surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

aggiornamenti vari...

Browse Source
This commit is contained in:
Surya Paolo
2025-03-21 19:52:01 +01:00
parent dfe492df45
commit d94cbde948
4 changed files with 36 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.dev.pcb
View File

@@ -21,8 +21,8 @@ DELAY_SENDEMAIL=2000
VAPI_KEY_SUBJECT=mailto:paolo@freeplanet.app
PUBLIC_VAPI_KEY=BDncvMiUZmjaCG2Kr1V9N0_33hOG-AuNSbHSvL24y2dzBiUjAxKm02emx5SeJvz2IGmtRf6YqCgopeQwCwUmZw8
PRIVATE_VAPI_KEY=uB2-jQkrbysyDtqN3ziMBDsVn0wdEaDsksX81zoOGQo
PATH_CERT_KEY=localhost.key
PATH_SERVER_CRT=localhost.crt
PATH_CERT_KEY=localhost-key.pem
PATH_SERVER_CRT=localhost.pem
PATH_SSL_ROOT_PEM=root.pem
PATH_SSL_CHAIN_PEM=chain.pem
GCM_API_KEY=""

15
.env.development
View File

@@ -1,12 +1,12 @@
DATABASE=test_FreePlanet
DATABASE=test_PiuCheBuono
UDB=paofreeplanet
PDB=mypassword@1A
SEND_EMAIL=0
SEND_EMAIL_ORDERS=1
PORT=3000
appTelegram_TEST=["1","13"]
appTelegram=["1","13"]
appTelegram_DEVELOP=["13"]
appTelegram_TEST=["1","17"]
appTelegram=["1","17"]
appTelegram_DEVELOP=["17"]
DOMAIN=mongodb://localhost:27017/
AUTH_MONGODB=0
ENABLE_PUSHNOTIFICATION=1
@@ -29,7 +29,7 @@ GCM_API_KEY=""
PROD=0
PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ
TOKEN_LIFE=1m
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=14d
FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21
@@ -38,4 +38,9 @@ FTPSERVER_PWD=ftpmypwd@1A_
AUTH_NEW_SITES=123123123
SCRIPTS_DIR=admin_scripts
CLOUDFLARE_TOKENS=[{"label":"Paolo.arena77@gmail.com","value":"M9EM309v8WFquJKpYgZCw-TViM2wX6vB3wlK6GD0"},{"label":"gruppomacro.com","value":"bqmzGShoX7WqOBzkXocoECyBkPq3GfqcM5t6VFd8"}]
MIAB_HOST=box.lamiaposta.org
MIAB_ADMIN_EMAIL=admin@lamiaposta.org
MIAB_ADMIN_PASSWORD=passpao1pabox@1A
DS_API_KEY="sk-222e3addb3d8455d8b0516d93906eec7"
API_KEY_MSSQL="m68yADSr123MIVIDA@154$DSAGVOK"
SERVER_A_URL="http://51.77.156.69:3000"

4
src/server/controllers/articleController.js
View File

@@ -295,7 +295,7 @@ const getTableContent = async (options) => {
// Se c'è un solo record, visualizza una lista di chiavi e valori
const record = records[0];
output += `
< table border = '1' style = "border-collapse: collapse; width: 50%;" >
<table border='1' style="border-collapse: collapse; width: 50%;" >
<thead>
<tr>
<th style="padding: 8px; background-color: #f2f2f2;">Campo</th>
@@ -314,7 +314,7 @@ const getTableContent = async (options) => {
});
output += `
</tbody>
</table >
</table>
`;
} else {
// Se ci sono più record, visualizza una tabella con intestazioni

36
src/server/server.js
View File

@@ -806,6 +806,8 @@ connectToDatabase(connectionUrl, options)
`https://test.${domain.hostname}`,
`https://testapi.${domain.hostname}`,
`https://comunitanuovomondo.app`,
`https://kolibrilab.it`,
`https://artenergetica.org`,
`https://freeplanet.app:3001`,
`http://${domain.hostname}`,
`http://api.${domain.hostname}`,
@@ -822,27 +824,25 @@ connectToDatabase(connectionUrl, options)
try {
// Validazione dell'input
if (!origin || typeof origin !== 'string' || !/^https?:\/\/[^\s/$.?#].[^\s]*$/.test(origin)) {
if (origin)
console.error('Origine non valida', origin);
console.error('❌ Origine non valida:', origin);
return callback(new Error('Origine non valida'), false);
}
// Logging per il debug
// console.log('Verifica origine:', origin);
// Controllo delle origini consentite
if (!origin || allowedOrigins.includes(origin)) {
// console.log('✅ Origine consentita:', origin);
if (allowedOrigins.includes(origin)) {
console.log('✅ Origine consentita:', origin);
return callback(null, true);
}
// Blocco delle origini non autorizzate
console.warn('❌ Origine bloccata:', origin);
callback(new Error('CORS non permesso per questa origine ' + origin));
return callback(new Error('CORS non permesso per questa origine'), false);
} catch (error) {
console.error('Errore durante la verifica dell\'origine:', error.message);
callback(error);
return callback(error, false);
}
}
};
}
// Configurazione CORS dettagliata
@@ -874,16 +874,17 @@ connectToDatabase(connectionUrl, options)
app.options('*', cors(corsOptions)); // Gestisce tutte le richieste OPTIONS
// Middleware personalizzato per assicurare gli headers CORS
app.use((req, res, next) => {
/*app.use((req, res, next) => {
const origin = req.headers.origin || '*';
if (allowedOrigins.includes(origin) || corsOptions.origin === '*') {
// console.log(' ... ORIGIN', origin);
res.setHeader('Access-Control-Allow-Origin', origin);
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
res.setHeader('Access-Control-Allow-Credentials', 'true');
res.setHeader('Access-Control-Expose-Headers', 'x-auth, x-refrtok');
}
next();
});
});*/
// Log middleware per debug
app.use((req, res, next) => {
@@ -935,9 +936,16 @@ connectToDatabase(connectionUrl, options)
if (process.env.HTTPS_LOCALHOST === "true") {
let mycredentials = null;
try {
const keyStream = path.resolve(`./${process.env.PATH_CERT_KEY}`);
const certificateStream = path.resolve(`./${process.env.PATH_SERVER_CRT}`);
const privateKey = fs.readFileSync(keyStream, "utf8");
const certificate = fs.readFileSync(certificateStream, "utf8");
mycredentials = {
key: fs.readFileSync(process.env.PATH_CERT_KEY, 'utf8'),
cert: fs.readFileSync(process.env.PATH_SERVER_CRT, 'utf8'),
key: privateKey,
cert: certificate,
ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384',
honorCipherOrder: true,
secureProtocol: 'TLSv1_2_method'