diff --git a/backend/.env.example b/backend/.env.example index eee6dbd93..4b7abfda5 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -29,6 +29,13 @@ DB_POOL_MAX=10 # PASSWORD_SALT_ROUNDS=10 +# +# CORS +# +ORIGINS=htpps://your-aws-bucket.com,https://origin1.com,https://origin2.com,www.google.com, +METHODS=GET,PUT,POST +ALLOWED_HEADERS=Authorization,Content-Type + # # AWS S3 # diff --git a/backend/src/common/packages/config/config-base.package.ts b/backend/src/common/packages/config/config-base.package.ts index e3a9abd5d..7e48b87e3 100644 --- a/backend/src/common/packages/config/config-base.package.ts +++ b/backend/src/common/packages/config/config-base.package.ts @@ -128,6 +128,26 @@ class ConfigBase implements Config { default: null, }, }, + CORS: { + ORIGINS: { + doc: 'A comma separated list of allowed origins', + format: String, + env: 'ORIGINS', + default: null, + }, + METHODS: { + doc: 'A comma separated list of allowed request types', + format: String, + env: 'METHODS', + default: null, + }, + ALLOWED_HEADERS: { + doc: 'A comma separated list of allowed headers', + format: String, + env: 'ALLOWED_HEADERS', + default: null, + }, + }, AWS: { AWS_ACCESS_KEY_ID: { doc: 'Access ID for AWS S3 bucket', diff --git a/backend/src/common/packages/config/types/environment-schema.type.ts b/backend/src/common/packages/config/types/environment-schema.type.ts index 31b39eaac..b126de55e 100644 --- a/backend/src/common/packages/config/types/environment-schema.type.ts +++ b/backend/src/common/packages/config/types/environment-schema.type.ts @@ -25,6 +25,11 @@ type EnvironmentSchema = { CRYPT: { PASSWORD_SALT_ROUNDS: number; }; + CORS: { + ORIGINS: string; + METHODS: string; + ALLOWED_HEADERS: string; + }; AWS: { AWS_ACCESS_KEY_ID: string; AWS_SECRET_ACCESS_KEY: string; diff --git a/backend/src/common/server-application/helpers/get-cors-configuration.helper.ts b/backend/src/common/server-application/helpers/get-cors-configuration.helper.ts new file mode 100644 index 000000000..5dba01e9c --- /dev/null +++ b/backend/src/common/server-application/helpers/get-cors-configuration.helper.ts @@ -0,0 +1,23 @@ +import { config } from '~/common/packages/packages.js'; + +type Return = { + origin: string[]; + methods: string[]; + allowedHeaders: string[]; +}; + +const getCorsConfiguration = (): Return => { + const { ORIGINS, METHODS, ALLOWED_HEADERS } = config.ENV.CORS; + + const origin = ORIGINS.split(','); + const methods = METHODS.split(','); + const allowedHeaders = ALLOWED_HEADERS.split(','); + + return { + origin, + methods, + allowedHeaders, + }; +}; + +export { getCorsConfiguration }; diff --git a/backend/src/common/server-application/helpers/helpers.ts b/backend/src/common/server-application/helpers/helpers.ts index 6eaf75d31..6b7b4a70f 100644 --- a/backend/src/common/server-application/helpers/helpers.ts +++ b/backend/src/common/server-application/helpers/helpers.ts @@ -1 +1,2 @@ export { checkWhiteRoute } from './check-white-route.helper.js'; +export { getCorsConfiguration } from './get-cors-configuration.helper.js'; diff --git a/backend/src/common/server-application/server-app-base.ts b/backend/src/common/server-application/server-app-base.ts index ebb31cccd..86cb09115 100644 --- a/backend/src/common/server-application/server-app-base.ts +++ b/backend/src/common/server-application/server-app-base.ts @@ -24,6 +24,7 @@ import { } from '~/common/types/types.js'; import { buildValidationSchema } from './helpers/build-validation-schema.helper.js'; +import { getCorsConfiguration } from './helpers/get-cors-configuration.helper.js'; import { type ServerApp, type ServerAppApi, @@ -122,11 +123,7 @@ class ServerAppBase implements ServerApp { } public async initPlugins(): Promise { - await this.app.register(FastifyCors, { - origin: 'https://bsa-2023-bucket.s3.eu-central-1.amazonaws.com', - methods: ['GET'], - allowedHeaders: ['Authorization'], - }); + await this.app.register(FastifyCors, getCorsConfiguration()); await this.app.register(multer.contentParser); await this.app.register(authorization, { services: {