[app] Update deps & make server serve client build

* update deps to latest and pin min node & npm version
* checkin lock files
* make server serve client to merge both into one in order to reduce complexity
* adjust CSP accordingly

app/.gitignore

 node_modules
-config
-.env.development.local
\ No newline at end of file
+
+client/build

app/client/.env.local

-REACT_APP_baseAPIURL=http://localhost:5000
\ No newline at end of file
+REACT_APP_baseAPIURL=http://localhost:3000

app/client/package.json

@@ -34,5 +34,9 @@
       "last 1 firefox version",
       "last 1 safari version"
     ]
+  },
+  "engines": {
+    "node": ">=12.16.0",
+    "npm": ">=6.13.0"
   }
 }

app/client/src/utils/APICalls.js

@@ -93,4 +93,4 @@ export const deleteTodo = (_id) => {
     }).then(todo => {
         return todo
     })
-}
\ No newline at end of file
+}

app/server/package.json

@@ -5,20 +5,24 @@
   "license": "MIT",
   "scripts": {
     "start": "node src/index",
-    "dev": "env-cmd -f ./config/dev.env nodemon src/index"
+    "dev": "env-cmd -f ./dev.env nodemon src/index"
   },
   "devDependencies": {
-    "env-cmd": "^10.0.1",
-    "nodemon": "^1.19.2"
+    "env-cmd": "^10.1.0",
+    "nodemon": "^2.0.2"
   },
   "dependencies": {
     "bcryptjs": "^2.4.3",
-    "cookie-parser": "^1.4.4",
+    "cookie-parser": "^1.4.5",
     "cors": "^2.8.5",
     "express": "^4.17.1",
-    "helmet": "^3.21.1",
+    "helmet": "^3.22.0",
     "jsonwebtoken": "^8.5.1",
-    "mongoose": "^5.7.1",
-    "validator": "^11.1.0"
+    "mongoose": "^5.9.7",
+    "validator": "^13.0.0"
+  },
+  "engines": {
+    "node": ">=12.16.0",
+    "npm": ">=6.13.0"
   }
 }

app/server/src/index.js

+const path = require( 'path' );
+
 const express = require('express')
 const cors = require('cors')
 const helmet = require('helmet')
@@ -11,7 +13,7 @@ const app = express()
 const port = process.env.PORT || 5000
 
 const corsOptions = {
-    origin: process.env.CLIENT,
+    origin: `http://localhost:${ port }`,
     credentials: true
 }
 
@@ -24,11 +26,14 @@ app.use(helmet())
 app.use(helmet.contentSecurityPolicy({
     directives: {
         defaultSrc: ["'self'"],
+        styleSrc: ["'self' 'unsafe-inline'"],
+        scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"]
     }
 }))
 
 app.use(todoRoutes)
 app.use(userRoutes)
+app.use('/', express.static(path.join(__dirname,`./../../client/build`)));
 app.use(errorRoutes)
 
 app.listen(port, () => {