add stricter CORS

server.js

@@ -1,23 +1,29 @@
 const express = require('express');
 const app = express();
 const dotenv = require('dotenv');
+dotenv.config();
 const booksRouter = require('./books');
 const cors = require('cors');
-app.use(cors());
-dotenv.config();
+const allowedOrigins = ['https://peterwalker.xyz'];
+
+app.use((req, res, next) => {
+  const origin = req.headers.origin;
+  console.log(
+    `${req.method} ${req.url}: ${allowedOrigins.indexOf(origin) !== -1}`,
+  );
+  if (allowedOrigins.indexOf(origin) === -1) {
+    res.status(403).send('Access forbidden: Origin not allowed');
+  } else {
+    next();
+  }
+});
 
 const isProduction = process.env.NODE_ENV === 'production';
 const PORT = isProduction ? 443 : 3001;
 
 // Store your API key securely in an environment variable
 const API_KEY = process.env.API_KEY || 'API_KEY not defined';
 
-// Middleware to log requests to the terminal
-app.use((req, res, next) => {
-  console.log(`${req.method} ${req.url}`);
-  next();
-});
-
 // Route for the root URL '/'
 app.get('/', (req, res) => {
   res.send('Hi from api.peterwalker.xyz');
@@ -34,12 +40,6 @@ if (isProduction) {
   const https = require('https');
   const fs = require('fs');
 
-  app.use(
-    cors({
-      origin: 'https://peterwalker.xyz',
-    }),
-  );
-
   const options = {
     key: fs.readFileSync(
       '/etc/letsencrypt/live/api.peterwalker.xyz/privkey.pem',