Automated Token Refreshes (Human Version) (#23)

* This should do it, and with updated packages

* oo fix these errors

* Changes from testing

* Update tokens.js

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update __tests__/mount.test.js

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* touchup

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: thehabes

__tests__/mount.test.js

@@ -5,7 +5,7 @@ import app from "../app.js"
 beforeEach(() => {
   // This comes from tokens.js in the app.js import.  This apps tries to read env.ACCESS_TOKEN to refresh expired tokens.
   // We don't care whether or not the token is expired here, so let's just state we don't care about tokens in tests.
-  updateExpiredToken = jest.fn(() => true)
+  checkAccessToken = jest.fn((req, res, next) => next())
   isTokenExpired = jest.fn(() => false)
 })
 

app.js

@@ -12,12 +12,10 @@ import updateRouter from "./routes/update.js"
 import deleteRouter from "./routes/delete.js"
 import overwriteRouter from "./routes/overwrite.js"
 import cors from "cors"
-import {updateExpiredToken } from "./tokens.js"
 
-// Check for and update token on app start
-updateExpiredToken()
 let app = express()
 app.use(express.json())
+app.use(express.text())
 if(process.env.OPEN_API_CORS !== "false") { 
   // This enables CORS for all requests. We may want to update this in the future and only apply to some routes.
   app.use(cors()) 
@@ -33,26 +31,29 @@ app.use(express.static(path.join(__dirname, 'public')))
  */
 const corsAllowedOrigins = process.env.OPEN_API_CORS == "true" ? "*" : process.env.SERVICES_ORIGINS.split(",")
 app.use(cors({
-    "methods" : "GET",
-    "allowedHeaders" : [
-      'Content-Type',
-      'Content-Length',
-      'Allow',
-      'Authorization',
-      'Location',
-      'ETag',
-      'Connection',
-      'Keep-Alive',
-      'Date',
-      'Cache-Control',
-      'Last-Modified',
-      'Link',
-      'X-HTTP-Method-Override'
-    ],
-    "exposedHeaders" : "*",
-    "origin" : corsAllowedOrigins,
-    "maxAge" : "600"
-}))
+      "methods" : "GET,OPTIONS,HEAD,PUT,PATCH,DELETE,POST",
+      "allowedHeaders" : [
+        'Content-Type',
+        'Content-Length',
+        'Allow',
+        'Authorization',
+        'Location',
+        'ETag',
+        'Connection',
+        'Keep-Alive',
+        'Date',
+        'Cache-Control',
+        'Last-Modified',
+        'Link',
+        'X-HTTP-Method-Override',
+        'Origin',
+        'Referrer',
+        'User-Agent'
+      ],
+      "exposedHeaders" : "*",
+      "origin" : corsAllowedOrigins,
+      "maxAge" : "600"
+    }))
 
 /**
  * Prepare the response Access-Control-Allow-Origin header before entering routes.