Spaces:
Runtime error
Runtime error
git add backend/src/server.js git commit -m "Allow embedding in HF iframe: disable helmet frameguard + relax CSP" git push hf HEAD:main --force
Browse files- backend/src/server.js +30 -16
backend/src/server.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
| 1 |
-
//
|
| 2 |
-
|
| 3 |
import 'dotenv/config';
|
| 4 |
import express from 'express';
|
| 5 |
import cors from 'cors';
|
|
@@ -9,27 +8,45 @@ import mongoose from 'mongoose';
|
|
| 9 |
import path from 'node:path';
|
| 10 |
import { fileURLToPath } from 'node:url';
|
| 11 |
|
| 12 |
-
// ---- paths / __dirname ----
|
| 13 |
const __filename = fileURLToPath(import.meta.url);
|
| 14 |
const __dirname = path.dirname(__filename);
|
| 15 |
|
| 16 |
-
// ---- env & port ----
|
| 17 |
const MONGODB_URI = process.env.MONGODB_URI;
|
| 18 |
-
const PORT = Number(process.env.PORT) || 7860;
|
| 19 |
|
| 20 |
-
// ---- basic app ----
|
| 21 |
const app = express();
|
| 22 |
app.set('trust proxy', 1);
|
| 23 |
-
|
| 24 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 |
app.use(express.json({ limit: '1mb' }));
|
| 26 |
app.use(morgan('tiny'));
|
| 27 |
|
| 28 |
-
// ---- DB connect ----
|
| 29 |
if (!MONGODB_URI) {
|
| 30 |
console.error('β Missing MONGODB_URI environment variable.');
|
| 31 |
process.exit(1);
|
| 32 |
}
|
|
|
|
|
|
|
| 33 |
mongoose.set('strictQuery', true);
|
| 34 |
try {
|
| 35 |
await mongoose.connect(MONGODB_URI);
|
|
@@ -39,30 +56,27 @@ try {
|
|
| 39 |
process.exit(1);
|
| 40 |
}
|
| 41 |
|
| 42 |
-
//
|
| 43 |
-
// import your existing router (already created earlier)
|
| 44 |
import productsRouter from './routes/products.routes.js';
|
| 45 |
|
| 46 |
-
// Health check first (before static fallback)
|
| 47 |
app.get('/health', (_req, res) => {
|
| 48 |
const conn = mongoose.connection.readyState === 1 ? 'connected' : 'disconnected';
|
| 49 |
res.json({ ok: conn === 'connected', db: conn });
|
| 50 |
});
|
| 51 |
|
| 52 |
-
// API
|
| 53 |
app.use('/api/products', productsRouter);
|
| 54 |
|
| 55 |
-
//
|
| 56 |
const clientDir = path.join(__dirname, '../../frontend/dist');
|
| 57 |
app.use(express.static(clientDir));
|
| 58 |
|
| 59 |
-
//
|
| 60 |
app.get('*', (req, res) => {
|
| 61 |
if (req.path.startsWith('/api/')) return res.status(404).json({ error: 'Not found' });
|
| 62 |
res.sendFile(path.join(clientDir, 'index.html'));
|
| 63 |
});
|
| 64 |
|
| 65 |
-
//
|
| 66 |
app.listen(PORT, '0.0.0.0', () => {
|
| 67 |
console.log(`π API running on http://0.0.0.0:${PORT}`);
|
| 68 |
});
|
|
|
|
| 1 |
+
// backend/src/server.js
|
|
|
|
| 2 |
import 'dotenv/config';
|
| 3 |
import express from 'express';
|
| 4 |
import cors from 'cors';
|
|
|
|
| 8 |
import path from 'node:path';
|
| 9 |
import { fileURLToPath } from 'node:url';
|
| 10 |
|
|
|
|
| 11 |
const __filename = fileURLToPath(import.meta.url);
|
| 12 |
const __dirname = path.dirname(__filename);
|
| 13 |
|
|
|
|
| 14 |
const MONGODB_URI = process.env.MONGODB_URI;
|
| 15 |
+
const PORT = Number(process.env.PORT) || 7860;
|
| 16 |
|
|
|
|
| 17 |
const app = express();
|
| 18 |
app.set('trust proxy', 1);
|
| 19 |
+
|
| 20 |
+
// β
Allow embedding in Hugging Face iframe
|
| 21 |
+
app.use(
|
| 22 |
+
helmet({
|
| 23 |
+
// HF embeds your app in an iframe; disable frameguard so it can load.
|
| 24 |
+
frameguard: false,
|
| 25 |
+
|
| 26 |
+
// Keep CSP off unless you author a custom policy that permits hf.co β hf.space.
|
| 27 |
+
contentSecurityPolicy: false,
|
| 28 |
+
|
| 29 |
+
// These can block some asset loads; relax for SPA builds.
|
| 30 |
+
crossOriginEmbedderPolicy: false,
|
| 31 |
+
crossOriginOpenerPolicy: { policy: 'same-origin-allow-popups' },
|
| 32 |
+
})
|
| 33 |
+
);
|
| 34 |
+
|
| 35 |
+
app.use(
|
| 36 |
+
cors({
|
| 37 |
+
origin: true, // reflect request origin
|
| 38 |
+
credentials: true,
|
| 39 |
+
})
|
| 40 |
+
);
|
| 41 |
app.use(express.json({ limit: '1mb' }));
|
| 42 |
app.use(morgan('tiny'));
|
| 43 |
|
|
|
|
| 44 |
if (!MONGODB_URI) {
|
| 45 |
console.error('β Missing MONGODB_URI environment variable.');
|
| 46 |
process.exit(1);
|
| 47 |
}
|
| 48 |
+
|
| 49 |
+
// Mongo
|
| 50 |
mongoose.set('strictQuery', true);
|
| 51 |
try {
|
| 52 |
await mongoose.connect(MONGODB_URI);
|
|
|
|
| 56 |
process.exit(1);
|
| 57 |
}
|
| 58 |
|
| 59 |
+
// Routes
|
|
|
|
| 60 |
import productsRouter from './routes/products.routes.js';
|
| 61 |
|
|
|
|
| 62 |
app.get('/health', (_req, res) => {
|
| 63 |
const conn = mongoose.connection.readyState === 1 ? 'connected' : 'disconnected';
|
| 64 |
res.json({ ok: conn === 'connected', db: conn });
|
| 65 |
});
|
| 66 |
|
|
|
|
| 67 |
app.use('/api/products', productsRouter);
|
| 68 |
|
| 69 |
+
// Static frontend
|
| 70 |
const clientDir = path.join(__dirname, '../../frontend/dist');
|
| 71 |
app.use(express.static(clientDir));
|
| 72 |
|
| 73 |
+
// SPA fallback (but not for /api/*)
|
| 74 |
app.get('*', (req, res) => {
|
| 75 |
if (req.path.startsWith('/api/')) return res.status(404).json({ error: 'Not found' });
|
| 76 |
res.sendFile(path.join(clientDir, 'index.html'));
|
| 77 |
});
|
| 78 |
|
| 79 |
+
// Start
|
| 80 |
app.listen(PORT, '0.0.0.0', () => {
|
| 81 |
console.log(`π API running on http://0.0.0.0:${PORT}`);
|
| 82 |
});
|