2

so, my react frontend is on http://localhost:3000/ and express backend is on http://localhost:8080/

when i try to submit registration form, chrome console returns an error: 'POST http://localhost:3000/api/users 403 (Forbidden)'

i did some research here on stack and found out that i should use cors, but all exact advices never helped

(i'm really sorry if the whole problem is actually easy, that's my first both react and express project if that makes any difference)

so i'd be really glad if someone just tell me what exact lines of code did i miss and where should i put it

also, i've already tested it with postman, everything work's fine on server side

here's my backend:

server.js

const express = require('express');
const connectDB = require('./config/db');
const cors = require('cors');

const app = express();

// connect database
connectDB();

// init middleware
app.use(express.json({ extended: false }));

// init cors
app.use(cors());

app.get('/', (req, res) => res.send('приложение запущено'));

// define routes
app.use('/api/users', require('./routes/api/users'));
app.use('/api/auth', require('./routes/api/auth'));
app.use('/api/posts', require('./routes/api/posts'));
app.use('/api/profile', require('./routes/api/profile'));

const PORT = process.env.PORT || 8080;

app.listen(PORT, () => console.log(`сервер запущен, порт: ${PORT}`));

/api/auth.js

router.post(
  '/',
  [
    check('email', 'пожалуйста, введите email').isEmail(),
    check('password', 'пожалуйста, введите пароль').exists(),
  ],
  async (req, res) => {
    // валидация формы
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }
    console.log('успешная валидация данных в форме');
    const { email, password } = req.body;
    console.log(
      'получены: email — "' + email + '" и пароль — "' + password + '"'
    );
    try {
      // проверка наличия пользователя
      let user = await User.findOne({ email });

      if (!user) {
        return res
          .status(400)
          .json({ errors: [{ msg: 'неверные логин и/или пароль' }] });
      }

      // проверка пароля
      const isMatch = await bcrypt.compare(password, user.password);
      if (!isMatch) {
        return res
          .status(400)
          .json({ errors: [{ msg: 'неверные логин и/или пароль' }] });
      }
      console.log('логин и пароль подходят');

      // вебтокен
      const payload = {
        user: {
          id: user.id,
        },
      };

      jwt.sign(
        payload,
        config.get('jwtSecret'),
        { expiresIn: 360000 }, // поставить 3600 перед деплоем
        (error, token) => {
          if (error) throw error;
          res.json({ token });

          console.log('пользователю присвоен токен — ' + token);
        }
      );
    } catch (error) {
      console.error(error.message);
      res.status(500).send('ошибка сервера');
    }
  }
);
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
yulia
  • 21
  • 1
  • 2
  • I'd recommend using this CorsAnywhere - https://github.com/Rob--W/cors-anywhere - you can read more on how to use it here https://stackoverflow.com/questions/29670703/how-to-use-cors-anywhere-to-reverse-proxy-and-add-cors-headers but basically it a separate proxy server that you can download and run locally that will work around the cross-origin issue. Read about whitelisting before you deploy online though! – arfi720 Apr 08 '22 at 23:25

3 Answers3

0

first of all i didn't understand that when you are sending request with postman to your backend it is working fine or not but after being sure that you are sending request to the correct url in first step try the request from another browser if postman working fine and if it works with another browser search for specific problem with the browser step 2 why you are using port 8080 its any device default port iam not sure but it may cause some problems and in final step try this app.use(cors({ origin : '*'})) it means that requests can be sent to your backend from any addresses

mehraeen mozhdi
  • 21
  • 4
0

I was also getting forbidden 403, when I checked there was @UseGuards(UserAuthGuard) @ApiBearerAuth('JWT-auth')

make sure if you are using any of this.

Mohammad Khalid
  • 111
  • 1
  • 4
-2

You're getting a 403 error code which means not found. You are also posting your /api/auth routes so I'm assuming you want to post to auth but here: http://localhost:3000/api/users 403 (Forbidden)' you are posting to /api/users when you should be posting to /api/auth.

If you are trying to post to users like your path suggests, then I recommend looking at your /api/users routes and make sure you have a POST route configured. Otherwise, you will get a 403 error like you are receiving now.

Dylan L.
  • 1,243
  • 2
  • 16
  • 35