feat: implement configurable CORS origins and remove redundant comments

2025-12-26 00:52:37 +01:00
parent efb0f17a2e
commit c2d57bc5a2
1 changed files with 26 additions and 33 deletions
--- a/notes-api/src/main.rs
+++ b/notes-api/src/main.rs
@@ -54,7 +54,6 @@ async fn main() -> anyhow::Result<()> {
        .map_err(|e| anyhow::anyhow!(e))?;

    // Run migrations
-    // The factory/infra layer abstracts the database type
    if let Err(e) = run_migrations(&pool).await {
        tracing::warn!(
            "Migration error (might be expected if not implemented for this DB): {}",
@@ -128,42 +127,37 @@ async fn main() -> anyhow::Result<()> {
        .with_secure(false) // Set to true in production with HTTPS
        .with_expiry(Expiry::OnInactivity(Duration::seconds(60 * 60 * 24 * 7))); // 7 days

-    // Auth layer
    let auth_layer = AuthManagerLayerBuilder::new(backend, session_layer).build();

-    // Parse CORS origins
-    // let mut cors = CorsLayer::new()
-    //     .allow_methods([
-    //         axum::http::Method::GET,
-    //         axum::http::Method::POST,
-    //         axum::http::Method::PATCH,
-    //         axum::http::Method::DELETE,
-    //         axum::http::Method::OPTIONS,
-    //     ])
-    //     .allow_headers([
-    //         axum::http::header::AUTHORIZATION,
-    //         axum::http::header::ACCEPT,
-    //         axum::http::header::CONTENT_TYPE,
-    //     ])
-    //     .allow_credentials(true);
-    let mut cors = CorsLayer::very_permissive();
+    let mut cors = CorsLayer::new()
+        .allow_methods([
+            axum::http::Method::GET,
+            axum::http::Method::POST,
+            axum::http::Method::PATCH,
+            axum::http::Method::DELETE,
+            axum::http::Method::OPTIONS,
+        ])
+        .allow_headers([
+            axum::http::header::AUTHORIZATION,
+            axum::http::header::ACCEPT,
+            axum::http::header::CONTENT_TYPE,
+        ])
+        .allow_credentials(true);

-    // Add allowed origins
-    // let mut allowed_origins = Vec::new();
-    // for origin in &config.cors_allowed_origins {
-    //     tracing::debug!("Allowing CORS origin: {}", origin);
-    //     if let Ok(value) = origin.parse::<axum::http::HeaderValue>() {
-    //         allowed_origins.push(value);
-    //     } else {
-    //         tracing::warn!("Invalid CORS origin: {}", origin);
-    //     }
-    // }
+    let mut allowed_origins = Vec::new();
+    for origin in &config.cors_allowed_origins {
+        tracing::debug!("Allowing CORS origin: {}", origin);
+        if let Ok(value) = origin.parse::<axum::http::HeaderValue>() {
+            allowed_origins.push(value);
+        } else {
+            tracing::warn!("Invalid CORS origin: {}", origin);
+        }
+    }

-    // if !allowed_origins.is_empty() {
-    //     cors = cors.allow_origin(allowed_origins);
-    // }
+    if !allowed_origins.is_empty() {
+        cors = cors.allow_origin(allowed_origins);
+    }

-    // Build the application
    let app = Router::new()
        .nest("/api/v1", routes::api_v1_router())
        .layer(auth_layer)
@@ -171,7 +165,6 @@ async fn main() -> anyhow::Result<()> {
        .layer(TraceLayer::new_for_http())
        .with_state(state);

-    // Start the server
    let addr = format!("{}:{}", config.host, config.port);
    let listener = tokio::net::TcpListener::bind(&addr).await?;