Domain support

backend/src/app.js

@@ -14,10 +14,41 @@ const PORT = process.env.PORT || 3000;
 
 // Security middleware
 app.use(helmet());
-app.use(cors({
-  origin: process.env.FRONTEND_URL || 'http://localhost:3001',
+
+// Dynamic CORS configuration (will be updated from settings)
+let corsOptions = {
+  origin: process.env.FRONTEND_URL || 'http://localhost:5173',
   credentials: true,
-}));
+};
+
+app.use((req, res, next) => {
+  cors(corsOptions)(req, res, next);
+});
+
+// Function to update CORS from database
+const updateCorsFromSettings = async () => {
+  try {
+    const { Settings } = require('./models');
+    const corsEnabledSetting = await Settings.findOne({ where: { key: 'cors_enabled' } });
+    const frontendUrlSetting = await Settings.findOne({ where: { key: 'frontend_url' } });
+    
+    if (corsEnabledSetting && corsEnabledSetting.value === 'true' && frontendUrlSetting) {
+      corsOptions.origin = frontendUrlSetting.value;
+      logger.info(`CORS enabled for: ${frontendUrlSetting.value}`);
+    } else {
+      // Default: allow both frontend and backend on same origin
+      corsOptions.origin = process.env.FRONTEND_URL || 'http://localhost:5173';
+    }
+  } catch (error) {
+    logger.warn('Could not load CORS settings from database, using defaults');
+  }
+};
+
+// Update CORS on startup (with delay to ensure DB is ready)
+setTimeout(updateCorsFromSettings, 2000);
+
+// Export for use in settings controller
+app.updateCorsSettings = updateCorsFromSettings;
 
 // Body parsing middleware
 app.use(express.json());