Hi @dogan.ay,
Thank you for your quick response and help. I have indeed already gone through the migration guide documentation - that’s how I migrated all of the smart actions, etc. The reason I’m confused is because I can’t see any information in the documentation about the specific issues I asked about, namely the public routes and authentication. It’s good to know that this has been abstracted and is now handled by the agent.
So to break it down, based on the quick start page you shared with me, are you therefore saying I no longer need to worry about any authentication, meaning I can remove the following:
app.use(
jwt({
secret: process.env.FOREST_AUTH_SECRET,
credentialsRequired: false,
algorithms: ["HS256"],
})
);
app.use("/forest", (request, response, next) => {
if (PUBLIC_ROUTES.includes(request.url)) {
return next();
}
return ensureAuthenticated(request, response, next);
});
Nor do I need to worry about parsing the incoming request or manually setting up the serving of static content, meaning I can remove the following:
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, "public")));
Nor do I need to worry about CORS, meaning I can remove the following:
let allowedOrigins = [/\.forestadmin\.com$/, /localhost:\d{4}$/];
if (process.env.CORS_ORIGINS) {
allowedOrigins = allowedOrigins.concat(process.env.CORS_ORIGINS.split(","));
}
const corsConfig = {
origin: allowedOrigins,
maxAge: 86400, // NOTICE: 1 day
credentials: true,
};
// Support for request-private-network as the `cors` package
// doesn't support it by default
// See: https://github.com/expressjs/cors/issues/236
app.use((req, res, next) => {
if (req.headers["access-control-request-private-network"]) {
res.setHeader("access-control-allow-private-network", "true");
}
next(null);
});
app.use(
"/forest/authentication",
cors({
...corsConfig,
// The null origin is sent by browsers for redirected AJAX calls
// we need to support this in authentication routes because OIDC
// redirects to the callback route
origin: corsConfig.origin.concat("null"),
})
);
app.use(cors(corsConfig));
And that errors are now automatically handled by the agent, meaning the following line can also be removed?
app.use(errorHandler());
These assumptions are based on the absence of all of this logic from the quick start page you shared, although the documentation doesn’t explicitly say these areas no longer with written code anymore. If I have misinterpreted you and some of the above code is still important to include or adapt (such as the CORS options), please do let me know.
Thank you for your help,