diff --git a/client/vercel.json b/client/vercel.json index 1f2e7ea..3c09665 100644 --- a/client/vercel.json +++ b/client/vercel.json @@ -2,7 +2,7 @@ "rewrites": [ { "source": "/api/v1/(.*)", - "destination": "http://34.42.255.155:3000/api/v1/$1" + "destination": "https://neuramemory-server-6zfpnl4vda-uc.a.run.app/api/v1/$1" }, { "source": "/(.*)", diff --git a/image.png b/image.png deleted file mode 100644 index 958b0a7..0000000 Binary files a/image.png and /dev/null differ diff --git a/server/src/index.ts b/server/src/index.ts index f579fd2..47f0255 100644 --- a/server/src/index.ts +++ b/server/src/index.ts @@ -23,14 +23,14 @@ app.set('trust proxy', 1); app.use(helmet()); app.use(cookieParser()); app.use(express.json({ limit: '200kb' })); -app.use(csrfProtection); - // --------------------------------------------------------------------------- // CORS Configuration // --------------------------------------------------------------------------- -const allowedOrigins = env.ALLOWED_ORIGINS.split(',') - .map((o) => o.trim()) - .filter(Boolean); +const allowedOrigins = [ + ...env.ALLOWED_ORIGINS.split(',').map((o) => o.trim()), + 'https://neuramemory-server-31080282917.us-central1.run.app', + 'https://neuramemory-server-6zfpnl4vda-uc.a.run.app', +].filter(Boolean); app.use( cors({ @@ -47,6 +47,8 @@ app.use( }), ); +app.use(csrfProtection); + // --------------------------------------------------------------------------- // Documentation & Routes // --------------------------------------------------------------------------- diff --git a/server/src/middleware/csrf.ts b/server/src/middleware/csrf.ts index 51a6e4e..2b0dc3d 100644 --- a/server/src/middleware/csrf.ts +++ b/server/src/middleware/csrf.ts @@ -1,6 +1,7 @@ import { Request, Response, NextFunction } from 'express'; import { AppError } from '../utils/AppError.js'; import { logger } from '../utils/logger.js'; +import { env } from '../config/env.js'; /** * Custom CSRF middleware. @@ -26,7 +27,7 @@ export function csrfProtection(req: Request, res: Response, next: NextFunction) cookieToken = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15); res.cookie(CSRF_COOKIE_NAME, cookieToken, { httpOnly: false, // Must be readable by frontend to send back in header - secure: process.env.NODE_ENV === 'production', + secure: env.NODE_ENV === 'production', sameSite: 'lax', path: '/', }); diff --git a/server/src/services/auth.service.ts b/server/src/services/auth.service.ts index 0bb46ab..4681d13 100644 --- a/server/src/services/auth.service.ts +++ b/server/src/services/auth.service.ts @@ -10,7 +10,7 @@ import { import { AuthPayload, AuthResponse } from '../types/auth.types.js'; import { AppError } from '../utils/AppError.js'; -const SALT_ROUNDS = 12; +const SALT_ROUNDS = 10; const INVALID_CREDENTIALS_MESSAGE = 'Invalid email or password.'; /**