comment server file, edit workflow to skip if env secrets are not available to test bc of forked repo

vyue013 · vyue013 · commit cf36e2af9df4 · 2025-04-28T12:46:06.000-07:00
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -26,15 +26,17 @@ jobs:
           cache: 'npm'
       - run: npm ci
       - run: npm run build --if-present
-      - name: Start server
+      - name: Start server (only if secrets are available)
+        if: ${{ env.USER_DB_USER != '' }}
         env:
           USER_DB_USER: ${{secrets.USER_DB_USER}}
           USER_DB_PW: ${{secrets.USER_DB_PW}}
           USER_DB_URL: ${{secrets.USER_DB_URL}}
           SSL_KEY: ${{secrets.SSL_KEY}}
           SSL_CERT: ${{secrets.SSL_CERT}}
         run: npm run start:test
-      - name: Run test suites
+      - name: Run test suites (only if secrets are available)
+        if: ${{ env.MYSQL_TEST_URL != '' || env.PG_TEST_URL != '' }}
         env:
           MYSQL_TEST_URL: ${{secrets.MYSQL_TEST_URL}}
           MYSQL_TEST_USERNAME: ${{secrets.MYSQL_TEST_USERNAME}}
diff --git a/server/server.ts b/server/server.ts
@@ -8,20 +8,32 @@ import session from 'express-session';
 import cookieParser from 'cookie-parser';
 import bodyParser from 'body-parser';
 
-config();
+config(); // load .env variables
 
+const app: Express = express();
 const port: number = Number(process.env.PORT) || 3000;
 
-const app: Express = express();
 //Set the payload limit size to 1mb when save a large database data which is TableData in featureTab.
 app.use(bodyParser.json({ limit: '1mb' }));
 app.use(bodyParser.urlencoded({ limit: '1mb', extended: true }));
 
+// Core express middlewares
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
+
+// Cookies and CORS
 app.use(cookieParser());
 app.use(cors());
+
+// Serve static files from 'dist'
 app.use(express.static(path.join(__dirname, '../dist')));
+
+// Session setup
+if (!process.env.SESSION_SECRET) {
+  console.error('❌ SESSION_SECRET is not defined in environment variables!');
+  process.exit(1); // Exit early if SESSION_SECRET is missing
+}
+
 app.use(
   session({
     secret: process.env.SESSION_SECRET as string,
@@ -31,15 +43,16 @@ app.use(
       secure: false,
       httpOnly: true,
       path: '/',
-      sameSite: true,
+      sameSite: 'lax',
       maxAge: 24 * 60 * 60 * 1000,
     },
   })
 );
 
+// Start the server
 app.listen(port, () => {
-  log.info(`Securely Running at ${port}`);
-  routes(app);
+  log.info(`✅ Server running securely at ${port}`);
+  routes(app); // register routes AFTER all middlewares
 });
 
 export default app;
