Angepass an Produtionumgebung

backend/Dockerfile.prod

@@ -0,0 +1,17 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+# Nur Produktions-Abhängigkeiten installieren
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+# Quellcode kopieren
+COPY . .
+
+ENV NODE_ENV=production
+
+EXPOSE 3001
+
+# Produktionsstart (ohne nodemon)
+CMD ["npm", "start"]

backend/src/server.js

@@ -9,22 +9,27 @@ import { ObjectId } from 'mongodb'; // Wichtig für die Arbeit mit MongoDB IDs
 const app = express();
 const PORT = process.env.PORT || 3001;
 
-// Middleware konfigurieren - CORS muss vor allen Routen kommen
+// Erlaubte CORS-Origins aus der Umgebung (kommagetrennt).
+// In Produktion wird das Frontend i.d.R. über denselben Host (nginx-Proxy)
+// ausgeliefert, dann sind keine Cross-Origin-Anfragen nötig.
+// Standard: localhost:5173 für die lokale Entwicklung.
+// CORS_ORIGIN="*" erlaubt alle Origins.
+const corsOrigins = (process.env.CORS_ORIGIN || 'http://localhost:5173')
+    .split(',')
+    .map((o) => o.trim());
+
+app.use(cors({
+    origin: corsOrigins.includes('*') ? true : corsOrigins,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept'],
+    credentials: true,
+}));
+
 app.use((req, res, next) => {
     console.log(`📥 ${req.method} ${req.path} from ${req.get('origin') || 'unknown origin'}`);
-    res.header('Access-Control-Allow-Origin', 'http://localhost:5173');
-    res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-    res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
-    res.header('Access-Control-Allow-Credentials', 'true');
-    
-    // Handle preflight requests
-    if (req.method === 'OPTIONS') {
-        console.log('✅ Preflight request handled');
-        return res.sendStatus(200);
-    }
     next();
 });
-app.use(express.json());         
+app.use(express.json());
 
 // -----------------------------------------------------
 // API ROUTEN