- aggiornata la grafica della Home di RISO

- Profilo Completition - Email Verificata - Invita un Amico (invio di email)
2025-11-15 19:38:55 +01:00
parent 26a42b1f30
commit adf1aac10f
312 changed files with 12061 additions and 81773 deletions
--- a/src/server/serverUtils.js
+++ b/src/server/serverUtils.js
@@ -0,0 +1,75 @@
+const fs = require('fs');
+const path = require('path');
+
+function parseDomains() {
+  try {
+    return {
+      domains: JSON.parse(process.env.DOMAINS || '[]'),
+      domainsAllowed: JSON.parse(process.env.DOMAINS_ALLOWED || '[]'),
+    };
+  } catch {
+    return { domains: [], domainsAllowed: [] };
+  }
+}
+
+function createCorsOptions(domains = [], domainsAllowed = [], isProduction = false) {
+  // 1️⃣ Prepara la lista host ammessi (senza porta)
+  const baseHosts = isProduction
+    ? domains.flatMap((d) => [d.hostname, `api.${d.hostname}`, `test.${d.hostname}`, `testapi.${d.hostname}`])
+    : ['localhost', '127.0.0.1'];
+
+  const extraHosts = domainsAllowed.map((d) => d.replace(/^https?:\/\//, '').split(':')[0]);
+
+  const allowedHosts = [...new Set([...baseHosts, ...extraHosts])];
+
+  // 2️⃣ Funzione di validazione origin (accetta qualsiasi porta)
+  const originValidator = (origin, callback) => {
+    if (!origin) return callback(null, true); // Postman, curl, ecc.
+
+    try {
+      const url = new URL(origin);
+      const host = url.hostname.toLowerCase();
+
+      if (allowedHosts.includes(host)) {
+        // if (!isProduction) console.log(`✅ [CORS OK] ${origin}`);
+        return callback(null, true);
+      }
+
+      if (!isProduction) {
+        console.warn(`⚠️ [CORS DEV] origin non ammessa: ${origin} (host: ${host})`);
+        return callback(null, true); // in dev permetti tutto
+      }
+
+      console.error(`❌ [CORS BLOCKED] ${origin}`);
+      return callback(new Error(`CORS denied for origin ${origin}`), false);
+    } catch (err) {
+      console.error(`❌ [CORS ERROR] parsing origin: ${origin} -> ${err.message}`);
+      return callback(new Error('CORS denied: invalid origin'), false);
+    }
+  };
+
+  // 3️⃣ Restituisce l’oggetto completo per il middleware cors()
+  return {
+    origin: originValidator,
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],
+    allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'x-auth', 'x-refrtok'],
+    exposedHeaders: ['x-auth', 'x-refrtok'],
+    maxAge: 86400, // 24 ore di caching per la preflight response
+    preflightContinue: false,
+    optionsSuccessStatus: 204,
+  };
+}
+
+async function getCredentials(hostname) {
+  const key = fs.readFileSync(`/etc/letsencrypt/live/${hostname}/${process.env.PATH_CERT_KEY}`, 'utf8');
+  const cert = fs.readFileSync(`/etc/letsencrypt/live/${hostname}/${process.env.PATH_SERVER_CRT}`, 'utf8');
+  return {
+    key,
+    cert,
+    secureProtocol: 'TLSv1_2_method',
+    secureOptions: require('constants').SSL_OP_NO_SSLv3 | require('constants').SSL_OP_NO_TLSv1,
+  };
+}
+
+module.exports = { parseDomains, createCorsOptions, getCredentials };