fix: update CORS configuration and improve authentication logging

server/server.js

@@ -17,6 +17,7 @@ const app = express();
 const PORT = process.env.PORT || 3001;
 const FRONTEND_URL = process.env.FRONTEND_URL || 'http://localhost:5173';
 const VOTES_FILE = path.join(process.cwd(), 'votes.json');
+const PRODUCTION_DOMAIN = process.env.DOMAIN || 'https://s22.ethanf.gg';
 
 // Poll ends at 11:59 PM Eastern Time on 8/21/25
 const POLL_END_DATE = new Date("2025-08-21T23:59:59-04:00");
@@ -44,7 +45,7 @@ async function saveVotes(votes) {
 // Middleware
 app.use(cors({
   origin: process.env.NODE_ENV === 'production' 
-    ? true // Allow same origin in production since frontend and backend are on same domain
+    ? PRODUCTION_DOMAIN
     : FRONTEND_URL,
   credentials: true,
   methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
@@ -63,7 +64,7 @@ app.use(session({
     maxAge: 24 * 60 * 60 * 1000, // 24 hours
     httpOnly: true,
     sameSite: process.env.NODE_ENV === 'production' ? 'lax' : 'lax',
-    domain: process.env.NODE_ENV === 'production' ? 's22.ethanf.gg' : undefined
+    domain: process.env.NODE_ENV === 'production' ? new URL(PRODUCTION_DOMAIN).hostname : undefined
   },
   name: 's22poll.sid'
 }));
@@ -79,10 +80,10 @@ if (process.env.NODE_ENV === 'production') {
 // Passport Steam Strategy
 passport.use(new SteamStrategy({
     returnURL: process.env.NODE_ENV === 'production' 
-      ? `${process.env.DOMAIN}/auth/steam/return`
+      ? `${PRODUCTION_DOMAIN}/auth/steam/return`
       : 'http://localhost:3001/auth/steam/return',
     realm: process.env.NODE_ENV === 'production' 
-      ? process.env.DOMAIN
+      ? PRODUCTION_DOMAIN
       : 'http://localhost:3001/',
     apiKey: process.env.STEAM_API_KEY
   },
@@ -112,8 +113,11 @@ app.get('/auth/steam/return',
   passport.authenticate('steam', { failureRedirect: '/' }),
   (req, res) => {
     console.log('User authenticated:', req.user);
+    console.log('Session ID:', req.sessionID);
+    console.log('Session:', req.session);
     // In production, redirect to root since frontend and backend are on same domain
     const redirectUrl = process.env.NODE_ENV === 'production' ? '/' : FRONTEND_URL;
+    console.log('Redirecting to:', redirectUrl);
     res.redirect(redirectUrl);
   }
 );
@@ -128,6 +132,10 @@ app.post('/auth/logout', (req, res) => {
 });
 
 app.get('/auth/user', (req, res) => {
+  console.log('Auth check - Session ID:', req.sessionID);
+  console.log('Auth check - Is authenticated:', req.isAuthenticated());
+  console.log('Auth check - User:', req.user);
+  console.log('Auth check - Session:', req.session);
   if (req.isAuthenticated()) {
     res.json({ user: req.user });
   } else {

src/hooks/useAuth.ts

@@ -9,9 +9,14 @@ export const useAuth = () => {
   useEffect(() => {
     const checkAuthStatus = async () => {
       try {
+        console.log('Checking auth status...');
         const response = await authService.getCurrentUser();
+        console.log('Auth response:', response);
         if (response.user) {
+          console.log('User found:', response.user);
           setUser(response.user);
+        } else {
+          console.log('No user found in response');
         }
       } catch (error) {
         console.error('Error checking auth status:', error);
@@ -24,7 +29,7 @@ export const useAuth = () => {
 
   const handleLogin = () => {
     console.log('Initiating login...');
-    const loginUrl = `${import.meta.env.PROD ? 'https://s22.ethanf.gg' : 'http://localhost:3001'}/auth/steam`;
+    const loginUrl = `${import.meta.env.PROD ? '' : 'http://localhost:3001'}/auth/steam`;
     console.log('Login URL:', loginUrl);
     window.location.href = loginUrl;
   };