From eb9f00d6fec8ed285eff90d92bddca36fae98119 Mon Sep 17 00:00:00 2001 From: anhlnp Date: Wed, 27 Aug 2025 13:30:04 +0700 Subject: [PATCH 1/3] fix: auth Incognito --- src/app.ts | 26 ++++++++++++++++++++------ src/controllers/user.controller.ts | 16 ++++++++-------- src/utils/jwt.ts | 7 ++++--- 3 files changed, 32 insertions(+), 17 deletions(-) diff --git a/src/app.ts b/src/app.ts index bdd67a0..dd75170 100644 --- a/src/app.ts +++ b/src/app.ts @@ -50,15 +50,29 @@ const allowedOrigins = Array.from( app.use( cors({ origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) { - if (!origin || allowedOrigins.includes(origin)) { - callback(null, true); - } else { - callback(new Error('Not allowed by CORS')); + // Allow requests with no origin (like mobile apps or curl requests) + if (!origin) { + return callback(null, true); } + + // Check if origin is in allowed list + if (allowedOrigins.includes(origin)) { + return callback(null, true); + } + + // For development, allow all localhost origins + if (process.env.NODE_ENV !== 'production' && origin.includes('localhost')) { + return callback(null, true); + } + + // Log blocked origins for debugging + console.log('Blocked origin:', origin); + callback(new Error('Not allowed by CORS')); }, credentials: true, - methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], - allowedHeaders: ['Content-Type', 'Authorization', 'Cookie'] + methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'], + allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'X-Requested-With'], + exposedHeaders: ['Set-Cookie'] }) ); diff --git a/src/controllers/user.controller.ts b/src/controllers/user.controller.ts index b904b5b..8144795 100644 --- a/src/controllers/user.controller.ts +++ b/src/controllers/user.controller.ts @@ -242,18 +242,18 @@ export const loginUser = catchAsync(async (req: Request, res: Response, next: Ne export const logoutUser = catchAsync(async (req: Request, res: Response, next: NextFunction) => { res.cookie('access_token', '', { - domain: '.vercel.app', - secure: true, - sameSite: 'none', + secure: process.env.NODE_ENV === 'production', + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', httpOnly: true, - maxAge: 1 + maxAge: 1, + path: '/' }); res.cookie('refresh_token', '', { - domain: '.vercel.app', - secure: true, - sameSite: 'none', + secure: process.env.NODE_ENV === 'production', + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', httpOnly: true, - maxAge: 1 + maxAge: 1, + path: '/' }); const userId = req.user?._id || ''; diff --git a/src/utils/jwt.ts b/src/utils/jwt.ts index 8d5c5ef..14b24c8 100644 --- a/src/utils/jwt.ts +++ b/src/utils/jwt.ts @@ -23,8 +23,8 @@ export const accessTokenOptions: ITokenOptions = { httpOnly: true, secure: isProd, path: '/', - sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax' - // secure: process.env.NODE_ENV === 'production', + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', + domain: process.env.NODE_ENV === 'production' ? undefined : undefined // Let browser set domain automatically }; export const refreshTokenOptions: ITokenOptions = { @@ -33,7 +33,8 @@ export const refreshTokenOptions: ITokenOptions = { httpOnly: true, secure: isProd, path: '/', - sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax' + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', + domain: process.env.NODE_ENV === 'production' ? undefined : undefined // Let browser set domain automatically }; export const sendToken = (user: UserT, statusCode: number, res: Response) => { From 99d301b6d6d61cda0c622a962606d070b477beac Mon Sep 17 00:00:00 2001 From: anhlnp Date: Wed, 27 Aug 2025 13:31:56 +0700 Subject: [PATCH 2/3] fix: build --- src/utils/jwt.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/utils/jwt.ts b/src/utils/jwt.ts index 14b24c8..30802a8 100644 --- a/src/utils/jwt.ts +++ b/src/utils/jwt.ts @@ -9,6 +9,7 @@ interface ITokenOptions { sameSite: 'lax' | 'strict' | 'none' | boolean; secure?: boolean; path?: string; + domain?: string; } const isProd = process.env.NODE_ENV === 'production'; From dabdae2da478448799b215709f96dc718880a7fe Mon Sep 17 00:00:00 2001 From: anhlnp Date: Fri, 29 Aug 2025 12:28:32 +0700 Subject: [PATCH 3/3] fix: review count --- src/controllers/course.controller.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/controllers/course.controller.ts b/src/controllers/course.controller.ts index 111a643..b968613 100644 --- a/src/controllers/course.controller.ts +++ b/src/controllers/course.controller.ts @@ -1683,6 +1683,7 @@ export const getTopCourses = catchAsync(async (req: Request, res: Response, next publisher: course.authorId, category: course.category, rating: course.rating, + ratingCount: course.reviews ? course.reviews.length : 0, price: course.price, estimatedPrice: course.estimatedPrice, purchased: course.purchased, @@ -1732,6 +1733,7 @@ export const getTopViewing = catchAsync(async (req: Request, res: Response, next publisher: course.authorId, category: course.category, rating: course.rating, + ratingCount: course.reviews ? course.reviews.length : 0, price: course.price, estimatedPrice: course.estimatedPrice, purchased: course.purchased,