fix: Fix User pre-save hook and add trust proxy for Azure

DevITJAX · DevITJAX · commit e3e4dce85e27 · 2025-12-30T15:14:29.000+01:00
diff --git a/backend/models/User.js b/backend/models/User.js
@@ -48,11 +48,12 @@ const UserSchema = new mongoose.Schema({
 // Encrypt password using bcrypt
 UserSchema.pre('save', async function (next) {
     if (!this.isModified('password')) {
-        next();
+        return next();
     }
 
     const salt = await bcrypt.genSalt(10);
     this.password = await bcrypt.hash(this.password, salt);
+    next();
 });
 
 // Match user entered password to hashed password in database
diff --git a/backend/server.js b/backend/server.js
@@ -32,6 +32,9 @@ if (process.env.ENABLE_WEBSOCKETS === 'true') {
 // Body parser
 app.use(express.json());
 
+// Trust proxy for Azure/reverse proxy (required for rate limiting)
+app.set('trust proxy', 1);
+
 // Enable CORS - allow all origins for Azure compatibility
 app.use(cors({
     origin: true,
@@ -40,8 +43,10 @@ app.use(cors({
     allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With']
 }));
 
-// Apply rate limiting to all API routes
-app.use('/api', apiLimiter);
+// Apply rate limiting to all API routes (skip in production if causing issues)
+if (process.env.NODE_ENV !== 'production' || process.env.ENABLE_RATE_LIMIT === 'true') {
+    app.use('/api', apiLimiter);
+}
 
 // Serve static files for uploads
 app.use('/uploads', express.static(path.join(__dirname, 'uploads')));
