Fix linter errors.

Vasyl Yaremchuk · Vasyl Yaremchuk · commit 96aa47d468c5 · 2025-08-05T08:23:00.000+03:00
diff --git a/website/app.js b/website/app.js
@@ -4,20 +4,27 @@ const { getEnv } = require('./utils/env');
 
 function createAposConfig() {
   const isProduction = process.env.NODE_ENV === 'production';
-  const baseUrl = getEnv('BASE_URL') || (isProduction ? 'https://speedandfunction.com' : 'http://localhost:3000');
-  
+  let baseUrl = getEnv('BASE_URL');
+  if (!baseUrl) {
+    if (isProduction) {
+      baseUrl = 'https://speedandfunction.com';
+    } else {
+      baseUrl = 'http://localhost:3000';
+    }
+  }
+
   return {
     shortName: 'apostrophe-site',
-    baseUrl: baseUrl,
-    
+    baseUrl,
+
     // Session configuration
     modules: {
       // Core modules configuration
       '@apostrophecms/express': {
         options: {
           // Trust proxy for Railway deployment
           trustProxy: true,
-          
+
           session: {
             // If using Redis (recommended for production)
             secret: getEnv('SESSION_SECRET'),
@@ -27,70 +34,93 @@ function createAposConfig() {
                 url: getEnv('REDIS_URI'),
               },
             },
-            cookie: {
+            cookie: (() => {
+              const cookieConfig = {
+                secure: isProduction,
+                sameSite: 'lax',
+                httpOnly: true,
+                // 24 hours
+                maxAge: 24 * 60 * 60 * 1000,
+              };
               // Set domain for production to work with custom domain
-              domain: isProduction ? '.speedandfunction.com' : undefined,
-              secure: isProduction,
-              sameSite: 'lax',
-              httpOnly: true,
-              maxAge: 24 * 60 * 60 * 1000, // 24 hours
-            },
+              if (isProduction) {
+                cookieConfig.domain = '.speedandfunction.com';
+              }
+              return cookieConfig;
+            })(),
           },
-          
+
           csrf: {
-            cookie: {
-              key: '_csrf',
-              path: '/',
-              httpOnly: true,
-              secure: isProduction,
-              sameSite: 'lax',
-              maxAge: 3600,
+            cookie: (() => {
+              const csrfCookieConfig = {
+                key: '_csrf',
+                path: '/',
+                httpOnly: true,
+                secure: isProduction,
+                sameSite: 'lax',
+                maxAge: 3600,
+              };
               // CRITICAL: Set domain for CSRF cookie to work with custom domain
-              domain: isProduction ? '.speedandfunction.com' : undefined,
-            },
+              if (isProduction) {
+                csrfCookieConfig.domain = '.speedandfunction.com';
+              }
+              return csrfCookieConfig;
+            })(),
             // Additional CSRF options for better security
             ignoreMethods: ['GET', 'HEAD', 'OPTIONS'],
             value: (req) => {
-              return req.body && req.body._csrf ||
-                     req.query && req.query._csrf ||
-                     req.headers['x-csrf-token'] ||
-                     req.headers['x-xsrf-token'] ||
-                     req.headers['csrf-token'];
-            }
+              const csrfKey = '_csrf';
+              return (
+                (req.body && req.body[csrfKey]) ||
+                (req.query && req.query[csrfKey]) ||
+                req.headers['x-csrf-token'] ||
+                req.headers['x-xsrf-token'] ||
+                req.headers['csrf-token']
+              );
+            },
           },
-          
+
           // Add middleware to handle domain-specific headers
           middleware: [
             {
               before: '@apostrophecms/csrf',
               middleware: (req, res, next) => {
                 // Ensure proper headers for custom domain
-                if (req.hostname === 'speedandfunction.com' || req.get('host') === 'speedandfunction.com') {
+                if (
+                  req.hostname === 'speedandfunction.com' ||
+                  req.get('host') === 'speedandfunction.com'
+                ) {
                   req.headers['x-forwarded-host'] = 'speedandfunction.com';
                   req.headers['x-forwarded-proto'] = 'https';
                 }
-                
+
                 // Set CORS headers for API requests
                 const allowedOrigins = [
                   'https://speedandfunction.com',
-                  'https://apostrophe-cms-production.up.railway.app'
+                  'https://apostrophe-cms-production.up.railway.app',
                 ];
-                
-                const origin = req.headers.origin;
+
+                const { origin } = req.headers;
                 if (allowedOrigins.includes(origin)) {
                   res.setHeader('Access-Control-Allow-Origin', origin);
                   res.setHeader('Access-Control-Allow-Credentials', 'true');
-                  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-                  res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization, X-CSRF-Token, X-XSRF-TOKEN');
+                  res.setHeader(
+                    'Access-Control-Allow-Methods',
+                    'GET, POST, PUT, DELETE, OPTIONS',
+                  );
+                  res.setHeader(
+                    'Access-Control-Allow-Headers',
+                    'Origin, X-Requested-With, Content-Type, Accept, Authorization, X-CSRF-Token, X-XSRF-TOKEN',
+                  );
                 }
-                
+
                 next();
-              }
-            }
-          ]
+              },
+            },
+          ],
         },
       },
-      
+
       // Make getEnv function available to templates
       '@apostrophecms/template': {
         options: {
@@ -99,13 +129,13 @@ function createAposConfig() {
           },
         },
       },
-      
+
       // Add global data module
       'global-data': {},
-      
+
       // Shared constants module
       '@apostrophecms/shared-constants': {},
-      
+
       // Configure page types
       '@apostrophecms/rich-text-widget': {},
       '@apostrophecms/image-widget': {
@@ -119,7 +149,7 @@ function createAposConfig() {
           className: 'bp-video-widget',
         },
       },
-      
+
       // Custom Widgets
       'home-hero-widget': {},
       'default-hero-widget': {},
@@ -135,7 +165,7 @@ function createAposConfig() {
       'contact-widget': {},
       'page-intro-widget': {},
       'whitespace-widget': {},
-      
+
       // The main form module
       '@apostrophecms/form': {},
       // The form widget module, allowing editors to add forms to content areas
@@ -144,14 +174,14 @@ function createAposConfig() {
       '@apostrophecms/form-text-field-widget': {},
       '@apostrophecms/form-textarea-field-widget': {},
       '@apostrophecms/form-checkboxes-field-widget': {},
-      
+
       // Custom Pieces
       'team-members': {},
       'testimonials': {},
-      
+
       // `asset` supports the project"s webpack build for client-side assets.
       'asset': {},
-      
+
       // The project"s first custom page type.
       'default-page': {},
       '@apostrophecms/import-export': {},
@@ -175,4 +205,4 @@ if (require.main === module) {
   apostrophe(createAposConfig());
 }
 
-module.exports = { createAposConfig };
+module.exports = { createAposConfig };
