revert revert feat(auth): bearer token desteği ve çoklu origin ayarı ekle

revert feat(auth): bearer token desteği ve çoklu origin ayarı ekle - Authorization header ile Bearer token kimlik doğrulaması eklendi - Token'ların localStorage'da saklanması desteği eklendi - WEB_ALLOWED_ORIGINS ve WEB_ALLOWED_HOSTS konfigürasyonları eklendi - Loop işlerinde profileId ve profileName alanları eklendi - CORS ve Vite sunucusu için çoklu origin desteği sağlandı
2026-01-05 17:34:03 +00:00
parent cdffa46a5b
commit 8bf4b10af3
14 changed files with 18 additions and 85 deletions
--- a/apps/server/src/auth/auth.middleware.ts
+++ b/apps/server/src/auth/auth.middleware.ts
@@ -2,10 +2,7 @@ import { Request, Response, NextFunction } from "express";
 import { verifyToken } from "./auth.service"

 export const requireAuth = (req: Request, res: Response, next: NextFunction) => {
-  const cookieToken = req.cookies?.["qbuffer_token"];
-  const authHeader = req.headers.authorization;
-  const bearer = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : undefined;
-  const token = cookieToken || bearer;
+  const token = req.cookies?.["qbuffer_token"];
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
--- a/apps/server/src/auth/auth.routes.ts
+++ b/apps/server/src/auth/auth.routes.ts
@@ -5,13 +5,6 @@ import { isDev } from "../config"

 const router = Router();

-const getAuthToken = (req: any) => {
-  const cookieToken = req.cookies?.["qbuffer_token"];
-  const header = req.headers?.authorization as string | undefined;
-  const bearer = header?.startsWith("Bearer ") ? header.slice(7) : undefined;
-  return cookieToken || bearer;
-};
-
 const loginLimiter = rateLimit({
  windowMs: 60_000,
  max: 5,
@@ -35,7 +28,7 @@ router.post("/login", loginLimiter, async (req, res) => {
    secure: !isDev,
    maxAge: 60 * 24 * 60 * 60 * 1000,
  });
-  return res.json({ username: user.username, token });
+  return res.json({ username: user.username });
 });

 router.post("/logout", (_req, res) => {
@@ -48,7 +41,7 @@ router.post("/logout", (_req, res) => {
 });

 router.get("/me", (req, res) => {
-  const token = getAuthToken(req);
+  const token = req.cookies?.["qbuffer_token"];
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
@@ -61,7 +54,7 @@ router.get("/me", (req, res) => {
 });

 router.get("/socket-token", (req, res) => {
-  const token = getAuthToken(req);
+  const token = req.cookies?.["qbuffer_token"];
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
--- a/apps/server/src/config.ts
+++ b/apps/server/src/config.ts
@@ -22,7 +22,6 @@ export const config = {
  timerPollMs: envNumber(process.env.TIMER_POLL_MS, 60_000),
  webPort: envNumber(process.env.WEB_PORT, 5173),
  webOrigin: process.env.WEB_ORIGIN ?? "",
-  webAllowedOrigins: process.env.WEB_ALLOWED_ORIGINS ?? "",
  dataDir: "/app/data",
  dbPath: "/app/data/db.json",
  logsPath: "/app/data/logs.json",
--- a/apps/server/src/index.ts
+++ b/apps/server/src/index.ts
@@ -45,12 +45,7 @@ const bootstrap = async () => {

  if (isDev) {
    const fallbackOrigin = `http://localhost:${config.webPort}`;
-    const originList = [config.webOrigin || fallbackOrigin, fallbackOrigin];
-    const allowed = config.webAllowedOrigins
-      .split(",")
-      .map((origin) => origin.trim())
-      .filter(Boolean);
-    const origins = [...originList, ...allowed];
+    const origins = [config.webOrigin || fallbackOrigin, fallbackOrigin];
    app.use(
      cors({
        origin: origins,
--- a/apps/server/src/loop/loop.engine.ts
+++ b/apps/server/src/loop/loop.engine.ts
@@ -27,8 +27,6 @@ export const createLoopJob = async (
    allowIp: string;
    targetLoops: number;
    delayMs: number;
-    profileName?: string;
-    profileId?: string;
  }
 ): Promise<LoopJob> => {
  const now = nowIso();
@@ -43,8 +41,6 @@ export const createLoopJob = async (
    targetLoops: input.targetLoops,
    doneLoops: 0,
    delayMs: input.delayMs,
-    profileName: input.profileName,
-    profileId: input.profileId,
    deleteDataBetweenLoops: true,
    enforcementMode: "aggressive-soft",
    status: "RUNNING",
--- a/apps/server/src/loop/loop.routes.ts
+++ b/apps/server/src/loop/loop.routes.ts
@@ -18,7 +18,7 @@ router.post("/start", async (req, res) => {
  if (!parsed.success) {
    return res.status(400).json({ error: parsed.error.flatten() });
  }
-  const { hash, allowIp, targetLoops, delayMs, profileName, profileId } = parsed.data;
+  const { hash, allowIp, targetLoops, delayMs } = parsed.data;
  const db = await readDb();
  if (targetLoops > db.settings.maxLoopLimit) {
    return res.status(400).json({ error: "Target loops exceed max limit" });
@@ -64,8 +64,6 @@ router.post("/start", async (req, res) => {
    allowIp,
    targetLoops,
    delayMs,
-    profileName,
-    profileId,
  });
  res.json(job);
 });
--- a/apps/server/src/types.ts
+++ b/apps/server/src/types.ts
@@ -32,8 +32,6 @@ export interface LoopJob {
  targetLoops: number;
  doneLoops: number;
  delayMs: number;
-  profileName?: string;
-  profileId?: string;
  deleteDataBetweenLoops: boolean;
  enforcementMode: EnforcementMode;
  status: LoopStatus;
@@ -64,8 +62,6 @@ export interface Profile {
  name: string;
  allowIp: string;
  delayMs: number;
-  profileName?: string;
-  profileId?: string;
  targetLoops: number;
  createdAt: string;
 }