From 3add5b17f7ea62223c012ef2ad4309c81ef68853 Mon Sep 17 00:00:00 2001 From: Amos Machora Date: Thu, 12 Sep 2024 10:50:03 +0300 Subject: [PATCH] fix: temporary remove domain check (#14) --- app/api/mpesa/check-payment-state/route.ts | 6 ++++-- app/api/mpesa/stk-push/route.ts | 3 ++- app/api/stk-push-callback/route.ts | 10 +++++----- utils/cors.ts | 5 ++--- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/app/api/mpesa/check-payment-state/route.ts b/app/api/mpesa/check-payment-state/route.ts index 4bd8325..7e5b0fe 100644 --- a/app/api/mpesa/check-payment-state/route.ts +++ b/app/api/mpesa/check-payment-state/route.ts @@ -34,7 +34,8 @@ export const POST = async (req: NextRequest) => { } const origin = req.headers.get("origin") ?? ""; - const isAllowedOrigin = allowedOrigins.includes(origin); + // const isAllowedOrigin = allowedOrigins.includes(origin); + const isAllowedOrigin = true; if (isAllowedOrigin) { response.headers.set("Access-Control-Allow-Origin", origin); @@ -59,7 +60,8 @@ export const POST = async (req: NextRequest) => { export const OPTIONS = async (request: NextRequest) => { const origin = request.headers.get("origin") ?? ""; - const isAllowedOrigin = allowedOrigins.includes(origin); + // const isAllowedOrigin = allowedOrigins.includes(origin); + const isAllowedOrigin = true; const preflightHeaders = { ...(isAllowedOrigin && { "Access-Control-Allow-Origin": origin }), diff --git a/app/api/mpesa/stk-push/route.ts b/app/api/mpesa/stk-push/route.ts index 0b39dbd..18eb6c1 100644 --- a/app/api/mpesa/stk-push/route.ts +++ b/app/api/mpesa/stk-push/route.ts @@ -16,7 +16,8 @@ type RequestBody = { export const OPTIONS = async (request: NextRequest) => { const origin = request.headers.get("origin") ?? ""; - const isAllowedOrigin = allowedOrigins.includes(origin); + // const isAllowedOrigin = allowedOrigins.includes(origin); + const isAllowedOrigin = true; const preflightHeaders = { ...(isAllowedOrigin && { "Access-Control-Allow-Origin": origin }), diff --git a/app/api/stk-push-callback/route.ts b/app/api/stk-push-callback/route.ts index 8c3c1e2..d5a01d9 100644 --- a/app/api/stk-push-callback/route.ts +++ b/app/api/stk-push-callback/route.ts @@ -37,13 +37,13 @@ export const POST = async (req: NextRequest, res: NextResponse) => { const received: STKPushSuccessfulCallbackBody = await req.json(); const origin = req.headers.get("origin") ?? ""; - const isAllowedOrigin = [...allowedOrigins, ...safaricomOrigins].includes( - origin - ); + // const isAllowedOrigin = [...allowedOrigins, ...safaricomOrigins].includes( + // origin + // ); - const tempIsAllowedOrigin = true; + const isAllowedOrigin = true; - if (!tempIsAllowedOrigin) { + if (!isAllowedOrigin) { return NextResponse.json({ message: "NOT-ALLOWED" }, { status: 401 }); } diff --git a/utils/cors.ts b/utils/cors.ts index 1466dc4..ba889e4 100644 --- a/utils/cors.ts +++ b/utils/cors.ts @@ -1,7 +1,5 @@ import { NextResponse } from "next/server"; -//TODO find the URL used in production and add it here - export const allowedOrigins = [ "https://dev.kenyahmis.org", "http://localhost:8700", @@ -14,7 +12,8 @@ export const corsOptions = { }; export const setCorsHeaders = (response: NextResponse, origin: string) => { - const isAllowedOrigin = allowedOrigins.includes(origin); + // const isAllowedOrigin = allowedOrigins.includes(origin); + const isAllowedOrigin = true; if (isAllowedOrigin) { response.headers.set("Access-Control-Allow-Origin", origin);