src/server/server.js +++ b/src/server/server.js @@ -806,6 +806,8 @@ connectToDatabase(connectionUrl, options) `https://test.${domain.hostname}`, `https://testapi.${domain.hostname}`, `https://comunitanuovomondo.app`, + `https://kolibrilab.it`, + `https://artenergetica.org`, `https://freeplanet.app:3001`, `http://${domain.hostname}`, `http://api.${domain.hostname}`, @@ -822,27 +824,25 @@ connectToDatabase(connectionUrl, options) try { // Validazione dell'input if (!origin || typeof origin !== 'string' || !/^https?:\/\/[^\s/$.?#].[^\s]*$/.test(origin)) { - if (origin) - console.error('❌ Origine non valida', origin); + console.error('❌ Origine non valida:', origin); + return callback(new Error('Origine non valida'), false); } - // Logging per il debug - // console.log('Verifica origine:', origin); - // Controllo delle origini consentite - if (!origin || allowedOrigins.includes(origin)) { - // console.log('✅ Origine consentita:', origin); + if (allowedOrigins.includes(origin)) { + console.log('✅ Origine consentita:', origin); return callback(null, true); } // Blocco delle origini non autorizzate console.warn('❌ Origine bloccata:', origin); - callback(new Error('CORS non permesso per questa origine ' + origin)); + return callback(new Error('CORS non permesso per questa origine'), false); } catch (error) { console.error('Errore durante la verifica dell\'origine:', error.message); - callback(error); + return callback(error, false); } - }; + + } } // Configurazione CORS dettagliata @@ -874,16 +874,17 @@ connectToDatabase(connectionUrl, options) app.options('*', cors(corsOptions)); // Gestisce tutte le richieste OPTIONS // Middleware personalizzato per assicurare gli headers CORS - app.use((req, res, next) => { + /*app.use((req, res, next) => { const origin = req.headers.origin || '*'; if (allowedOrigins.includes(origin) || corsOptions.origin === '*') { // console.log(' ... ORIGIN', origin); res.setHeader('Access-Control-Allow-Origin', origin); + res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); res.setHeader('Access-Control-Allow-Credentials', 'true'); res.setHeader('Access-Control-Expose-Headers', 'x-auth, x-refrtok'); } next(); - }); + });*/ // Log middleware per debug app.use((req, res, next) => { @@ -935,9 +936,16 @@ connectToDatabase(connectionUrl, options) if (process.env.HTTPS_LOCALHOST === "true") { let mycredentials = null; try { + + const keyStream = path.resolve(`./${process.env.PATH_CERT_KEY}`); + const certificateStream = path.resolve(`./${process.env.PATH_SERVER_CRT}`); + + const privateKey = fs.readFileSync(keyStream, "utf8"); + const certificate = fs.readFileSync(certificateStream, "utf8"); + mycredentials = { - key: fs.readFileSync(process.env.PATH_CERT_KEY, 'utf8'), - cert: fs.readFileSync(process.env.PATH_SERVER_CRT, 'utf8'), + key: privateKey, + cert: certificate, ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384', honorCipherOrder: true, secureProtocol: 'TLSv1_2_method'