Improve cors and server error handling, #31

ciatph · ciatph · commit ef2834314715 · 2022-04-13T12:07:21.000+08:00
diff --git a/client/.gitignore b/client/.gitignore
@@ -21,4 +21,6 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
-.firebase
+.firebase
+firebase.config.dev.js
+firebase.config.prod.js
diff --git a/server/.env.example b/server/.env.example
@@ -1,4 +1,4 @@
-ALLOWED_ORIGINS=http://localhost,http://mywebsite.com,http://yourwebsite.com
+ALLOWED_ORIGINS=http://localhost,http://localhost:3000,http://mywebsite.com,http://yourwebsite.com
 FIREBASE_SERVICE_ACC=YOUR-FIREBASE-PROJ-SERVICE-ACCOUNT-JSON-CREDENTIALS-ONE-LINER-NO-SPACES
 FIREBASE_PRIVATE_KEY=PRIVATE-KEY-FROM-FIREBASE-SERVICE-ACCOUNT-JSON-WITH-DOUBLE-QUOTES
 EMAIL_WHITELIST=superadmin@gmail.com
diff --git a/server/.gitignore b/server/.gitignore
@@ -1,4 +1,6 @@
 node_modules/
+src/public/
 .env
+.env.dev
+.env.prod
 .vscode
-src/public/
diff --git a/server/src/controllers/user.js b/server/src/controllers/user.js
@@ -6,11 +6,8 @@ const {
   listusers
 } = require('../classes/user')
 
-const { EMAIL_WHITELIST } = require('../utils/constants')
-
-module.exports.createUser = async (req, res) => {
+module.exports.createUser = async (req, res, next) => {
   const { email, displayname, account_level, emailverified, disabled } = req.body
-
   if (!email || !displayname || !account_level) {
     return res.status(500).send('Missing parameter/s.')
   }
@@ -22,12 +19,12 @@ module.exports.createUser = async (req, res) => {
 
     return res.status(200).json(user)
   } catch (err) {
-    return res.status(500).send(err.message)
+    next(new Error(err))
   }
 }
 
 // Update a user's information by email or UID
-module.exports.updateUser = async (req, res) => {
+module.exports.updateUser = async (req, res, next) => {
   const { uid } = req.body
 
   if (!uid) {
@@ -38,12 +35,12 @@ module.exports.updateUser = async (req, res) => {
     const user = await updateuser(req.body)
     return res.status(200).json(user)
   } catch (err) {
-    return res.status(500).send(err.message)
+    next(new Error(err))
   }
 }
 
 // Delete a user by UID
-module.exports.deleteUser = async (req, res) => {
+module.exports.deleteUser = async (req, res, next) => {
   const { uid } = req.params
 
   if (!uid) {
@@ -56,12 +53,12 @@ module.exports.deleteUser = async (req, res) => {
       message: `User ${uid} deleted.`
     })
   } catch (err) {
-    return res.status(500).send(err.message)
+    next(new Error(err))
   }
 }
 
 // Get user information by user's email or UID
-module.exports.getUser = async (req, res) => {
+module.exports.getUser = async (req, res, next) => {
   const { uid, email } = req.query
 
   if (!uid && !email) {
@@ -72,16 +69,16 @@ module.exports.getUser = async (req, res) => {
     const user = await getuser({ uid, email })
     return res.status(200).json(user)
   } catch (err) {
-    return res.status(500).send(err.message)
+    next(new Error(err))
   }
 }
 
 // List all users
-module.exports.listUsers = async (req, res) => {
+module.exports.listUsers = async (req, res, next) => {
   try {
     const users = await listusers()
     return res.status(200).json(users)
   } catch (err) {
-    return res.status(500).send(err.message)
+    next(new Error(err))
   }
 }
diff --git a/server/src/index.js b/server/src/index.js
@@ -6,20 +6,22 @@ const app = express()
 const PORT = process.env.PORT || 3001
 
 const controllers = require('./controllers')
-const { whitelist } = require('./utils/whitelist-cors')
+const { corsOptions } = require('./utils/whitelist-cors')
 
 app.use(express.json())
 app.use(express.urlencoded({ extended: false }))
 app.use(cookieParser())
 app.use(express.static(path.resolve(__dirname, 'public')))
-app.use(cors({
-  origin: whitelist
-}))
+app.use(cors(corsOptions))
 
 app.use('/api', controllers)
 
 app.get('*', (req, res) => {
-  res.sendFile(path.resolve(__dirname, 'public', 'index.html'))
+  return res.sendFile(path.resolve(__dirname, 'public', 'index.html'))
+})
+
+app.use((err, req, res, next) => {
+  res.status(500).send(err.message)
 })
 
 app.listen(PORT, () => {
diff --git a/server/src/utils/templates/header.md b/server/src/utils/templates/header.md
@@ -19,4 +19,6 @@ password: 123456789
 
 - [firebase-auth-users](https://github.com/ciatph/firebase-users-admin) (GitHub repo)
 - [Firebase Authentication](https://firebase.google.com/docs/auth)
-- [Firebase Admin](https://firebase.google.com/docs/admin/setup)
+- Firebase Admin SDK
+   - [set-up](https://firebase.google.com/docs/admin/setup)
+   - [manage users](https://firebase.google.com/docs/auth/admin/manage-users)
diff --git a/server/src/utils/whitelist-cors.js b/server/src/utils/whitelist-cors.js
@@ -10,6 +10,7 @@ const corsOptions = {
       callback(new Error('Not allowed by CORS.'))
     }
   },
+  methods: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'PATCH'],
   optionsSuccessStatus: 200
 }
 

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ const corsOptions = {`
`10`	`10`	`callback(new Error('Not allowed by CORS.'))`
`11`	`11`	`}`
`12`	`12`	`},`
	`13`	`+ methods: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'PATCH'],`
`13`	`14`	`optionsSuccessStatus: 200`
`14`	`15`	`}`
`15`	`16`