CORS support

src/main.rs

@@ -51,32 +51,47 @@ mod init {
         // use axum::routing::get;
         // use axum::routing::Router;
 
-        pub fn configure_cors() -> tower_http::cors::CorsLayer {
+        pub async fn configure_cors() -> tower_http::cors::CorsLayer {
             // Start building the CORS layer with common settings
             let cors = tower_http::cors::CorsLayer::new()
-                .allow_methods([axum::http::Method::GET, axum::http::Method::POST, axum::http::Method::PUT, axum::http::Method::DELETE]) // Specify allowed methods:cite[2]
+                .allow_methods([
-                .allow_headers([axum::http::header::CONTENT_TYPE, axum::http::header::AUTHORIZATION]) // Specify allowed headers:cite[2]
+                    axum::http::Method::GET,
+                    axum::http::Method::POST,
+                    axum::http::Method::PUT,
+                    axum::http::Method::DELETE,
+                ]) // Specify allowed methods:cite[2]
+                .allow_headers([
+                    axum::http::header::CONTENT_TYPE,
+                    axum::http::header::AUTHORIZATION,
+                ]) // Specify allowed headers:cite[2]
                 .allow_credentials(true) // If you need to send cookies or authentication headers:cite[2]
                 .max_age(std::time::Duration::from_secs(3600)); // Cache the preflight response for 1 hour:cite[2]
 
             // Dynamically set the allowed origin based on the environment
-            match std::env::var("ENVIRONMENT").as_deref() {
+            match std::env::var(icarus_envy::keys::APP_ENV).as_deref() {
                 Ok("production") => {
                     // In production, allow only your specific, trusted origins
+                    let allowed_origins_env = icarus_envy::environment::get_allowed_origins().await;
+                    // let allowed_origins: Vec<String> = allowed_origins_env.split(",").map(|s| s.to_string()).collect();
+                    let allowed_origins: Vec<axum::http::HeaderValue> = allowed_origins_env.split(",").map(|s| s.parse::<axum::http::HeaderValue>().unwrap()).collect();
+                    cors.allow_origin(allowed_origins)
+                    // cors.allow_origin(vec![""])
+                    /*
                     cors.allow_origin(vec![
-                        "https://www.your-production-domain.com".parse::<axum::http::HeaderValue>().unwrap(),
+                        "https://www.your-production-domain.com"
+                            .parse::<axum::http::HeaderValue>()
+                            .unwrap(),
                         "https://your-production-domain.com".parse().unwrap(),
                     ])
-                }
+                        */
-                Ok("staging") => {
-                    // Staging environment
-                    cors.allow_origin("https://staging.your-domain.com".parse::<axum::http::HeaderValue>().unwrap())
                 }
                 _ => {
                     // Development (default): Allow localhost origins
                     cors.allow_origin(vec![
-                        "http://localhost:3000".parse().unwrap(),
+                        "http://localhost:8000".parse().unwrap(),
-                        "http://127.0.0.1:3000".parse().unwrap(),
+                        "http://127.0.0.1:8000".parse().unwrap(),
+                        "http://localhost:4200".parse().unwrap(),
+                        "http://127.0.0.1:4200".parse().unwrap(),
                     ])
                 }
             }
@@ -110,7 +125,7 @@ mod init {
                 callers::endpoints::REFRESH_TOKEN,
                 post(callers::login::endpoint::refresh_token),
             )
-            .layer(cors::configure_cors())
+            .layer(cors::configure_cors().await)
     }
 
     pub async fn app() -> Router {