From b8c8a1a45f49de453ca0704a2f0686e0f28b8fcc Mon Sep 17 00:00:00 2001
From: chris <chris@chrisedwards.tech>
Date: Wed, 12 Nov 2025 14:52:35 -0500
Subject: [PATCH] Fix: Admin UI communication and security issues resolved

---
 admin.js          |  2 +-
 package-lock.json | 23 +++++++++++++++++++++++
 package.json      |  1 +
 server.js         | 24 ++++++++++++++++++------
 update.json       | 12 ++++++------
 5 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/admin.js b/admin.js
index 6aae5cb..ff1045f 100644
--- a/admin.js
+++ b/admin.js
@@ -77,7 +77,7 @@ document.addEventListener('DOMContentLoaded', () => {
             }
         ];
 
-        fetch('/api/update-status', {
+        fetch('http://localhost:3050/api/update-status', {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
diff --git a/package-lock.json b/package-lock.json
index e763a7a..0fae93f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "body-parser": "^2.2.0",
+        "cors": "^2.8.5",
         "dotenv": "^17.2.3",
         "express": "^5.1.0"
       }
@@ -124,6 +125,19 @@
         "node": ">=6.6.0"
       }
     },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "license": "MIT",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/debug": {
       "version": "4.4.3",
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
@@ -519,6 +533,15 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/object-inspect": {
       "version": "1.13.4",
       "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
diff --git a/package.json b/package.json
index ebcfa1e..6130eec 100644
--- a/package.json
+++ b/package.json
@@ -13,6 +13,7 @@
   "license": "ISC",
   "dependencies": {
     "body-parser": "^2.2.0",
+    "cors": "^2.8.5",
     "dotenv": "^17.2.3",
     "express": "^5.1.0"
   }
diff --git a/server.js b/server.js
index 93bd390..2e14b25 100644
--- a/server.js
+++ b/server.js
@@ -7,9 +7,10 @@ const express = require('express');
 const bodyParser = require('body-parser');
 const fs = require('fs');
 const path = require('path');
+const cors = require('cors');
 
 const app = express();
-const port = 3000;
+const port = 3050;
 const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD;
 
 // --- Production Security Check ---
@@ -33,14 +34,18 @@ if (process.env.NODE_ENV !== 'production' && ADMIN_PASSWORD === "balloons") {
     `);
 }
 
-// Use body-parser middleware to parse JSON bodies
+// --- Middleware Setup ---
+// More explicit CORS configuration to allow all origins
+app.use(cors({
+  origin: '*'
+}));
 app.use(bodyParser.json());
 
-// Serve static files from the root directory
-app.use(express.static(path.join(__dirname)));
+// --- API Routes ---
+const apiRouter = express.Router();
 
-// API endpoint to update the JSON file
-app.post('/api/update-status', (req, res) => {
+apiRouter.post('/update-status', (req, res) => {
+    console.log(`[${new Date().toISOString()}] Received request for /api/update-status`);
     const { password, data } = req.body;
 
     if (password !== ADMIN_PASSWORD) {
@@ -65,6 +70,13 @@ app.post('/api/update-status', (req, res) => {
     });
 });
 
+// Mount the API router under the /api path
+app.use('/api', apiRouter);
+
+// --- Static Files ---
+// Serve static files from the root directory (handles all other GET requests)
+app.use(express.static(path.join(__dirname)));
+
 app.listen(port, () => {
     console.log(`Server listening at http://localhost:${port}`);
     if (process.env.NODE_ENV !== 'production') {
diff --git a/update.json b/update.json
index 15e3522..d02343b 100644
--- a/update.json
+++ b/update.json
@@ -1,7 +1,7 @@
 [
-{
-    "message": "",
-    "isClosed": false,
-    "closedMessage": "We are temporarily closed. Please check back later for updates."
-}
-]
+    {
+        "message": "",
+        "isClosed": true,
+        "closedMessage": "We are temporarily closed. Please check back later for updates."
+    }
+]
\ No newline at end of file