fix: signup CORS origin allowlist

[Sawli-Bharti]

#!/bin/bash

EventOne GSSoC Label Setup Script

REPO="anubhavxdev/Event-management-system-main"

echo "🏷️ Creating GSSoC labels for $REPO..."
🚀 Description
Fix backend CORS configuration so production requests are allowed via an environment-driven allowlist instead of a hardcoded single origin. The previous setup blocked requests from production domains like https://event0ne.xyz, causing signup and other browser API calls to fail due to CORS policy violations.

🛠️ Type of Change
[x] Bug fix (non-breaking change which fixes an issue)

[ ] New feature (non-breaking change which adds functionality)

[ ] Refactoring (code optimization or restructuring)

[ ] Documentation update

Closes #271

📝 Proposed Changes
Backend
backend/src/config/env.js: Introduced clientUrls by parsing a comma-separated string from the CLIENT_URLS environment variable into a clean array. Maintained fallback support for CLIENT_URL and http://localhost:5173.

backend/src/app.js: Updated the CORS middleware configuration to dynamically check incoming requests against the env.clientUrls array using a validation callback function.

backend/src/server.js: Cleaned up redundant imports and ensured connectDB() is explicitly awaited during the server bootstrap sequence.

backend/src/middleware/auth.js & backend/src/routes/registrationRoutes.js: Exported protect alias for authentication and resolved rate limiter naming consistency (registrationRateLimiter).

Frontend
Frontendd/src/pages/dashboard/CustomerDashboard.jsx: Cleaned up minor duplicate variable declarations (selectedRegistrationId) and unused icon imports (lucide-react) to keep production builds optimal.

🧪 Verification & Testing
[x] Verified that local frontend origin (http://localhost:5173) still successfully connects to the backend.

[x] Tested the dynamically parsed array handling to ensure multiple origins separated by commas are safely trimmed and validated.

[vercel]

@Bharti-Sawli is attempting to deploy a commit to the anubhav12302387's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

👋 Thanks for opening a PR, @Sawli-Bharti!

Your PR has entered the 🎯 EventOne GSSoC PR Review Pipeline.

🟢 GSSoC PR detected — your PR will be routed to an approved GSSoC mentor for Stage 2 review.

What happens next

Stage	Reviewer	Checks
Stage 1 — Automated Validation	🤖 Bot	Title format · Issue link · AI Slop · Branch check
Stage 2 — Mentor Review	🧑‍🏫 GSSoC Mentor	Code + Quality Review
Stage 3 — Admin Final Gate	🔑 @anubhavxdev	Label check + Final Merge Decision

A pipeline status comment will appear below and update automatically as your PR progresses.

---

While you wait

• Sign all commits using git commit -s
• Link your issue with Closes #123
• Use a feature branch — not main
• Avoid unrelated changes in the same PR
• Write your own description — no AI-generated content

This comment is posted only once.

EventOne × GSSoC Automated Pipeline

[github-actions]

❌ PR Format Check — Failed — Please Fix Below

Hi @Sawli-Bharti! Please fix the issues below before your PR can proceed to mentor review.

❌ Must Fix Before Proceeding

❌ Issue #271 is already closed — You cannot link a PR to a closed issue. Open a new issue for this work.

---

📋 EventOne PR Guidelines (click to expand)

Title format — Conventional Commits:
feat: · fix: · docs: · style: · refactor: · test: · chore: · perf:

Always link an issue: Closes #number

Use a feature branch — never PR directly from main

Write your own description — AI-generated content = gssoc:ai-slop label

EventOne × GSSoC Pipeline — Stage 1 Automated Check