feat(admin-backend): remove the duplicate header settings and update …

…cors handle on server.js

package/admin-backend/package.json

@@ -10,6 +10,7 @@
     "axios": "^1.7.9",
     "bcrypt-nodejs": "^0.0.3",
     "bcryptjs": "^2.4.3",
+    "body-parser": "^1.20.3",
     "bs58": "^6.0.0",
     "cloudinary": "^2.5.1",
     "cors": "^2.8.5",
@@ -19,7 +20,7 @@
     "kareem": "^2.6.3",
     "lodash": "^4.17.21",
     "moment": "^2.30.1",
-    "mongoose": "^8.9.5",
+    "mongoose": "^8.10.0",
     "mongoose-api-query": "^0.1.1-pre",
     "mongoose-legacy-pluralize": "^2.0.0",
     "morgan": "^1.10.0",

package/admin-backend/server.js

@@ -14,17 +14,27 @@ const TradeRouter = require("./routes/TradeRouter");
 
 const app = express();
 
-app.use(cors());
-app.use(express.json({ limit: '50mb' }));
-app.use(express.urlencoded({ limit: '50mb', extended: true }));
+// ✅ Proper CORS Middleware Configuration (Avoids duplicate headers)
+app.use(
+  cors({
+    origin: "https://admin.kogen.markets",
+    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Content-Type", "Authorization"],
+    credentials: true,
+  })
+);
+
+// ✅ Remove redundant custom CORS headers (Handled by cors middleware)
+app.use(express.json({ limit: "50mb" }));
+app.use(express.urlencoded({ limit: "50mb", extended: true }));
 
 const db = config.db_url;
 mongoose
   .connect(db, {
     connectTimeoutMS: 30000, // Increase timeout to 30 seconds
   })
   .then(() => {
-    console.log("mongodb connected");
+    console.log("MongoDB connected");
   })
   .catch((error) => {
     console.log("MongoDB connection error:", error);
@@ -46,6 +56,37 @@ app.use("/api/trades", TradeRouter);
 // Create server for AWS Lambda
 const server = awsServerlessExpress.createServer(app);
 
-exports.handler = (event, context) => {
-  return awsServerlessExpress.proxy(server, event, context);
+exports.handler = async (event, context) => {
+  console.log("Incoming event:", JSON.stringify(event, null, 2));
+
+  const headers = {
+    "Access-Control-Allow-Origin": "https://admin.kogen.markets",
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+    "Access-Control-Allow-Credentials": "true",
+  };
+
+  // ✅ Handle OPTIONS Preflight Requests (Handled in one place)
+  if (event.httpMethod === "OPTIONS") {
+    return {
+      statusCode: 200,
+      headers,
+      body: "",
+    };
+  }
+
+  try {
+    // ✅ Ensure API Gateway event format for AWS Lambda
+    const response = await awsServerlessExpress.proxy(server, event, context, "PROMISE").promise;
+
+    return response;
+  } catch (error) {
+    console.error("Lambda Error:", error);
+
+    return {
+      statusCode: 500,
+      headers, // ✅ Include CORS headers even in errors
+      body: JSON.stringify({ error: "Internal Server Error" }),
+    };
+  }
 };