backend-plus 2.5.0-betha.1 → 2.5.1-betha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/backend-plus.d.ts +1 -1
  2. package/lib/backend-plus.js +15 -4
  3. package/package.json +2 -1
package/lib/backend-plus.d.ts CHANGED
@@ -395,6 +395,7 @@ export interface AppConfigServer
395
395
  "kill-9": string // a way to kill from URL with a token
396
396
  bitacoraSchema: string
397
397
  bitacoraTableName: string
398
+ allowedHosts:string[] //API allowed hosts
398
399
  }
399
400
  export interface AppConfigDb
400
401
  {
@@ -414,7 +415,6 @@ export interface AppConfigLogin
414
415
  {
415
416
  schema: string // schema of the user table
416
417
  table: string // user table
417
- from: string // complete expression to get table or join where get the user
418
418
  userFieldname: string // fieldname in user table that stores the user name
419
419
  passFieldname: string // fieldname in user table that stores the password hash
420
420
  rolFieldname: string // fieldname in user table that stores the rol
package/lib/backend-plus.js CHANGED
@@ -30,6 +30,7 @@ var locatePath = require('@upgraded/locate-path');
30
30
  var jsYaml = require('js-yaml');
31
31
  var nodemailer = require('nodemailer');
32
32
  var os = require('os');
33
+ const cors = require('cors');
33
34
 
34
35
  var likeAr = require('like-ar');
35
36
 
@@ -893,6 +894,18 @@ AppBackend.prototype.start = function start(opts){
893
894
  }).then(async function(){
894
895
  mainApp = express();
895
896
  //mainApp.use(cookieParser());
897
+ const whitelist = ['localhost'].concat(be.config.server.allowedHosts||[]); // Agrega aquí los orígenes de tus aplicaciones
898
+ const corsOptions = {
899
+ origin: function (origin, callback) {
900
+ if (whitelist.some((element)=>origin?.includes(element)) || !origin){
901
+ callback(null, true);
902
+ }else{
903
+ callback(new Error('Not allowed by CORS'));
904
+ }
905
+ },
906
+ credentials: true
907
+ };
908
+ mainApp.use(cors(corsOptions));
896
909
  mainApp.use(bodyParser.urlencoded({extended:true, limit: '50mb'}));
897
910
  mainApp.use(function(req,res,next){
898
911
  if((req.headers['content-type']||'').match(/^multipart\/form-data/)){
@@ -1004,10 +1017,8 @@ AppBackend.prototype.start = function start(opts){
1004
1017
  "SELECT "+infoFieldList.map(function(fieldOrPair){ return fieldOrPair.split(' as ').map(function(ident){ return be.db.quoteIdent(ident)}).join(' as '); })+
1005
1018
  ", "+be.config.login.activeClausule+" as active "+
1006
1019
  ", "+be.config.login.lockedClausule+" as locked "+
1007
- " FROM "+(be.config.login.from ?? (
1008
- (be.config.login.schema?be.db.quoteIdent(be.config.login.schema)+'.':'')+
1009
- be.db.quoteIdent(be.config.login.table)
1010
- ))+
1020
+ " FROM "+(be.config.login.schema?be.db.quoteIdent(be.config.login.schema)+'.':'')
1021
+ +be.db.quoteIdent(be.config.login.table)+
1011
1022
  " WHERE "+be.db.quoteIdent(be.config.login.userFieldName)+" = $1 "+
1012
1023
  " AND "+be.db.quoteIdent(be.config.login.passFieldName)+" = $2 ",
1013
1024
  [username, md5(password+username)]
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "backend-plus",
3
3
  "description": "Backend for the anti Pareto rule",
4
- "version": "2.5.0-betha.1",
4
+ "version": "2.5.1-betha.0",
5
5
  "author": "Codenautas <codenautas@googlegroups.com>",
6
6
  "license": "MIT",
7
7
  "repository": "codenautas/backend-plus",
@@ -39,6 +39,7 @@
39
39
  "castellano": "^0.1.4",
40
40
  "connect-pg-simple": "^10.0.0",
41
41
  "cookie-parser": "^1.4.7",
42
+ "cors": "^2.8.5",
42
43
  "dialog-promise": "^0.10.1",
43
44
  "discrepances": "^0.2.8",
44
45
  "express": "^5.1.0",