Merge pull request #103 from MeshJS/API

QSchlegel · web-flow · commit ca09ccafcb9c · 2025-06-09T09:41:45.000+02:00
add more logging and cors to add tx.
diff --git a/src/lib/cors.ts b/src/lib/cors.ts
@@ -1,24 +1,38 @@
-import Cors from 'cors';
-import initMiddleware from './init-middleware';
+import Cors from "cors";
+import initMiddleware from "./init-middleware";
 
-const rawOrigins = process.env.CORS_ORIGINS || '';
-const allowedOrigins = rawOrigins === '*' ? '*' : rawOrigins.split(',').map(o => o.trim());
+const rawOrigins = process.env.CORS_ORIGINS || "";
+const allowedOrigins =
+  rawOrigins === "*" ? "*" : rawOrigins.split(",").map((o) => o.trim());
 
 export const cors = initMiddleware(
   Cors({
-    methods: ['GET', 'POST', 'OPTIONS'],
+    methods: ["GET", "POST", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization"],
     credentials: true,
     origin: function (
       origin: string | undefined,
-      callback: (err: Error | null, allow?: boolean) => void
+      callback: (err: Error | null, allow?: boolean) => void,
     ) {
-      if (!origin) return callback(null, true);
-      if (allowedOrigins === '*') return callback(null, true);
+      console.log("---- CORS DEBUG ----");
+      console.log("Request origin:", origin);
+      console.log("Allowed origins:", allowedOrigins);
+
+      if (!origin) {
+        console.log("No origin provided. Allowing by default.");
+        return callback(null, true);
+      }
+      if (allowedOrigins === "*") {
+        console.log("Wildcard origin match. Allowing all.");
+        return callback(null, true);
+      }
       if (allowedOrigins.includes(origin)) {
+        console.log("Origin allowed.");
         return callback(null, true);
       } else {
+        console.error(`Origin ${origin} not allowed by CORS`);
         return callback(new Error(`Origin ${origin} not allowed by CORS`));
       }
-    }
-  })
-);
+    },
+  }),
+);
diff --git a/src/pages/api/v1/addTransaction.ts b/src/pages/api/v1/addTransaction.ts
@@ -1,8 +1,15 @@
 import type { NextApiRequest, NextApiResponse } from "next";
 import { db } from "@/server/db";
 import { verifyJwt } from "@/lib/verifyJwt";
+import { cors } from "@/lib/cors";
 
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+
+    await cors(req, res);
+  if (req.method === "OPTIONS") {
+    return res.status(200).end();
+  }
+
   if (req.method !== "POST") {
     return res.status(405).json({ error: "Method Not Allowed" });
   }
