Fix: Admin UI communication and security issues resolved

2025-11-12 14:52:35 -05:00 · 2025-11-12 14:52:35 -05:00 · b8c8a1a45f
commit b8c8a1a45f
parent 74aa30636c
5 changed files with 49 additions and 13 deletions
--- a/admin.js
+++ b/admin.js
@ -77,7 +77,7 @@ document.addEventListener('DOMContentLoaded', () => {
            }
        ];

-        fetch('/api/update-status', {
+        fetch('http://localhost:3050/api/update-status', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
--- a/package-lock.json
+++ b/package-lock.json
@ -10,6 +10,7 @@
      "license": "ISC",
      "dependencies": {
        "body-parser": "^2.2.0",
+        "cors": "^2.8.5",
        "dotenv": "^17.2.3",
        "express": "^5.1.0"
      }
@ -124,6 +125,19 @@
        "node": ">=6.6.0"
      }
    },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "license": "MIT",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
    "node_modules/debug": {
      "version": "4.4.3",
      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
@ -519,6 +533,15 @@
        "node": ">= 0.6"
      }
    },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/object-inspect": {
      "version": "1.13.4",
      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
--- a/package.json
+++ b/package.json
@ -13,6 +13,7 @@
  "license": "ISC",
  "dependencies": {
    "body-parser": "^2.2.0",
+    "cors": "^2.8.5",
    "dotenv": "^17.2.3",
    "express": "^5.1.0"
  }
--- a/server.js
+++ b/server.js
@ -7,9 +7,10 @@ const express = require('express');
 const bodyParser = require('body-parser');
 const fs = require('fs');
 const path = require('path');
+const cors = require('cors');

 const app = express();
-const port = 3000;
+const port = 3050;
 const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD;

 // --- Production Security Check ---
@ -33,14 +34,18 @@ if (process.env.NODE_ENV !== 'production' && ADMIN_PASSWORD === "balloons") {
    `);
 }

-// Use body-parser middleware to parse JSON bodies
+// --- Middleware Setup ---
+// More explicit CORS configuration to allow all origins
+app.use(cors({
+  origin: '*'
+}));
 app.use(bodyParser.json());

-// Serve static files from the root directory
-app.use(express.static(path.join(__dirname)));
+// --- API Routes ---
+const apiRouter = express.Router();

-// API endpoint to update the JSON file
-app.post('/api/update-status', (req, res) => {
+apiRouter.post('/update-status', (req, res) => {
+    console.log(`[${new Date().toISOString()}] Received request for /api/update-status`);
    const { password, data } = req.body;

    if (password !== ADMIN_PASSWORD) {
@ -65,6 +70,13 @@ app.post('/api/update-status', (req, res) => {
    });
 });

+// Mount the API router under the /api path
+app.use('/api', apiRouter);
+
+// --- Static Files ---
+// Serve static files from the root directory (handles all other GET requests)
+app.use(express.static(path.join(__dirname)));
+
 app.listen(port, () => {
    console.log(`Server listening at http://localhost:${port}`);
    if (process.env.NODE_ENV !== 'production') {
--- a/update.json
+++ b/update.json
@ -1,7 +1,7 @@
 [
    {
        "message": "",
-    "isClosed": false,
+        "isClosed": true,
        "closedMessage": "We are temporarily closed. Please check back later for updates."
    }
 ]