admin/3dtours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

20260607 - login, add scene, add hotspot

Browse Source
This commit is contained in:
locphamtran
2026-06-07 21:31:31 +07:00
parent 10d2e07297
commit 5ba6e37039
29 changed files with 1064 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/middlewares/authMiddleware.js
+14 -4
View File
@@ -6,9 +6,14 @@ const User = require('../models/User');
*/
const protect = async (req, res, next) => {
let token;
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
if (
(req.headers.authorization && req.headers.authorization.startsWith('Bearer')) ||
req.query.token
) {
try {
token = req.headers.authorization.split(' ')[1];
token = req.headers.authorization
? req.headers.authorization.split(' ')[1]
: req.query.token;
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = await User.findById(decoded.id).select('-password');
if (!req.user) {
@@ -28,9 +33,14 @@ const protect = async (req, res, next) => {
* but allows the request to proceed as a guest if no token is found.
*/
const optionalAuth = async (req, res, next) => {
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
if (
(req.headers.authorization && req.headers.authorization.startsWith('Bearer')) ||
req.query.token
) {
try {
const token = req.headers.authorization.split(' ')[1];
const token = req.headers.authorization
? req.headers.authorization.split(' ')[1]
: req.query.token;
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = await User.findById(decoded.id).select('-password');
} catch (error) {
backend/middlewares/securityMiddleware.js
+9 -2
View File
@@ -19,9 +19,16 @@ const verifyReferer = (req, res, next) => {
const isMatch = (headerValue) => {
if (!headerValue) return false;
try {
return new URL(headerValue).origin === allowedOrigin;
const urlObj = new URL(headerValue);
const incomingOrigin = urlObj.origin;
// Cho phép nếu khớp hoàn toàn origin
if (incomingOrigin === allowedOrigin) return true;
// Trong môi trường development, cho phép localhost với bất kỳ port nào
const isLocal = incomingOrigin.includes('localhost') || incomingOrigin.includes('127.0.0.1') || incomingOrigin.includes('::1');
if (process.env.NODE_ENV !== 'production' && isLocal) return true;
return false;
} catch (e) {
return headerValue.startsWith(allowedOrigin);
return false;
}
};